From 2da82d56105902febba810fbd2859b3310bfddaf Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Thu, 25 Jul 2019 14:17:50 -0400 Subject: [PATCH] notarize directory connector --- .gitignore | 1 + package-lock.json | 83 ++++++++++++++++++++++++-------- package.json | 8 ++- resources/entitlements.mac.plist | 8 +++ scripts/notarize.js | 17 +++++++ 5 files changed, 97 insertions(+), 20 deletions(-) create mode 100644 resources/entitlements.mac.plist create mode 100644 scripts/notarize.js diff --git a/.gitignore b/.gitignore index c7bf3ca6..cae5215d 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,4 @@ yarn-error.log .DS_Store *.nupkg *.provisionprofile +*.env diff --git a/package-lock.json b/package-lock.json index fb1ceb01..3870b8d3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2836,8 +2836,7 @@ "ansi-regex": { "version": "2.1.1", "bundled": true, - "dev": true, - "optional": true + "dev": true }, "aproba": { "version": "1.2.0", @@ -3053,6 +3052,7 @@ "version": "2.3.5", "bundled": true, "dev": true, + "optional": true, "requires": { "safe-buffer": "^5.1.2", "yallist": "^3.0.0" @@ -3071,6 +3071,7 @@ "version": "0.5.1", "bundled": true, "dev": true, + "optional": true, "requires": { "minimist": "0.0.8" } @@ -3164,6 +3165,7 @@ "version": "1.4.0", "bundled": true, "dev": true, + "optional": true, "requires": { "wrappy": "1" } @@ -3305,7 +3307,6 @@ "version": "3.0.1", "bundled": true, "dev": true, - "optional": true, "requires": { "ansi-regex": "^2.0.0" } @@ -5055,6 +5056,59 @@ "resolved": "https://registry.npmjs.org/electron-log/-/electron-log-2.2.17.tgz", "integrity": "sha512-v+Af5W5z99ehhaLOfE9eTSXUwjzh2wFlQjz51dvkZ6ZIrET6OB/zAZPvsuwT6tm3t5x+M1r+Ed3U3xtPZYAyuQ==" }, + "electron-notarize": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/electron-notarize/-/electron-notarize-0.1.1.tgz", + "integrity": "sha512-TpKfJcz4LXl5jiGvZTs5fbEx+wUFXV5u8voeG5WCHWfY/cdgdD8lDZIZRqLVOtR3VO+drgJ9aiSHIO9TYn/fKg==", + "dev": true, + "requires": { + "debug": "^4.1.1", + "fs-extra": "^8.0.1" + }, + "dependencies": { + "debug": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz", + "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==", + "dev": true, + "requires": { + "ms": "^2.1.1" + } + }, + "fs-extra": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz", + "integrity": "sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g==", + "dev": true, + "requires": { + "graceful-fs": "^4.2.0", + "jsonfile": "^4.0.0", + "universalify": "^0.1.0" + } + }, + "graceful-fs": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.0.tgz", + "integrity": "sha512-jpSvDPV4Cq/bgtpndIWbI5hmYxhQGHPC4d4cqBPb4DLniCfhJokdXhwhaDuLBGLQdvvRum/UiX6ECVIPvDXqdg==", + "dev": true + }, + "jsonfile": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz", + "integrity": "sha1-h3Gq4HmbZAdrdmQPygWPnBDjPss=", + "dev": true, + "requires": { + "graceful-fs": "^4.1.6" + } + }, + "ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", + "dev": true + } + } + }, "electron-publish": { "version": "21.1.5", "resolved": "https://registry.npmjs.org/electron-publish/-/electron-publish-21.1.5.tgz", @@ -6968,7 +7022,6 @@ "version": "1.1.11", "bundled": true, "dev": true, - "optional": true, "requires": { "balanced-match": "^1.0.0", "concat-map": "0.0.1" @@ -6983,8 +7036,7 @@ "code-point-at": { "version": "1.1.0", "bundled": true, - "dev": true, - "optional": true + "dev": true }, "concat-map": { "version": "0.0.1", @@ -6995,8 +7047,7 @@ "console-control-strings": { "version": "1.1.0", "bundled": true, - "dev": true, - "optional": true + "dev": true }, "core-util-is": { "version": "1.0.2", @@ -7113,8 +7164,7 @@ "inherits": { "version": "2.0.3", "bundled": true, - "dev": true, - "optional": true + "dev": true }, "ini": { "version": "1.3.5", @@ -7126,7 +7176,6 @@ "version": "1.0.0", "bundled": true, "dev": true, - "optional": true, "requires": { "number-is-nan": "^1.0.0" } @@ -7141,7 +7190,6 @@ "version": "3.0.4", "bundled": true, "dev": true, - "optional": true, "requires": { "brace-expansion": "^1.1.7" } @@ -7260,8 +7308,7 @@ "number-is-nan": { "version": "1.0.1", "bundled": true, - "dev": true, - "optional": true + "dev": true }, "object-assign": { "version": "4.1.1", @@ -7273,7 +7320,6 @@ "version": "1.4.0", "bundled": true, "dev": true, - "optional": true, "requires": { "wrappy": "1" } @@ -7395,7 +7441,6 @@ "version": "1.0.2", "bundled": true, "dev": true, - "optional": true, "requires": { "code-point-at": "^1.0.0", "is-fullwidth-code-point": "^1.0.0", @@ -10636,9 +10681,9 @@ } }, "node-abi": { - "version": "2.5.1", - "resolved": "https://registry.npmjs.org/node-abi/-/node-abi-2.5.1.tgz", - "integrity": "sha512-oDbFc7vCFx0RWWCweTer3hFm1u+e60N5FtGnmRV6QqvgATGFH/XRR6vqWIeBVosCYCqt6YdIr2L0exLZuEdVcQ==", + "version": "2.9.0", + "resolved": "https://registry.npmjs.org/node-abi/-/node-abi-2.9.0.tgz", + "integrity": "sha512-jmEOvv0eanWjhX8dX1pmjb7oJl1U1oR4FOh0b2GnvALwSYoOdU7sj+kLDSAyjo4pfC9aj/IxkloxdLJQhSSQBA==", "dev": true, "requires": { "semver": "^5.4.1" diff --git a/package.json b/package.json index 9ae66f61..64d1ed13 100644 --- a/package.json +++ b/package.json @@ -67,8 +67,13 @@ "output": "dist", "app": "build" }, + "afterSign": "scripts/notarize.js", "mac": { "category": "public.app-category.productivity", + "gatekeeperAssess": false, + "hardenedRuntime": true, + "entitlements": "resources/entitlements.mac.plist", + "entitlementsInherit": "resources/entitlements.mac.plist", "target": [ "dmg", "zip" @@ -156,6 +161,7 @@ "del": "^3.0.0", "electron": "5.0.8", "electron-builder": "21.1.5", + "electron-notarize": "^0.1.1", "electron-rebuild": "^1.8.5", "electron-reload": "^1.4.1", "extract-text-webpack-plugin": "next", @@ -165,7 +171,7 @@ "gulp-google-webfonts": "^2.0.0", "html-loader": "^0.5.5", "html-webpack-plugin": "^3.2.0", - "node-abi": "^2.5.1", + "node-abi": "^2.9.0", "node-loader": "^0.6.0", "node-sass": "^4.11.0", "pkg": "4.3.4", diff --git a/resources/entitlements.mac.plist b/resources/entitlements.mac.plist new file mode 100644 index 00000000..a1c430a5 --- /dev/null +++ b/resources/entitlements.mac.plist @@ -0,0 +1,8 @@ + + + + + com.apple.security.cs.allow-unsigned-executable-memory + + + diff --git a/scripts/notarize.js b/scripts/notarize.js new file mode 100644 index 00000000..9336dd31 --- /dev/null +++ b/scripts/notarize.js @@ -0,0 +1,17 @@ +require('dotenv').config(); +const { notarize } = require('electron-notarize'); + +exports.default = async function notarizing(context) { + const { electronPlatformName, appOutDir } = context; + if (electronPlatformName !== 'darwin') { + return; + } + const appleId = process.env.APPLEID; + const appName = context.packager.appInfo.productFilename; + return await notarize({ + appBundleId: 'com.bitwarden.directory-connector', + appPath: `${appOutDir}/${appName}.app`, + appleId: appleId, + appleIdPassword: `@keychain:AC_PASSWORD`, + }); +};