diff --git a/.changeset/thirty-bobcats-beg.md b/.changeset/thirty-bobcats-beg.md new file mode 100644 index 00000000000..13f8df29079 --- /dev/null +++ b/.changeset/thirty-bobcats-beg.md @@ -0,0 +1,5 @@ +--- +"app-builder-lib": patch +--- + +Use full path to macOS signing utilities diff --git a/packages/app-builder-lib/src/codeSign/macCodeSign.ts b/packages/app-builder-lib/src/codeSign/macCodeSign.ts index f0cf349ed46..f9110ee2e78 100644 --- a/packages/app-builder-lib/src/codeSign/macCodeSign.ts +++ b/packages/app-builder-lib/src/codeSign/macCodeSign.ts @@ -87,7 +87,7 @@ export async function reportError( } if (qualifier != null || isAutoDiscoveryCodeSignIdentity()) { - logFields.allIdentities = (await exec("security", args)) + logFields.allIdentities = (await exec("/usr/bin/security", args)) .trim() .split("\n") .filter(it => !(it.includes("Policy: X.509 Basic") || it.includes("Matching identities"))) @@ -116,7 +116,7 @@ const bundledCertKeychainAdded = new Lazy(async () => { ]) const list = results[0] if (!list.includes(keychainPath)) { - await exec("security", ["list-keychains", "-d", "user", "-s", keychainPath].concat(list)) + await exec("/usr/bin/security", ["list-keychains", "-d", "user", "-s", keychainPath].concat(list)) } }) @@ -126,7 +126,7 @@ function getCacheDirectory(): string { } function listUserKeychains(): Promise> { - return exec("security", ["list-keychains", "-d", "user"]).then(it => + return exec("/usr/bin/security", ["list-keychains", "-d", "user"]).then(it => it .split("\n") .map(it => { @@ -147,7 +147,7 @@ export interface CreateKeychainOptions { } export function removeKeychain(keychainFile: string, printWarn = true): Promise { - return exec("security", ["delete-keychain", keychainFile]).catch((e: any) => { + return exec("/usr/bin/security", ["delete-keychain", keychainFile]).catch((e: any) => { if (printWarn) { log.warn({ file: keychainFile, error: e.stack || e }, "cannot delete keychain") } @@ -193,7 +193,7 @@ export async function createKeychain({ tmpDir, cscLink, cscKeyPassword, cscILink await Promise.all([ // we do not clear downloaded files - will be removed on tmpDir cleanup automatically. not a security issue since in any case data is available as env variables and protected by password. BluebirdPromise.map(certLinks, (link, i) => importCertificate(link, tmpDir, currentDir).then(it => (certPaths[i] = it))), - BluebirdPromise.mapSeries(securityCommands, it => exec("security", it)), + BluebirdPromise.mapSeries(securityCommands, it => exec("/usr/bin/security", it)), ]) return await importCerts(keychainFile, certPaths, [cscKeyPassword, cscIKeyPassword].filter(it => it != null) as Array) } @@ -201,11 +201,11 @@ export async function createKeychain({ tmpDir, cscLink, cscKeyPassword, cscILink async function importCerts(keychainFile: string, paths: Array, keyPasswords: Array): Promise { for (let i = 0; i < paths.length; i++) { const password = keyPasswords[i] - await exec("security", ["import", paths[i], "-k", keychainFile, "-T", "/usr/bin/codesign", "-T", "/usr/bin/productbuild", "-P", password]) + await exec("/usr/bin/security", ["import", paths[i], "-k", keychainFile, "-T", "/usr/bin/codesign", "-T", "/usr/bin/productbuild", "-P", password]) // https://stackoverflow.com/questions/39868578/security-codesign-in-sierra-keychain-ignores-access-control-settings-and-ui-p // https://github.com/electron-userland/electron-packager/issues/701#issuecomment-322315996 - await exec("security", ["set-key-partition-list", "-S", "apple-tool:,apple:", "-s", "-k", password, keychainFile]) + await exec("/usr/bin/security", ["set-key-partition-list", "-S", "apple-tool:,apple:", "-s", "-k", password, keychainFile]) } return { @@ -219,7 +219,7 @@ export function sign(path: string, name: string, keychain: string): Promise if (keychain != null) { args.push("--keychain", keychain) } - return exec("codesign", args) + return exec("/usr/bin/codesign", args) } export let findIdentityRawResult: Promise> | null = null @@ -237,7 +237,7 @@ async function getValidIdentities(keychain?: string | null): Promise>([ - exec("security", addKeychain(["find-identity", "-v"])).then(it => + exec("/usr/bin/security", addKeychain(["find-identity", "-v"])).then(it => it .trim() .split("\n") @@ -250,7 +250,7 @@ async function getValidIdentities(keychain?: string | null): Promise it.trim().split("\n")), + exec("/usr/bin/security", addKeychain(["find-identity", "-v", "-p", "codesigning"])).then(it => it.trim().split("\n")), ]).then(it => { const array = it[0] .concat(it[1])