aesthetic.computer / core
Monorepo for Aesthetic.Computer aesthetic.computer
fork atom
core / ac-electron /
at main 5 folders 22 files
build
native
renderer
rpm
scripts
.env.template
.gitignore
BUILD.md
CODE-SIGNING.md
README.md
RIO-TERMINAL.md
build-all-platforms.fish
check-reboot.js
dev.fish
ff1-bridge.js
flip-view.html
main.js
offscreen-manager.js
package-lock.json
package.json
preload.js
reinstall.sh
release.fish
restart-electron.ps1
restart-electron.sh
trigger-reboot.js
webview-preload.js
README.md

Aesthetic Computer Electron Build Credentials#

This directory contains signing certificates and credentials for building and distributing the Aesthetic Computer desktop app across all platforms.

Contents#

macOS Code Signing#

  • mac-developer-id.p12 - Apple Developer ID certificate (export from Xcode/Keychain)
  • mac-developer-id-password.txt - Password for the .p12 file
  • mac-provisioning-profile.provisionprofile - Provisioning profile (if needed)
  • apple-id.txt - Apple ID email for notarization
  • apple-app-specific-password.txt - App-specific password for notarization

Windows Code Signing#

  • windows-code-signing.pfx - Windows Authenticode certificate
  • windows-code-signing-password.txt - Password for the .pfx file

Linux#

No signing required for Linux builds (AppImage, deb, rpm are unsigned by default)

Build Secrets#

  • .env - Environment variables for build process: 
    # macOS
CSC_LINK=./mac-developer-id.p12
CSC_KEY_PASSWORD=<from mac-developer-id-password.txt>
APPLE_ID=<from apple-id.txt>
APPLE_APP_SPECIFIC_PASSWORD=<from apple-app-specific-password.txt>
APPLE_TEAM_ID=<your Apple Team ID>

# Windows
WIN_CSC_LINK=./windows-code-signing.pfx
WIN_CSC_KEY_PASSWORD=<from windows-code-signing-password.txt>

# Publishing
GH_TOKEN=<GitHub Personal Access Token with repo scope>

Usage#

The build-all-platforms.fish script in the parent ac-electron/ directory will:

  1. Source credentials from this vault
  2. Build for all platforms using Docker containers
  3. Sign apps with appropriate certificates
  4. Publish to GitHub releases

Getting Certificates#

macOS Developer ID Certificate#

  1. Log into https://developer.apple.com
  2. Go to Certificates, Identifiers & Profiles
  3. Create a Developer ID Application certificate
  4. Download and install in Keychain Access
  5. Export as .p12 with a strong password
  6. Store .p12 and password in vault

Windows Code Signing Certificate#

  1. Purchase from a CA (DigiCert, Sectigo, etc.)
  2. Download the .pfx file
  3. Store .pfx and password in vault

Apple App-Specific Password#

  1. Log into https://appleid.apple.com
  2. Go to Security > App-Specific Passwords
  3. Generate a new password for "Aesthetic Computer Electron Builder"
  4. Store in vault

Security Notes#

  • NEVER commit certificates to git
  • .p12 and .pfx files should be mode 600 (owner read/write only)
  • Passwords stored in separate files for easier rotation
  • This directory is gitignored in the parent repo