@electron/osx-sign
Advanced tools
Comparing version 1.2.0 to 1.3.0
@@ -126,3 +126,4 @@ "use strict"; | ||
signatureFlags: undefined, | ||
timestamp: undefined | ||
timestamp: undefined, | ||
additionalArguments: [] | ||
}; | ||
@@ -153,2 +154,4 @@ } | ||
mergedPerFileOptions.timestamp = opts.timestamp; | ||
if (opts.additionalArguments !== undefined) | ||
mergedPerFileOptions.additionalArguments = opts.additionalArguments; | ||
} | ||
@@ -263,2 +266,5 @@ return mergedPerFileOptions; | ||
} | ||
if (perFileOptions.additionalArguments) { | ||
perFileArgs.push(...perFileOptions.additionalArguments); | ||
} | ||
await (0, util_1.execFileAsync)('codesign', perFileArgs.concat('--entitlements', perFileOptions.entitlements, filePath)); | ||
@@ -265,0 +271,0 @@ } |
@@ -41,2 +41,9 @@ export type ElectronMacPlatform = 'darwin' | 'mas'; | ||
timestamp?: string; | ||
/** | ||
* Additional raw arguments to pass to the "codesign" command. | ||
* | ||
* These can be things like "--deep" for instance when code signing specific resources that may | ||
* require such arguments. | ||
*/ | ||
additionalArguments?: string[]; | ||
}; | ||
@@ -43,0 +50,0 @@ type OnlySignOptions = { |
@@ -97,3 +97,4 @@ import * as fs from 'fs-extra'; | ||
signatureFlags: undefined, | ||
timestamp: undefined | ||
timestamp: undefined, | ||
additionalArguments: [] | ||
}; | ||
@@ -124,2 +125,4 @@ } | ||
mergedPerFileOptions.timestamp = opts.timestamp; | ||
if (opts.additionalArguments !== undefined) | ||
mergedPerFileOptions.additionalArguments = opts.additionalArguments; | ||
} | ||
@@ -234,2 +237,5 @@ return mergedPerFileOptions; | ||
} | ||
if (perFileOptions.additionalArguments) { | ||
perFileArgs.push(...perFileOptions.additionalArguments); | ||
} | ||
await execFileAsync('codesign', perFileArgs.concat('--entitlements', perFileOptions.entitlements, filePath)); | ||
@@ -236,0 +242,0 @@ } |
@@ -41,2 +41,9 @@ export type ElectronMacPlatform = 'darwin' | 'mas'; | ||
timestamp?: string; | ||
/** | ||
* Additional raw arguments to pass to the "codesign" command. | ||
* | ||
* These can be things like "--deep" for instance when code signing specific resources that may | ||
* require such arguments. | ||
*/ | ||
additionalArguments?: string[]; | ||
}; | ||
@@ -43,0 +50,0 @@ type OnlySignOptions = { |
{ | ||
"name": "@electron/osx-sign", | ||
"version": "1.2.0", | ||
"version": "1.3.0", | ||
"description": "Codesign Electron macOS apps", | ||
@@ -5,0 +5,0 @@ "main": "dist/cjs/index.js", |
@@ -69,4 +69,9 @@ # @electron/osx-sign [![npm][npm_img]][npm_url] [![Build Status][circleci_img]][circleci_url] | ||
Function that receives the path to a file and can return the entitlements to use for that file to override the default behavior. The | ||
object this function returns can include any of the following optional keys. | ||
object this function returns can include any of the following optional keys. Any properties that are returned **override** the default | ||
values that `@electron/osx-sign` generates. Any properties not returned use the default value. | ||
Take care when overriding the `entitlements` property as for security reasons different bundles within Electron are normally signed with | ||
different entitlement files. See the [default implementation](https://github.com/electron/osx-sign/blob/806db73bda1400e82b327619d0c2a793acf576a7/src/sign.ts#L91-L122) | ||
for a reference implementation. | ||
| Option | Description | Usage Example | | ||
@@ -77,4 +82,5 @@ |-------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------| | ||
| `requirements` | Either a string beginning with `=` which specifies in plain text the [signing requirements](https://developer.apple.com/library/mac/documentation/Security/Conceptual/CodeSigningGuide/RequirementLang/RequirementLang.html) that you recommend to be used to evaluate the code signature, or a string specifying a path to a text or properly encoded `.rqset` file which contains those requirements. | `'=designated => identifier com.github.Electron'`<br> or <br> `'path/to/requirements.rqset'` | | ||
| `signatureFlags` | List of [code signature flags](https://developer.apple.com/documentation/security/seccodesignatureflags?language=objc). Accepts an array of strings or a comma-separated string. | `['kSecCodeSignatureRestrict']` | | ||
| `signatureFlags` | List of [code signature flags](https://keith.github.io/xcode-man-pages/codesign.1.html#OPTION_FLAGS). Accepts an array of strings or a comma-separated string. | `['runtime']` | | ||
| `timestamp` | String specifying the URL of the timestamp authority server. Defaults to the server provided by Apple. Please note that this default server may not support signatures not furnished by Apple. Disable the timestamp service with `none`. | `'https://different.timeserver'` | | ||
| `additionalArguments` | Array of strings specifying additional arguments to pass to the `codesign` command used to sign a specific file. | `['--deep']` | | ||
@@ -147,2 +153,31 @@ **Note:** Only available via the JS API | ||
#### Signing with `--deep` | ||
Some subresources that you may include in your Electron app may need to be signed with `--deep`, this is not typically safe to apply to the entire Electron app and therefore should be applied to _just_ your file. | ||
```js | ||
const { signAsync } = require('@electron/osx-sign') | ||
signAsync({ | ||
app: 'path/to/my.app', | ||
optionsForFile: (filePath) => { | ||
// For our one specific file we can pass extra options to be merged | ||
// with the default options | ||
if (path.basename(filePath) === 'myStrangeFile.jar') { | ||
return { | ||
additionalArguments: ['--deep'], | ||
}; | ||
} | ||
// Just use the default options for everything else | ||
return null; | ||
} | ||
}) | ||
.then(function () { | ||
// Application signed | ||
}) | ||
.catch(function (err) { | ||
// Handle the error | ||
}) | ||
``` | ||
#### From the Command Line | ||
@@ -149,0 +184,0 @@ |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
181598
2387
358