Fix TestFlight errors caused by desktop_proxy (#10928)

* Add info.plist and enable app-sandbox * Log available identities * Fix cert selection * Remove comment
2025-12-12 06:13:38 +00:00 · 2024-09-06 17:48:51 +02:00
parent 9881c7842b
commit 40cb4b5353
6 changed files with 52 additions and 9 deletions
--- a/apps/desktop/scripts/after-pack.js
+++ b/apps/desktop/scripts/after-pack.js
@@ -33,13 +33,32 @@ async function run(context) {
  }

  if (["darwin", "mas"].includes(context.electronPlatformName)) {
-    const identities = getIdentities(process.env.CSC_NAME ?? "");
-    if (identities.length === 0) {
-      throw new Error("No valid identities found");
-    }
-    const id = identities[0].id;
+    const is_mas = context.electronPlatformName === "mas";
+    const is_mas_dev = context.targets.some((e) => e.name === "mas-dev");

-    console.log("Signing proxy binary before the main bundle, using identity", id);
+    let id;
+
+    // Only use the Bitwarden Identities on CI
+    if (process.env.GITHUB_ACTIONS === "true") {
+      if (is_mas) {
+        id = is_mas_dev
+          ? "E7C9978F6FBCE0553429185C405E61F5380BE8EB"
+          : "3rd Party Mac Developer Application: Bitwarden Inc";
+      } else {
+        id = "Developer ID Application: 8bit Solutions LLC";
+      }
+      // Locally, use the first valid code signing identity, unless CSC_NAME is set
+    } else if (process.env.CSC_NAME) {
+      id = process.env.CSC_NAME;
+    } else {
+      const identities = getIdentities();
+      if (identities.length === 0) {
+        throw new Error("No valid identities found");
+      }
+      id = identities[0].id;
+    }
+
+    console.log(`Signing proxy binary before the main bundle, using identity '${id}'`);

    const appName = context.packager.appInfo.productFilename;
    const appPath = `${context.appOutDir}/${appName}.app`;
@@ -49,7 +68,7 @@ async function run(context) {
    const entitlementsName = "entitlements.desktop_proxy.plist";
    const entitlementsPath = path.join(__dirname, "..", "resources", entitlementsName);
    child_process.execSync(
-      `codesign -s ${id} -i ${packageId} -f --timestamp --options runtime --entitlements ${entitlementsPath} ${proxyPath}`,
+      `codesign -s '${id}' -i ${packageId} -f --timestamp --options runtime --entitlements ${entitlementsPath} ${proxyPath}`,
    );
  }
 }
@@ -66,7 +85,7 @@ const appleCertificatePrefixes = [
  "Apple Development:",
 ];

-function getIdentities(csc_name) {
+function getIdentities() {
  const ids = child_process
    .execSync("/usr/bin/security find-identity -v -p codesigning")
    .toString();
@@ -81,7 +100,6 @@ function getIdentities(csc_name) {
      }
      return false;
    })
-    .filter((line) => line.includes(csc_name))
    .map((line) => {
      const split = line.trim().split(" ");
      const id = split[1];