macOS desktop application build and code signing

Our company is engaged in the development, support and maintenance of sites of any complexity. From simple one-page sites to large-scale cluster systems built on micro services. Experience of developers is confirmed by certificates from vendors.
8+Years of work900+Completed projects100+In house employees19+Partners
Development and maintenance of all types of websites:
Informational websites or web applications
Business card websites, landing pages, corporate websites, online catalogs, quizzes, promo websites, blogs, news resources, informational portals, forums, aggregators
E-commerce websites or web applications
Online stores, B2B portals, marketplaces, online exchanges, cashback websites, exchanges, dropshipping platforms, product parsers
Business process management web applications
CRM systems, ERP systems, corporate portals, production management systems, information parsers
Electronic service websites or web applications
Classified ads platforms, online schools, online cinemas, website builders, portals for electronic services, video hosting platforms, thematic portals

These are just some of the technical types of websites we work with, and each of them can have its own specific features and functionality, as well as be customized to meet the specific needs and goals of the client.

Offered services
Showing 1 of 1 servicesAll 2065 services
macOS desktop application build and code signing
Medium
~2-3 business days
FAQ
Our competencies:
Development stages
Latest works
  • image_website-b2b-advance_0.png
    B2B ADVANCE company website development
    1212
  • image_web-applications_feedme_466_0.webp
    Development of a web application for FEEDME
    1161
  • image_websites_belfingroup_462_0.webp
    Website development for BELFINGROUP
    852
  • image_ecommerce_furnoro_435_0.webp
    Development of an online store for the company FURNORO
    1041
  • image_crm_enviok_479_0.webp
    Development of a web application for Enviok
    822
  • image_bitrix-bitrix-24-1c_fixper_448_0.png
    Website development for FIXPER company
    815
Show more works

Building and Signing Desktop Applications for macOS

macOS requires two levels of verification: Code Signing (developer signature) and Notarization (Apple notarization). Without notarization, Gatekeeper blocks the application with the message "cannot be opened because Apple cannot verify it".

Requirements

  • Apple Developer Account ($99/year)
  • Developer ID Application Certificate
  • Xcode Command Line Tools

Electron: build and signing

// electron-builder.yml
mac:
  target:
    - target: dmg
    - target: zip
  icon:      build/icon.icns
  category:  public.app-category.productivity
  hardenedRuntime:   true
  gatekeeperAssess:  false
  entitlements:          build/entitlements.mac.plist
  entitlementsInherit:   build/entitlements.mac.plist
  identity: "Developer ID Application: Company Name (TEAM_ID)"

<!-- build/entitlements.mac.plist -->
<?xml version="1.0" encoding="UTF-8"?>
<plist version="1.0">
<dict>
  <key>com.apple.security.cs.allow-jit</key><true/>
  <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
  <key>com.apple.security.cs.allow-dyld-environment-variables</key><true/>
  <key>com.apple.security.network.client</key><true/>
</dict>
</plist>

Notarization

# Via notarytool (Xcode 13+)
xcrun notarytool submit AppName.dmg \
  --apple-id     "[email protected]" \
  --password     "@keychain:AC_PASSWORD" \
  --team-id      "TEAM_ID" \
  --wait

# Stapling (embedding notarization ticket into file)
xcrun stapler staple AppName.dmg

GitHub Actions for macOS

- uses: actions/checkout@v3
- name: Import Certificate
  run: |
    echo "$MACOS_CERTIFICATE" | base64 --decode > certificate.p12
    security import certificate.p12 -P "$MACOS_CERTIFICATE_PWD" \
      -A -t cert -f pkcs12 -k ~/Library/Keychains/login.keychain

- name: Build and Sign
  run: npm run build:mac
  env:
    APPLE_ID:          ${{ secrets.APPLE_ID }}
    APPLE_ID_PASS:     ${{ secrets.APPLE_ID_PASS }}
    APPLE_TEAM_ID:     ${{ secrets.APPLE_TEAM_ID }}
    CSC_LINK:          ${{ secrets.MACOS_CERTIFICATE }}
    CSC_KEY_PASSWORD:  ${{ secrets.MACOS_CERTIFICATE_PWD }}

Universal Binary (Intel + Apple Silicon)

# electron-builder automatically creates universal binary
npx electron-builder --mac --universal

Universal binary runs natively on M1/M2/M3 without Rosetta 2.

Timeline

Setup of build, signing, and notarization: 3–4 business days.