Skip to content

Commit

Permalink
feat(mac): Add support for a custom 'sign' function in mac/mas config (
Browse files Browse the repository at this point in the history
  • Loading branch information
scottnonnenberg-signal authored Jan 23, 2024
1 parent 2773410 commit adf97dc
Show file tree
Hide file tree
Showing 6 changed files with 68 additions and 16 deletions.
6 changes: 6 additions & 0 deletions .changeset/fresh-poems-greet.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
"app-builder-lib": minor
"electron-builder": minor
---

mac: Support for a custom 'sign' action
3 changes: 3 additions & 0 deletions docs/configuration/mac.md
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,9 @@ The top-level [mac](configuration.md#Configuration-mac) key contains set of opti
<p><code id="MacConfiguration-signIgnore">signIgnore</code> Array&lt;String&gt; | String | “undefined” - Regex or an array of regex’s that signal skipping signing a file.</p>
</li>
<li>
<p><code id="MacConfiguration-sign">sign</code> module:app-builder-lib/out/macPackager.__type | String | “undefined” - The custom function (or path to file or module id) to sign an app bundle.</p>
</li>
<li>
<p><code id="MacConfiguration-timestamp">timestamp</code> String | “undefined” - Specify the URL of the timestamp authority server</p>
</li>
<li>
Expand Down
28 changes: 28 additions & 0 deletions packages/app-builder-lib/scheme.json
Original file line number Diff line number Diff line change
Expand Up @@ -2787,6 +2787,20 @@
"string"
]
},
"sign": {
"anyOf": [
{
"typeof": "function"
},
{
"type": [
"null",
"string"
]
}
],
"description": "The custom function (or path to file or module id) to sign an app bundle."
},
"signIgnore": {
"anyOf": [
{
Expand Down Expand Up @@ -3420,6 +3434,20 @@
"string"
]
},
"sign": {
"anyOf": [
{
"typeof": "function"
},
{
"type": [
"null",
"string"
]
}
],
"description": "The custom function (or path to file or module id) to sign an app bundle."
},
"signIgnore": {
"anyOf": [
{
Expand Down
1 change: 1 addition & 0 deletions packages/app-builder-lib/src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ export { SnapOptions, PlugDescriptor, SlotDescriptor } from "./options/SnapOptio
export { Metadata, AuthorMetadata, RepositoryInfo } from "./options/metadata"
export { AppInfo } from "./appInfo"
export { SquirrelWindowsOptions } from "./options/SquirrelWindowsOptions"
export { CustomMacSign, CustomMacSignOptions } from "./macPackager"
export {
WindowsSignOptions,
CustomWindowsSignTaskConfiguration,
Expand Down
40 changes: 24 additions & 16 deletions packages/app-builder-lib/src/macPackager.ts
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ import { DIR_TARGET, Platform, Target } from "./core"
import { AfterPackContext, ElectronPlatformName } from "./index"
import { MacConfiguration, MasConfiguration, NotarizeLegacyOptions, NotarizeNotaryOptions } from "./options/macOptions"
import { Packager } from "./packager"
import { chooseNotNull, PlatformPackager } from "./platformPackager"
import { chooseNotNull, resolveFunction, PlatformPackager } from "./platformPackager"
import { ArchiveTarget } from "./targets/ArchiveTarget"
import { PkgTarget, prepareProductBuildArgs } from "./targets/pkg"
import { createCommonTarget, NoOpTarget } from "./targets/targetFactory"
Expand All @@ -23,6 +23,9 @@ import * as fs from "fs/promises"
import { notarize, NotarizeOptions } from "@electron/notarize"
import { LegacyNotarizePasswordCredentials, LegacyNotarizeStartOptions, NotaryToolStartOptions, NotaryToolCredentials } from "@electron/notarize/lib/types"

export type CustomMacSignOptions = SignOptions
export type CustomMacSign = (configuration: CustomMacSignOptions, packager: MacPackager) => Promise<void>

export default class MacPackager extends PlatformPackager<MacConfiguration> {
readonly codeSigningInfo = new Lazy<CodeSigningInfo>(() => {
const cscLink = this.getCscLink()
Expand Down Expand Up @@ -231,7 +234,7 @@ export default class MacPackager extends PlatformPackager<MacConfiguration> {
}
}

if (identity == null) {
if (!options.sign && identity == null) {
await reportError(isMas, certificateTypes, qualifier, keychainFile, this.forceCodeSigning)
return false
}
Expand Down Expand Up @@ -263,9 +266,9 @@ export default class MacPackager extends PlatformPackager<MacConfiguration> {
return path.resolve(appPath, destination)
})
)
log.info("Signing addtional user-defined binaries: " + JSON.stringify(binaries, null, 1))
log.info({ binaries }, "signing additional user-defined binaries")
}
const customSignOptions = (isMas ? masOptions : this.platformSpecificBuildOptions) || this.platformSpecificBuildOptions
const customSignOptions: MasConfiguration | MacConfiguration = (isMas ? masOptions : this.platformSpecificBuildOptions) || this.platformSpecificBuildOptions

const signOptions: SignOptions = {
identityValidation: false,
Expand Down Expand Up @@ -306,16 +309,7 @@ export default class MacPackager extends PlatformPackager<MacConfiguration> {
provisioningProfile: customSignOptions.provisioningProfile || undefined,
}

log.info(
{
file: log.filePath(appPath),
identityName: identity.name,
identityHash: identity.hash,
provisioningProfile: signOptions.provisioningProfile || "none",
},
"signing"
)
await this.doSign(signOptions)
await this.doSign(signOptions, customSignOptions)

// https://github.com/electron-userland/electron-builder/issues/1196#issuecomment-312310209
if (masOptions != null && !isDevelopment) {
Expand Down Expand Up @@ -393,8 +387,22 @@ export default class MacPackager extends PlatformPackager<MacConfiguration> {
}

//noinspection JSMethodCanBeStatic
protected doSign(opts: SignOptions): Promise<any> {
return signAsync(opts)
protected async doSign(opts: SignOptions, customSignOptions: MacConfiguration): Promise<void> {
const customSign = await resolveFunction(this.appInfo.type, customSignOptions.sign, "sign")

const { app, platform, type, identity, provisioningProfile } = opts
log.info(
{
file: log.filePath(app),
platform,
type,
identity: identity || "none",
provisioningProfile: provisioningProfile || "none",
},
customSign ? "executing custom sign" : "signing"
)

return customSign ? Promise.resolve(customSign(opts, this)) : signAsync(opts)
}

//noinspection JSMethodCanBeStatic
Expand Down
6 changes: 6 additions & 0 deletions packages/app-builder-lib/src/options/macOptions.ts
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import { PlatformSpecificBuildOptions, TargetConfiguration, TargetSpecificOptions } from "../index"
import { CustomMacSign } from "../macPackager"

export type MacOsTargetName = "default" | "dmg" | "mas" | "mas-dev" | "pkg" | "7z" | "zip" | "tar.xz" | "tar.lz" | "tar.gz" | "tar.bz2" | "dir"

Expand Down Expand Up @@ -175,6 +176,11 @@ export interface MacConfiguration extends PlatformSpecificBuildOptions {
*/
readonly signIgnore?: Array<string> | string | null

/**
* The custom function (or path to file or module id) to sign an app bundle.
*/
readonly sign?: CustomMacSign | string | null

/**
* Specify the URL of the timestamp authority server
*/
Expand Down

0 comments on commit adf97dc

Please sign in to comment.