From c084592449e9765d7cb75e32ef034df4d9ccf274 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garc=C3=ADa?= Date: Wed, 6 Nov 2024 17:46:57 +0100 Subject: [PATCH] [PM-13361] Fix DDG DMG builds (#11878) (cherry picked from commit a9595b4d14579ec8b8ff979765ca3273c1219a09) --- apps/desktop/scripts/after-pack.js | 50 ++++++++++++++++++++---------- 1 file changed, 33 insertions(+), 17 deletions(-) diff --git a/apps/desktop/scripts/after-pack.js b/apps/desktop/scripts/after-pack.js index d4cbc00c81c6..fd16cd5ffbe3 100644 --- a/apps/desktop/scripts/after-pack.js +++ b/apps/desktop/scripts/after-pack.js @@ -58,30 +58,46 @@ async function run(context) { id = identities[0].id; } - console.log(`Signing proxy binary before the main bundle, using identity '${id}'`); + console.log( + `Signing proxy binary before the main bundle, using identity '${id}', for build ${context.electronPlatformName}`, + ); const appName = context.packager.appInfo.productFilename; const appPath = `${context.appOutDir}/${appName}.app`; const proxyPath = path.join(appPath, "Contents", "MacOS", "desktop_proxy"); + const inheritProxyPath = path.join(appPath, "Contents", "MacOS", "desktop_proxy.inherit"); const packageId = "com.bitwarden.desktop"; - const entitlementsName = "entitlements.desktop_proxy.plist"; - const entitlementsPath = path.join(__dirname, "..", "resources", entitlementsName); - child_process.execSync( - `codesign -s '${id}' -i ${packageId} -f --timestamp --options runtime --entitlements ${entitlementsPath} ${proxyPath}`, - ); - const inheritProxyPath = path.join(appPath, "Contents", "MacOS", "desktop_proxy.inherit"); - const inheritEntitlementsName = "entitlements.desktop_proxy.inherit.plist"; - const inheritEntitlementsPath = path.join( - __dirname, - "..", - "resources", - inheritEntitlementsName, - ); - child_process.execSync( - `codesign -s '${id}' -i ${packageId} -f --timestamp --options runtime --entitlements ${inheritEntitlementsPath} ${inheritProxyPath}`, - ); + if (is_mas) { + const entitlementsName = "entitlements.desktop_proxy.plist"; + const entitlementsPath = path.join(__dirname, "..", "resources", entitlementsName); + child_process.execSync( + `codesign -s '${id}' -i ${packageId} -f --timestamp --options runtime --entitlements ${entitlementsPath} ${proxyPath}`, + ); + + const inheritEntitlementsName = "entitlements.desktop_proxy.inherit.plist"; + const inheritEntitlementsPath = path.join( + __dirname, + "..", + "resources", + inheritEntitlementsName, + ); + child_process.execSync( + `codesign -s '${id}' -i ${packageId} -f --timestamp --options runtime --entitlements ${inheritEntitlementsPath} ${inheritProxyPath}`, + ); + } else { + // For non-Appstore builds, we don't need the inherit binary as they are not sandboxed, + // but we sign and include it anyway for consistency. It should be removed once DDG supports the proxy directly. + const entitlementsName = "entitlements.mac.plist"; + const entitlementsPath = path.join(__dirname, "..", "resources", entitlementsName); + child_process.execSync( + `codesign -s '${id}' -i ${packageId} -f --timestamp --options runtime --entitlements ${entitlementsPath} ${proxyPath}`, + ); + child_process.execSync( + `codesign -s '${id}' -i ${packageId} -f --timestamp --options runtime --entitlements ${entitlementsPath} ${inheritProxyPath}`, + ); + } } }