From 4600d0ec1de6df219de002338fbf6484d6286bb4 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Wed, 18 Sep 2024 14:41:47 +0200 Subject: [PATCH] Sign browser with autofill profile --- .github/workflows/build-browser.yml | 31 ++++++++++++++++++- apps/browser/gulpfile.js | 3 +- .../src/safari/desktop/desktop.entitlements | 2 ++ .../src/safari/safari/safari.entitlements | 2 ++ 4 files changed, 36 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-browser.yml b/.github/workflows/build-browser.yml index 610769859fe..fdc0992305e 100644 --- a/.github/workflows/build-browser.yml +++ b/.github/workflows/build-browser.yml @@ -280,11 +280,36 @@ jobs: run: | mkdir -p $HOME/secrets + # az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ + # --name bitwarden_desktop_appstore.provisionprofile \ + # --file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ + # --output none + + # az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ + # --name Bitwarden_Desktop_App_Store_2024_w_autofill.provisionprofile \ + # --file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ + # --output none + + # az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ + # --name bitwarden_desktop_autofill_app_store_2024.provisionprofile \ + # --file $HOME/secrets/bitwarden_desktop_autofill_app_store_2024.provisionprofile \ + # --output none + az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ - --name bitwarden_desktop_appstore.provisionprofile \ + --name bitwarden_desktop_autofill_app_store_2024.provisionprofile \ --file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ --output none + - name: Set up provisioning profiles + run: | + AUTOFILL_PROFILE_PATH=$HOME/secrets/bitwarden_desktop_appstore.provisionprofile + PROFILES_DIR_PATH=$HOME/Library/MobileDevice/Provisioning\ Profiles + + mkdir -p "$PROFILES_DIR_PATH" + + AUTOFILL_UUID=$(grep UUID -A1 -a $AUTOFILL_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}") + cp $AUTOFILL_PROFILE_PATH "$PROFILES_DIR_PATH/$AUTOFILL_UUID.provisionprofile" + - name: Get certificates run: | mkdir -p $HOME/certificates @@ -336,6 +361,10 @@ jobs: security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain + - name: Find identities + run: | + security find-identity -v -p codesigning + - name: NPM setup run: npm ci working-directory: ./ diff --git a/apps/browser/gulpfile.js b/apps/browser/gulpfile.js index 89d944cdec8..b58ab852a53 100644 --- a/apps/browser/gulpfile.js +++ b/apps/browser/gulpfile.js @@ -161,7 +161,8 @@ function distSafariApp(cb, subBuildPath) { "-o", "runtime", "--sign", - "Developer ID Application: 8bit Solutions LLC", + // "Developer ID Application: 8bit Solutions LLC", + "Developer ID Application: 8bit Solutions LLC (LTZ2PFU5D6)", "--entitlements", entitlementsPath, ]; diff --git a/apps/browser/src/safari/desktop/desktop.entitlements b/apps/browser/src/safari/desktop/desktop.entitlements index 6d968edb4f8..ca226eab160 100644 --- a/apps/browser/src/safari/desktop/desktop.entitlements +++ b/apps/browser/src/safari/desktop/desktop.entitlements @@ -2,6 +2,8 @@ + com.apple.developer.authentication-services.autofill-credential-provider + com.apple.security.app-sandbox com.apple.security.files.user-selected.read-write diff --git a/apps/browser/src/safari/safari/safari.entitlements b/apps/browser/src/safari/safari/safari.entitlements index 85c03d7b48a..24bf9778aca 100644 --- a/apps/browser/src/safari/safari/safari.entitlements +++ b/apps/browser/src/safari/safari/safari.entitlements @@ -10,5 +10,7 @@ com.apple.security.network.server + com.apple.developer.authentication-services.autofill-credential-provider +