diff --git a/apps/desktop/scripts/after-pack.js b/apps/desktop/scripts/after-pack.js index d4cbc00c81c6..fd16cd5ffbe3 100644 --- a/apps/desktop/scripts/after-pack.js +++ b/apps/desktop/scripts/after-pack.js @@ -58,30 +58,46 @@ async function run(context) { id = identities[0].id; } - console.log(`Signing proxy binary before the main bundle, using identity '${id}'`); + console.log( + `Signing proxy binary before the main bundle, using identity '${id}', for build ${context.electronPlatformName}`, + ); const appName = context.packager.appInfo.productFilename; const appPath = `${context.appOutDir}/${appName}.app`; const proxyPath = path.join(appPath, "Contents", "MacOS", "desktop_proxy"); + const inheritProxyPath = path.join(appPath, "Contents", "MacOS", "desktop_proxy.inherit"); const packageId = "com.bitwarden.desktop"; - const entitlementsName = "entitlements.desktop_proxy.plist"; - const entitlementsPath = path.join(__dirname, "..", "resources", entitlementsName); - child_process.execSync( - `codesign -s '${id}' -i ${packageId} -f --timestamp --options runtime --entitlements ${entitlementsPath} ${proxyPath}`, - ); - const inheritProxyPath = path.join(appPath, "Contents", "MacOS", "desktop_proxy.inherit"); - const inheritEntitlementsName = "entitlements.desktop_proxy.inherit.plist"; - const inheritEntitlementsPath = path.join( - __dirname, - "..", - "resources", - inheritEntitlementsName, - ); - child_process.execSync( - `codesign -s '${id}' -i ${packageId} -f --timestamp --options runtime --entitlements ${inheritEntitlementsPath} ${inheritProxyPath}`, - ); + if (is_mas) { + const entitlementsName = "entitlements.desktop_proxy.plist"; + const entitlementsPath = path.join(__dirname, "..", "resources", entitlementsName); + child_process.execSync( + `codesign -s '${id}' -i ${packageId} -f --timestamp --options runtime --entitlements ${entitlementsPath} ${proxyPath}`, + ); + + const inheritEntitlementsName = "entitlements.desktop_proxy.inherit.plist"; + const inheritEntitlementsPath = path.join( + __dirname, + "..", + "resources", + inheritEntitlementsName, + ); + child_process.execSync( + `codesign -s '${id}' -i ${packageId} -f --timestamp --options runtime --entitlements ${inheritEntitlementsPath} ${inheritProxyPath}`, + ); + } else { + // For non-Appstore builds, we don't need the inherit binary as they are not sandboxed, + // but we sign and include it anyway for consistency. It should be removed once DDG supports the proxy directly. + const entitlementsName = "entitlements.mac.plist"; + const entitlementsPath = path.join(__dirname, "..", "resources", entitlementsName); + child_process.execSync( + `codesign -s '${id}' -i ${packageId} -f --timestamp --options runtime --entitlements ${entitlementsPath} ${proxyPath}`, + ); + child_process.execSync( + `codesign -s '${id}' -i ${packageId} -f --timestamp --options runtime --entitlements ${entitlementsPath} ${inheritProxyPath}`, + ); + } } }