diff --git a/Makefile b/Makefile index e0d451a62e4d90..0c95b7f8904646 100644 --- a/Makefile +++ b/Makefile @@ -979,7 +979,7 @@ $(PKG): release-only --release-urlbase=$(RELEASE_URLBASE) \ $(CONFIG_FLAGS) $(BUILD_RELEASE_FLAGS) $(MAKE) install V=$(V) DESTDIR=$(MACOSOUTDIR)/dist/node - SIGN="$(CODESIGN_CERT)" PKGDIR="$(MACOSOUTDIR)/dist/node/usr/local" bash \ + SIGN="$(CODESIGN_CERT)" PKGDIR="$(MACOSOUTDIR)/dist/node/usr/local" sh \ tools/osx-codesign.sh mkdir -p $(MACOSOUTDIR)/dist/npm/usr/local/lib/node_modules mkdir -p $(MACOSOUTDIR)/pkgs @@ -1001,8 +1001,8 @@ $(PKG): release-only productbuild --distribution $(MACOSOUTDIR)/installer/productbuild/distribution.xml \ --resources $(MACOSOUTDIR)/installer/productbuild/Resources \ --package-path $(MACOSOUTDIR)/pkgs ./$(PKG) - SIGN="$(PRODUCTSIGN_CERT)" PKG="$(PKG)" bash tools/osx-productsign.sh - bash tools/osx-notarize.sh $(FULLVERSION) + SIGN="$(PRODUCTSIGN_CERT)" PKG="$(PKG)" sh tools/osx-productsign.sh + sh tools/osx-notarize.sh $(FULLVERSION) .PHONY: pkg # Builds the macOS installer for releases. @@ -1120,7 +1120,7 @@ $(BINARYTAR): release-only cp LICENSE $(BINARYNAME) cp CHANGELOG.md $(BINARYNAME) ifeq ($(OSTYPE),darwin) - SIGN="$(CODESIGN_CERT)" PKGDIR="$(BINARYNAME)" bash tools/osx-codesign.sh + SIGN="$(CODESIGN_CERT)" PKGDIR="$(BINARYNAME)" sh tools/osx-codesign.sh endif tar -cf $(BINARYNAME).tar $(BINARYNAME) $(RM) -r $(BINARYNAME) diff --git a/tools/osx-codesign.sh b/tools/osx-codesign.sh index 7ca80ca7462c3d..346afdbe66e9fd 100644 --- a/tools/osx-codesign.sh +++ b/tools/osx-codesign.sh @@ -1,17 +1,18 @@ -#!/bin/bash +#!/bin/sh set -x set -e -if [ "X$SIGN" == "X" ]; then - echo "No SIGN environment var. Skipping codesign." >&2 +# shellcheck disable=SC2154 +[ -z "$SIGN" ] && \ + echo "No SIGN environment var. Skipping codesign." >&2 && \ exit 0 -fi # All macOS executable binaries in the bundle must be codesigned with the # hardened runtime enabled. # See https://github.com/nodejs/node/pull/31459 +# shellcheck disable=SC2154 codesign \ --sign "$SIGN" \ --entitlements tools/osx-entitlements.plist \ diff --git a/tools/osx-notarize.sh b/tools/osx-notarize.sh index 97bb0912722495..07d3e20e7e9a18 100755 --- a/tools/osx-notarize.sh +++ b/tools/osx-notarize.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # Uses gon, from https://github.com/mitchellh/gon, to notarize a generated node-.pkg file # with Apple for installation on macOS Catalina and later as validated by Gatekeeper. @@ -8,18 +8,16 @@ set -e gon_version="0.2.2" gon_exe="${HOME}/.gon/gon_${gon_version}" -__dirname="$(CDPATH= cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" pkgid="$1" -if [ "X${pkgid}" == "X" ]; then - echo "Usage: $0 " +[ -z "$pkgid" ] && \ + echo "Usage: $0 " \ exit 1 -fi -if [ "X$NOTARIZATION_ID" == "X" ]; then - echo "No NOTARIZATION_ID environment var. Skipping notarization." +# shellcheck disable=SC2154 +[ -z "$NOTARIZATION_ID" ] && \ + echo "No NOTARIZATION_ID environment var. Skipping notarization." \ exit 0 -fi set -x diff --git a/tools/osx-productsign.sh b/tools/osx-productsign.sh index 491e3fde62f0b4..b1daedcf7ee228 100644 --- a/tools/osx-productsign.sh +++ b/tools/osx-productsign.sh @@ -1,12 +1,14 @@ -#!/bin/bash +#!/bin/sh set -x set -e -if [ "X$SIGN" == "X" ]; then - echo "No SIGN environment var. Skipping codesign." >&2 +# shellcheck disable=SC2154 +[ -z "$SIGN" ] && \ + echo "No SIGN environment var. Skipping codesign." >&2 && \ exit 0 -fi +# shellcheck disable=SC2154 productsign --sign "$SIGN" "$PKG" "$PKG"-SIGNED +# shellcheck disable=SC2154 mv "$PKG"-SIGNED "$PKG"