elixir-desktop
diff --git a/‎README.md‎
Lines changed: 12 additions & 12 deletions b/‎README.md‎
Lines changed: 12 additions & 12 deletions
diff --git a/‎lib/package/macos.ex‎
Lines changed: 7 additions & 41 deletions b/‎lib/package/macos.ex‎
Lines changed: 7 additions & 41 deletions
diff --git a/‎notarize_macos.sh‎
Lines changed: 0 additions & 13 deletions b/‎notarize_macos.sh‎
Lines changed: 0 additions & 13 deletions
diff --git a/‎notarize_macos_info.sh‎
Lines changed: 0 additions & 5 deletions b/‎notarize_macos_info.sh‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎notarize_macos_list.sh‎
Lines changed: 0 additions & 10 deletions b/‎notarize_macos_list.sh‎
Lines changed: 0 additions & 10 deletions
@@ -77,25 +77,25 @@ To support windows code signing the user has to create two certificate files `ap
 
 ### MacOS -> DMG
 
-The builds are all done on an x86_64 apple machine and we're enabling rosetta explicitly in the `.plist` file for M1 machines.
+MacOS has two variants ARM (M1,2,3...) and legacy x86 if you want to enable your builds on both platforms the easiest way is to have the CI (e.g. GitHub) have the build done on a x86_64 machine. Then the rosetta compatibility layer will make it runnable on ARM too. For this rosetta is enabled explicitly in the `.plist` file for ARM machines.
 
-To run either you will need a macos development account. There are two environment variables this depends on `DEVELOPER_ID` which is set by `build_macos.sh` automatically using the default. `AC_PASSWORD` which is the API key for your account
+Code signing is done as part of the `desktop.installer` task if and only if a developer_id is provided. This can be provided through one of these environment variables:
 
-1) `build_macos.sh`
-2) `notarize_macos.sh`
+- `MACOS_DEVELOPER_ID` - String of the user uid
+- `MACOS_PEM` - PEM file with both user uid and user certificate for signing
 
-#### Known Issues / Comments
+In addition the keychain to be used can be specified using:
+- `MACOS_KEYCHAIN` - Name/path of the keychain defaults to the result of `security login-keychain`
 
-* Background images for the deployment window of the `.dmg` (when clicking that on macos) are hardcoded in the rel/macosx/ subdirectory. I've not yet discovered how to properly (dynamically) create them. Also haven't found out how to set the DMGs icon to be non-standard as some apps do.
 
-* The DMG should be notarized in two phases but right now it's not :-(
+1) `mix desktop.installer`
+2) `mix desktop.notarize <username@apple_account.com> <app_specific_password> <team_id> _build/prod/*.dmg`
 
-    1) Notarize the app directory (by zipping and uploading it)
-    1) Staple the ticket to the app directory and all executables
-    1) Package the app directory into the dmg, notarize the dmg
-    1) Staple the ticket to the dmg
+#### Known Issues / Comments
+
+* Background images for the deployment window of the `.dmg` (when clicking that on macos) are hardcoded in the rel/macosx/ subdirectory. I've not yet discovered how to properly (dynamically) create them. Also haven't found out how to set the DMGs icon to be non-standard as some apps do.
 
-* Best to use a really recent wxWidgets on macos, such as wxWidgets (3.1.6) as e.g. taskbar icon size bug fixes are only present there.
+* Best to use the most recent wxWidgets on macos, as e.g. taskbar icon size bug fixes are only present there.
 
 ### Linux -> makeself
 
 
@@ -76,7 +76,12 @@ defmodule Desktop.Deployment.Package.MacOS do
     # Maybe embedding Info.plist into the beam.smp
     with [beam_smp] <- wildcard(root, "**/*.smp") do
       oldbin = File.read!(beam_smp)
-      with [match] <- Regex.run(~r/<\!--PLIST_TEMPLATE_START_64f5fc2af15ab6092d25ede0fdc039e0789aa6e9.+PLIST_TEMPLATE_END_64f5fc2af15ab6092d25ede0fdc039e0789aa6e9-->/s, oldbin) do
+
+      with [match] <-
+             Regex.run(
+               ~r/<\!--PLIST_TEMPLATE_START_64f5fc2af15ab6092d25ede0fdc039e0789aa6e9.+PLIST_TEMPLATE_END_64f5fc2af15ab6092d25ede0fdc039e0789aa6e9-->/s,
+               oldbin
+             ) do
         size = byte_size(match)
         [_all, replacement] = Regex.run(~r/<plist[^>]*>(.+)<\/plist>/s, content)
         replacement = String.pad_trailing(replacement, size, " ")
@@ -95,7 +100,7 @@ defmodule Desktop.Deployment.Package.MacOS do
       end)
     end
 
-    developer_id = Package.MacOS.find_developer_id()
+    developer_id = find_developer_id()
 
     if developer_id != nil do
       codesign(root)
@@ -425,45 +430,6 @@ defmodule Desktop.Deployment.Package.MacOS do
     end
   end
 
-  defmodule NtzCreds do
-    @moduledoc false
-    defstruct [:username, :password, :team_uid]
-  end
-
-  def notarize(file) do
-    notarize(Desktop.Deployment.package(), default_creds(), file)
-  end
-
-  def default_creds() do
-    %NtzCreds{
-      username: System.get_env("MACOS_NOTARIZATION_USER"),
-      password: System.get_env("MACOS_NOTARIZATION_PASSWORD"),
-      team_uid: find_developer_id()
-    }
-  end
-
-  def notarize(
-        %Package{identifier: identifier},
-        %NtzCreds{username: username, password: password, team_uid: team_uid},
-        file
-      )
-      when is_binary(username) and is_binary(password) and is_binary(team_uid) do
-    cmd!("xcrun", [
-      "altool",
-      "--notarize-app",
-      "--primary-bundle-id",
-      identifier <> ".dmg",
-      "--username",
-      username,
-      "--password",
-      password,
-      "--team",
-      team_uid,
-      "--file",
-      file
-    ])
-  end
-
   defp scan({:AttributeTypeAndValue, @friendly_attribute, friendly}) do
     case Regex.scan(~r/\(([^)]+)\)$/, friendly) do
       [[_full, uid]] -> [uid]