diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml index 365d29f17f..86dc74f735 100644 --- a/.github/workflows/build-desktop.yml +++ b/.github/workflows/build-desktop.yml @@ -92,6 +92,7 @@ jobs: id: retrieve-version run: | PKG_VERSION=$(jq -r .version src/package.json) + echo "Setting version number to $PKG_VERSION" echo "package_version=$PKG_VERSION" >> $GITHUB_OUTPUT - name: Increment Version @@ -725,6 +726,11 @@ jobs: --file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ --output none + az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ + --name bitwarden_desktop_autofill_app_store_2024.provisionprofile \ + --file $HOME/secrets/bitwarden_desktop_autofill_app_store_2024.provisionprofile \ + --output none + - name: Get certificates if: ${{ needs.setup.outputs.has_secrets == 'true' }} run: | @@ -784,6 +790,15 @@ jobs: cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ $GITHUB_WORKSPACE/apps/desktop/bitwarden_desktop_appstore.provisionprofile + mkdir -p $HOME/Library/MobileDevice/Provisioning\ Profiles + export APP_UUID=`grep UUID -A1 -a $HOME/secrets/bitwarden_desktop_appstore.provisionprofile | grep -io "[-A-Z0-9]\{36\}"` + export AUTOFILL_UUID=`grep UUID -A1 -a $HOME/secrets/bitwarden_desktop_autofill_app_store_2024.provisionprofile | grep -io "[-A-Z0-9]\{36\}"` + + cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ + $HOME/Library/MobileDevice/Provisioning\ Profiles/$APP_UUID.provisionprofile + cp $HOME/secrets/bitwarden_desktop_autofill_app_store_2024.provisionprofile \ + $HOME/Library/MobileDevice/Provisioning\ Profiles/$AUTOFILL_UUID.provisionprofile + - name: Increment version shell: pwsh env: @@ -914,8 +929,13 @@ jobs: mkdir -p $HOME/secrets az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ - --name bitwarden_desktop_appstore.provisionprofile \ - --file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ + --name bitwarden_desktop_developer_id.provisionprofile \ + --file $HOME/secrets/bitwarden_desktop_developer_id.provisionprofile \ + --output none + + az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ + --name bitwarden_desktop_autofill_developer_id.provisionprofile \ + --file $HOME/secrets/bitwarden_desktop_autofill_developer_id.provisionprofile \ --output none - name: Get certificates @@ -958,21 +978,21 @@ jobs: security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \ - -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - - security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \ - -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - - security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \ - -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - name: Set up provisioning profiles run: | - cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ - $GITHUB_WORKSPACE/apps/desktop/bitwarden_desktop_appstore.provisionprofile + cp $HOME/secrets/bitwarden_desktop_developer_id.provisionprofile \ + $GITHUB_WORKSPACE/apps/desktop/bitwarden_desktop_developer_id.provisionprofile + + mkdir -p $HOME/Library/MobileDevice/Provisioning\ Profiles + export APP_UUID=`grep UUID -A1 -a $HOME/secrets/bitwarden_desktop_developer_id.provisionprofile | grep -io "[-A-Z0-9]\{36\}"` + export AUTOFILL_UUID=`grep UUID -A1 -a $HOME/secrets/bitwarden_desktop_autofill_developer_id.provisionprofile | grep -io "[-A-Z0-9]\{36\}"` + + cp $HOME/secrets/bitwarden_desktop_developer_id.provisionprofile \ + $HOME/Library/MobileDevice/Provisioning\ Profiles/$APP_UUID.provisionprofile + cp $HOME/secrets/bitwarden_desktop_autofill_developer_id.provisionprofile \ + $HOME/Library/MobileDevice/Provisioning\ Profiles/$AUTOFILL_UUID.provisionprofile - name: Increment version shell: pwsh @@ -1020,7 +1040,9 @@ jobs: - name: Build Native Module if: steps.cache.outputs.cache-hit != 'true' working-directory: apps/desktop/desktop_native - run: node build.js cross-platform + run: | + rustup target add aarch64-apple-darwin + node build.js cross-platform - name: Build if: steps.build-cache.outputs.cache-hit != 'true' @@ -1167,6 +1189,11 @@ jobs: --file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ --output none + az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ + --name bitwarden_desktop_autofill_app_store_2024.provisionprofile \ + --file $HOME/secrets/bitwarden_desktop_autofill_app_store_2024.provisionprofile \ + --output none + - name: Get certificates run: | mkdir -p $HOME/certificates @@ -1201,21 +1228,12 @@ jobs: security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \ - -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - - security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \ - -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \ - -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - name: Set up provisioning profiles @@ -1223,6 +1241,15 @@ jobs: cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ $GITHUB_WORKSPACE/apps/desktop/bitwarden_desktop_appstore.provisionprofile + mkdir -p $HOME/Library/MobileDevice/Provisioning\ Profiles + export APP_UUID=`grep UUID -A1 -a $HOME/secrets/bitwarden_desktop_appstore.provisionprofile | grep -io "[-A-Z0-9]\{36\}"` + export AUTOFILL_UUID=`grep UUID -A1 -a $HOME/secrets/bitwarden_desktop_autofill_app_store_2024.provisionprofile | grep -io "[-A-Z0-9]\{36\}"` + + cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ + $HOME/Library/MobileDevice/Provisioning\ Profiles/$APP_UUID.provisionprofile + cp $HOME/secrets/bitwarden_desktop_autofill_app_store_2024.provisionprofile \ + $HOME/Library/MobileDevice/Provisioning\ Profiles/$AUTOFILL_UUID.provisionprofile + - name: Increment version shell: pwsh env: @@ -1269,7 +1296,9 @@ jobs: - name: Build Native Module if: steps.cache.outputs.cache-hit != 'true' working-directory: apps/desktop/desktop_native - run: node build.js cross-platform + run: | + rustup target add aarch64-apple-darwin + node build.js cross-platform - name: Build if: steps.build-cache.outputs.cache-hit != 'true' @@ -1378,226 +1407,6 @@ jobs: env: BUILD_NUMBER: ${{ needs.setup.outputs.build_number }} - - macos-package-dev: - name: MacOS Package Dev Release Asset - runs-on: macos-13 - if: ${{ needs.setup.outputs.has_secrets == 'true' }} - needs: - - browser-build - - macos-build - - setup - env: - _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} - _NODE_VERSION: ${{ needs.setup.outputs.node_version }} - NODE_OPTIONS: --max_old_space_size=4096 - defaults: - run: - working-directory: apps/desktop - steps: - - name: Check out repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - ref: ${{ github.event.pull_request.head.sha }} - - - name: Set up Node - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 - with: - cache: 'npm' - cache-dependency-path: '**/package-lock.json' - node-version: ${{ env._NODE_VERSION }} - - - name: Set up Node-gyp - run: python3 -m pip install setuptools - - - name: Print environment - run: | - node --version - npm --version - echo "GitHub ref: $GITHUB_REF" - echo "GitHub event: $GITHUB_EVENT" - - - name: Get Build Cache - id: build-cache - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 - with: - path: apps/desktop/build - key: ${{ runner.os }}-${{ github.run_id }}-build - - - name: Setup Safari Cache - id: safari-cache - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 - with: - path: apps/browser/dist/Safari - key: ${{ runner.os }}-${{ github.run_id }}-safari-extension - - - name: Login to Azure - uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 - with: - creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - - - name: Download Provisioning Profiles secrets - env: - ACCOUNT_NAME: bitwardenci - CONTAINER_NAME: profiles - run: | - mkdir -p $HOME/secrets - - az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ - --name bitwarden_desktop_appstore.provisionprofile \ - --file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ - --output none - - - name: Get certificates - run: | - mkdir -p $HOME/certificates - - az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key | - jq -r .value | base64 -d > $HOME/certificates/bitwarden-desktop-key.p12 - - az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert | - jq -r .value | base64 -d > $HOME/certificates/appstore-app-cert.p12 - - az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert | - jq -r .value | base64 -d > $HOME/certificates/appstore-installer-cert.p12 - - az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert | - jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12 - - az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert | - jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12 - - az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert | - jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12 - - - name: Set up keychain - env: - KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} - run: | - security create-keychain -p $KEYCHAIN_PASSWORD build.keychain - security default-keychain -s build.keychain - security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain - security set-keychain-settings -lut 1200 build.keychain - - security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \ - -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - - security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \ - -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - - security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \ - -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - - security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \ - -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - - security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \ - -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - - security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \ - -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - - security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - - - name: Set up provisioning profiles - run: | - cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ - $GITHUB_WORKSPACE/apps/desktop/bitwarden_desktop_appstore.provisionprofile - - - name: Increment version - shell: pwsh - env: - BUILD_NUMBER: ${{ needs.setup.outputs.build_number }} - run: | - $package = Get-Content -Raw -Path electron-builder.json | ConvertFrom-Json - $package | Add-Member -MemberType NoteProperty -Name buildVersion -Value "$env:BUILD_NUMBER" - $package | ConvertTo-Json -Depth 32 | Set-Content -Path electron-builder.json - Write-Output "### MacOS Dev build number: $env:BUILD_NUMBER" - - - name: Install Node dependencies - run: npm ci - working-directory: ./ - - - name: Download SDK Artifacts - if: ${{ inputs.sdk_branch != '' }} - uses: bitwarden/gh-actions/download-artifacts@main - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - workflow: build-wasm-internal.yml - workflow_conclusion: success - branch: ${{ inputs.sdk_branch }} - artifacts: sdk-internal - repo: bitwarden/sdk-internal - path: ../sdk-internal - if_no_artifact_found: fail - - - name: Override SDK - if: ${{ inputs.sdk_branch != '' }} - working-directory: ./ - run: | - ls -l ../ - npm link ../sdk-internal - - - name: Cache Native Module - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 - id: cache - with: - path: | - apps/desktop/desktop_native/napi/*.node - apps/desktop/desktop_native/dist/* - key: rust-${{ runner.os }}-${{ hashFiles('apps/desktop/desktop_native/**/*') }} - - - name: Build Native Module - if: steps.cache.outputs.cache-hit != 'true' - working-directory: apps/desktop/desktop_native - run: node build.js cross-platform - - - name: Build - if: steps.build-cache.outputs.cache-hit != 'true' - run: npm run build - - - name: Download Browser artifact - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - path: ${{ github.workspace }}/browser-build-artifacts - - - name: Unzip Safari artifact - run: | - SAFARI_DIR=$(find $GITHUB_WORKSPACE/browser-build-artifacts -name 'dist-safari-*.zip') - echo $SAFARI_DIR - unzip $SAFARI_DIR/dist-safari.zip -d $GITHUB_WORKSPACE/browser-build-artifacts - - - name: Load Safari extension for App Store - run: | - mkdir PlugIns - cp -r $GITHUB_WORKSPACE/browser-build-artifacts/Safari/masdev/build/Release/safari.appex PlugIns/safari.appex - - - name: Set up private auth key - run: | - mkdir ~/private_keys - cat << EOF > ~/private_keys/AuthKey_6TV9MKN3GP.p8 - ${{ secrets.APP_STORE_CONNECT_AUTH_KEY }} - EOF - - - name: Build dev application for App Store - env: - APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }} - APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_6TV9MKN3GP.p8 - run: npm run pack:mac:masdev - - - name: Zip masdev asset - run: | - cd dist/mas-dev-universal - zip -r Bitwarden-${{ env._PACKAGE_VERSION }}-masdev-universal.zip Bitwarden.app - - - name: Upload masdev artifact - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 - with: - name: Bitwarden-${{ env._PACKAGE_VERSION }}-masdev-universal.zip - path: apps/desktop/dist/mas-dev-universal/Bitwarden-${{ env._PACKAGE_VERSION }}-masdev-universal.zip - if-no-files-found: error - - crowdin-push: name: Crowdin Push if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/main' diff --git a/apps/desktop/electron-builder.json b/apps/desktop/electron-builder.json index 30d87c5c66..925706bec7 100644 --- a/apps/desktop/electron-builder.json +++ b/apps/desktop/electron-builder.json @@ -33,7 +33,7 @@ "gatekeeperAssess": false, "hardenedRuntime": true, "entitlements": "resources/entitlements.mac.plist", - "entitlementsInherit": "resources/entitlements.mac.plist", + "entitlementsInherit": "resources/entitlements.mac.inherit.plist", "extendInfo": { "ITSAppUsesNonExemptEncryption": false, "CFBundleLocalizations": [ @@ -67,6 +67,7 @@ ], "CFBundleDevelopmentRegion": "en" }, + "provisioningProfile": "bitwarden_desktop_developer_id.provisionprofile", "singleArchFiles": "node_modules/@bitwarden/desktop-napi/desktop_napi.darwin-*.node", "extraFiles": [ { @@ -78,7 +79,11 @@ "to": "MacOS/desktop_proxy.inherit" } ], - "signIgnore": ["MacOS/desktop_proxy", "MacOS/desktop_proxy.inherit"], + "signIgnore": [ + "MacOS/desktop_proxy", + "MacOS/desktop_proxy.inherit", + "Contents/Plugins/autofill-extension.appex" + ], "target": ["dmg", "zip"] }, "win": { @@ -137,7 +142,8 @@ "extendInfo": { "LSMinimumSystemVersion": "12", "ElectronTeamID": "LTZ2PFU5D6" - } + }, + "provisioningProfile": "bitwarden_desktop_appstore.provisionprofile" }, "nsisWeb": { "oneClick": false, diff --git a/apps/desktop/macos/Debug.xcconfig b/apps/desktop/macos/Debug.xcconfig new file mode 100644 index 0000000000..73d8cd871f --- /dev/null +++ b/apps/desktop/macos/Debug.xcconfig @@ -0,0 +1,11 @@ +// +// Debug.xcconfig +// desktop +// +// Created by Nathan Ansel on 2/20/25. +// + +// Configuration settings file format documentation can be found at: +// https://help.apple.com/xcode/#/dev745c5c974 +CODE_SIGN_IDENTITY = Apple Development +PROVISIONING_PROFILE_SPECIFIER = Bitwarden Desktop Autofill Development 2024 diff --git a/apps/desktop/macos/ReleaseAppStore.xcconfig b/apps/desktop/macos/ReleaseAppStore.xcconfig new file mode 100644 index 0000000000..2b891bbfc8 --- /dev/null +++ b/apps/desktop/macos/ReleaseAppStore.xcconfig @@ -0,0 +1,11 @@ +// +// ReleaseAppStore.xcconfig +// desktop +// +// Created by Vince Grassia on 7/25/24. +// + +// Configuration settings file format documentation can be found at: +// https://help.apple.com/xcode/#/dev745c5c974 +CODE_SIGN_IDENTITY = 3rd Party Mac Developer Application +PROVISIONING_PROFILE_SPECIFIER = Bitwarden Desktop Autofill App Store 2024 diff --git a/apps/desktop/macos/ReleaseDeveloper.xcconfig b/apps/desktop/macos/ReleaseDeveloper.xcconfig new file mode 100644 index 0000000000..47a047cbcf --- /dev/null +++ b/apps/desktop/macos/ReleaseDeveloper.xcconfig @@ -0,0 +1,11 @@ +// +// ReleaseDeveloper.xcconfig +// desktop +// +// Created by Nathan Ansel on 2/20/25. +// + +// Configuration settings file format documentation can be found at: +// https://help.apple.com/xcode/#/dev745c5c974 +CODE_SIGN_IDENTITY = Developer ID Application +PROVISIONING_PROFILE_SPECIFIER = Bitwarden Desktop Autofill Extension Developer Dis diff --git a/apps/desktop/macos/desktop.xcodeproj/project.pbxproj b/apps/desktop/macos/desktop.xcodeproj/project.pbxproj index 2ac467f328..ff257097f2 100644 --- a/apps/desktop/macos/desktop.xcodeproj/project.pbxproj +++ b/apps/desktop/macos/desktop.xcodeproj/project.pbxproj @@ -17,7 +17,9 @@ /* Begin PBXFileReference section */ 3368DB382C654B8100896B75 /* BitwardenMacosProviderFFI.xcframework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.xcframework; name = BitwardenMacosProviderFFI.xcframework; path = ../desktop_native/macos_provider/BitwardenMacosProviderFFI.xcframework; sourceTree = ""; }; 3368DB3A2C654F3800896B75 /* BitwardenMacosProvider.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = BitwardenMacosProvider.swift; sourceTree = ""; }; - 968ED08A2C52A47200FFFEE6 /* Production.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = Production.xcconfig; sourceTree = ""; }; + 968ED08A2C52A47200FFFEE6 /* ReleaseAppStore.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = ReleaseAppStore.xcconfig; sourceTree = ""; }; + D83832AB2D67B9AE003FB9F8 /* Debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = Debug.xcconfig; sourceTree = ""; }; + D83832AD2D67B9D0003FB9F8 /* ReleaseDeveloper.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = ReleaseDeveloper.xcconfig; sourceTree = ""; }; E1DF713C2B342F6900F29026 /* autofill-extension.appex */ = {isa = PBXFileReference; explicitFileType = "wrapper.app-extension"; includeInIndex = 0; path = "autofill-extension.appex"; sourceTree = BUILT_PRODUCTS_DIR; }; E1DF713E2B342F6900F29026 /* AuthenticationServices.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AuthenticationServices.framework; path = System/Library/Frameworks/AuthenticationServices.framework; sourceTree = SDKROOT; }; E1DF71412B342F6900F29026 /* CredentialProviderViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CredentialProviderViewController.swift; sourceTree = ""; }; @@ -42,7 +44,9 @@ E1DF711D2B342E2800F29026 = { isa = PBXGroup; children = ( - 968ED08A2C52A47200FFFEE6 /* Production.xcconfig */, + D83832AB2D67B9AE003FB9F8 /* Debug.xcconfig */, + 968ED08A2C52A47200FFFEE6 /* ReleaseAppStore.xcconfig */, + D83832AD2D67B9D0003FB9F8 /* ReleaseDeveloper.xcconfig */, E1DF71402B342F6900F29026 /* autofill-extension */, E1DF713D2B342F6900F29026 /* Frameworks */, E1DF71272B342E2800F29026 /* Products */, @@ -166,8 +170,97 @@ /* End PBXVariantGroup section */ /* Begin XCBuildConfiguration section */ + D83832AE2D67BA84003FB9F8 /* ReleaseDeveloper */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D83832AD2D67B9D0003FB9F8 /* ReleaseDeveloper.xcconfig */; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = "autofill-extension/autofill_extension.entitlements"; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_USER_SCRIPT_SANDBOXING = YES; + GCC_C_LANGUAGE_STANDARD = gnu17; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + LOCALIZATION_PREFERS_STRING_CATALOGS = YES; + MACOSX_DEPLOYMENT_TARGET = 14.2; + MTL_ENABLE_DEBUG_INFO = NO; + MTL_FAST_MATH = YES; + SDKROOT = macosx; + SWIFT_COMPILATION_MODE = wholemodule; + }; + name = ReleaseDeveloper; + }; + D83832AF2D67BA84003FB9F8 /* ReleaseDeveloper */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D83832AD2D67B9D0003FB9F8 /* ReleaseDeveloper.xcconfig */; + buildSettings = { + CODE_SIGN_ENTITLEMENTS = "autofill-extension/autofill_extension.entitlements"; + CODE_SIGN_IDENTITY = "Apple Development"; + "CODE_SIGN_IDENTITY[sdk=macosx*]" = "Mac Developer"; + CODE_SIGN_STYLE = Manual; + CURRENT_PROJECT_VERSION = 1; + DEVELOPMENT_TEAM = ""; + "DEVELOPMENT_TEAM[sdk=macosx*]" = LTZ2PFU5D6; + ENABLE_HARDENED_RUNTIME = YES; + GENERATE_INFOPLIST_FILE = YES; + INFOPLIST_FILE = "autofill-extension/Info.plist"; + INFOPLIST_KEY_CFBundleDisplayName = Bitwarden; + INFOPLIST_KEY_NSHumanReadableCopyright = ""; + LD_RUNPATH_SEARCH_PATHS = ( + "$(inherited)", + "@executable_path/../Frameworks", + "@executable_path/../../../../Frameworks", + ); + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = "com.bitwarden.desktop.autofill-extension"; + PRODUCT_NAME = "$(TARGET_NAME)"; + PROVISIONING_PROFILE_SPECIFIER = "Bitwarden Desktop Autofill App Store 2024"; + SKIP_INSTALL = YES; + SWIFT_EMIT_LOC_STRINGS = YES; + SWIFT_VERSION = 5.0; + }; + name = ReleaseDeveloper; + }; E1DF71332B342E2900F29026 /* Debug */ = { isa = XCBuildConfiguration; + baseConfigurationReference = D83832AB2D67B9AE003FB9F8 /* Debug.xcconfig */; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; @@ -223,15 +316,16 @@ MACOSX_DEPLOYMENT_TARGET = 14.2; MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; MTL_FAST_MATH = YES; - ONLY_ACTIVE_ARCH = YES; + ONLY_ACTIVE_ARCH = NO; SDKROOT = macosx; SWIFT_ACTIVE_COMPILATION_CONDITIONS = "DEBUG $(inherited)"; SWIFT_OPTIMIZATION_LEVEL = "-Onone"; }; name = Debug; }; - E1DF71342B342E2900F29026 /* Release */ = { + E1DF71342B342E2900F29026 /* ReleaseAppStore */ = { isa = XCBuildConfiguration; + baseConfigurationReference = 968ED08A2C52A47200FFFEE6 /* ReleaseAppStore.xcconfig */; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; @@ -284,10 +378,11 @@ SDKROOT = macosx; SWIFT_COMPILATION_MODE = wholemodule; }; - name = Release; + name = ReleaseAppStore; }; E1DF714C2B342F6900F29026 /* Debug */ = { isa = XCBuildConfiguration; + baseConfigurationReference = D83832AB2D67B9AE003FB9F8 /* Debug.xcconfig */; buildSettings = { CODE_SIGN_ENTITLEMENTS = "autofill-extension/autofill_extension.entitlements"; CODE_SIGN_IDENTITY = "Apple Development"; @@ -309,16 +404,16 @@ MARKETING_VERSION = 1.0; PRODUCT_BUNDLE_IDENTIFIER = "com.bitwarden.desktop.autofill-extension"; PRODUCT_NAME = "$(TARGET_NAME)"; - PROVISIONING_PROFILE_SPECIFIER = ""; - "PROVISIONING_PROFILE_SPECIFIER[sdk=macosx*]" = "Bitwarden Desktop Autofill Development 2024"; + PROVISIONING_PROFILE_SPECIFIER = "Bitwarden Desktop Autofill Development 2024"; SKIP_INSTALL = YES; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_VERSION = 5.0; }; name = Debug; }; - E1DF714D2B342F6900F29026 /* Release */ = { + E1DF714D2B342F6900F29026 /* ReleaseAppStore */ = { isa = XCBuildConfiguration; + baseConfigurationReference = 968ED08A2C52A47200FFFEE6 /* ReleaseAppStore.xcconfig */; buildSettings = { CODE_SIGN_ENTITLEMENTS = "autofill-extension/autofill_extension.entitlements"; CODE_SIGN_IDENTITY = "Apple Development"; @@ -340,13 +435,12 @@ MARKETING_VERSION = 1.0; PRODUCT_BUNDLE_IDENTIFIER = "com.bitwarden.desktop.autofill-extension"; PRODUCT_NAME = "$(TARGET_NAME)"; - PROVISIONING_PROFILE_SPECIFIER = ""; - "PROVISIONING_PROFILE_SPECIFIER[sdk=macosx*]" = "Bitwarden Desktop Autofill Development 2024"; + PROVISIONING_PROFILE_SPECIFIER = "Bitwarden Desktop Autofill App Store 2024"; SKIP_INSTALL = YES; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_VERSION = 5.0; }; - name = Release; + name = ReleaseAppStore; }; /* End XCBuildConfiguration section */ @@ -355,19 +449,21 @@ isa = XCConfigurationList; buildConfigurations = ( E1DF71332B342E2900F29026 /* Debug */, - E1DF71342B342E2900F29026 /* Release */, + E1DF71342B342E2900F29026 /* ReleaseAppStore */, + D83832AE2D67BA84003FB9F8 /* ReleaseDeveloper */, ); defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; + defaultConfigurationName = ReleaseAppStore; }; E1DF714E2B342F6900F29026 /* Build configuration list for PBXNativeTarget "autofill-extension" */ = { isa = XCConfigurationList; buildConfigurations = ( E1DF714C2B342F6900F29026 /* Debug */, - E1DF714D2B342F6900F29026 /* Release */, + E1DF714D2B342F6900F29026 /* ReleaseAppStore */, + D83832AF2D67BA84003FB9F8 /* ReleaseDeveloper */, ); defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; + defaultConfigurationName = ReleaseAppStore; }; /* End XCConfigurationList section */ }; diff --git a/apps/desktop/macos/production.xcconfig b/apps/desktop/macos/production.xcconfig deleted file mode 100644 index f06f2bf736..0000000000 --- a/apps/desktop/macos/production.xcconfig +++ /dev/null @@ -1,11 +0,0 @@ -// -// Production.xcconfig -// desktop -// -// Created by Vince Grassia on 7/25/24. -// - -// Configuration settings file format documentation can be found at: -// https://help.apple.com/xcode/#/dev745c5c974 -CODE_SIGN_IDENTITY[sdk=macosx*] = 3rd Party Mac Developer Application -PROVISIONING_PROFILE_SPECIFIER[sdk=macosx*] = Bitwarden Desktop Autofill App Store 2024 diff --git a/apps/desktop/package.json b/apps/desktop/package.json index 9f442da47a..e00df0b26d 100644 --- a/apps/desktop/package.json +++ b/apps/desktop/package.json @@ -23,7 +23,9 @@ "build:dev": "concurrently -n Main,Rend -c yellow,cyan \"npm run build:main:dev\" \"npm run build:renderer:dev\"", "build:preload": "cross-env NODE_ENV=production webpack --config webpack.preload.js", "build:preload:watch": "cross-env NODE_ENV=production webpack --config webpack.preload.js --watch", - "build:macos-extension": "./desktop_native/macos_provider/build.sh && node scripts/build-macos-extension.js", + "build:macos-extension:mac": "./desktop_native/macos_provider/build.sh && node scripts/build-macos-extension.js mac", + "build:macos-extension:mas": "./desktop_native/macos_provider/build.sh && node scripts/build-macos-extension.js mas", + "build:macos-extension:masdev": "./desktop_native/macos_provider/build.sh && node scripts/build-macos-extension.js mas-dev", "build:main": "cross-env NODE_ENV=production webpack --config webpack.main.js", "build:main:dev": "npm run build-native && cross-env NODE_ENV=development webpack --config webpack.main.js", "build:main:watch": "npm run build-native && cross-env NODE_ENV=development webpack --config webpack.main.js --watch", @@ -38,17 +40,21 @@ "pack:lin": "npm run clean:dist && electron-builder --linux --x64 -p never && export SNAP_FILE=$(realpath ./dist/bitwarden_*.snap) && unsquashfs -d ./dist/tmp-snap/ $SNAP_FILE && mkdir -p ./dist/tmp-snap/meta/polkit/ && cp ./resources/com.bitwarden.desktop.policy ./dist/tmp-snap/meta/polkit/polkit.com.bitwarden.desktop.policy && rm $SNAP_FILE && snapcraft pack ./dist/tmp-snap/ && mv ./*.snap ./dist/ && rm -rf ./dist/tmp-snap/", "pack:lin:arm64": "npm run clean:dist && electron-builder --dir -p never && tar -czvf ./dist/bitwarden_desktop_arm64.tar.gz -C ./dist/linux-arm64-unpacked/ .", "pack:mac": "npm run clean:dist && electron-builder --mac --universal -p never", + "pack:mac:with-extension": "npm run clean:dist && npm run build:macos-extension:mac && electron-builder --mac --universal -p never", "pack:mac:arm64": "npm run clean:dist && electron-builder --mac --arm64 -p never", "pack:mac:mas": "npm run clean:dist && electron-builder --mac mas --universal -p never", + "pack:mac:mas:with-extension": "npm run clean:dist && npm run build:macos-extension:mas && electron-builder --mac mas --universal -p never", "pack:mac:masdev": "npm run clean:dist && electron-builder --mac mas-dev --universal -p never", - "pack:mac:masdev:with-extension": "npm run clean:dist && npm run build:macos-extension && electron-builder --mac mas-dev --universal -p never", + "pack:mac:masdev:with-extension": "npm run clean:dist && npm run build:macos-extension:masdev && electron-builder --mac mas-dev --universal -p never", "pack:win": "npm run clean:dist && electron-builder --win --x64 --arm64 --ia32 -p never -c.win.certificateSubjectName=\"8bit Solutions LLC\"", "pack:win:ci": "npm run clean:dist && electron-builder --win --x64 --arm64 --ia32 -p never", "dist:dir": "npm run build && npm run pack:dir", "dist:lin": "npm run build && npm run pack:lin", "dist:lin:arm64": "npm run build && npm run pack:lin:arm64", "dist:mac": "npm run build && npm run pack:mac", + "dist:mac:with-extension": "npm run build && npm run pack:mac:with-extension", "dist:mac:mas": "npm run build && npm run pack:mac:mas", + "dist:mac:mas:with-extension": "npm run build && npm run pack:mac:mas:with-extension", "dist:mac:masdev": "npm run build && npm run pack:mac:masdev", "dist:mac:masdev:with-extension": "npm run build && npm run pack:mac:masdev:with-extension", "dist:win": "npm run build && npm run pack:win", diff --git a/apps/desktop/resources/entitlements.mac.inherit.plist b/apps/desktop/resources/entitlements.mac.inherit.plist new file mode 100644 index 0000000000..d35e43ae58 --- /dev/null +++ b/apps/desktop/resources/entitlements.mac.inherit.plist @@ -0,0 +1,8 @@ + + + + + com.apple.security.cs.allow-jit + + + diff --git a/apps/desktop/resources/entitlements.mac.plist b/apps/desktop/resources/entitlements.mac.plist index e273bcc7ec..fe49256d71 100644 --- a/apps/desktop/resources/entitlements.mac.plist +++ b/apps/desktop/resources/entitlements.mac.plist @@ -2,11 +2,13 @@ - com.apple.security.cs.allow-jit - - + com.apple.security.cs.allow-jit + diff --git a/apps/desktop/resources/entitlements.mas.inherit.plist b/apps/desktop/resources/entitlements.mas.inherit.plist index 7e957fce7c..fca5f02d52 100644 --- a/apps/desktop/resources/entitlements.mas.inherit.plist +++ b/apps/desktop/resources/entitlements.mas.inherit.plist @@ -8,9 +8,5 @@ com.apple.security.cs.allow-jit - diff --git a/apps/desktop/resources/entitlements.mas.plist b/apps/desktop/resources/entitlements.mas.plist index f3bc20011f..3ebd56f0fd 100644 --- a/apps/desktop/resources/entitlements.mas.plist +++ b/apps/desktop/resources/entitlements.mas.plist @@ -6,6 +6,8 @@ LTZ2PFU5D6.com.bitwarden.desktop com.apple.developer.team-identifier LTZ2PFU5D6 + com.apple.developer.authentication-services.autofill-credential-provider + com.apple.security.app-sandbox com.apple.security.application-groups @@ -18,10 +20,6 @@ com.apple.security.device.usb - com.apple.security.temporary-exception.files.home-relative-path.read-write /Library/Application Support/Mozilla/NativeMessagingHosts/ diff --git a/apps/desktop/scripts/after-sign.js b/apps/desktop/scripts/after-sign.js index 20c24c8a76..7c9ad381dc 100644 --- a/apps/desktop/scripts/after-sign.js +++ b/apps/desktop/scripts/after-sign.js @@ -16,7 +16,7 @@ async function run(context) { const appPath = `${context.appOutDir}/${appName}.app`; const macBuild = context.electronPlatformName === "darwin"; const copySafariExtension = ["darwin", "mas"].includes(context.electronPlatformName); - const copyAutofillExtension = ["mas"].includes(context.electronPlatformName); + const copyAutofillExtension = ["darwin", "mas"].includes(context.electronPlatformName); let shouldResign = false; diff --git a/apps/desktop/scripts/build-macos-extension.js b/apps/desktop/scripts/build-macos-extension.js index 649fe3b673..dcc1725d50 100644 --- a/apps/desktop/scripts/build-macos-extension.js +++ b/apps/desktop/scripts/build-macos-extension.js @@ -6,14 +6,19 @@ const fse = require("fs-extra"); const paths = { macosBuild: "./macos/build", - extensionBuild: "./macos/build/Release/autofill-extension.appex", + extensionBuildDebug: "./macos/build/Debug/autofill-extension.appex", + extensionBuildReleaseAppStore: "./macos/build/ReleaseAppStore/autofill-extension.appex", + extensionBuildReleaseDeveloper: "./macos/build/ReleaseDeveloper/autofill-extension.appex", extensionDistDir: "./macos/dist", extensionDist: "./macos/dist/autofill-extension.appex", macOsProject: "./macos/desktop.xcodeproj", - macOsConfig: "./macos/production.xcconfig", }; +exports.default = buildMacOs; + async function buildMacOs() { + console.log("### Building Autofill Extension"); + if (fse.existsSync(paths.macosBuild)) { fse.removeSync(paths.macosBuild); } @@ -22,15 +27,50 @@ async function buildMacOs() { fse.removeSync(paths.extensionDistDir); } + let configuration; + let codeSignIdentity; + let provisioningProfileSpecifier; + let buildDirectory; + const configurationArgument = process.argv[2]; + if (configurationArgument !== undefined) { + // Use the configuration passed in to determine the configuration file. + if (configurationArgument == "mas-dev") { + configuration = "Debug"; + codeSignIdentity = "Apple Development"; + provisioningProfileSpecifier = "Bitwarden Desktop Autofill Development 2024"; + buildDirectory = paths.extensionBuildDebug; + } else if (configurationArgument == "mas") { + configuration = "ReleaseAppStore"; + codeSignIdentity = "3rd Party Mac Developer Application"; + provisioningProfileSpecifier = "Bitwarden Desktop Autofill App Store 2024"; + buildDirectory = paths.extensionBuildReleaseAppStore; + } else if (configurationArgument == "mac") { + configuration = "ReleaseDeveloper"; + codeSignIdentity = "Developer ID Application"; + provisioningProfileSpecifier = "Bitwarden Desktop Autofill Extension Developer Dis"; + buildDirectory = paths.extensionBuildReleaseDeveloper; + } else { + console.log("### Unable to determine configuration, skipping Autofill Extension build"); + return; + } + } else { + console.log("### No configuration argument found, skipping Autofill Extension build"); + return; + } + const proc = child.spawn("xcodebuild", [ "-project", paths.macOsProject, "-alltargets", "-configuration", - "Release", - // Uncomment when signing is fixed - // "-xcconfig", - // paths.macOsConfig, + configuration, + "CODE_SIGN_INJECT_BASE_ENTITLEMENTS=NO", + "OTHER_CODE_SIGN_FLAGS='--timestamp'", + + // While these arguments are defined in the `configuration` file above, xcodebuild has a bug in it currently that requires these arguments + // be explicitly defined in this call. + `CODE_SIGN_IDENTITY=${codeSignIdentity}`, + `PROVISIONING_PROFILE_SPECIFIER=${provisioningProfileSpecifier}`, ]); stdOutProc(proc); await new Promise((resolve, reject) => @@ -45,7 +85,8 @@ async function buildMacOs() { ); fse.mkdirSync(paths.extensionDistDir); - fse.copySync(paths.extensionBuild, paths.extensionDist); + fse.copySync(buildDirectory, paths.extensionDist); + // Delete the build dir, otherwise MacOS will load the extension from there instead of the Bitwarden.app bundle fse.removeSync(paths.macosBuild); }