bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-06 00:13:28 +00:00
Code Issues Releases Wiki Activity

[BRE-266] Fixes autofill extension signing (#13229)

Browse Source 
* Applies patch to enable the autofill extension

* Fixes the zip command

* Updates the signing identity

* Fixes a typo in a github action

* Moves the security command to a previous action

* Updates workflow to work on the PR branch

* Updates the workflow to build from this branch

* Forces native module build

* Adds profile to extension building

* Enables the autofill production config

* List the profiles

* Copies the autofill provisioning profile to Xcode

* Updates the provisioning profile used for the autofill extension

* Alters how the provisioning profile is provided to xcodebuild

* Adds a mas build with the autofill extension

* Print variables

* Removes spaces from the config file

* Updates all provisioning profile installation steps

* Adds a new provisioning profiles location

* Updates the inherited entitlements

* Passes in identity and provisioning profile in after sign call

* Removes mac dev cert from keychain

* Undoes after sign changes

* Adds resign step to workflow

* Fixes the codesign call

* Adds profile argument to electron builder

* Adds resign step to mas builds

* Removes resign step

* Enable debug messages for electron builder signing

* Copies autofill profile instead of desktop

* Add autofill extension to signIgnore list in electron-builder config

* Comment out if in test flight

* Bump version

* Moves the autofill extension building to after pack

* Update version

* Fixes windows and linux builds

* Forces native build

* Removes installation of unrelated certificates

* Comments out synchronous function call

* Update autofill project configuration

* Adds ls command to debug framework

* Moves the extension build script back

* Updates mac developer id provisioning profile

* Updates build location for autofill extension release versions

* Removes unnecessary extension build call

* Updates the version number

* Debug signing

* Removes team identifier from mac entitlements

* Adds new inherited entitlements for mac

* Updates the version number

* Debug version number

* Removes check for creating fastlane secrets

* Readds check for cache before building

* Reverts workflow changes in build-desktop.yml

* Cleans up after-sign and extension build script

* Removes installation of unnecessary mac signing certs

---------

Co-authored-by: Michal Checinski <mchecinski@bitwarden.com>
This commit is contained in:
Nathan Ansel
2025-04-22 09:24:18 -05:00
committed by GitHub
parent e231286f37
commit d70d81dec6
14 changed files with 279 additions and 295 deletions
Download Patch File Download Diff File Expand all files Collapse all files

297
.github/workflows/build-desktop.yml vendored
View File

@@ -92,6 +92,7 @@ jobs:
id: retrieve-version
run: |
PKG_VERSION=$(jq -r .version src/package.json)
echo "Setting version number to $PKG_VERSION"
echo "package_version=$PKG_VERSION" >> $GITHUB_OUTPUT
- name: Increment Version
@@ -725,6 +726,11 @@ jobs:
--file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
--output none
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
--name bitwarden_desktop_autofill_app_store_2024.provisionprofile \
--file $HOME/secrets/bitwarden_desktop_autofill_app_store_2024.provisionprofile \
--output none
- name: Get certificates
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
run: |
@@ -784,6 +790,15 @@ jobs:
cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
$GITHUB_WORKSPACE/apps/desktop/bitwarden_desktop_appstore.provisionprofile
mkdir -p $HOME/Library/MobileDevice/Provisioning\ Profiles
export APP_UUID=`grep UUID -A1 -a $HOME/secrets/bitwarden_desktop_appstore.provisionprofile | grep -io "[-A-Z0-9]\{36\}"`
export AUTOFILL_UUID=`grep UUID -A1 -a $HOME/secrets/bitwarden_desktop_autofill_app_store_2024.provisionprofile | grep -io "[-A-Z0-9]\{36\}"`
cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
$HOME/Library/MobileDevice/Provisioning\ Profiles/$APP_UUID.provisionprofile
cp $HOME/secrets/bitwarden_desktop_autofill_app_store_2024.provisionprofile \
$HOME/Library/MobileDevice/Provisioning\ Profiles/$AUTOFILL_UUID.provisionprofile
- name: Increment version
shell: pwsh
env:
@@ -914,8 +929,13 @@ jobs:
mkdir -p $HOME/secrets
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
--name bitwarden_desktop_appstore.provisionprofile \
--file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
--name bitwarden_desktop_developer_id.provisionprofile \
--file $HOME/secrets/bitwarden_desktop_developer_id.provisionprofile \
--output none
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
--name bitwarden_desktop_autofill_developer_id.provisionprofile \
--file $HOME/secrets/bitwarden_desktop_autofill_developer_id.provisionprofile \
--output none
- name: Get certificates
@@ -958,21 +978,21 @@ jobs:
security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
- name: Set up provisioning profiles
run: |
cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
$GITHUB_WORKSPACE/apps/desktop/bitwarden_desktop_appstore.provisionprofile
cp $HOME/secrets/bitwarden_desktop_developer_id.provisionprofile \
$GITHUB_WORKSPACE/apps/desktop/bitwarden_desktop_developer_id.provisionprofile
mkdir -p $HOME/Library/MobileDevice/Provisioning\ Profiles
export APP_UUID=`grep UUID -A1 -a $HOME/secrets/bitwarden_desktop_developer_id.provisionprofile | grep -io "[-A-Z0-9]\{36\}"`
export AUTOFILL_UUID=`grep UUID -A1 -a $HOME/secrets/bitwarden_desktop_autofill_developer_id.provisionprofile | grep -io "[-A-Z0-9]\{36\}"`
cp $HOME/secrets/bitwarden_desktop_developer_id.provisionprofile \
$HOME/Library/MobileDevice/Provisioning\ Profiles/$APP_UUID.provisionprofile
cp $HOME/secrets/bitwarden_desktop_autofill_developer_id.provisionprofile \
$HOME/Library/MobileDevice/Provisioning\ Profiles/$AUTOFILL_UUID.provisionprofile
- name: Increment version
shell: pwsh
@@ -1020,7 +1040,9 @@ jobs:
- name: Build Native Module
if: steps.cache.outputs.cache-hit != 'true'
working-directory: apps/desktop/desktop_native
run: node build.js cross-platform
run: |
rustup target add aarch64-apple-darwin
node build.js cross-platform
- name: Build
if: steps.build-cache.outputs.cache-hit != 'true'
@@ -1167,6 +1189,11 @@ jobs:
--file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
--output none
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
--name bitwarden_desktop_autofill_app_store_2024.provisionprofile \
--file $HOME/secrets/bitwarden_desktop_autofill_app_store_2024.provisionprofile \
--output none
- name: Get certificates
run: |
mkdir -p $HOME/certificates
@@ -1201,21 +1228,12 @@ jobs:
security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
- name: Set up provisioning profiles
@@ -1223,6 +1241,15 @@ jobs:
cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
$GITHUB_WORKSPACE/apps/desktop/bitwarden_desktop_appstore.provisionprofile
mkdir -p $HOME/Library/MobileDevice/Provisioning\ Profiles
export APP_UUID=`grep UUID -A1 -a $HOME/secrets/bitwarden_desktop_appstore.provisionprofile | grep -io "[-A-Z0-9]\{36\}"`
export AUTOFILL_UUID=`grep UUID -A1 -a $HOME/secrets/bitwarden_desktop_autofill_app_store_2024.provisionprofile | grep -io "[-A-Z0-9]\{36\}"`
cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
$HOME/Library/MobileDevice/Provisioning\ Profiles/$APP_UUID.provisionprofile
cp $HOME/secrets/bitwarden_desktop_autofill_app_store_2024.provisionprofile \
$HOME/Library/MobileDevice/Provisioning\ Profiles/$AUTOFILL_UUID.provisionprofile
- name: Increment version
shell: pwsh
env:
@@ -1269,7 +1296,9 @@ jobs:
- name: Build Native Module
if: steps.cache.outputs.cache-hit != 'true'
working-directory: apps/desktop/desktop_native
run: node build.js cross-platform
run: |
rustup target add aarch64-apple-darwin
node build.js cross-platform
- name: Build
if: steps.build-cache.outputs.cache-hit != 'true'
@@ -1378,226 +1407,6 @@ jobs:
env:
BUILD_NUMBER: ${{ needs.setup.outputs.build_number }}
macos-package-dev:
name: MacOS Package Dev Release Asset
runs-on: macos-13
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
needs:
- browser-build
- macos-build
- setup
env:
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
_NODE_VERSION: ${{ needs.setup.outputs.node_version }}
NODE_OPTIONS: --max_old_space_size=4096
defaults:
run:
working-directory: apps/desktop
steps:
- name: Check out repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Set up Node
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
cache: 'npm'
cache-dependency-path: '**/package-lock.json'
node-version: ${{ env._NODE_VERSION }}
- name: Set up Node-gyp
run: python3 -m pip install setuptools
- name: Print environment
run: |
node --version
npm --version
echo "GitHub ref: $GITHUB_REF"
echo "GitHub event: $GITHUB_EVENT"
- name: Get Build Cache
id: build-cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: apps/desktop/build
key: ${{ runner.os }}-${{ github.run_id }}-build
- name: Setup Safari Cache
id: safari-cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: apps/browser/dist/Safari
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
- name: Login to Azure
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
- name: Download Provisioning Profiles secrets
env:
ACCOUNT_NAME: bitwardenci
CONTAINER_NAME: profiles
run: |
mkdir -p $HOME/secrets
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
--name bitwarden_desktop_appstore.provisionprofile \
--file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
--output none
- name: Get certificates
run: |
mkdir -p $HOME/certificates
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key |
jq -r .value | base64 -d > $HOME/certificates/bitwarden-desktop-key.p12
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert |
jq -r .value | base64 -d > $HOME/certificates/appstore-app-cert.p12
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert |
jq -r .value | base64 -d > $HOME/certificates/appstore-installer-cert.p12
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert |
jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert |
jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
- name: Set up keychain
env:
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
security set-keychain-settings -lut 1200 build.keychain
security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
- name: Set up provisioning profiles
run: |
cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
$GITHUB_WORKSPACE/apps/desktop/bitwarden_desktop_appstore.provisionprofile
- name: Increment version
shell: pwsh
env:
BUILD_NUMBER: ${{ needs.setup.outputs.build_number }}
run: |
$package = Get-Content -Raw -Path electron-builder.json | ConvertFrom-Json
$package | Add-Member -MemberType NoteProperty -Name buildVersion -Value "$env:BUILD_NUMBER"
$package | ConvertTo-Json -Depth 32 | Set-Content -Path electron-builder.json
Write-Output "### MacOS Dev build number: $env:BUILD_NUMBER"
- name: Install Node dependencies
run: npm ci
working-directory: ./
- name: Download SDK Artifacts
if: ${{ inputs.sdk_branch != '' }}
uses: bitwarden/gh-actions/download-artifacts@main
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
workflow: build-wasm-internal.yml
workflow_conclusion: success
branch: ${{ inputs.sdk_branch }}
artifacts: sdk-internal
repo: bitwarden/sdk-internal
path: ../sdk-internal
if_no_artifact_found: fail
- name: Override SDK
if: ${{ inputs.sdk_branch != '' }}
working-directory: ./
run: |
ls -l ../
npm link ../sdk-internal
- name: Cache Native Module
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
id: cache
with:
path: |
apps/desktop/desktop_native/napi/*.node
apps/desktop/desktop_native/dist/*
key: rust-${{ runner.os }}-${{ hashFiles('apps/desktop/desktop_native/**/*') }}
- name: Build Native Module
if: steps.cache.outputs.cache-hit != 'true'
working-directory: apps/desktop/desktop_native
run: node build.js cross-platform
- name: Build
if: steps.build-cache.outputs.cache-hit != 'true'
run: npm run build
- name: Download Browser artifact
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
path: ${{ github.workspace }}/browser-build-artifacts
- name: Unzip Safari artifact
run: |
SAFARI_DIR=$(find $GITHUB_WORKSPACE/browser-build-artifacts -name 'dist-safari-*.zip')
echo $SAFARI_DIR
unzip $SAFARI_DIR/dist-safari.zip -d $GITHUB_WORKSPACE/browser-build-artifacts
- name: Load Safari extension for App Store
run: |
mkdir PlugIns
cp -r $GITHUB_WORKSPACE/browser-build-artifacts/Safari/masdev/build/Release/safari.appex PlugIns/safari.appex
- name: Set up private auth key
run: |
mkdir ~/private_keys
cat << EOF > ~/private_keys/AuthKey_6TV9MKN3GP.p8
${{ secrets.APP_STORE_CONNECT_AUTH_KEY }}
EOF
- name: Build dev application for App Store
env:
APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}
APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_6TV9MKN3GP.p8
run: npm run pack:mac:masdev
- name: Zip masdev asset
run: |
cd dist/mas-dev-universal
zip -r Bitwarden-${{ env._PACKAGE_VERSION }}-masdev-universal.zip Bitwarden.app
- name: Upload masdev artifact
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: Bitwarden-${{ env._PACKAGE_VERSION }}-masdev-universal.zip
path: apps/desktop/dist/mas-dev-universal/Bitwarden-${{ env._PACKAGE_VERSION }}-masdev-universal.zip
if-no-files-found: error
crowdin-push:
name: Crowdin Push
if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/main'

12
apps/desktop/electron-builder.json
View File

@@ -33,7 +33,7 @@
"gatekeeperAssess": false,
"hardenedRuntime": true,
"entitlements": "resources/entitlements.mac.plist",
"entitlementsInherit": "resources/entitlements.mac.plist",
"entitlementsInherit": "resources/entitlements.mac.inherit.plist",
"extendInfo": {
"ITSAppUsesNonExemptEncryption": false,
"CFBundleLocalizations": [
@@ -67,6 +67,7 @@
],
"CFBundleDevelopmentRegion": "en"
},
"provisioningProfile": "bitwarden_desktop_developer_id.provisionprofile",
"singleArchFiles": "node_modules/@bitwarden/desktop-napi/desktop_napi.darwin-*.node",
"extraFiles": [
{
@@ -78,7 +79,11 @@
"to": "MacOS/desktop_proxy.inherit"
}
],
"signIgnore": ["MacOS/desktop_proxy", "MacOS/desktop_proxy.inherit"],
"signIgnore": [
"MacOS/desktop_proxy",
"MacOS/desktop_proxy.inherit",
"Contents/Plugins/autofill-extension.appex"
],
"target": ["dmg", "zip"]
},
"win": {
@@ -137,7 +142,8 @@
"extendInfo": {
"LSMinimumSystemVersion": "12",
"ElectronTeamID": "LTZ2PFU5D6"
}
},
"provisioningProfile": "bitwarden_desktop_appstore.provisionprofile"
},
"nsisWeb": {
"oneClick": false,

11
apps/desktop/macos/Debug.xcconfig Normal file
View File

@@ -0,0 +1,11 @@
//
// Debug.xcconfig
// desktop
//
// Created by Nathan Ansel on 2/20/25.
//
// Configuration settings file format documentation can be found at:
// https://help.apple.com/xcode/#/dev745c5c974
CODE_SIGN_IDENTITY = Apple Development
PROVISIONING_PROFILE_SPECIFIER = Bitwarden Desktop Autofill Development 2024

11
apps/desktop/macos/ReleaseAppStore.xcconfig Normal file
View File

@@ -0,0 +1,11 @@
//
// ReleaseAppStore.xcconfig
// desktop
//
// Created by Vince Grassia on 7/25/24.
//
// Configuration settings file format documentation can be found at:
// https://help.apple.com/xcode/#/dev745c5c974
CODE_SIGN_IDENTITY = 3rd Party Mac Developer Application
PROVISIONING_PROFILE_SPECIFIER = Bitwarden Desktop Autofill App Store 2024

11
apps/desktop/macos/ReleaseDeveloper.xcconfig Normal file
View File

@@ -0,0 +1,11 @@
//
// ReleaseDeveloper.xcconfig
// desktop
//
// Created by Nathan Ansel on 2/20/25.
//
// Configuration settings file format documentation can be found at:
// https://help.apple.com/xcode/#/dev745c5c974
CODE_SIGN_IDENTITY = Developer ID Application
PROVISIONING_PROFILE_SPECIFIER = Bitwarden Desktop Autofill Extension Developer Dis

126
apps/desktop/macos/desktop.xcodeproj/project.pbxproj
View File

@@ -17,7 +17,9 @@
/* Begin PBXFileReference section */
3368DB382C654B8100896B75 /* BitwardenMacosProviderFFI.xcframework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.xcframework; name = BitwardenMacosProviderFFI.xcframework; path = ../desktop_native/macos_provider/BitwardenMacosProviderFFI.xcframework; sourceTree = "<group>"; };
3368DB3A2C654F3800896B75 /* BitwardenMacosProvider.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = BitwardenMacosProvider.swift; sourceTree = "<group>"; };
968ED08A2C52A47200FFFEE6 /* Production.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = Production.xcconfig; sourceTree = "<group>"; };
968ED08A2C52A47200FFFEE6 /* ReleaseAppStore.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = ReleaseAppStore.xcconfig; sourceTree = "<group>"; };
D83832AB2D67B9AE003FB9F8 /* Debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = Debug.xcconfig; sourceTree = "<group>"; };
D83832AD2D67B9D0003FB9F8 /* ReleaseDeveloper.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = ReleaseDeveloper.xcconfig; sourceTree = "<group>"; };
E1DF713C2B342F6900F29026 /* autofill-extension.appex */ = {isa = PBXFileReference; explicitFileType = "wrapper.app-extension"; includeInIndex = 0; path = "autofill-extension.appex"; sourceTree = BUILT_PRODUCTS_DIR; };
E1DF713E2B342F6900F29026 /* AuthenticationServices.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AuthenticationServices.framework; path = System/Library/Frameworks/AuthenticationServices.framework; sourceTree = SDKROOT; };
E1DF71412B342F6900F29026 /* CredentialProviderViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CredentialProviderViewController.swift; sourceTree = "<group>"; };
@@ -42,7 +44,9 @@
E1DF711D2B342E2800F29026 = {
isa = PBXGroup;
children = (
968ED08A2C52A47200FFFEE6 /* Production.xcconfig */,
D83832AB2D67B9AE003FB9F8 /* Debug.xcconfig */,
968ED08A2C52A47200FFFEE6 /* ReleaseAppStore.xcconfig */,
D83832AD2D67B9D0003FB9F8 /* ReleaseDeveloper.xcconfig */,
E1DF71402B342F6900F29026 /* autofill-extension */,
E1DF713D2B342F6900F29026 /* Frameworks */,
E1DF71272B342E2800F29026 /* Products */,
@@ -166,8 +170,97 @@
/* End PBXVariantGroup section */
/* Begin XCBuildConfiguration section */
D83832AE2D67BA84003FB9F8 /* ReleaseDeveloper */ = {
isa = XCBuildConfiguration;
baseConfigurationReference = D83832AD2D67B9D0003FB9F8 /* ReleaseDeveloper.xcconfig */;
buildSettings = {
ALWAYS_SEARCH_USER_PATHS = NO;
ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES;
CLANG_ANALYZER_NONNULL = YES;
CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
CLANG_CXX_LANGUAGE_STANDARD = "gnu++20";
CLANG_ENABLE_MODULES = YES;
CLANG_ENABLE_OBJC_ARC = YES;
CLANG_ENABLE_OBJC_WEAK = YES;
CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
CLANG_WARN_BOOL_CONVERSION = YES;
CLANG_WARN_COMMA = YES;
CLANG_WARN_CONSTANT_CONVERSION = YES;
CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
CLANG_WARN_EMPTY_BODY = YES;
CLANG_WARN_ENUM_CONVERSION = YES;
CLANG_WARN_INFINITE_RECURSION = YES;
CLANG_WARN_INT_CONVERSION = YES;
CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
CLANG_WARN_STRICT_PROTOTYPES = YES;
CLANG_WARN_SUSPICIOUS_MOVE = YES;
CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
CLANG_WARN_UNREACHABLE_CODE = YES;
CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
CODE_SIGN_ENTITLEMENTS = "autofill-extension/autofill_extension.entitlements";
COPY_PHASE_STRIP = NO;
DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
ENABLE_NS_ASSERTIONS = NO;
ENABLE_STRICT_OBJC_MSGSEND = YES;
ENABLE_USER_SCRIPT_SANDBOXING = YES;
GCC_C_LANGUAGE_STANDARD = gnu17;
GCC_NO_COMMON_BLOCKS = YES;
GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
GCC_WARN_UNDECLARED_SELECTOR = YES;
GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
GCC_WARN_UNUSED_FUNCTION = YES;
GCC_WARN_UNUSED_VARIABLE = YES;
LOCALIZATION_PREFERS_STRING_CATALOGS = YES;
MACOSX_DEPLOYMENT_TARGET = 14.2;
MTL_ENABLE_DEBUG_INFO = NO;
MTL_FAST_MATH = YES;
SDKROOT = macosx;
SWIFT_COMPILATION_MODE = wholemodule;
};
name = ReleaseDeveloper;
};
D83832AF2D67BA84003FB9F8 /* ReleaseDeveloper */ = {
isa = XCBuildConfiguration;
baseConfigurationReference = D83832AD2D67B9D0003FB9F8 /* ReleaseDeveloper.xcconfig */;
buildSettings = {
CODE_SIGN_ENTITLEMENTS = "autofill-extension/autofill_extension.entitlements";
CODE_SIGN_IDENTITY = "Apple Development";
"CODE_SIGN_IDENTITY[sdk=macosx*]" = "Mac Developer";
CODE_SIGN_STYLE = Manual;
CURRENT_PROJECT_VERSION = 1;
DEVELOPMENT_TEAM = "";
"DEVELOPMENT_TEAM[sdk=macosx*]" = LTZ2PFU5D6;
ENABLE_HARDENED_RUNTIME = YES;
GENERATE_INFOPLIST_FILE = YES;
INFOPLIST_FILE = "autofill-extension/Info.plist";
INFOPLIST_KEY_CFBundleDisplayName = Bitwarden;
INFOPLIST_KEY_NSHumanReadableCopyright = "";
LD_RUNPATH_SEARCH_PATHS = (
"$(inherited)",
"@executable_path/../Frameworks",
"@executable_path/../../../../Frameworks",
);
MARKETING_VERSION = 1.0;
PRODUCT_BUNDLE_IDENTIFIER = "com.bitwarden.desktop.autofill-extension";
PRODUCT_NAME = "$(TARGET_NAME)";
PROVISIONING_PROFILE_SPECIFIER = "Bitwarden Desktop Autofill App Store 2024";
SKIP_INSTALL = YES;
SWIFT_EMIT_LOC_STRINGS = YES;
SWIFT_VERSION = 5.0;
};
name = ReleaseDeveloper;
};
E1DF71332B342E2900F29026 /* Debug */ = {
isa = XCBuildConfiguration;
baseConfigurationReference = D83832AB2D67B9AE003FB9F8 /* Debug.xcconfig */;
buildSettings = {
ALWAYS_SEARCH_USER_PATHS = NO;
ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES;
@@ -223,15 +316,16 @@
MACOSX_DEPLOYMENT_TARGET = 14.2;
MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE;
MTL_FAST_MATH = YES;
ONLY_ACTIVE_ARCH = YES;
ONLY_ACTIVE_ARCH = NO;
SDKROOT = macosx;
SWIFT_ACTIVE_COMPILATION_CONDITIONS = "DEBUG $(inherited)";
SWIFT_OPTIMIZATION_LEVEL = "-Onone";
};
name = Debug;
};
E1DF71342B342E2900F29026 /* Release */ = {
E1DF71342B342E2900F29026 /* ReleaseAppStore */ = {
isa = XCBuildConfiguration;
baseConfigurationReference = 968ED08A2C52A47200FFFEE6 /* ReleaseAppStore.xcconfig */;
buildSettings = {
ALWAYS_SEARCH_USER_PATHS = NO;
ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES;
@@ -284,10 +378,11 @@
SDKROOT = macosx;
SWIFT_COMPILATION_MODE = wholemodule;
};
name = Release;
name = ReleaseAppStore;
};
E1DF714C2B342F6900F29026 /* Debug */ = {
isa = XCBuildConfiguration;
baseConfigurationReference = D83832AB2D67B9AE003FB9F8 /* Debug.xcconfig */;
buildSettings = {
CODE_SIGN_ENTITLEMENTS = "autofill-extension/autofill_extension.entitlements";
CODE_SIGN_IDENTITY = "Apple Development";
@@ -309,16 +404,16 @@
MARKETING_VERSION = 1.0;
PRODUCT_BUNDLE_IDENTIFIER = "com.bitwarden.desktop.autofill-extension";
PRODUCT_NAME = "$(TARGET_NAME)";
PROVISIONING_PROFILE_SPECIFIER = "";
"PROVISIONING_PROFILE_SPECIFIER[sdk=macosx*]" = "Bitwarden Desktop Autofill Development 2024";
PROVISIONING_PROFILE_SPECIFIER = "Bitwarden Desktop Autofill Development 2024";
SKIP_INSTALL = YES;
SWIFT_EMIT_LOC_STRINGS = YES;
SWIFT_VERSION = 5.0;
};
name = Debug;
};
E1DF714D2B342F6900F29026 /* Release */ = {
E1DF714D2B342F6900F29026 /* ReleaseAppStore */ = {
isa = XCBuildConfiguration;
baseConfigurationReference = 968ED08A2C52A47200FFFEE6 /* ReleaseAppStore.xcconfig */;
buildSettings = {
CODE_SIGN_ENTITLEMENTS = "autofill-extension/autofill_extension.entitlements";
CODE_SIGN_IDENTITY = "Apple Development";
@@ -340,13 +435,12 @@
MARKETING_VERSION = 1.0;
PRODUCT_BUNDLE_IDENTIFIER = "com.bitwarden.desktop.autofill-extension";
PRODUCT_NAME = "$(TARGET_NAME)";
PROVISIONING_PROFILE_SPECIFIER = "";
"PROVISIONING_PROFILE_SPECIFIER[sdk=macosx*]" = "Bitwarden Desktop Autofill Development 2024";
PROVISIONING_PROFILE_SPECIFIER = "Bitwarden Desktop Autofill App Store 2024";
SKIP_INSTALL = YES;
SWIFT_EMIT_LOC_STRINGS = YES;
SWIFT_VERSION = 5.0;
};
name = Release;
name = ReleaseAppStore;
};
/* End XCBuildConfiguration section */
@@ -355,19 +449,21 @@
isa = XCConfigurationList;
buildConfigurations = (
E1DF71332B342E2900F29026 /* Debug */,
E1DF71342B342E2900F29026 /* Release */,
E1DF71342B342E2900F29026 /* ReleaseAppStore */,
D83832AE2D67BA84003FB9F8 /* ReleaseDeveloper */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Release;
defaultConfigurationName = ReleaseAppStore;
};
E1DF714E2B342F6900F29026 /* Build configuration list for PBXNativeTarget "autofill-extension" */ = {
isa = XCConfigurationList;
buildConfigurations = (
E1DF714C2B342F6900F29026 /* Debug */,
E1DF714D2B342F6900F29026 /* Release */,
E1DF714D2B342F6900F29026 /* ReleaseAppStore */,
D83832AF2D67BA84003FB9F8 /* ReleaseDeveloper */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Release;
defaultConfigurationName = ReleaseAppStore;
};
/* End XCConfigurationList section */
};

11
apps/desktop/macos/production.xcconfig
View File

@@ -1,11 +0,0 @@
//
// Production.xcconfig
// desktop
//
// Created by Vince Grassia on 7/25/24.
//
// Configuration settings file format documentation can be found at:
// https://help.apple.com/xcode/#/dev745c5c974
CODE_SIGN_IDENTITY[sdk=macosx*] = 3rd Party Mac Developer Application
PROVISIONING_PROFILE_SPECIFIER[sdk=macosx*] = Bitwarden Desktop Autofill App Store 2024

10
apps/desktop/package.json
View File

@@ -23,7 +23,9 @@
"build:dev": "concurrently -n Main,Rend -c yellow,cyan \"npm run build:main:dev\" \"npm run build:renderer:dev\"",
"build:preload": "cross-env NODE_ENV=production webpack --config webpack.preload.js",
"build:preload:watch": "cross-env NODE_ENV=production webpack --config webpack.preload.js --watch",
"build:macos-extension": "./desktop_native/macos_provider/build.sh && node scripts/build-macos-extension.js",
"build:macos-extension:mac": "./desktop_native/macos_provider/build.sh && node scripts/build-macos-extension.js mac",
"build:macos-extension:mas": "./desktop_native/macos_provider/build.sh && node scripts/build-macos-extension.js mas",
"build:macos-extension:masdev": "./desktop_native/macos_provider/build.sh && node scripts/build-macos-extension.js mas-dev",
"build:main": "cross-env NODE_ENV=production webpack --config webpack.main.js",
"build:main:dev": "npm run build-native && cross-env NODE_ENV=development webpack --config webpack.main.js",
"build:main:watch": "npm run build-native && cross-env NODE_ENV=development webpack --config webpack.main.js --watch",
@@ -38,17 +40,21 @@
"pack:lin": "npm run clean:dist && electron-builder --linux --x64 -p never && export SNAP_FILE=$(realpath ./dist/bitwarden_*.snap) && unsquashfs -d ./dist/tmp-snap/ $SNAP_FILE && mkdir -p ./dist/tmp-snap/meta/polkit/ && cp ./resources/com.bitwarden.desktop.policy ./dist/tmp-snap/meta/polkit/polkit.com.bitwarden.desktop.policy && rm $SNAP_FILE && snapcraft pack ./dist/tmp-snap/ && mv ./*.snap ./dist/ && rm -rf ./dist/tmp-snap/",
"pack:lin:arm64": "npm run clean:dist && electron-builder --dir -p never && tar -czvf ./dist/bitwarden_desktop_arm64.tar.gz -C ./dist/linux-arm64-unpacked/ .",
"pack:mac": "npm run clean:dist && electron-builder --mac --universal -p never",
"pack:mac:with-extension": "npm run clean:dist && npm run build:macos-extension:mac && electron-builder --mac --universal -p never",
"pack:mac:arm64": "npm run clean:dist && electron-builder --mac --arm64 -p never",
"pack:mac:mas": "npm run clean:dist && electron-builder --mac mas --universal -p never",
"pack:mac:mas:with-extension": "npm run clean:dist && npm run build:macos-extension:mas && electron-builder --mac mas --universal -p never",
"pack:mac:masdev": "npm run clean:dist && electron-builder --mac mas-dev --universal -p never",
"pack:mac:masdev:with-extension": "npm run clean:dist && npm run build:macos-extension && electron-builder --mac mas-dev --universal -p never",
"pack:mac:masdev:with-extension": "npm run clean:dist && npm run build:macos-extension:masdev && electron-builder --mac mas-dev --universal -p never",
"pack:win": "npm run clean:dist && electron-builder --win --x64 --arm64 --ia32 -p never -c.win.certificateSubjectName=\"8bit Solutions LLC\"",
"pack:win:ci": "npm run clean:dist && electron-builder --win --x64 --arm64 --ia32 -p never",
"dist:dir": "npm run build && npm run pack:dir",
"dist:lin": "npm run build && npm run pack:lin",
"dist:lin:arm64": "npm run build && npm run pack:lin:arm64",
"dist:mac": "npm run build && npm run pack:mac",
"dist:mac:with-extension": "npm run build && npm run pack:mac:with-extension",
"dist:mac:mas": "npm run build && npm run pack:mac:mas",
"dist:mac:mas:with-extension": "npm run build && npm run pack:mac:mas:with-extension",
"dist:mac:masdev": "npm run build && npm run pack:mac:masdev",
"dist:mac:masdev:with-extension": "npm run build && npm run pack:mac:masdev:with-extension",
"dist:win": "npm run build && npm run pack:win",

8
apps/desktop/resources/entitlements.mac.inherit.plist Normal file
View File

@@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
</dict>
</plist>

10
apps/desktop/resources/entitlements.mac.plist
View File

@@ -2,11 +2,13 @@
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<!--
<key>com.apple.application-identifier</key>
<string>LTZ2PFU5D6.com.bitwarden.desktop</string>
<key>com.apple.developer.team-identifier</key>
<string>LTZ2PFU5D6</string>
<key>com.apple.developer.authentication-services.autofill-credential-provider</key>
<true/>
-->
<key>com.apple.security.cs.allow-jit</key>
<true/>
</dict>
</plist>

4
apps/desktop/resources/entitlements.mas.inherit.plist
View File

@@ -8,9 +8,5 @@
<true/>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<!--
<key>com.apple.developer.authentication-services.autofill-credential-provider</key>
<true/>
-->
</dict>
</plist>

6
apps/desktop/resources/entitlements.mas.plist
View File

@@ -6,6 +6,8 @@
<string>LTZ2PFU5D6.com.bitwarden.desktop</string>
<key>com.apple.developer.team-identifier</key>
<string>LTZ2PFU5D6</string>
<key>com.apple.developer.authentication-services.autofill-credential-provider</key>
<true/>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.application-groups</key>
@@ -18,10 +20,6 @@
<true/>
<key>com.apple.security.device.usb</key>
<true/>
<!--
<key>com.apple.developer.authentication-services.autofill-credential-provider</key>
<true/>
-->
<key>com.apple.security.temporary-exception.files.home-relative-path.read-write</key>
<array>
<string>/Library/Application Support/Mozilla/NativeMessagingHosts/</string>

2
apps/desktop/scripts/after-sign.js
View File

@@ -16,7 +16,7 @@ async function run(context) {
const appPath = `${context.appOutDir}/${appName}.app`;
const macBuild = context.electronPlatformName === "darwin";
const copySafariExtension = ["darwin", "mas"].includes(context.electronPlatformName);
const copyAutofillExtension = ["mas"].includes(context.electronPlatformName);
const copyAutofillExtension = ["darwin", "mas"].includes(context.electronPlatformName);
let shouldResign = false;

55
apps/desktop/scripts/build-macos-extension.js
View File

@@ -6,14 +6,19 @@ const fse = require("fs-extra");
const paths = {
macosBuild: "./macos/build",
extensionBuild: "./macos/build/Release/autofill-extension.appex",
extensionBuildDebug: "./macos/build/Debug/autofill-extension.appex",
extensionBuildReleaseAppStore: "./macos/build/ReleaseAppStore/autofill-extension.appex",
extensionBuildReleaseDeveloper: "./macos/build/ReleaseDeveloper/autofill-extension.appex",
extensionDistDir: "./macos/dist",
extensionDist: "./macos/dist/autofill-extension.appex",
macOsProject: "./macos/desktop.xcodeproj",
macOsConfig: "./macos/production.xcconfig",
};
exports.default = buildMacOs;
async function buildMacOs() {
console.log("### Building Autofill Extension");
if (fse.existsSync(paths.macosBuild)) {
fse.removeSync(paths.macosBuild);
}
@@ -22,15 +27,50 @@ async function buildMacOs() {
fse.removeSync(paths.extensionDistDir);
}
let configuration;
let codeSignIdentity;
let provisioningProfileSpecifier;
let buildDirectory;
const configurationArgument = process.argv[2];
if (configurationArgument !== undefined) {
// Use the configuration passed in to determine the configuration file.
if (configurationArgument == "mas-dev") {
configuration = "Debug";
codeSignIdentity = "Apple Development";
provisioningProfileSpecifier = "Bitwarden Desktop Autofill Development 2024";
buildDirectory = paths.extensionBuildDebug;
} else if (configurationArgument == "mas") {
configuration = "ReleaseAppStore";
codeSignIdentity = "3rd Party Mac Developer Application";
provisioningProfileSpecifier = "Bitwarden Desktop Autofill App Store 2024";
buildDirectory = paths.extensionBuildReleaseAppStore;
} else if (configurationArgument == "mac") {
configuration = "ReleaseDeveloper";
codeSignIdentity = "Developer ID Application";
provisioningProfileSpecifier = "Bitwarden Desktop Autofill Extension Developer Dis";
buildDirectory = paths.extensionBuildReleaseDeveloper;
} else {
console.log("### Unable to determine configuration, skipping Autofill Extension build");
return;
}
} else {
console.log("### No configuration argument found, skipping Autofill Extension build");
return;
}
const proc = child.spawn("xcodebuild", [
"-project",
paths.macOsProject,
"-alltargets",
"-configuration",
"Release",
// Uncomment when signing is fixed
// "-xcconfig",
// paths.macOsConfig,
configuration,
"CODE_SIGN_INJECT_BASE_ENTITLEMENTS=NO",
"OTHER_CODE_SIGN_FLAGS='--timestamp'",
// While these arguments are defined in the `configuration` file above, xcodebuild has a bug in it currently that requires these arguments
// be explicitly defined in this call.
`CODE_SIGN_IDENTITY=${codeSignIdentity}`,
`PROVISIONING_PROFILE_SPECIFIER=${provisioningProfileSpecifier}`,
]);
stdOutProc(proc);
await new Promise((resolve, reject) =>
@@ -45,7 +85,8 @@ async function buildMacOs() {
);
fse.mkdirSync(paths.extensionDistDir);
fse.copySync(paths.extensionBuild, paths.extensionDist);
fse.copySync(buildDirectory, paths.extensionDist);
// Delete the build dir, otherwise MacOS will load the extension from there instead of the Bitwarden.app bundle
fse.removeSync(paths.macosBuild);
}