Microsoft/vscode
1
0
Fork 0
mirror of https://github.com/microsoft/vscode.git synced 2026-04-29 21:11:38 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
4a1c2aebdb9949f8a1e26df9daf865a3a665f5cf
vscode/build/darwin/sign.js
Matt Bierner fe8fc75455 Pick up latest TS native preview 
Fixes the emit for copyright headers
2025-10-28 09:18:27 -07:00

128 lines
5.8 KiB
JavaScript
Raw Blame History

"use strict";
/*---------------------------------------------------------------------------------------------
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License. See License.txt in the project root for license information.
*--------------------------------------------------------------------------------------------*/
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
const fs_1 = __importDefault(require("fs"));
const path_1 = __importDefault(require("path"));
const osx_sign_1 = require("@electron/osx-sign");
const cross_spawn_promise_1 = require("@malept/cross-spawn-promise");
const root = path_1.default.dirname(path_1.default.dirname(__dirname));
const baseDir = path_1.default.dirname(__dirname);
const product = JSON.parse(fs_1.default.readFileSync(path_1.default.join(root, 'product.json'), 'utf8'));
const helperAppBaseName = product.nameShort;
const gpuHelperAppName = helperAppBaseName + ' Helper (GPU).app';
const rendererHelperAppName = helperAppBaseName + ' Helper (Renderer).app';
const pluginHelperAppName = helperAppBaseName + ' Helper (Plugin).app';
function getElectronVersion() {
const npmrc = fs_1.default.readFileSync(path_1.default.join(root, '.npmrc'), 'utf8');
const target = /^target="(.*)"$/m.exec(npmrc)[1];
return target;
}
function getEntitlementsForFile(filePath) {
if (filePath.includes(gpuHelperAppName)) {
return path_1.default.join(baseDir, 'azure-pipelines', 'darwin', 'helper-gpu-entitlements.plist');
}
else if (filePath.includes(rendererHelperAppName)) {
return path_1.default.join(baseDir, 'azure-pipelines', 'darwin', 'helper-renderer-entitlements.plist');
}
else if (filePath.includes(pluginHelperAppName)) {
return path_1.default.join(baseDir, 'azure-pipelines', 'darwin', 'helper-plugin-entitlements.plist');
}
return path_1.default.join(baseDir, 'azure-pipelines', 'darwin', 'app-entitlements.plist');
}
async function retrySignOnKeychainError(fn, maxRetries = 3) {
let lastError;
for (let attempt = 1; attempt <= maxRetries; attempt++) {
try {
return await fn();
}
catch (error) {
lastError = error;
// Check if this is the specific keychain error we want to retry
const errorMessage = error instanceof Error ? error.message : String(error);
const isKeychainError = errorMessage.includes('The specified item could not be found in the keychain.');
if (!isKeychainError || attempt === maxRetries) {
throw error;
}
console.log(`Signing attempt ${attempt} failed with keychain error, retrying...`);
console.log(`Error: ${errorMessage}`);
const delay = 1000 * Math.pow(2, attempt - 1);
console.log(`Waiting ${Math.round(delay)}ms before retry ${attempt}/${maxRetries}...`);
await new Promise(resolve => setTimeout(resolve, delay));
}
}
throw lastError;
}
async function main(buildDir) {
const tempDir = process.env['AGENT_TEMPDIRECTORY'];
const arch = process.env['VSCODE_ARCH'];
const identity = process.env['CODESIGN_IDENTITY'];
if (!buildDir) {
throw new Error('$AGENT_BUILDDIRECTORY not set');
}
if (!tempDir) {
throw new Error('$AGENT_TEMPDIRECTORY not set');
}
const appRoot = path_1.default.join(buildDir, `VSCode-darwin-${arch}`);
const appName = product.nameLong + '.app';
const infoPlistPath = path_1.default.resolve(appRoot, appName, 'Contents', 'Info.plist');
const appOpts = {
app: path_1.default.join(appRoot, appName),
platform: 'darwin',
optionsForFile: (filePath) => ({
entitlements: getEntitlementsForFile(filePath),
hardenedRuntime: true,
}),
preAutoEntitlements: false,
preEmbedProvisioningProfile: false,
keychain: path_1.default.join(tempDir, 'buildagent.keychain'),
version: getElectronVersion(),
identity,
};
// Only overwrite plist entries for x64 and arm64 builds,
// universal will get its copy from the x64 build.
if (arch !== 'universal') {
await (0, cross_spawn_promise_1.spawn)('plutil', [
'-insert',
'NSAppleEventsUsageDescription',
'-string',
'An application in Visual Studio Code wants to use AppleScript.',
`${infoPlistPath}`
]);
await (0, cross_spawn_promise_1.spawn)('plutil', [
'-replace',
'NSMicrophoneUsageDescription',
'-string',
'An application in Visual Studio Code wants to use the Microphone.',
`${infoPlistPath}`
]);
await (0, cross_spawn_promise_1.spawn)('plutil', [
'-replace',
'NSCameraUsageDescription',
'-string',
'An application in Visual Studio Code wants to use the Camera.',
`${infoPlistPath}`
]);
}
await retrySignOnKeychainError(() => (0, osx_sign_1.sign)(appOpts));
}
if (require.main === module) {
main(process.argv[2]).catch(async err => {
console.error(err);
const tempDir = process.env['AGENT_TEMPDIRECTORY'];
if (tempDir) {
const keychain = path_1.default.join(tempDir, 'buildagent.keychain');
const identities = await (0, cross_spawn_promise_1.spawn)('security', ['find-identity', '-p', 'codesigning', '-v', keychain]);
console.error(`Available identities:\n${identities}`);
const dump = await (0, cross_spawn_promise_1.spawn)('security', ['dump-keychain', keychain]);
console.error(`Keychain dump:\n${dump}`);
}
process.exit(1);
});
}
//# sourceMappingURL=sign.js.map
Reference in New Issue View Git Blame Copy Permalink