Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(mac): support macos signature additionalArguments parameter #8218

Merged
merged 4 commits into from
May 20, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changeset/four-taxis-doubt.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"app-builder-lib": minor
---

feat(mac): support macos signature `additionalArguments` parameter
1 change: 1 addition & 0 deletions docs/configuration/configuration.md
Original file line number Diff line number Diff line change
@@ -147,6 +147,7 @@ Env file `electron-builder.env` in the current dir ([example](https://github.com
<li><code id="Configuration-launchUiVersion">launchUiVersion</code> Boolean | String | “undefined” - <em>libui-based frameworks only</em> The version of LaunchUI you are packaging for. Applicable for Windows only. Defaults to version suitable for used framework version.</li>
<li><code id="Configuration-framework">framework</code> String | “undefined” - The framework name. One of <code>electron</code>, <code>proton</code>, <code>libui</code>. Defaults to <code>electron</code>.</li>
<li><code id="Configuration-beforePack">beforePack</code> module:app-builder-lib/out/configuration.__type | String | “undefined” - The function (or path to file or module id) to be <a href="#beforepack">run before pack</a></li>
<li><code id="Configuration-afterExtract">afterExtract</code> module:app-builder-lib/out/configuration.__type | String | “undefined” - The function (or path to file or module id) to be <a href="#afterextract">run after the prebuilt Electron binary has been extracted to the output directory</a></li>
</ul>
<hr>
<ul>
4 changes: 4 additions & 0 deletions docs/configuration/mac.md
Original file line number Diff line number Diff line change
@@ -110,6 +110,10 @@ The top-level [mac](configuration.md#Configuration-mac) key contains set of opti
<p>This option has no effect unless building for “universal” arch and applies only if <code>mergeASARs</code> is <code>true</code>.</p>
</li>
<li>
<p><code id="MacConfiguration-additionalArguments">additionalArguments</code> Array&lt;String&gt; | “undefined” - Array of strings specifying additional arguments to pass to the <code>codesign</code> command used to sign a specific file.</p>
<p>Some subresources that you may include in your Electron app may need to be signed with --deep, this is not typically safe to apply to the entire Electron app and therefore should be applied to just your file. Usage Example: <code>['--deep']</code></p>
</li>
<li>
<p><code id="MacConfiguration-notarize">notarize</code> <a href="#NotarizeLegacyOptions">NotarizeLegacyOptions</a> | <a href="#NotarizeNotaryOptions">NotarizeNotaryOptions</a> | Boolean | “undefined” - Options to use for @electron/notarize (ref: <a href="https://github.com/electron/notarize">https://github.com/electron/notarize</a>). Use <code>false</code> to explicitly disable</p>
<p>Note: In order to activate the notarization step You MUST specify one of the following via environment variables: 1. <code>APPLE_API_KEY</code>, <code>APPLE_API_KEY_ID</code> and <code>APPLE_API_ISSUER</code>. 2. <code>APPLE_ID</code>, <code>APPLE_APP_SPECIFIC_PASSWORD</code>, and <code>APPLE_TEAM_ID</code> 3. <code>APPLE_KEYCHAIN</code> and <code>APPLE_KEYCHAIN_PROFILE</code></p>
<p>For security reasons it is recommended to use the first option (see <a href="https://github.com/electron-userland/electron-builder/issues/7859">https://github.com/electron-userland/electron-builder/issues/7859</a>)</p>
2 changes: 1 addition & 1 deletion packages/app-builder-lib/package.json
Original file line number Diff line number Diff line change
@@ -48,7 +48,7 @@
"dependencies": {
"@develar/schema-utils": "~2.6.5",
"@electron/notarize": "2.3.0",
"@electron/osx-sign": "1.0.5",
"@electron/osx-sign": "1.3.0",
"@electron/rebuild": "3.6.0",
"@electron/universal": "2.0.1",
"@malept/flatpak-bundler": "^0.4.0",
28 changes: 28 additions & 0 deletions packages/app-builder-lib/scheme.json
Original file line number Diff line number Diff line change
@@ -2125,6 +2125,20 @@
"MacConfiguration": {
"additionalProperties": false,
"properties": {
"additionalArguments": {
"anyOf": [
{
"items": {
"type": "string"
},
"type": "array"
},
{
"type": "null"
}
],
"description": "Array of strings specifying additional arguments to pass to the `codesign` command used to sign a specific file.\n\nSome subresources that you may include in your Electron app may need to be signed with --deep, this is not typically safe to apply to the entire Electron app and therefore should be applied to just your file.\nUsage Example: `['--deep']`"
},
"appId": {
"default": "com.electron.${name}",
"description": "The application id. Used as [CFBundleIdentifier](https://developer.apple.com/library/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CoreFoundationKeys.html#//apple_ref/doc/uid/20001431-102070) for MacOS and as\n[Application User Model ID](https://msdn.microsoft.com/en-us/library/windows/desktop/dd378459(v=vs.85).aspx) for Windows (NSIS target only, Squirrel.Windows not supported). It is strongly recommended that an explicit ID is set.",
@@ -2744,6 +2758,20 @@
"MasConfiguration": {
"additionalProperties": false,
"properties": {
"additionalArguments": {
"anyOf": [
{
"items": {
"type": "string"
},
"type": "array"
},
{
"type": "null"
}
],
"description": "Array of strings specifying additional arguments to pass to the `codesign` command used to sign a specific file.\n\nSome subresources that you may include in your Electron app may need to be signed with --deep, this is not typically safe to apply to the entire Electron app and therefore should be applied to just your file.\nUsage Example: `['--deep']`"
},
"appId": {
"default": "com.electron.${name}",
"description": "The application id. Used as [CFBundleIdentifier](https://developer.apple.com/library/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CoreFoundationKeys.html#//apple_ref/doc/uid/20001431-102070) for MacOS and as\n[Application User Model ID](https://msdn.microsoft.com/en-us/library/windows/desktop/dd378459(v=vs.85).aspx) for Windows (NSIS target only, Squirrel.Windows not supported). It is strongly recommended that an explicit ID is set.",
1 change: 1 addition & 0 deletions packages/app-builder-lib/src/macPackager.ts
Original file line number Diff line number Diff line change
@@ -378,6 +378,7 @@ export class MacPackager extends PlatformPackager<MacConfiguration> {
hardenedRuntime: hardenedRuntime ?? undefined,
timestamp: customSignOptions.timestamp || undefined,
requirements: requirements || undefined,
additionalArguments: customSignOptions.additionalArguments || [],
}
log.debug({ file: log.filePath(filePath), ...args }, "selecting signing options")
return args
8 changes: 8 additions & 0 deletions packages/app-builder-lib/src/options/macOptions.ts
Original file line number Diff line number Diff line change
@@ -212,6 +212,14 @@ export interface MacConfiguration extends PlatformSpecificBuildOptions {
*/
readonly x64ArchFiles?: string | null

/**
* Array of strings specifying additional arguments to pass to the `codesign` command used to sign a specific file.
*
* Some subresources that you may include in your Electron app may need to be signed with --deep, this is not typically safe to apply to the entire Electron app and therefore should be applied to just your file.
* Usage Example: `['--deep']`
*/
readonly additionalArguments?: Array<string> | null

/**
* Options to use for @electron/notarize (ref: https://github.com/electron/notarize).
* Use `false` to explicitly disable
19 changes: 17 additions & 2 deletions pnpm-lock.yaml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading