Skip to main content

Mac App Store Submission GuideMac App Store提交指南

This guide provides information on:本指南提供以下信息:

  • How to sign Electron apps on macOS;如何在macOS上签署Electron应用程序;
  • How to submit Electron apps to Mac App Store (MAS);如何向Mac App Store(MAS)提交Electron应用程序;
  • The limitations of the MAS build.MAS构建的局限性。

Requirements

To sign Electron apps, the following tools must be installed first:要签署Electron应用程序,必须首先安装以下工具:

You also have to register an Apple Developer account and join the Apple Developer Program.您还必须注册一个Apple Developer帐户并加入Apple开发者计划

Sign Electron appsSign Electron应用程序

Electron apps can be distributed through Mac App Store or outside it. Electron应用程序可以通过Mac App Store或在其外部分发。Each way requires different ways of signing and testing. 每种方式都需要不同的签名和测试方法。This guide focuses on distribution via Mac App Store, but will also mention other methods.本指南侧重于通过Mac App Store进行分发,但也会提到其他方法。

The following steps describe how to get the certificates from Apple, how to sign Electron apps, and how to test them.以下步骤描述了如何从苹果获得证书,如何签署Electron应用程序,以及如何测试它们。

Get certificates获取证书

The simplest way to get signing certificates is to use Xcode:获取签名证书的最简单方法是使用Xcode:

  1. Open Xcode and open "Accounts" preferences;打开Xcode并打开“帐户”首选项;
  2. Sign in with your Apple account;使用您的Apple帐户登录;
  3. Select a team and click "Manage Certificates";选择一个团队并单击“管理证书”;
  4. In the lower-left corner of the signing certificates sheet, click the Add button (+), and add following certificates:在签名证书表的左下角,单击添加按钮(+),然后添加以下证书:
    • "Apple Development"
    • "Apple Distribution"

The "Apple Development" certificate is used to sign apps for development and testing, on machines that have been registered on Apple Developer website. “苹果开发”证书用于在苹果开发人员网站上注册的机器上签署应用程序进行开发和测试。The method of registration will be described in Prepare provisioning profile.注册方法将在准备配置文件中介绍。

Apps signed with the "Apple Development" certificate cannot be submitted to Mac App Store. 使用“Apple Development”证书签名的应用程序无法提交到Mac App Store。For that purpose, apps must be signed with the "Apple Distribution" certificate instead. 为此,应用程序必须使用“Apple Distribution”证书进行签名。But note that apps signed with the "Apple Distribution" certificate cannot run directly, they must be re-signed by Apple to be able to run, which will only be possible after being downloaded from the Mac App Store.但请注意,使用“Apple Distribution”证书签名的应用程序不能直接运行,它们必须由Apple重新签名才能运行,只有从Mac App Store下载后才能运行。

Other certificates其他证书

You may notice that there are also other kinds of certificates.您可能会注意到还有其他类型的证书。

The "Developer ID Application" certificate is used to sign apps before distributing them outside the Mac App Store.“开发者ID应用程序”证书用于在Mac App Store之外分发应用程序之前对应用程序进行签名。

The "Developer ID Installer" and "Mac Installer Distribution" certificates are used to sign the Mac Installer Package instead of the app itself. “开发者ID安装程序”和“Mac安装程序分发”证书用于签署Mac安装程序包,而不是应用程序本身。Most Electron apps do not use Mac Installer Package so they are generally not needed.大多数Electron应用程序不使用Mac Installer Package,因此通常不需要它们。

The full list of certificate types can be found here.证书类型的完整列表可以在此处找到。

Apps signed with "Apple Development" and "Apple Distribution" certificates can only run under App Sandbox, so they must use the MAS build of Electron. 签署了“Apple Development”和“Apple Distribution”证书的应用程序只能在App Sandbox下运行,因此它们必须使用Electron的MAS版本。However, the "Developer ID Application" certificate does not have this restrictions, so apps signed with it can use either the normal build or the MAS build of Electron.然而,“开发者ID应用程序”证书没有这个限制,因此用它签名的应用程序可以使用Electron的正常版本或MAS版本。

Legacy certificate names旧证书名称

Apple has been changing the names of certificates during past years, you might encounter them when reading old documentations, and some utilities are still using one of the old names.苹果在过去几年一直在更改证书的名称,您在阅读旧文档时可能会遇到这些证书,一些实用程序仍在使用其中一个旧名称。

  • The "Apple Distribution" certificate was also named as "3rd Party Mac Developer Application" and "Mac App Distribution".“苹果发行版”证书也被命名为“第三方Mac开发者应用程序”和“Mac应用程序发行版”。
  • The "Apple Development" certificate was also named as "Mac Developer" and "Development".“苹果开发”证书也被命名为“Mac Developer”和“Development”。

Prepare provisioning profile准备配置文件

If you want to test your app on your local machine before submitting your app to the Mac App Store, you have to sign the app with the "Apple Development" certificate with the provisioning profile embedded in the app bundle.如果要在将应用程序提交到Mac app Store之前在本地计算机上测试应用程序,则必须使用“Apple Development”证书对应用程序进行签名,并在应用程序捆绑包中嵌入配置文件。

To create a provisioning profile, you can follow the below steps:创建资源调配配置文件,可以执行以下步骤:

  1. Open the "Certificates, Identifiers & Profiles" page on the Apple Developer website.打开Apple Developer网站上的“证书、标识符和配置文件”页面。
  2. Add a new App ID for your app in the "Identifiers" page.在“标识符”页面中为应用程序添加新的应用程序ID。
  3. Register your local machine in the "Devices" page. 在“设备”页面注册您的本地计算机。You can find your machine's "Device ID" in the "Hardware" page of the "System Information" app.您可以在“系统信息”应用程序的“硬件”页面中找到机器的“设备ID”。
  4. Register a new Provisioning Profile in the "Profiles" page, and download it to /path/to/yourapp.provisionprofile.在“Profiles”页面中注册新的Provisioning Profile,并将其下载到/path/to/yourapp.provisionprofile

Enable Apple's App Sandbox启用Apple的应用程序沙盒

Apps submitted to the Mac App Store must run under Apple's App Sandbox, and only the MAS build of Electron can run with the App Sandbox. 提交给Mac App Store的应用程序必须在Apple的App Sandbox下运行,只有Electron的MAS版本才能在App Sandbbox下运行。The standard darwin build of Electron will fail to launch when run under App Sandbox.当在App Sandbox下运行时,Electron的标准达尔文版本将无法启动。

When signing the app with electron-osx-sign, it will automatically add the necessary entitlements to your app's entitlements, but if you are using custom entitlements, you must ensure App Sandbox capacity is added:使用electron-osx-sign签署应用程序时,它会自动将必要的权限添加到应用程序的权限中,但如果您使用自定义权限,则必须确保添加了应用程序沙盒容量:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
  </dict>
</plist>

Extra steps without electron-osx-signelectron-osx-sign的额外步骤

If you are signing your app without using electron-osx-sign, you must ensure the app bundle's entitlements have at least following keys:如果您在未使用electron-osx-sign的情况下对应用程序进行签名,则必须确保应用程序捆绑包的授权至少具有以下密钥:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.application-groups</key>
    <array>
      <string>TEAM_ID.your.bundle.id</string>
    </array>
  </dict>
</plist>

The TEAM_ID should be replaced with your Apple Developer account's Team ID, and the your.bundle.id should be replaced with the App ID of the app.TEAM_ID应替换为Apple Developer帐户的团队ID,your.bundle.id应替换为应用程序的应用程序ID。

And the following entitlements must be added to the binaries and helpers in the app's bundle:并且必须将以下权利添加到应用程序捆绑包中的二进制文件和帮助程序中:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.inherit</key>
    <true/>
  </dict>
</plist>

And the app bundle's Info.plist must include ElectronTeamID key, which has your Apple Developer account's Team ID as its value:应用程序捆绑包的Info.plist必须包含ElectronTeamID密钥,该密钥的值为Apple Developer帐户的团队ID:

<plist version="1.0">
<dict>
  ...
  <key>ElectronTeamID</key>
  <string>TEAM_ID</string>
</dict>
</plist>

When using electron-osx-sign the ElectronTeamID key will be added automatically by extracting the Team ID from the certificate's name. 使用electron-osx-sign时,将通过从证书名称中提取团队ID来自动添加ElectronTeamID密钥。You may need to manually add this key if electron-osx-sign could not find the correct Team ID.如果electron-osx-sign无法找到正确的团队ID,您可能需要手动添加此密钥。

Sign apps for development签署应用程序以进行开发

To sign an app that can run on your development machine, you must sign it with the "Apple Development" certificate and pass the provisioning profile to electron-osx-sign.要签署可以在您的开发机器上运行的应用程序,您必须使用“Apple development”证书对其进行签名,并将配置文件传递给electron-osx-sign

electron-osx-sign YourApp.app --identity='Apple Development' --provisioning-profile=/path/to/yourapp.provisionprofile

If you are signing without electron-osx-sign, you must place the provisioning profile to YourApp.app/Contents/embedded.provisionprofile.如果您在没有electron-osx-sign的情况下进行签名,则必须将配置文件放置到YourApp.app/Contents/embedded.provisionprofile

The signed app can only run on the machines that registered by the provisioning profile, and this is the only way to test the signed app before submitting to Mac App Store.签名的应用程序只能在由配置文件注册的计算机上运行,这是在提交到Mac app Store之前测试签名应用程序的唯一方法。

Sign apps for submitting to the Mac App Store签署应用以提交到Mac App Store

To sign an app that will be submitted to Mac App Store, you must sign it with the "Apple Distribution" certificate. 要签署将提交给Mac app Store的应用程序,您必须使用“Apple Distribution”证书签署。Note that apps signed with this certificate will not run anywhere, unless it is downloaded from Mac App Store.请注意,除非从Mac App Store下载,否则使用此证书签名的应用程序不会在任何地方运行。

electron-osx-sign YourApp.app --identity='Apple Distribution'

Sign apps for distribution outside the Mac App Store签署应用程序以在Mac App Store外分发

If you don't plan to submit the app to Mac App Store, you can sign it the "Developer ID Application" certificate. 如果您不打算将应用程序提交到Mac app Store,您可以签署“开发者ID应用程序”证书。In this way there is no requirement on App Sandbox, and you should use the normal darwin build of Electron if you don't use App Sandbox.这样对App Sandbox没有要求,如果不使用App Sandbbox,应该使用Electron的正常darwin版本。

electron-osx-sign YourApp.app --identity='Developer ID Application' --no-gatekeeper-assess

By passing --no-gatekeeper-assess, the electron-osx-sign will skip the macOS GateKeeper check as your app usually has not been notarized yet by this step.通过--no-gatekeeper-assesselectron-osx-sign将跳过macOS gatekeeper检查,因为您的应用程序通常在这一步还没有经过公证。

This guide does not cover App Notarization, but you might want to do it otherwise Apple may prevent users from using your app outside Mac App Store.本指南不涉及应用程序公证,但您可能希望这样做,否则苹果可能会阻止用户在Mac App Store之外使用您的应用程序。

Submit Apps to the Mac App Store将应用程序提交到Mac App Store

After signing the app with the "Apple Distribution" certificate, you can continue to submit it to Mac App Store.使用“Apple Distribution”证书签署应用程序后,您可以继续将其提交到Mac app Store。

However, this guide do not ensure your app will be approved by Apple; you still need to read Apple's Submitting Your App guide on how to meet the Mac App Store requirements.然而,本指南并不保证您的应用程序会得到苹果的批准;你仍然需要阅读苹果的提交应用指南,了解如何满足Mac App Store的要求。

Upload上载

The Application Loader should be used to upload the signed app to iTunes Connect for processing, making sure you have created a record before uploading.应用程序加载器应用于将签名的应用程序上载到iTunes Connect进行处理,确保在上载之前已创建记录

If you are seeing errors like private APIs uses, you should check if the app is using the MAS build of Electron.如果您看到类似私有API使用的错误,您应该检查应用程序是否使用了Electron的MAS构建。

Submit for review提交以供审查

After uploading, you should submit your app for review.上传后,你应该提交应用程序以供审查

Limitations of MAS BuildMAS构建的限制

In order to satisfy all requirements for app sandboxing, the following modules have been disabled in the MAS build:为了满足应用程序沙盒的所有要求,以下模块在MAS构建中被禁用:

  • crashReporter
  • autoUpdater

and the following behaviors have been changed:以下行为已发生变化:

  • Video capture may not work for some machines.视频捕获可能不适用于某些机器。
  • Certain accessibility features may not work.某些辅助功能可能不起作用。
  • Apps will not be aware of DNS changes.应用程序将不知道DNS更改。

Also, due to the usage of app sandboxing, the resources which can be accessed by the app are strictly limited; you can read App Sandboxing for more information.此外,由于应用程序沙盒的使用,应用程序可以访问的资源受到严格限制;你可以阅读App Sandboxing了解更多信息。

Additional entitlements其他权利

Depending on which Electron APIs your app uses, you may need to add additional entitlements to your app's entitlements file. 根据应用程序使用的Electron API,您可能需要将其他权利添加到应用程序的权利文件中。Otherwise, the App Sandbox may prevent you from using them.否则,应用程序沙盒可能会阻止您使用它们。

Network access网络接入

Enable outgoing network connections to allow your app to connect to a server:启用传出网络连接以允许你的应用连接到服务器:

<key>com.apple.security.network.client</key>
<true/>

Enable incoming network connections to allow your app to open a network listening socket:启用传入网络连接以允许你的应用打开网络侦听套接字:

<key>com.apple.security.network.server</key>
<true/>

See the Enabling Network Access documentation for more details.有关更多详细信息,请参阅启用网络访问文档

dialog.showOpenDialog

<key>com.apple.security.files.user-selected.read-only</key>
<true/>

See the Enabling User-Selected File Access documentation for more details.有关更多详细信息,请参阅启用用户选择的文件访问文档

dialog.showSaveDialog

<key>com.apple.security.files.user-selected.read-write</key>
<true/>

See the Enabling User-Selected File Access documentation for more details.有关更多详细信息,请参阅启用用户选择的文件访问文档

Cryptographic Algorithms Used by ElectronElectron使用的密码算法

Depending on the countries in which you are releasing your app, you may be required to provide information on the cryptographic algorithms used in your software. 根据您发布应用程序的国家/地区,您可能需要提供有关软件中使用的加密算法的信息。See the encryption export compliance docs for more information.有关详细信息,请参阅加密导出合规性文档

Electron uses following cryptographic algorithms:Electron使用以下加密算法: