Nw.js: Mac MAS ( signing ) for versions other than 0.19.5

It seems 0.19.5 does not have display: grid.. so far this is the only feature I've been missing.

We are waiting for this for so long now ... I wonder if it will ever come. Maybe @rogerwang or @sunlin-link can give us a status update?

He is not working on this any more. Will find someone else to work on it or see it myself. Thanks.

that is bad @rogerwang - a lot of people are waiting for this, it is kind of key thing in the NWJS development on OSX, specially as Apple is tightening the support for apps outside the Mac Store.

So it won't take long till they forbid all other apps and allow only Mac Store apps to be installed, more like iOS as this is the way they are heading.

I know @trevorlinton helped in the past, maybe he can help again. If I recall correctly he kind of fixed and automated the chromium build for MAS, such an automation is not well needed so we can have automatically the latest NWJS release for MAS deploy together with the live builds.

Could you please elaborate on how "Apple is tightening the support for apps
outside the Mac Store"?

On Mon, Sep 17, 2018, 12:15 AM George Petrov notifications@github.com
wrote:

that is bad @rogerwang https://github.com/rogerwang - a lot of people
are waiting for this, it is kind of key thing in the NWJS development on
OSX, specially as Apple is tightening the support for apps outside the Mac
Store.

So it won't take long till they forbid all other apps and allow only Mac
Store apps to be installed, more like iOS as this is the way they are
heading.

I know @trevorlinton https://github.com/trevorlinton helped in the
past, maybe he can help again. If I recall correctly he kind of fixed and
automated the chromium build for MAS, such an automation is not well needed
so we can have automatically the latest NWJS release for MAS deploy
together with the live builds.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/nwjs/nw.js/issues/6794#issuecomment-421789683, or mute
the thread
https://github.com/notifications/unsubscribe-auth/AAKGGcDHR66IfIkKfvu9HhjXGx01rn02ks5ubnk2gaJpZM4Wnrl2
.

Sorry it is just a general observation, but Apple is definitely moving into that direction to provide more security to MacOS as more apps outside apps store install malware, viruses or compromise security.

@loadbalance-sudachi-kun funded this issue with $500. Visit this issue on Issuehunt

@kazup01 has funded $1.00 to this issue.

• Submit pull request via IssueHunt to receive this reward.
• Want to contribute? Chip in to this issue via IssueHunt.
• Checkout the IssueHunt Issue Explorer to see more funded issues.
• Need help from developers? Add your repository on IssueHunt to raise funds.

@rogerwang I'm interested in work on this. I am developing two cross-platform apps and nw.js is part of the ecosystem I'm using. As part of development, I'm porting Sauce Labs isign from python to JavaScript as isignjs with the goal of being able to package using nwjs-builder-phoenix and sign in one go.

In fact, I almost think that app signing would fit better into what nwjs-builder-phoenix offers. I've already developed building a linux nw.js AppImage package on Mac/Linux/Win, and once that code is cleaned up and fits their guidelines I'll give them a pull request for it. My plan was to recode isign as a dependency, and then use it in nwjs-builder-phoenix.

This is all assuming that the fine maintainers at nwjs-builder-phoenix are interested in this work I'm doing and I'm able to get it done piecemeal over the next 8 months (estimated). My plan for isignjs signing Mac apps is here.

This is great news. Looking forward to your work.

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@rogerwang I think this should be picked up again with great priority and deliver a regular MAS version of NWJS just like Electron does. Then it will be much easier to publish NWJS based apps in the Mac App Store as it is becoming more and more a requirement.

I have a question in regards of this issue, as I do not understand it.
We have an NWJS app that we sign and notarise for macOS. We are "identified apple developers" and have an Apple signing certificate. We do not distribute via the App Store but our customers can install it just fine with all the Apple relevant package validations.

My question would be: what is this issue about when signing (and notarisation) an NWJS app works... am I missing anything?

@theDevelopper yes when putting your app in app store you have to comply for much stricter rules. lot of API's are prohibited of usage (hence that some parts of NWJS need to be stripped away) and your whole app is running sandboxed - so a lot of more security restrictions are applied to it.

The hard part is having NWJS build without the prohibited API's - just like Electron did it. That is probably the most important issue to tackle when aligning with Electron as of https://github.com/nwjs/nw.js/issues/7557 @frank-dspeed

@gpetrov I do know that there are restriction in the App Store such as the app needing to be sandboxed, that is one of the reasons why we do not distribute via App Store. But what parts of NWJS are an issue?

I cannot find any information in this issue that identifies the problematic code/API. Everyone only references to Electron in general, but does not state the actual required changes to be made.

It is quite impossible to contribute if it is unclear what needs to be done.

Well we have being on that MAS train request since 2016, various topics

https://github.com/nwjs/nw.js/issues/4556
https://github.com/nwjs/nw.js/issues/6653

Many people tried to improve this but none really got it from the ground up.

But maybe @rogerwang can enlighten us about the current struggles, as ideally we would like to have official MAS ready build of NWJS together with each release - just like Electron did it.

Electron also has some API problems recently with the MAS - but I think they solved it eventually. But it was big panic. See https://github.com/electron/electron/issues/20027

@theDevelopper there is not much needed we need only to turn onj some special flags inside the Nodejs Part for that i do not remember the name but i have all details it is something that is called jit less mode

Yes the private API usage in Chromium needs to be disabled. And there is no reliable way of testing it except submitting it to MAS for review.

@rogerwang if you could offer us a build to test out, having the private API's disabled, we will be happy to test it out.
Also I think you should check how Electron disabled all the private API's and just do the same. They have a reliable MAS build for years.

we do know how that works you could pay us to do so maybe then we get it done more early