		@@ -1,2 +0,1 @@

		Usage: electron-osx-flat <app> [--options...]
		@@ -6,6 +5,6 @@

		identity Name of certificate to use when flattening. Default to retrieve from `login.keychain`.
		identity Name of certificate to use when flattening. Default to retrieve from keychain specified, see below.
		install Path to install for the bundle. Default `/Applications`.
		keychain The keychain name. Default to system default keychain (`login.keychain`).
		platform Build platform of Electron. Allowed values: darwin, mas. Default to auto detect from application package.
		pkg Path to the output package.
		verbose Verbose flag, to display logs.

bin/electron-osx-flat.js

		#!/usr/bin/env node
		var fs = require('fs')
		var args = require('minimist')(process.argv.slice(2), {boolean: ['help', 'verbose']})
		var args = require('minimist')(process.argv.slice(2), {boolean: ['help']})
		var usage = fs.readFileSync(__dirname + '/electron-osx-flat-usage.txt').toString()
		@@ -18,3 +18,3 @@ var flat = require('../').flat
		if (err.message) console.error(err.message)
		else console.error(err, err.stack)
		else console.error(err.stack)
		process.exit(1)
		@@ -21,0 +21,0 @@ }

bin/electron-osx-sign-usage.txt

		@@ -1,2 +0,1 @@

		Usage: electron-osx-sign <app> [additional-binaries...] [--options...]
		@@ -9,4 +8,5 @@
		entitlements-inherit Path to child entitlements file for signing frameworks and bundles of Mac App Store application.
		identity Name of certificate to use when signing. Default to retrieve from `login.keychain`.
		identity Name of certificate to use when signing. Default to retrieve from keychain specified, see below.
		keychain The keychain name. Default to system default keychain (`login.keychain`).
		ignore Regex that signals ignoring a file before signing. Default to undefined.
		platform Build platform of Electron. Allowed values: `darwin`, `mas`. Default to auto detect from application package.
		verbose Verbose flag, to display logs.

bin/electron-osx-sign.js

		#!/usr/bin/env node
		var fs = require('fs')
		var args = require('minimist')(process.argv.slice(2), {boolean: ['help', 'verbose']})
		var args = require('minimist')(process.argv.slice(2), {boolean: ['help']})
		var usage = fs.readFileSync(__dirname + '/electron-osx-sign-usage.txt').toString()
		@@ -23,3 +23,3 @@ var sign = require('../')
		if (err.message) console.error(err.message)
		else console.error(err, err.stack)
		else console.error(err.stack)
		process.exit(1)
		@@ -26,0 +26,0 @@ }

207

index.js

		var fs = require('fs')
		var path = require('path')
		var child = require('child_process')
		var debug = require('debug')
		var debuglog = debug('electron-osx-sign')
		debuglog.log = console.log.bind(console)
		var debugwarn = debug('electron-osx-sign:warn')
		debugwarn.log = console.warn.bind(console)
		var debugerror = debug('electron-osx-sign:error')
		debugerror.log = console.error.bind(console)

		@@ -21,7 +28,12 @@ var series = require('run-series')
		// CSSMERR_TP_CERT_EXPIRED or CSSMERR_TP_NOT_TRUSTED. Fix #9
		child.exec([
		'security',

		var args = [
		'find-identity',
		'-v'
		].join(' '), function (err, stdout, stderr) {
		]
		if (opts.keychain) {
		args.push(opts.keychain)
		}

		child.execFile('security', args, function (err, stdout, stderr) {
		if (err) return cb(new Error('Error in finding an identity.'))
		@@ -46,14 +58,18 @@ var lines = stdout.split('\n')

		var args = [
		'--component', opts.app, opts.install,
		'--sign', opts.identity,
		opts.pkg
		]
		if (opts.keychain) {
		args.unshift('--keychain', opts.keychain)
		}

		// Call productbuild
		operations.push(function (cb) {
		child.exec([
		'productbuild',
		'--component', '"' + opts.app.replace(/"/g, '\\"') + '"', '"' + opts.install.replace(/"/g, '\\"') + '"',
		'--sign', '"' + opts.identity + '"',
		'"' + opts.pkg.replace(/"/g, '\\"') + '"'
		].join(' '), function (err, stdout, stderr) {
		child.execFile('productbuild', args, function (err, stdout, stderr) {
		if (err) return cb(err)
		cb()
		})
		if (opts.verbose) console.log('Flattening with productbuild...')
		debuglog('Flattening with productbuild...')
		})
		@@ -76,5 +92,2 @@
		function signApplication (opts, callback) {
		var operations = []
		var appContentsPath = generateAppContentsPath(opts)

		function isFileBinary (filePath) {
		@@ -102,2 +115,3 @@ var buf = fs.readFileSync(filePath)
		case '.dylib': // dynamic library
		case '.node': // native node addon
		childPaths.push(filePath)
		@@ -111,7 +125,7 @@ break
		})
		console.log('Removing...', filePath)
		debuglog('Removing... ' + filePath)
		})
		break
		default:
		if (path.extname(filePath).includes(' ')) {
		if (path.extname(filePath).indexOf(' ') > -1) {
		// Still consider the file as binary if extension seems invalid
		@@ -123,6 +137,2 @@ if (!isFileBinary(filePath)) break // reject non-binary file
		} else if (stat.isDirectory() && !stat.isSymbolicLink()) {
		switch (path.basename(filePath)) {
		case 'node_modules':
		break // ignore directory
		}
		walkSync(filePath)
		@@ -139,2 +149,15 @@ switch (path.extname(filePath)) {

		function ignoreFilePath (opts, filePath) {
		if (opts.ignore) {
		if (typeof opts.ignore === 'function') {
		return opts.ignore(filePath)
		} else if (typeof opts.ignore === 'string') {
		return filePath.match(opts.ignore)
		}
		}
		return false
		}

		var operations = []
		var appContentsPath = generateAppContentsPath(opts)
		var childPaths = []
		@@ -144,31 +167,28 @@ walkSync(appContentsPath)

		var args = [
		'--sign', opts.identity,
		'-fv'
		]
		if (opts.keychain) {
		args.push('--keychain', opts.keychain)
		}

		if (opts.entitlements) {
		// Sign with entitlements
		childPaths.forEach(function (filePath) {
		if (ignoreFilePath(opts, filePath)) return
		operations.push(function (cb) {
		child.exec([
		'codesign',
		'-s', '"' + opts.identity + '"',
		'-fv',
		'--entitlements', '"' + opts['entitlements-inherit'] + '"',
		'"' + filePath.replace(/"/g, '\\"') + '"'
		].join(' '), function (err, stdout, stderr) {
		child.execFile('codesign', args.concat('--entitlements', opts['entitlements-inherit'], filePath), function (err, stdout, stderr) {
		if (err) return cb(err)
		cb()
		})
		if (opts.verbose) console.log('Signing...', filePath)
		debuglog('Signing... ' + filePath)
		})
		})
		operations.push(function (cb) {
		child.exec([
		'codesign',
		'-s', '"' + opts.identity + '"',
		'-fv',
		'--entitlements', '"' + opts.entitlements + '"',
		'"' + opts.app.replace(/"/g, '\\"') + '"'
		].join(' '), function (err, stdout, stderr) {
		child.execFile('codesign', args.concat('--entitlements', opts.entitlements, opts.app), function (err, stdout, stderr) {
		if (err) return cb(err)
		cb()
		})
		if (opts.verbose) console.log('Signing...', opts.app)
		debuglog('Signing... ' + opts.app)
		})
		@@ -178,26 +198,17 @@ } else {
		childPaths.forEach(function (filePath) {
		if (ignoreFilePath(opts, filePath)) return
		operations.push(function (cb) {
		child.exec([
		'codesign',
		'-s', '"' + opts.identity + '"',
		'-fv',
		'"' + filePath.replace(/"/g, '\\"') + '"'
		].join(' '), function (err, stdout, stderr) {
		child.execFile('codesign', args.concat(filePath), function (err, stdout, stderr) {
		if (err) return cb(err)
		cb()
		})
		if (opts.verbose) console.log('Signing...', filePath)
		debuglog('Signing... ' + filePath)
		})
		})
		operations.push(function (cb) {
		child.exec([
		'codesign',
		'-s', '"' + opts.identity + '"',
		'-fv',
		'"' + opts.app.replace(/"/g, '\\"') + '"'
		].join(' '), function (err, stdout, stderr) {
		child.execFile('codesign', args.concat(opts.app), function (err, stdout, stderr) {
		if (err) return cb(err)
		cb()
		})
		if (opts.verbose) console.log('Signing...', opts.app)
		debuglog('Signing... ' + opts.app)
		})
		@@ -208,11 +219,7 @@ }
		operations.push(function (cb) {
		child.exec([
		'codesign',
		'-v',
		'"' + opts.app.replace(/"/g, '\\"') + '"'
		].join(' '), function (err, stdout, stderr) {
		child.execFile('codesign', ['-v', opts.app], function (err, stdout, stderr) {
		if (err) return cb(err)
		cb()
		})
		if (opts.verbose) console.log('Verifying sign...')
		debuglog('Verifying sign...')
		})
		@@ -222,12 +229,7 @@ if (opts.entitlements) {
		operations.push(function (cb) {
		child.exec([
		'codesign',
		'-d',
		'--entitlements', '-',
		'"' + opts.app.replace(/"/g, '\\"') + '"'
		].join(' '), function (err, stdout, stderr) {
		child.execFile('codesign', ['-d', '--entitlements', '-', opts.app], function (err, stdout, stderr) {
		if (err) return cb(err)
		cb()
		})
		if (opts.verbose) console.log('Verifying entitlements...')
		debuglog('Verifying entitlements...')
		})
		@@ -242,3 +244,3 @@ }

		module.exports = function sign (opts, cb) {
		function sign (opts, cb) {
		// Default callback function if none provided
		@@ -248,10 +250,8 @@ if (!cb) {
		if (err) {
		if (opts.verbose) {
		console.error('Sign failed.')
		if (err.message) console.error(err.message)
		else console.error(err, err.stack)
		}
		debugerror('Sign failed.')
		if (err.message) debugerror(err.message)
		else debugerror(err.stack)
		return
		}
		if (opts.verbose) console.log('Application signed:', opts.app)
		debuglog('Application signed: ' + opts.app)
		}
		@@ -264,3 +264,3 @@ }
		if (!opts.platform) {
		if (opts.verbose) console.warn('No `platform` passed in arguments, checking Electron platform...')
		debugwarn('No `platform` passed in arguments, checking Electron platform...')
		detectElectronPlatform(opts)
		@@ -276,7 +276,7 @@ }
		if (!opts.entitlements) {
		if (opts.verbose) console.warn('No `entitlements` passed in arguments, will fallback to default settings.')
		debugwarn('No `entitlements` passed in arguments, will fallback to default settings.')
		opts.entitlements = path.join(__dirname, 'default.mas.entitlements')
		}
		if (!opts['entitlements-inherit']) {
		if (opts.verbose) console.warn('No `entitlements-inherit` passed in arguments, will fallback to default settings.')
		debugwarn('No `entitlements-inherit` passed in arguments, will fallback to default settings.')
		opts['entitlements-inherit'] = path.join(__dirname, 'default.mas.inherit.entitlements')
		@@ -287,11 +287,11 @@ }
		if (!opts.entitlements) {
		if (opts.verbose) console.warn('No `entitlements` passed in arguments, will not sign with entitlements.')
		debugwarn('No `entitlements` passed in arguments, will not sign with entitlements.')
		} else {
		// If entitlements is provided as a flag, fallback to default
		if (opts.entitlements === true) {
		if (opts.verbose) console.warn('`entitlements` not specified in arguments, will fallback to default settings.')
		debugwarn('`entitlements` not specified in arguments, will fallback to default settings.')
		opts.entitlements = path.join(__dirname, 'default.mas.entitlements')
		}
		if (!opts['entitlements-inherit']) {
		if (opts.verbose) console.warn('No `entitlements-inherit` passed in arguments, will fallback to default settings.')
		debugwarn('No `entitlements-inherit` passed in arguments, will fallback to default settings.')
		opts['entitlements-inherit'] = path.join(__dirname, 'default.darwin.inherit.entitlements')
		@@ -306,2 +306,5 @@ }
		}
		if (opts.ignore) {
		if (typeof opts.ignore !== 'function' \|\| typeof opts.ignore !== 'string') return cb(new Error('Ignore filter should be either a function or a string.'))
		}
		series([
		@@ -311,3 +314,3 @@ function (cb) {
		if (!opts.identity) {
		if (opts.verbose) console.warn('No `identity` passed in arguments, discovering identities...')
		debugwarn('No `identity` passed in arguments, discovering identities...')
		if (opts.platform === 'mas') {
		@@ -322,11 +325,9 @@ findIdentity(opts, '3rd Party Mac Developer Application', cb)
		if (err) return cb(err)
		if (opts.verbose) {
		console.log('Signing application...')
		console.log('> application ', opts.app)
		console.log('> platform ', opts.platform)
		console.log('> entitlements ', opts.entitlements)
		console.log('> child-entitlements ', opts['entitlements-inherit'])
		console.log('> additional-binaries', opts.binaries)
		console.log('> identity ', opts.identity)
		}
		debuglog('Signing application...')
		debuglog('> application ' + opts.app)
		debuglog('> platform ' + opts.platform)
		debuglog('> entitlements ' + opts.entitlements)
		debuglog('> child-entitlements ' + opts['entitlements-inherit'])
		debuglog('> additional-binaries ' + opts.binaries)
		debuglog('> identity ' + opts.identity)
		return signApplication(opts, cb)
		@@ -336,3 +337,3 @@ })

		module.exports.flat = function flat (opts, cb) {
		function flat (opts, cb) {
		// Default callback function if none provided
		@@ -342,10 +343,8 @@ if (!cb) {
		if (err) {
		if (opts.verbose) {
		console.error('Flat failed.')
		if (err.message) console.error(err.message)
		else console.error(err, err.stack)
		}
		debugerror('Flat failed.')
		if (err.message) debugerror(err.message)
		else debugerror(err.stack)
		return
		}
		if (opts.verbose) console.log('Application flattened:', opts.pkg)
		debuglog('Application flattened: ' + opts.pkg)
		}
		@@ -358,7 +357,7 @@ }
		if (!opts.pkg) {
		if (opts.verbose) console.warn('No `pkg` passed in arguments, will fallback to default, inferred from the given application.')
		debugwarn('No `pkg` passed in arguments, will fallback to default, inferred from the given application.')
		opts.pkg = path.join(path.dirname(opts.app), path.basename(opts.app, '.app') + '.pkg')
		} else if (path.extname(opts.pkg) !== '.pkg') return cb(new Error('Extension of output package must be `.pkg`.'))
		if (!opts.install) {
		if (opts.verbose) console.warn('No `install` passed in arguments, will fallback to default `/Applications`.')
		debugwarn('No `install` passed in arguments, will fallback to default `/Applications`.')
		opts.install = '/Applications'
		@@ -370,5 +369,5 @@ }
		if (!opts.identity) {
		if (opts.verbose) console.warn('No `identity` passed in arguments, discovering identities...')
		debugwarn('No `identity` passed in arguments, discovering identities...')
		if (!opts.platform) {
		if (opts.verbose) console.warn('No `platform` passed in arguments, checking Electron platform...')
		debugwarn('No `platform` passed in arguments, checking Electron platform...')
		detectElectronPlatform(opts)
		@@ -387,11 +386,13 @@ } else if (opts.platform !== 'mas' && opts.platform !== 'darwin') {
		if (err) return cb(err)
		if (opts.verbose) {
		console.log('Flattening application...')
		console.log('> application ', opts.app)
		console.log('> package-output ', opts.pkg)
		console.log('> install-path ', opts.install)
		console.log('> identity ', opts.identity)
		}
		debuglog('Flattening application...')
		debuglog('> application ' + opts.app)
		debuglog('> package-output ' + opts.pkg)
		debuglog('> install-path ' + opts.install)
		debuglog('> identity ' + opts.identity)
		return flatApplication(opts, cb)
		})
		}

		module.exports = sign
		module.exports.sign = sign
		module.exports.flat = flat

package.json

		{
		"name": "electron-osx-sign",
		"version": "0.3.0",
		"version": "0.3.1",
		"description": "Code-signing for Electron-packed OS X apps.",
		@@ -21,2 +21,3 @@ "main": "index.js",
		"dependencies": {
		"debug": "^2.2.0",
		"minimist": "^1.1.1",
		@@ -26,2 +27,3 @@ "run-series": "^1.1.1"
		"devDependencies": {
		"compare-version": "^0.1.2",
		"electron-download": "^1.0.0",
		@@ -33,6 +35,6 @@ "extract-zip": "^1.0.3",
		"mkdirp": "^0.5.0",
		"rimraf": "^2.3.2",
		"compare-version": "^0.1.2"
		"rimraf": "^2.3.2"
		},
		"scripts": {
		"code-standard": "standard",
		"pretest": "rimraf test/work",
		@@ -39,0 +41,0 @@ "test": "standard && tape test"

README.md

		@@ -1,10 +0,11 @@
		# electron-osx-sign [![npm][npm_img]][npm_url]
		# electron-osx-sign [![npm][npm_img]][npm_url] [![Build Status][travis_img]][travis_url]

		Code-signing for Electron-packed OS X apps.

		Please visit our [Wiki](https://github.com/electron-userland/electron-osx-sign/wiki) hosted here on GitHub for walk-throughs and notes from past projects shipped with `electron-packager` and `electron-osx-sign`.
		Code-signing for packaged Electron OS X apps.

		Please visit our [Wiki](https://github.com/electron-userland/electron-osx-sign/wiki) hosted here on GitHub for walk-throughs and notes from past projects shipped with [electron-packager] and `electron-osx-sign`.

		Note: The signing procedure implemented in this package is based on what described in [Mac App Store Submission Guide](https://github.com/atom/electron/blob/master/docs/tutorial/mac-app-store-submission-guide.md).

		## An [OPEN Open Source Project](http://openopensource.org/)
		### An [OPEN Open Source Project](http://openopensource.org/)

		@@ -25,3 +26,3 @@ Individuals making significant and valuable contributions are given commit-access to the project to contribute as they see fit. This project is more like an open wiki than a standard guarded open source project.

		Note: `electron-osx-sign` will become a dependency of `electron-packager` in a later release for signing apps on OS X. However, please install this package globally for more customization beyond specifying identity and entitlements.
		Note: `electron-osx-sign` is a dependency of `electron-packager` as of 6.0.0 for signing apps on OS X. However, please install this package globally for more customization beyond specifying identity and entitlements.

		@@ -88,4 +89,4 @@ ## Usage

		Path to entitlements file for signing Mac App Store application.
		See [mas.default.entitlements](https://github.com/electron-userland/electron-osx-sign/blob/master/mas.default.entitlements) for default.
		Path to entitlements file for signing the app.
		See [default.mas.entitlements](https://github.com/electron-userland/electron-osx-sign/blob/master/default.mas.entitlements) or [default.darwin.entitlements](https://github.com/electron-userland/electron-osx-sign/blob/master/default.darwin.entitlements) for default.

		@@ -95,3 +96,3 @@ `entitlements-inherit` - String
		Path to child entitlements which inherit the security settings for signing frameworks and bundles of a distribution. This option only applies when signing with `entitlements` provided, or for a `mas` platform version.
		See [mas.inherit.default.entitlements](https://github.com/electron-userland/electron-osx-sign/blob/master/mas.inherit.default.entitlements) for default.
		See [default.mas.inherit.entitlements](https://github.com/electron-userland/electron-osx-sign/blob/master/default.mas.inherit.entitlements) or [default.darwin.inherit.entitlements](https://github.com/electron-userland/electron-osx-sign/blob/master/default.darwin.inherit.entitlements) for default.

		@@ -101,6 +102,16 @@ `identity` - String
		Name of certificate to use when signing.
		Default to retrieve from `login.keychain`.
		Default to retrieve from `opts.keychain` (see below) or system default keychain.

		Signing platform `mas` will look for `3rd Party Mac Developer Application: * ()`, and platform `darwin` will look for `Developer ID Application: (*)` by default.

		`keychain` - String

		The keychain name.
		Default to system default keychain (`login.keychain`).

		`ignore` - String

		Regex or function that signals ignoring a file before signing.
		Default to undefined.

		`platform` - String
		@@ -112,7 +123,2 @@

		`verbose` - Boolean

		Verbose flag, to display logs.
		Allowed values: `true`, `false`.

		###### callback
		@@ -176,3 +182,3 @@
		Name of certificate to use when flattening.
		Default to retrieve from `login.keychain`.
		Default to retrieve from `opts.keychain`(see below) or system default keychain.

		@@ -186,2 +192,7 @@ Flattening platform `mas` will look for `3rd Party Mac Developer Installer: * ()`, and platform `darwin` will look for `Developer ID Installer: (*)` by default.

		`keychain` - String

		The keychain name.
		Default to `login.keychain`.

		`platform` - String
		@@ -197,6 +208,2 @@

		`verbose` - String

		Verbose flag, to display logs.

		###### callback
		@@ -206,2 +213,6 @@

		## Debug

		As of release v0.3.1, external module `debug` is used to display logs and messages; remember to `export DEBUG=electron-osx-sign*` when necessary.

		## Test
		@@ -224,6 +235,6 @@

		> electron-osx-sign@0.3.0 pretest electron-osx-sign
		> electron-osx-sign@0.3.1 pretest electron-osx-sign
		> rimraf test/work

		> electron-osx-sign@0.3.0 test electron-osx-sign
		> electron-osx-sign@0.3.1 test electron-osx-sign
		> standard && tape test
		@@ -298,5 +309,8 @@

		- [electron-packager](https://github.com/electron-userland/electron-packager) - package your electron app in OS executables (.app, .exe, etc) via JS or CLI
		- [electron-packager] - package your electron app in OS executables (.app, .exe, etc) via JS or CLI

		[npm_img]: https://img.shields.io/npm/v/electron-osx-sign.svg
		[npm_url]: https://npmjs.org/package/electron-osx-sign
		[travis_img]: https://travis-ci.org/electron-userland/electron-osx-sign.svg?branch=master
		[travis_url]: https://travis-ci.org/electron-userland/electron-osx-sign
		[electron-packager]: https://github.com/electron-userland/electron-packager

test/basic.js

		@@ -14,4 +14,3 @@ var sign = require('..')
		var opts = {
		app: util.generateAppPath(release),
		verbose: config.verbose
		app: util.generateAppPath(release)
		} // test with no other options for self discovery
		@@ -18,0 +17,0 @@

test/config.json

		@@ -17,4 +17,3 @@ {
		"0.36.0"
		],
		"verbose": false
		]
		}

test/index.js

		@@ -1,3 +0,2 @@
		// var child = require('child_process')
		// var path = require('path')
		var child = require('child_process')

		@@ -10,6 +9,15 @@ var series = require('run-series')
		function (cb) {
		child.exec('which codesign', cb)
		},
		function (cb) {
		console.log('Calling electron-download before running tests...')
		util.downloadElectrons(cb)
		}
		], function () {
		], function (err) {
		if (err) {
		console.error('Test failed.')
		if (err.message) console.error(err.message)
		else console.error(err, err.stack)
		return
		}
		console.log('Running tests...')
		@@ -16,0 +24,0 @@ if (process.platform !== 'darwin') {

electron-osx-sign - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes