mirrors/signal-desktop
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 2 Wiki Activity Actions

macOS: Prepare for code-signing outside of electron-builder

Browse source
This commit is contained in:
Scott Nonnenberg 2024-01-23 17:31:49 -08:00 committed by GitHub
parent 2bc0e4755c
commit 36c834ea26
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 98 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/ci.yml vendored
View file

@ -95,9 +95,11 @@ jobs:
env: env:
ARTIFACTS_DIR: artifacts/macos ARTIFACTS_DIR: artifacts/macos
timeout-minutes: 5 timeout-minutes: 5
- run: touch noop.sh && chmod +x noop.sh
- run: yarn build - run: yarn build
env: env:
DISABLE_INSPECT_FUSE: on DISABLE_INSPECT_FUSE: on
SIGN_MACOS_SCRIPT: noop.sh
- name: Rebuild native modules for x64 - name: Rebuild native modules for x64
run: yarn electron:install-app-deps run: yarn electron:install-app-deps
- run: yarn test-release - run: yarn test-release

1
patches/.prettierignore Normal file
View file

@ -0,0 +1 @@
**

67
patches/app-builder-lib+24.6.3.patch
View file

@ -1,3 +1,48 @@
diff --git a/node_modules/app-builder-lib/out/macPackager.js b/node_modules/app-builder-lib/out/macPackager.js
index 9df12c4..fd48a4f 100644
--- a/node_modules/app-builder-lib/out/macPackager.js
+++ b/node_modules/app-builder-lib/out/macPackager.js
@@ -194,7 +194,8 @@ class MacPackager extends platformPackager_1.PlatformPackager {
builder_util_1.log.warn("Mac Developer is used to sign app — it is only for development and testing, not for production");
}
}
- if (identity == null) {
+ const customSign = await (0, platformPackager_1.resolveFunction)(options.sign, "sign");
+ if (!customSign && identity == null) {
await (0, macCodeSign_1.reportError)(isMas, certificateTypes, qualifier, keychainFile, this.forceCodeSigning);
return false;
}
@@ -261,11 +262,11 @@ class MacPackager extends platformPackager_1.PlatformPackager {
};
builder_util_1.log.info({
file: builder_util_1.log.filePath(appPath),
- identityName: identity.name,
- identityHash: identity.hash,
+ identityName: identity ? identity.name : undefined,
+ identityHash: identity ? identity.hash : undefined,
provisioningProfile: signOptions.provisioningProfile || "none",
}, "signing");
- await this.doSign(signOptions);
+ await this.doSign(signOptions, masOptions);
// https://github.com/electron-userland/electron-builder/issues/1196#issuecomment-312310209
if (masOptions != null && !isDevelopment) {
const certType = isDevelopment ? "Mac Developer" : "3rd Party Mac Developer Installer";
@@ -332,7 +333,14 @@ class MacPackager extends platformPackager_1.PlatformPackager {
return optionsForFile;
}
//noinspection JSMethodCanBeStatic
- doSign(opts) {
+ doSign(opts, masOptions) {
+ const options = masOptions == null ? this.platformSpecificBuildOptions : masOptions;
+
+ const customSign = (0, platformPackager_1.resolveFunction)(options.sign, "sign");
+ if (customSign) {
+ return Promise.resolve(customSign(opts));
+ }
+
return (0, osx_sign_1.signAsync)(opts);
}
//noinspection JSMethodCanBeStatic
diff --git a/node_modules/app-builder-lib/out/targets/LinuxTargetHelper.js b/node_modules/app-builder-lib/out/targets/LinuxTargetHelper.js diff --git a/node_modules/app-builder-lib/out/targets/LinuxTargetHelper.js b/node_modules/app-builder-lib/out/targets/LinuxTargetHelper.js
index fcb7f54..3f27bf3 100644 index fcb7f54..3f27bf3 100644
--- a/node_modules/app-builder-lib/out/targets/LinuxTargetHelper.js --- a/node_modules/app-builder-lib/out/targets/LinuxTargetHelper.js
@ -11,6 +56,28 @@ index fcb7f54..3f27bf3 100644
} }
} }
const desktopMeta = { const desktopMeta = {
diff --git a/node_modules/app-builder-lib/scheme.json b/node_modules/app-builder-lib/scheme.json
index 1d45055..0d0cb9c 100644
--- a/node_modules/app-builder-lib/scheme.json
+++ b/node_modules/app-builder-lib/scheme.json
@@ -2784,6 +2784,17 @@
"string"
]
},
+ "sign": {
+ "anyOf": [
+ {
+ "type": [
+ "null",
+ "string"
+ ]
+ }
+ ],
+ "description": "The custom function (or path to file or module id) to sign macOS files."
+ },
"signIgnore": {
"anyOf": [
{
diff --git a/node_modules/app-builder-lib/templates/linux/after-install.tpl b/node_modules/app-builder-lib/templates/linux/after-install.tpl diff --git a/node_modules/app-builder-lib/templates/linux/after-install.tpl b/node_modules/app-builder-lib/templates/linux/after-install.tpl
index 0f541f9..d1e77a0 100644 index 0f541f9..d1e77a0 100644
--- a/node_modules/app-builder-lib/templates/linux/after-install.tpl --- a/node_modules/app-builder-lib/templates/linux/after-install.tpl

28
ts/scripts/sign-macos.ts Normal file
View file

@ -0,0 +1,28 @@
// Copyright 2019 Signal Messenger, LLC
// SPDX-License-Identifier: AGPL-3.0-only
import { execSync } from 'child_process';
import { realpath } from 'fs-extra';
// eslint-disable-next-line max-len
// eslint-disable-next-line @typescript-eslint/explicit-module-boundary-types, @typescript-eslint/no-explicit-any
export async function sign(configuration: any): Promise<void> {
const scriptPath = process.env.SIGN_MACOS_SCRIPT;
if (!scriptPath) {
throw new Error(
'path to macos sign script must be provided in environment variable SIGN_MACOS_SCRIPT'
);
}
const target = await realpath(configuration.app);
// The script will update the file in-place
const returnCode = execSync(`bash "${scriptPath}" "${target}"`, {
stdio: [null, process.stdout, process.stderr],
});
if (returnCode) {
throw new Error(`sign-macos: Script returned code ${returnCode}`);
}
}