electron-osx-sign
Advanced tools
Comparing version 0.4.13 to 0.4.14
@@ -32,5 +32,2 @@ | ||
--restrict | ||
Flag to enable restrict mode. Disabled by default. | ||
--help | ||
@@ -70,2 +67,9 @@ Flag to display all commands. | ||
--restrict | ||
(This will be deprecated soon, see --sign-flags.) | ||
Flag to enable restrict mode. Disabled by default. | ||
--signature-flags=flags | ||
Code signature flags. Default to none. | ||
--strict-verify, --strict-verify=options, --no-strict-verify | ||
@@ -72,0 +76,0 @@ Flag to enable/disable ``--strict'' flag when verifying the signed application bundle. |
@@ -6,2 +6,5 @@ #!/usr/bin/env node | ||
var args = require('minimist')(process.argv.slice(2), { | ||
'string': [ | ||
'signature-flags' | ||
], | ||
'boolean': [ | ||
@@ -8,0 +11,0 @@ 'help', |
{ | ||
"name": "electron-osx-sign", | ||
"version": "0.4.13", | ||
"version": "0.4.14", | ||
"description": "Codesign Electron macOS apps", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -176,6 +176,2 @@ # electron-osx-sign [![npm][npm_img]][npm_url] [![Build Status][circleci_img]][circleci_url] | ||
`restrict` - *Boolean* | ||
Restrict dyld loading. See doc about this [code signature flag](https://developer.apple.com/documentation/security/seccodesignatureflags/kseccodesignaturerestrict?language=objc) for more details. Disabled by default. | ||
`identity` - *String* | ||
@@ -230,2 +226,10 @@ | ||
`restrict` - *Boolean* | ||
**To be deprecated, see `signature-flags`.** | ||
Restrict dyld loading. See doc about this [code signature flag](https://developer.apple.com/documentation/security/seccodesignatureflags/kseccodesignaturerestrict?language=objc) for more details. Disabled by default. | ||
`signature-flags` - *String* | ||
Comma separated string or array for [code signature flag](https://developer.apple.com/documentation/security/seccodesignatureflags?language=objc). Default to `undefined`. | ||
`strict-verify` - *Boolean|String|Array.<String>* | ||
@@ -390,6 +394,6 @@ | ||
> electron-osx-sign@0.4.13 pretest electron-osx-sign | ||
> electron-osx-sign@0.4.14 pretest electron-osx-sign | ||
> rimraf test/work | ||
> electron-osx-sign@0.4.13 test electron-osx-sign | ||
> electron-osx-sign@0.4.14 test electron-osx-sign | ||
> standard && tape test | ||
@@ -396,0 +400,0 @@ |
19
sign.js
@@ -161,5 +161,15 @@ /** | ||
} | ||
const optionsArguments = [] | ||
if (opts.hardenedRuntime || opts['hardened-runtime']) { | ||
let optionsArguments = [] | ||
if (opts['signature-flags']) { | ||
if (Array.isArray(opts['signature-flags'])) { | ||
optionsArguments = [...opts['signature-flags']] | ||
} else { | ||
const flags = opts['signature-flags'].split(',').map(function (flag) { return flag.trim() }) | ||
optionsArguments = [...flags] | ||
} | ||
} | ||
if (opts.hardenedRuntime || opts['hardened-runtime'] || optionsArguments.includes('runtime')) { | ||
// Hardened runtime since darwin 17.7.0 --> macOS 10.13.6 | ||
@@ -169,3 +179,5 @@ if (compareVersion(osRelease, '17.7.0') >= 0) { | ||
} else { | ||
// Remove runtime if passed in with --signature-flags | ||
debuglog('Not enabling hardened runtime, current macOS version too low, requires 10.13.6 and higher') | ||
optionsArguments = optionsArguments.filter(function (element, index) { return element !== 'runtime' }) | ||
} | ||
@@ -176,6 +188,7 @@ } | ||
optionsArguments.push('restrict') | ||
debugwarn('This flag is to be deprecated, consider using --signature-flags=restrict instead') | ||
} | ||
if (optionsArguments.length) { | ||
args.push('--options', optionsArguments.join(',')) | ||
args.push('--options', [...new Set(optionsArguments)].join(',')) | ||
} | ||
@@ -182,0 +195,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
180797
1586
445