I'm trying to package an Electron app as a pkg file and then upload it to the Mac App Store.
I see some examples using electron-builder since that has a pkg option, but my current app uses electron-packager, so I'm hoping to make it work with that.
After I package and sign my app via electron-packager and electron/osx-sign (details below), I turn it into a pkg file from command line via the productbuild tool, which from my reading is preferable in this situation to pkgbuild.
productbuild --sign "3rd Party Mac Developer Installer: <Company> (<TeamID>)" --component ./MyApp.app /Applications/MyApp ./MyApp.pkg
(since my osx-sign configuration uses type: development, so I can test locally, I've also tried specifying the certificate Developer ID Installer)
Running the app directly, I get this "the application can't be opened" popup, which I think is expected given this bit of the docs:
Note that apps signed with this certificate will not run anywhere, unless it is downloaded from Mac App Store.
So I don't know that this is a problem.
However, after running the productbuild command from above (which finishes successfully), and double-clicking the pkg file (and the install wizard completes successfully), I get a MyApp directory in /Applications, but I don't have permissions to read it / execute it. The folder icon contains a red minus sign like here.
Only the System user has read/write permissions. Everyone else has no permissions.
I've also seen examples where they specify the install directory of just /Applications rather than /Applications/MyApp, but that produces no folder for me.
Is productbuild changing my permissions? Is there something I can pass to the command to fix that, or do I have to rely on electron-builder to generate the pkg file? Or is this related to my provisioning profile?
My signing code looks like this:
signAsync({
app: appPath,
identity: "<bunchOfChars>",
preAutoEntitlements: false,
provisioningProfile: "com.my.provisionprofile",
type: "development", // for testing
optionsForFile: (filePath) => {
const inherit = !filePath.endsWith(`${productName}.app`);
return {
hardenedRuntime: false, // seemed to be required to upload to MAS?
entitlements: inherit ? "entitlements.mas.inherit.plist" : "entitlements.mas.plist"
};
}
});
