Support for Mac App Store
Overview
You can distribute your macOS apps through official Mac App Store or outside the store. But the apps should always be signed before distribution. Unsigned apps are refused to be launched by the Gatekeeper.
This guide will show you how to sign NW.js based apps for macOS.
Prerequisits
- Create a macOS app through iTunesConnect
- Obtain Application & Installer certificates from Apple Developer.
- If you distribute your app through Mac App Store:
- 3rd Party Mac Developer Application: Foo (XXXXXXXXXX)
- 3rd Party Mac Developer Installer: Foo (XXXXXXXXXX)
- If you distribute your app outside the store:
- Developer ID Application: Foo (XXXXXXXXXX)
- Developer ID Installer: Foo (XXXXXXXXXX)
- If you distribute your app through Mac App Store:
Build the App
Download NW.js MAS build from nwjs.io and build your app as described in Package and Distribute.
Sign the App
build_mas.py
is used to sign your app for macOS. And the script can generate an uploadable .pkg
file for Mac App Store after signing by giving --pkg
argument.
Basic Usage
python build_mas.py -C build.cfg -I myapp-dev.app -O MyApp.app
Configuration File Format
Configuration file (build.cfg
) is a human readable text file. It contains important settings for signing and packaging the app.
ApplicationIdentity
and InstallerIdentity
are the names of the certificates used for signing and packaging your app. See Prerequisits for which certificates you need.
NWTeamID
is used to establish IPC channels for launch NW.js based app. It can be obtained from Apple Developer -> Membership -> Team ID.
ParentEntitlements
and ChildEntitlements
should be valid entitlements files. By default, your app is signed with minimal privileges as below.
entitlements-parent.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.application-groups</key>
<string>NWTeamID.your.app.bundle.id</string>
</dict>
</plist>
entitlements-child.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.inherit</key>
<true/>
</dict>
</plist>
Read the sample build.cfg
for detailed meanings all fields.