mirror of
https://github.com/microsoft/vscode.git
synced 2026-02-15 07:28:05 +00:00
chore: update to @electron/osx-sign@2.0.0 (#259758)
This commit is contained in:
Robo
GitHub
@@ -9,14 +9,32 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
const fs_1 = __importDefault(require("fs"));
|
||||
const path_1 = __importDefault(require("path"));
|
||||
const electron_osx_sign_1 = __importDefault(require("electron-osx-sign"));
|
||||
const osx_sign_1 = require("@electron/osx-sign");
|
||||
const cross_spawn_promise_1 = require("@malept/cross-spawn-promise");
|
||||
const root = path_1.default.dirname(path_1.default.dirname(__dirname));
|
||||
const baseDir = path_1.default.dirname(__dirname);
|
||||
const product = JSON.parse(fs_1.default.readFileSync(path_1.default.join(root, 'product.json'), 'utf8'));
|
||||
const helperAppBaseName = product.nameShort;
|
||||
const gpuHelperAppName = helperAppBaseName + ' Helper (GPU).app';
|
||||
const rendererHelperAppName = helperAppBaseName + ' Helper (Renderer).app';
|
||||
const pluginHelperAppName = helperAppBaseName + ' Helper (Plugin).app';
|
||||
function getElectronVersion() {
|
||||
const npmrc = fs_1.default.readFileSync(path_1.default.join(root, '.npmrc'), 'utf8');
|
||||
const target = /^target="(.*)"$/m.exec(npmrc)[1];
|
||||
return target;
|
||||
}
|
||||
function getEntitlementsForFile(filePath) {
|
||||
if (filePath.includes(gpuHelperAppName)) {
|
||||
return path_1.default.join(baseDir, 'azure-pipelines', 'darwin', 'helper-gpu-entitlements.plist');
|
||||
}
|
||||
else if (filePath.includes(rendererHelperAppName)) {
|
||||
return path_1.default.join(baseDir, 'azure-pipelines', 'darwin', 'helper-renderer-entitlements.plist');
|
||||
}
|
||||
else if (filePath.includes(pluginHelperAppName)) {
|
||||
return path_1.default.join(baseDir, 'azure-pipelines', 'darwin', 'helper-plugin-entitlements.plist');
|
||||
}
|
||||
return path_1.default.join(baseDir, 'azure-pipelines', 'darwin', 'app-entitlements.plist');
|
||||
}
|
||||
async function main(buildDir) {
|
||||
const tempDir = process.env['AGENT_TEMPDIRECTORY'];
|
||||
const arch = process.env['VSCODE_ARCH'];
|
||||
@@ -27,55 +45,21 @@ async function main(buildDir) {
|
||||
if (!tempDir) {
|
||||
throw new Error('$AGENT_TEMPDIRECTORY not set');
|
||||
}
|
||||
const product = JSON.parse(fs_1.default.readFileSync(path_1.default.join(root, 'product.json'), 'utf8'));
|
||||
const baseDir = path_1.default.dirname(__dirname);
|
||||
const appRoot = path_1.default.join(buildDir, `VSCode-darwin-${arch}`);
|
||||
const appName = product.nameLong + '.app';
|
||||
const appFrameworkPath = path_1.default.join(appRoot, appName, 'Contents', 'Frameworks');
|
||||
const helperAppBaseName = product.nameShort;
|
||||
const gpuHelperAppName = helperAppBaseName + ' Helper (GPU).app';
|
||||
const rendererHelperAppName = helperAppBaseName + ' Helper (Renderer).app';
|
||||
const pluginHelperAppName = helperAppBaseName + ' Helper (Plugin).app';
|
||||
const infoPlistPath = path_1.default.resolve(appRoot, appName, 'Contents', 'Info.plist');
|
||||
const defaultOpts = {
|
||||
const appOpts = {
|
||||
app: path_1.default.join(appRoot, appName),
|
||||
platform: 'darwin',
|
||||
entitlements: path_1.default.join(baseDir, 'azure-pipelines', 'darwin', 'app-entitlements.plist'),
|
||||
'entitlements-inherit': path_1.default.join(baseDir, 'azure-pipelines', 'darwin', 'app-entitlements.plist'),
|
||||
hardenedRuntime: true,
|
||||
'pre-auto-entitlements': false,
|
||||
'pre-embed-provisioning-profile': false,
|
||||
optionsForFile: (filePath) => ({
|
||||
entitlements: getEntitlementsForFile(filePath),
|
||||
hardenedRuntime: true,
|
||||
}),
|
||||
preAutoEntitlements: false,
|
||||
preEmbedProvisioningProfile: false,
|
||||
keychain: path_1.default.join(tempDir, 'buildagent.keychain'),
|
||||
version: getElectronVersion(),
|
||||
identity,
|
||||
'gatekeeper-assess': false
|
||||
};
|
||||
const appOpts = {
|
||||
...defaultOpts,
|
||||
// TODO(deepak1556): Incorrectly declared type in electron-osx-sign
|
||||
ignore: (filePath) => {
|
||||
return filePath.includes(gpuHelperAppName) ||
|
||||
filePath.includes(rendererHelperAppName) ||
|
||||
filePath.includes(pluginHelperAppName);
|
||||
}
|
||||
};
|
||||
const gpuHelperOpts = {
|
||||
...defaultOpts,
|
||||
app: path_1.default.join(appFrameworkPath, gpuHelperAppName),
|
||||
entitlements: path_1.default.join(baseDir, 'azure-pipelines', 'darwin', 'helper-gpu-entitlements.plist'),
|
||||
'entitlements-inherit': path_1.default.join(baseDir, 'azure-pipelines', 'darwin', 'helper-gpu-entitlements.plist'),
|
||||
};
|
||||
const rendererHelperOpts = {
|
||||
...defaultOpts,
|
||||
app: path_1.default.join(appFrameworkPath, rendererHelperAppName),
|
||||
entitlements: path_1.default.join(baseDir, 'azure-pipelines', 'darwin', 'helper-renderer-entitlements.plist'),
|
||||
'entitlements-inherit': path_1.default.join(baseDir, 'azure-pipelines', 'darwin', 'helper-renderer-entitlements.plist'),
|
||||
};
|
||||
const pluginHelperOpts = {
|
||||
...defaultOpts,
|
||||
app: path_1.default.join(appFrameworkPath, pluginHelperAppName),
|
||||
entitlements: path_1.default.join(baseDir, 'azure-pipelines', 'darwin', 'helper-plugin-entitlements.plist'),
|
||||
'entitlements-inherit': path_1.default.join(baseDir, 'azure-pipelines', 'darwin', 'helper-plugin-entitlements.plist'),
|
||||
};
|
||||
// Only overwrite plist entries for x64 and arm64 builds,
|
||||
// universal will get its copy from the x64 build.
|
||||
@@ -102,10 +86,7 @@ async function main(buildDir) {
|
||||
`${infoPlistPath}`
|
||||
]);
|
||||
}
|
||||
await electron_osx_sign_1.default.signAsync(gpuHelperOpts);
|
||||
await electron_osx_sign_1.default.signAsync(rendererHelperOpts);
|
||||
await electron_osx_sign_1.default.signAsync(pluginHelperOpts);
|
||||
await electron_osx_sign_1.default.signAsync(appOpts);
|
||||
await (0, osx_sign_1.sign)(appOpts);
|
||||
}
|
||||
if (require.main === module) {
|
||||
main(process.argv[2]).catch(async (err) => {
|
||||
|
||||
@@ -5,10 +5,16 @@
|
||||
|
||||
import fs from 'fs';
|
||||
import path from 'path';
|
||||
import codesign from 'electron-osx-sign';
|
||||
import { sign, SignOptions } from '@electron/osx-sign';
|
||||
import { spawn } from '@malept/cross-spawn-promise';
|
||||
|
||||
const root = path.dirname(path.dirname(__dirname));
|
||||
const baseDir = path.dirname(__dirname);
|
||||
const product = JSON.parse(fs.readFileSync(path.join(root, 'product.json'), 'utf8'));
|
||||
const helperAppBaseName = product.nameShort;
|
||||
const gpuHelperAppName = helperAppBaseName + ' Helper (GPU).app';
|
||||
const rendererHelperAppName = helperAppBaseName + ' Helper (Renderer).app';
|
||||
const pluginHelperAppName = helperAppBaseName + ' Helper (Plugin).app';
|
||||
|
||||
function getElectronVersion(): string {
|
||||
const npmrc = fs.readFileSync(path.join(root, '.npmrc'), 'utf8');
|
||||
@@ -16,6 +22,17 @@ function getElectronVersion(): string {
|
||||
return target;
|
||||
}
|
||||
|
||||
function getEntitlementsForFile(filePath: string): string {
|
||||
if (filePath.includes(gpuHelperAppName)) {
|
||||
return path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-gpu-entitlements.plist');
|
||||
} else if (filePath.includes(rendererHelperAppName)) {
|
||||
return path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-renderer-entitlements.plist');
|
||||
} else if (filePath.includes(pluginHelperAppName)) {
|
||||
return path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-plugin-entitlements.plist');
|
||||
}
|
||||
return path.join(baseDir, 'azure-pipelines', 'darwin', 'app-entitlements.plist');
|
||||
}
|
||||
|
||||
async function main(buildDir?: string): Promise<void> {
|
||||
const tempDir = process.env['AGENT_TEMPDIRECTORY'];
|
||||
const arch = process.env['VSCODE_ARCH'];
|
||||
@@ -29,60 +46,22 @@ async function main(buildDir?: string): Promise<void> {
|
||||
throw new Error('$AGENT_TEMPDIRECTORY not set');
|
||||
}
|
||||
|
||||
const product = JSON.parse(fs.readFileSync(path.join(root, 'product.json'), 'utf8'));
|
||||
const baseDir = path.dirname(__dirname);
|
||||
const appRoot = path.join(buildDir, `VSCode-darwin-${arch}`);
|
||||
const appName = product.nameLong + '.app';
|
||||
const appFrameworkPath = path.join(appRoot, appName, 'Contents', 'Frameworks');
|
||||
const helperAppBaseName = product.nameShort;
|
||||
const gpuHelperAppName = helperAppBaseName + ' Helper (GPU).app';
|
||||
const rendererHelperAppName = helperAppBaseName + ' Helper (Renderer).app';
|
||||
const pluginHelperAppName = helperAppBaseName + ' Helper (Plugin).app';
|
||||
const infoPlistPath = path.resolve(appRoot, appName, 'Contents', 'Info.plist');
|
||||
|
||||
const defaultOpts: codesign.SignOptions = {
|
||||
const appOpts: SignOptions = {
|
||||
app: path.join(appRoot, appName),
|
||||
platform: 'darwin',
|
||||
entitlements: path.join(baseDir, 'azure-pipelines', 'darwin', 'app-entitlements.plist'),
|
||||
'entitlements-inherit': path.join(baseDir, 'azure-pipelines', 'darwin', 'app-entitlements.plist'),
|
||||
hardenedRuntime: true,
|
||||
'pre-auto-entitlements': false,
|
||||
'pre-embed-provisioning-profile': false,
|
||||
optionsForFile: (filePath) => ({
|
||||
entitlements: getEntitlementsForFile(filePath),
|
||||
hardenedRuntime: true,
|
||||
}),
|
||||
preAutoEntitlements: false,
|
||||
preEmbedProvisioningProfile: false,
|
||||
keychain: path.join(tempDir, 'buildagent.keychain'),
|
||||
version: getElectronVersion(),
|
||||
identity,
|
||||
'gatekeeper-assess': false
|
||||
};
|
||||
|
||||
const appOpts = {
|
||||
...defaultOpts,
|
||||
// TODO(deepak1556): Incorrectly declared type in electron-osx-sign
|
||||
ignore: (filePath: string) => {
|
||||
return filePath.includes(gpuHelperAppName) ||
|
||||
filePath.includes(rendererHelperAppName) ||
|
||||
filePath.includes(pluginHelperAppName);
|
||||
}
|
||||
};
|
||||
|
||||
const gpuHelperOpts: codesign.SignOptions = {
|
||||
...defaultOpts,
|
||||
app: path.join(appFrameworkPath, gpuHelperAppName),
|
||||
entitlements: path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-gpu-entitlements.plist'),
|
||||
'entitlements-inherit': path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-gpu-entitlements.plist'),
|
||||
};
|
||||
|
||||
const rendererHelperOpts: codesign.SignOptions = {
|
||||
...defaultOpts,
|
||||
app: path.join(appFrameworkPath, rendererHelperAppName),
|
||||
entitlements: path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-renderer-entitlements.plist'),
|
||||
'entitlements-inherit': path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-renderer-entitlements.plist'),
|
||||
};
|
||||
|
||||
const pluginHelperOpts: codesign.SignOptions = {
|
||||
...defaultOpts,
|
||||
app: path.join(appFrameworkPath, pluginHelperAppName),
|
||||
entitlements: path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-plugin-entitlements.plist'),
|
||||
'entitlements-inherit': path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-plugin-entitlements.plist'),
|
||||
};
|
||||
|
||||
// Only overwrite plist entries for x64 and arm64 builds,
|
||||
@@ -111,10 +90,7 @@ async function main(buildDir?: string): Promise<void> {
|
||||
]);
|
||||
}
|
||||
|
||||
await codesign.signAsync(gpuHelperOpts);
|
||||
await codesign.signAsync(rendererHelperOpts);
|
||||
await codesign.signAsync(pluginHelperOpts);
|
||||
await codesign.signAsync(appOpts as any);
|
||||
await sign(appOpts);
|
||||
}
|
||||
|
||||
if (require.main === module) {
|
||||
|
||||
Reference in New Issue
Block a user