diff --git a/CMakeLists.txt b/CMakeLists.txt
index 835ca5832facbbe05c28b101a803014d478291f6..b2dd02fb1b1b279112aa36f10c5aef58c5babce2 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -704,33 +704,35 @@ else()
qt_add_translation(QM_FILES ${TS_FILES})
target_sources(${PROJECT_NAME} PRIVATE ${QM_FILES})
endif()
- set_target_properties(
- ${PROJECT_NAME}
- PROPERTIES
- MACOSX_BUNDLE TRUE
- MACOSX_BUNDLE_INFO_PLIST
- "${CMAKE_CURRENT_SOURCE_DIR}/resources/Info.plist"
- MACOSX_BUNDLE_EXECUTABLE_NAME "${PROJ_NAME}"
- MACOSX_BUNDLE_ICON_FILE "jami.icns"
- MACOSX_BUNDLE_GUI_IDENTIFIER "${BUNDLE_ID}"
- MACOSX_BUNDLE_SHORT_VERSION_STRING "${JAMI_VERSION}"
- MACOSX_BUNDLE_BUNDLE_VERSION "${JAMI_BUILD}"
- MACOSX_BUNDLE_COPYRIGHT "${PROJ_COPYRIGHT}"
- SPARKLE_URL "${SPARKLE_URL}"
- XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS
- "${CMAKE_CURRENT_SOURCE_DIR}/resources/entitlements/Jami.entitlements"
- XCODE_ATTRIBUTE_ENABLE_HARDENED_RUNTIME TRUE)
- if(DEPLOY)
- add_custom_command(
- TARGET ${PROJECT_NAME}
- POST_BUILD
- COMMAND ${CMAKE_COMMAND} -DQML_SRC_DIR=${APP_SRC_DIR}
- -DMAC_DEPLOY_QT_PATH=${CMAKE_PREFIX_PATH}/bin
- -DEXE_NAME="${CMAKE_BINARY_DIR}/${PROJECT_NAME}.app"
- -DSPARKLE_PATH=${SPARKLE_FRAMEWORK}
- -DENABLE_SPARKLE=${ENABLE_SPARKLE}
- -P ${CMAKE_CURRENT_SOURCE_DIR}/cmake/macos_qt_deploy.cmake)
- endif()
+
+ set_target_properties(${PROJECT_NAME} PROPERTIES
+ MACOSX_BUNDLE TRUE
+ MACOSX_BUNDLE_INFO_PLIST "${CMAKE_CURRENT_SOURCE_DIR}/resources/Info.plist"
+ MACOSX_BUNDLE_EXECUTABLE_NAME "${PROJ_NAME}"
+ MACOSX_BUNDLE_ICON_FILE "jami.icns"
+ MACOSX_BUNDLE_GUI_IDENTIFIER "${BUNDLE_ID}"
+ MACOSX_BUNDLE_SHORT_VERSION_STRING "${JAMI_VERSION}"
+ MACOSX_BUNDLE_BUNDLE_VERSION "${JAMI_BUILD}"
+ MACOSX_BUNDLE_COPYRIGHT "${PROJ_COPYRIGHT}")
+ if(APPSTORE)
+ message(STATUS "app store version")
+ set_target_properties(${PROJECT_NAME} PROPERTIES
+ XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS "${CMAKE_CURRENT_SOURCE_DIR}/resources/entitlements/appstore/Jami.entitlements")
+ else()
+ set_target_properties(${PROJECT_NAME} PROPERTIES
+ SPARKLE_URL "${SPARKLE_URL}"
+ XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS "${CMAKE_CURRENT_SOURCE_DIR}/resources/entitlements/Jami.entitlements"
+ XCODE_ATTRIBUTE_ENABLE_HARDENED_RUNTIME TRUE)
+ endif()
+ if(DEPLOY)
+ add_custom_command(TARGET ${PROJECT_NAME} POST_BUILD
+ COMMAND ${CMAKE_COMMAND} -DQML_SRC_DIR=${SRC_DIR}
+ -DMAC_DEPLOY_QT_PATH=${CMAKE_PREFIX_PATH}/bin
+ -DEXE_NAME="${CMAKE_BINARY_DIR}/${PROJECT_NAME}.app"
+ -DSPARKLE_PATH=${SPARKLE_FRAMEWORK}
+ -DENABLE_SPARKLE=${ENABLE_SPARKLE}
+ -P ${CMAKE_CURRENT_SOURCE_DIR}/cmake/macos_qt_deploy.cmake)
+ endif()
endif()
qt_import_qml_plugins(${PROJECT_NAME})
diff --git a/resources/entitlements/appstore/Jami.entitlements b/resources/entitlements/appstore/Jami.entitlements
new file mode 100644
index 0000000000000000000000000000000000000000..f368fbd4d0ee84de08eb1dddcd937a12ee6597ae
--- /dev/null
+++ b/resources/entitlements/appstore/Jami.entitlements
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>com.apple.security.app-sandbox</key>
+ <true/>
+ <key>com.apple.security.device.camera</key>
+ <true/>
+ <key>com.apple.security.device.microphone</key>
+ <true/>
+ <key>com.apple.security.files.user-selected.read-write</key>
+ <true/>
+ <key>com.apple.security.cs.allow-jit</key>
+ <true/>
+ <key>com.apple.security.network.client</key>
+ <true/>
+ <key>com.apple.security.network.server</key>
+ <true/>
+</dict>
+</plist>
diff --git a/scripts/signDeployAppStore.sh b/scripts/signDeployAppStore.sh
new file mode 100755
index 0000000000000000000000000000000000000000..e6cc1b45aac178be274f0261fee9c87c2065e06b
--- /dev/null
+++ b/scripts/signDeployAppStore.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+echo ""
+cd build-local
+echo "cloning certificates"
+git clone $CERTIFICATES_REPOSITORY
+echo "prepare keychain"
+security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_NAME > /dev/null 2>&1
+security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_NAME > /dev/null 2>&1
+security list-keychains -s $KEYCHAIN_NAME > /dev/null 2>&1
+security set-key-partition-list -S apple-tool:,apple:,productbuild: -s -k $KEYCHAIN_PASSWORD $KEYCHAIN_NAME > /dev/null 2>&1
+echo "import certificates"
+security import certificates/certificates/distribution/Certificates.p12 -k $KEYCHAIN_PATH -P $CERTIFICATES_PASSWORD -T /usr/bin/codesign -T /usr/bin/productbuild
+DELIVER_PASSWORD=$APPLE_PASSWORD fastlane sigh --app_identifier $BUNDLE_ID --username $APPLE_ACCOUNT --readonly true --platform macos --team_id $TEAM_ID
+security set-key-partition-list -S apple-tool:,apple:,productbuild: -s -k $KEYCHAIN_PASSWORD $KEYCHAIN_NAME > /dev/null 2>&1
+echo "start signing"
+$MACDEPLOYQT_PATH ./Jami.app -no-strip -appstore-compliant -codesign="${APP_CERTIFICATE}"
+echo "remove web engine"
+rm -rf Jami.app/Contents/Frameworks/QtWebEngineQuickDelegatesQml.framework
+rm -rf Jami.app/Contents/Frameworks/QtWebEngineQuick.framework
+rm -rf Jami.app/Contents/Frameworks/QtWebEngineCore.framework
+rm -rf Jami.app/Contents/Frameworks/QtWebChannel.framework
+codesign --force --sign "${APP_CERTIFICATE}" --entitlements ../resources/entitlements/appstore/Jami.entitlements Jami.app
+codesign --verify Jami.app
+echo "create .pkg"
+productbuild --component Jami.app/ /Applications --sign "${INSTALLER_CERTIFICATE}" --product Jami.app/Contents/Info.plist Jami.pkg
+/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/Frameworks/AppStoreService.framework/Versions/A/Support/altool --validate-app --type osx -f Jami.pkg -u $APPLE_ACCOUNT --password $ALTOOL_PASSWORD
+echo "start deploying"
+/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/Frameworks/AppStoreService.framework/Versions/A/Support/altool --upload-app --type osx -f Jami.pkg -u $APPLE_ACCOUNT --password $ALTOOL_PASSWORD