electron-osx-sign - npm Package Compare versions

Comparing version 0.4.7 to 0.4.8

bin/electron-osx-sign-usage.txt

		@@ -39,3 +39,3 @@
		--ignore=path
		Path to skip signing.
		Path to skip signing. The string will be treated as a regular expression when used to match the file paths.

		@@ -63,2 +63,7 @@ --keychain=keychain

		--strict-verify, --strict-verify=options, --no-strict-verify
		Flag to enable/disable ``--strict'' flag when verifying the signed application bundle.
		Each component should be separated in ``options'' with comma (``,'').
		Enabled by default.

		--timestamp=timestamp
		@@ -65,0 +70,0 @@ Specify the URL of the timestamp authority server, default to server provided by Apple.

package.json

		{
		"name": "electron-osx-sign",
		"version": "0.4.7",
		"version": "0.4.8",
		"description": "Codesign Electron macOS apps",
		@@ -5,0 +5,0 @@ "main": "index.js",

README.md

		@@ -7,12 +7,18 @@ # electron-osx-sign [![npm][npm_img]][npm_url] [![Build Status][travis_img]][travis_url]

		[`electron-osx-sign`][electron-osx-sign] minimizes the extra work needed to eventually prepare your apps for shipping, providing the most basic tools and assets. Note that the bare necessities here are sufficient for enabling app sandbox, yet other configurations for like network access require additional work.
		[`electron-osx-sign`][electron-osx-sign] minimizes the extra work needed to eventually prepare your apps for shipping, providing the most basic tools and assets. Note that the bare necessities here are sufficient for enabling app sandbox, yet other configurations for network access etc. require additional work.

		It is worth noting as well that starting from [Electron] v1.1.1, a new mechanism was introduced to satisfy IPC communications (see [electron#5601](https://github.com/electron/electron/pull/5601)); wish to have full support of legacy Electron versions, please utilize `opts.version`, which option brings less hassle with making default settings among Electron builds.
		Check out [`electron-osx-sign` guide](https://mintkit.net/electron-userland/electron-osx-sign/guide/) for suggestions on setting up your environment and workflow for distribution or development.

		We are trying to keep updated to the Electron specifications; please [file us an issue](https://github.com/electron-userland/electron-osx-sign/issues/new) if having any suggestions or experiencing difficulties code signing your products.
		Please visit our [wiki](https://github.com/electron-userland/electron-osx-sign/wiki) for walk-throughs, notes and [frequently asked questions](https://github.com/electron-userland/electron-osx-sign/wiki/FAQ) from past projects shipped with [`electron-packager`][electron-packager] and [`electron-osx-sign`][electron-osx-sign].

		Please visit our [Wiki](https://github.com/electron-userland/electron-osx-sign/wiki) hosted here on GitHub for walk-throughs and notes from past projects shipped with [`electron-packager`][electron-packager] and [`electron-osx-sign`][electron-osx-sign].
		NB: Since [`electron-osx-sign`][electron-osx-sign] injects the entry `com.apple.security.application-groups` into the entitlements file as part of the pre-signing process, this would reportedly limit app transfer on iTunes Connect (see [#150](https://github.com/electron-userland/electron-osx-sign/issues/150)). However, opting out entitlements automation `opts['pre-auto-entitlements'] === false` may result in worse graphics performance.

		NB: The signing procedure implemented in this package is based on what described in [Mac App Store Submission Guide](https://github.com/atom/electron/blob/master/docs/tutorial/mac-app-store-submission-guide.md).
		The signing procedure implemented in this package is based on what described in [Mac App Store Submission Guide](https://github.com/atom/electron/blob/master/docs/tutorial/mac-app-store-submission-guide.md).

		### [Electron]

		It is worth noting as well that starting from [Electron] v1.1.1, a new mechanism was introduced to allow IPC in App Sandbox (see [electron#5601](https://github.com/electron/electron/pull/5601)); wish to have full support of legacy Electron versions, please utilize `opts.version`, which option brings less hassle with making default settings among Electron builds.

		We are trying to keep updated to the latest [Electron] specs; please [file us an issue](https://github.com/electron-userland/electron-osx-sign/issues/new) if having any suggestions or experiencing difficulties code signing your products.

		### An [OPEN Open Source Project](http://openopensource.org/)
		@@ -44,4 +50,2 @@

		Check out [`electron-osx-sign` guide](https://mintkit.net/electron-userland/electron-osx-sign/guide/) for suggestions on setting up your environment and workflow for distribution or development.

		#### From the Command Line
		@@ -55,2 +59,6 @@

		Since `electron-osx-sign` adds the entry `com.apple.developer.team-identifier` to a temporary copy of the specified entitlements file (with the default option `--pre-auto-entitlements`) distribution builds can no longer be run directly. To run the app codesigned for distribution locally after codesigning, you may manually add `ElectronTeamID` in your `Info.plist` and `com.apple.security.application-groups` in the entitlements file, and provide the flag `--no-pre-auto-entitlements` for `electron-osx-sign` to avoid this extra bit. Note that "certain features are only allowed across apps whose team-identifier value match" ([Technical Note TN2415](https://developer.apple.com/library/content/technotes/tn2415/_index.html#//apple_ref/doc/uid/DTS40016427-CH1-ENTITLEMENTSLIST)).

		The examples below assume that `--pre-auto-entitlements` is enabled.

		- To sign a distribution version by default:
		@@ -60,2 +68,4 @@ ```sh
		```
		For distribution in the Mac App Store: Have the provisioning profile for distribution placed in the current working directory and the signing identity installed in the default keychain. The app is not expected to run after codesigning since there is no provisioned device, and it is intended only for submission to iTunes Connect.
		For distribution outside the Mac App Store: Have the signing identity for distribution installed in the default keychain and optionally place the provisioning profile in the current working directory. By default App Sandbox is not enabled. The app should run on all devices.

		@@ -66,6 +76,8 @@ - To sign development version:
		```
		For testing Mac App Store builds: Have the provisioning profile for development placed in the current working directory and the signing identity installed in the default keychain. The app will only run on provisioned devices.
		For testing apps for distribution outside the Mac App Store, have the signing identity for development installed in the default keychain and optionally the provisioning profile placed in the current working directory. The app will only run on provisioned devices. However, you may prefer to just go with signing a distribution version because the app is expected to launch properly after codesigned.

		- It is recommended to place the provisioning profile(s) under the working directory for `electron-osx-sign` to pick up automatically; however, to specify provisioning profile to be embedded explicitly:
		```sh
		electron-osx-sign path/to/my.app --provisioning-profile=path/to/my.provisioningprofile
		electron-osx-sign path/to/my.app --provisioning-profile=path/to/my.provisionprofile
		```
		@@ -183,4 +195,4 @@

		Regex, function or an array of regex's and functions that signal to skip signing a file.
		Elements of other types are converted to `RegExp` automatically.
		Regex, function or an array of regex's and functions that signal skipping signing a file.
		Elements of other types are treated as `RegExp`.
		Default to `undefined`.
		@@ -214,2 +226,9 @@

		`strict-verify` - Boolean\|String\|Array.<String>

		Flag to enable/disable `--strict` flag when verifying the signed application bundle.
		If provided as a string, each component should be separated with comma (`,`).
		If provided as an array, each item should be a string corresponding to a component.
		Default to `true`.

		`timestamp` - String
		@@ -371,6 +390,6 @@

		> electron-osx-sign@0.4.7 pretest electron-osx-sign
		> electron-osx-sign@0.4.8 pretest electron-osx-sign
		> rimraf test/work

		> electron-osx-sign@0.4.7 test electron-osx-sign
		> electron-osx-sign@0.4.8 test electron-osx-sign
		> standard && tape test
		@@ -377,0 +396,0 @@

sign.js

		@@ -87,9 +87,16 @@ /**
		debuglog('Verifying application bundle with codesign...')

		var promise = execFileAsync('codesign', [
		'--verify',
		'--deep',
		'--verbose=2'
		'--deep'
		]
		.concat(compareVersion(osRelease, '15.0.0') >= 0 ? ['--strict'] : [], // Only pass strict flag in El Capitan and later
		[opts.app]))
		.concat(
		opts['strict-verify'] !== false &&
		compareVersion(osRelease, '15.0.0') >= 0 // Only pass strict flag in El Capitan and later
		? ['--strict' +
		(opts['strict-verify']
		? '=' + opts['strict-verify'] // Array should be converted to a comma separated string
		: '')]
		: [],
		['--verbose=2', opts.app]))

		@@ -96,0 +103,0 @@ // Additionally test Gatekeeper acceptance for darwin platform

util-entitlements.js

		@@ -60,3 +60,3 @@ /**
		.then(function () {
		debuglog('Entitlements file updated:', '\n',
		debuglog('`Info.plist` updated:', '\n',
		'> Info.plist:', appInfoPath)
		@@ -87,3 +87,3 @@ })
		// Insert app group if not exists
		if (entitlements['com.apple.security.application-groups'].indexOf(appIdentifier) === -1) {
		if (Array.isArray(entitlements['com.apple.security.application-groups']) && entitlements['com.apple.security.application-groups'].indexOf(appIdentifier) === -1) {
		debuglog('`com.apple.security.application-groups` not found in entitlements file, new inserted: ' + appIdentifier)
		@@ -90,0 +90,0 @@ entitlements['com.apple.security.application-groups'].push(appIdentifier)

electron-osx-sign - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics