From c97583860c8b0e9021717067bda6062d9b15f3c9 Mon Sep 17 00:00:00 2001 From: PBK-B Date: Wed, 15 May 2024 15:23:19 +0800 Subject: [PATCH 1/4] feat(mac): support macos signature additionalArguments parameter --- docs/configuration/mac.md | 4 +++ packages/app-builder-lib/scheme.json | 28 +++++++++++++++++++ packages/app-builder-lib/src/macPackager.ts | 1 + .../app-builder-lib/src/options/macOptions.ts | 8 ++++++ 4 files changed, 41 insertions(+) diff --git a/docs/configuration/mac.md b/docs/configuration/mac.md index de43d345675..371f2591350 100644 --- a/docs/configuration/mac.md +++ b/docs/configuration/mac.md @@ -110,6 +110,10 @@ The top-level [mac](configuration.md#Configuration-mac) key contains set of opti

This option has no effect unless building for “universal” arch and applies only if mergeASARs is true.

  • +

    additionalArguments Array<String> | “undefined” - Array of strings specifying additional arguments to pass to the codesign command used to sign a specific file.

    +

    Some subresources that you may include in your Electron app may need to be signed with --deep, this is not typically safe to apply to the entire Electron app and therefore should be applied to just your file. Usage Example: ['--deep']

    +
  • +
  • notarize NotarizeLegacyOptions | NotarizeNotaryOptions | Boolean | “undefined” - Options to use for @electron/notarize (ref: https://github.com/electron/notarize). Use false to explicitly disable

    Note: In order to activate the notarization step You MUST specify one of the following via environment variables: 1. APPLE_API_KEY, APPLE_API_KEY_ID and APPLE_API_ISSUER. 2. APPLE_ID, APPLE_APP_SPECIFIC_PASSWORD, and APPLE_TEAM_ID 3. APPLE_KEYCHAIN and APPLE_KEYCHAIN_PROFILE

    For security reasons it is recommended to use the first option (see https://github.com/electron-userland/electron-builder/issues/7859)

    diff --git a/packages/app-builder-lib/scheme.json b/packages/app-builder-lib/scheme.json index 3031c87fe23..4b2e1460c29 100644 --- a/packages/app-builder-lib/scheme.json +++ b/packages/app-builder-lib/scheme.json @@ -2125,6 +2125,20 @@ "MacConfiguration": { "additionalProperties": false, "properties": { + "additionalArguments": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ], + "description": "Array of strings specifying additional arguments to pass to the `codesign` command used to sign a specific file.\n\nSome subresources that you may include in your Electron app may need to be signed with --deep, this is not typically safe to apply to the entire Electron app and therefore should be applied to just your file.\nUsage Example: `['--deep']`" + }, "appId": { "default": "com.electron.${name}", "description": "The application id. Used as [CFBundleIdentifier](https://developer.apple.com/library/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CoreFoundationKeys.html#//apple_ref/doc/uid/20001431-102070) for MacOS and as\n[Application User Model ID](https://msdn.microsoft.com/en-us/library/windows/desktop/dd378459(v=vs.85).aspx) for Windows (NSIS target only, Squirrel.Windows not supported). It is strongly recommended that an explicit ID is set.", @@ -2744,6 +2758,20 @@ "MasConfiguration": { "additionalProperties": false, "properties": { + "additionalArguments": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ], + "description": "Array of strings specifying additional arguments to pass to the `codesign` command used to sign a specific file.\n\nSome subresources that you may include in your Electron app may need to be signed with --deep, this is not typically safe to apply to the entire Electron app and therefore should be applied to just your file.\nUsage Example: `['--deep']`" + }, "appId": { "default": "com.electron.${name}", "description": "The application id. Used as [CFBundleIdentifier](https://developer.apple.com/library/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CoreFoundationKeys.html#//apple_ref/doc/uid/20001431-102070) for MacOS and as\n[Application User Model ID](https://msdn.microsoft.com/en-us/library/windows/desktop/dd378459(v=vs.85).aspx) for Windows (NSIS target only, Squirrel.Windows not supported). It is strongly recommended that an explicit ID is set.", diff --git a/packages/app-builder-lib/src/macPackager.ts b/packages/app-builder-lib/src/macPackager.ts index 8455576d925..aa789cca62d 100644 --- a/packages/app-builder-lib/src/macPackager.ts +++ b/packages/app-builder-lib/src/macPackager.ts @@ -378,6 +378,7 @@ export class MacPackager extends PlatformPackager { hardenedRuntime: hardenedRuntime ?? undefined, timestamp: customSignOptions.timestamp || undefined, requirements: requirements || undefined, + additionalArguments: customSignOptions.additionalArguments || [], } log.debug({ file: log.filePath(filePath), ...args }, "selecting signing options") return args diff --git a/packages/app-builder-lib/src/options/macOptions.ts b/packages/app-builder-lib/src/options/macOptions.ts index 60c2ad3ea0a..75343067116 100644 --- a/packages/app-builder-lib/src/options/macOptions.ts +++ b/packages/app-builder-lib/src/options/macOptions.ts @@ -212,6 +212,14 @@ export interface MacConfiguration extends PlatformSpecificBuildOptions { */ readonly x64ArchFiles?: string | null + /** + * Array of strings specifying additional arguments to pass to the `codesign` command used to sign a specific file. + * + * Some subresources that you may include in your Electron app may need to be signed with --deep, this is not typically safe to apply to the entire Electron app and therefore should be applied to just your file. + * Usage Example: `['--deep']` + */ + readonly additionalArguments?: Array | null + /** * Options to use for @electron/notarize (ref: https://github.com/electron/notarize). * Use `false` to explicitly disable From 71d6330af23b71f250a225be879cb2ed8951026c Mon Sep 17 00:00:00 2001 From: PBK-B Date: Thu, 16 May 2024 00:09:46 +0800 Subject: [PATCH 2/4] fix(mac): bump @electron/osx-sign@v1.3.0 --- packages/app-builder-lib/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/app-builder-lib/package.json b/packages/app-builder-lib/package.json index 1d973b4e240..13f37c5d7f5 100644 --- a/packages/app-builder-lib/package.json +++ b/packages/app-builder-lib/package.json @@ -48,7 +48,7 @@ "dependencies": { "@develar/schema-utils": "~2.6.5", "@electron/notarize": "2.3.0", - "@electron/osx-sign": "1.0.5", + "@electron/osx-sign": "1.3.0", "@electron/rebuild": "3.6.0", "@electron/universal": "2.0.1", "@malept/flatpak-bundler": "^0.4.0", From 29bf7d8be42f043e0551985445297cac099d1581 Mon Sep 17 00:00:00 2001 From: Mike Maietta Date: Mon, 20 May 2024 08:14:10 -0700 Subject: [PATCH 3/4] update pnpm-lock.yaml --- docs/configuration/configuration.md | 1 + pnpm-lock.yaml | 19 +++++++++++++++++-- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/docs/configuration/configuration.md b/docs/configuration/configuration.md index dc52ff8a023..ccebf3d6f18 100644 --- a/docs/configuration/configuration.md +++ b/docs/configuration/configuration.md @@ -147,6 +147,7 @@ Env file `electron-builder.env` in the current dir ([example](https://github.com
  • launchUiVersion Boolean | String | “undefined” - libui-based frameworks only The version of LaunchUI you are packaging for. Applicable for Windows only. Defaults to version suitable for used framework version.
  • framework String | “undefined” - The framework name. One of electron, proton, libui. Defaults to electron.
  • beforePack module:app-builder-lib/out/configuration.__type | String | “undefined” - The function (or path to file or module id) to be run before pack
  • +
  • afterExtract module:app-builder-lib/out/configuration.__type | String | “undefined” - The function (or path to file or module id) to be run after the prebuilt Electron binary has been extracted to the output directory