Debian 11 (bullseye) changed the default for kernel.unprivileged_userns_clone to 1,
thus this workaround is no longer required.
This at the same time fixes the default command line entry for the deb
package.
Closes: #628
Release this ~3 months after 2.9.0 was released (21 Sep 2021) so
that users had 3 months to migrate to local storage
Signed-off-by: Christoph Settgast <csett86@web.de>
Use eg in GH actions like this with
secret API_KEY = API key file as coming from Apple
secret API_KEY_ID = API key ID as coming from Apple
secret API_KEY_ISSUER_ID = API key issuer ID as coming from Apple
mkdir -p ~/private_keys/
echo '${{ secrets.api_key }}' > ~/private_keys/AuthKey_${{ secrets.api_key_id }}.p8
echo "API_KEY_FILE=~/private_keys/AuthKey_${{ secrets.api_key_id }}.p8" >> $GITHUB_ENV
echo "API_KEY_ID=${{ secrets.api_key_id }}" >> $GITHUB_ENV
echo "API_KEY_ISSUER_ID=${{ secrets.api_key_issuer_id }}" >> $GITHUB_ENV
mac: Enable autoupdate by sign and notarize via github action
Signed and notarized binaries are the precondition for autoupdates on
mac. Additionally Gatekeeper on 10.15+ is happy and allows to open the
app instead of blocking it.
The notarize step is added unconditionally, as it only emits a warning if
the notarization API key is not set, but it does not break the build.
This is an upstreaming of https://github.com/csett86/jitsi-meet-electron
where it worked since March 2020.
On CI, only sign if not triggered by pull request, as these will fail (as secrets
are not available to pull request builds).
The required github secrets (signing key, cert and notarize API login, password and team id) are:
Signing
Open the Keychain Access app. Export all certificates (Developer ID Certificate) related to your app into a single file (e.g. certs.p12) and set a strong password.
Base64-encode your certificates using the following command: base64 -i certs.p12 -o encoded.txt
In the GitHub repository, go to Settings → Secrets and add the following two variables:
mac_certs: Your base64 encoded certificates, i.e. the content of the encoded.txt file you created before
mac_certs_password: The password you set when exporting the certificates
Notarization
Create an app-specific password for your apple id: https://support.apple.com/de-de/HT204397
In the GitHub repository, go to Settings → Secrets and add the following three variables:
apple_id: your apple id
apple_id_password: the just created app-specific password for your apple id
team_id: your team short name: https://github.com/electron/electron-notarize#notes-on-your-team-short-name
Co-authored-by: Saúl Ibarra Corretgé <s@saghul.net>
This is a preparation for electron 14+, where electron-store is no longer
in a usable state (currently used version does not work due to remote module
removed in electron 14, latest version extends every app startup to 10 seconds).
Once sufficient migration period has passed, electron-store and
redux-persist-electron-storage and the ipc call introduced here
(electron-store-exists) can be removed.
csett86