Skip to content

Commit

Permalink
fix(mac): add retry in mac code sign (#8101)
Browse files Browse the repository at this point in the history
beyondkmp authored Mar 7, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent 27953bb commit 9bcede8
Showing 3 changed files with 12 additions and 11 deletions.
5 changes: 5 additions & 0 deletions .changeset/wild-buttons-pretend.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"app-builder-lib": patch
---

fix(mac): add retry mechanism in mac code signing for `electron/osx-sign`.
13 changes: 5 additions & 8 deletions packages/app-builder-lib/src/codeSign/macCodeSign.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import BluebirdPromise from "bluebird-lst"
import { exec, InvalidConfigurationError, isEmptyOrSpaces, isEnvTrue, isPullRequest, log, TmpDir } from "builder-util/out/util"
import { exec, InvalidConfigurationError, isEmptyOrSpaces, isEnvTrue, isPullRequest, log, TmpDir, retry } from "builder-util/out/util"
import { copyFile, unlinkIfExists } from "builder-util/out/fs"
import { Fields, Logger } from "builder-util/out/log"
import { randomBytes, createHash } from "crypto"
@@ -11,6 +11,8 @@ import { getTempName } from "temp-file"
import { isAutoDiscoveryCodeSignIdentity } from "../util/flags"
import { importCertificate } from "./codesign"
import { Identity as _Identity } from "@electron/osx-sign/dist/cjs/util-identities"
import { SignOptions } from "@electron/osx-sign/dist/cjs/types"
import { signAsync } from "@electron/osx-sign"

export const appleCertificatePrefixes = ["Developer ID Application:", "Developer ID Installer:", "3rd Party Mac Developer Application:", "3rd Party Mac Developer Installer:"]

@@ -213,13 +215,8 @@ async function importCerts(keychainFile: string, paths: Array<string>, keyPasswo
}
}

/** @private */
export function sign(path: string, name: string, keychain: string): Promise<any> {
const args = ["--deep", "--force", "--sign", name, path]
if (keychain != null) {
args.push("--keychain", keychain)
}
return exec("/usr/bin/codesign", args)
export async function sign(opts: SignOptions): Promise<void> {
return retry(() => signAsync(opts), 3, 5000, 5000)
}

export let findIdentityRawResult: Promise<Array<string>> | null = null
5 changes: 2 additions & 3 deletions packages/app-builder-lib/src/macPackager.ts
Original file line number Diff line number Diff line change
@@ -1,14 +1,13 @@
import BluebirdPromise from "bluebird-lst"
import { deepAssign, Arch, AsyncTaskManager, exec, InvalidConfigurationError, log, use, getArchSuffix } from "builder-util"
import { signAsync } from "@electron/osx-sign"
import { PerFileSignOptions, SignOptions } from "@electron/osx-sign/dist/cjs/types"
import { mkdir, readdir } from "fs/promises"
import { Lazy } from "lazy-val"
import * as path from "path"
import { copyFile, statOrNull, unlinkIfExists } from "builder-util/out/fs"
import { orIfFileNotExist } from "builder-util/out/promise"
import { AppInfo } from "./appInfo"
import { CertType, CodeSigningInfo, createKeychain, findIdentity, Identity, isSignAllowed, removeKeychain, reportError } from "./codeSign/macCodeSign"
import { CertType, CodeSigningInfo, createKeychain, findIdentity, Identity, isSignAllowed, removeKeychain, reportError, sign } from "./codeSign/macCodeSign"
import { DIR_TARGET, Platform, Target } from "./core"
import { AfterPackContext, ElectronPlatformName } from "./index"
import { MacConfiguration, MasConfiguration, NotarizeLegacyOptions, NotarizeNotaryOptions } from "./options/macOptions"
@@ -408,7 +407,7 @@ export default class MacPackager extends PlatformPackager<MacConfiguration> {
customSign ? "executing custom sign" : "signing"
)

return customSign ? Promise.resolve(customSign(opts, this)) : signAsync(opts)
return customSign ? Promise.resolve(customSign(opts, this)) : sign(opts)
}

//noinspection JSMethodCanBeStatic

0 comments on commit 9bcede8

Please sign in to comment.