osx-sign
osx-sign copied to clipboard
Deep signing equivalent?
Hi,
Is there a way to run electron-osx-sign
with the equivalent of the --deep
flag from Apple's own codesign
tool, so that it will recursively walk directories and sign included binaries? I have some Pyinstaller-bundled dependencies of my Electron app that work fine on Windows and Linux and under earlier versions of macOS, but I'm having trouble working out a way of signing them with the available Electron tooling without having to package an app bundle within an app bundle, which won't pass notarization, or expand a list of every .dylib
and .so
in the bundle...
Thanks!
Would it make sense to simply run it this way, to get every included binary?
electron-osx-sign ProveIt-darwin-x64/ProveIt.app/ $(find ProveIt-darwin-x64/ProveIt.app/Contents/ -type f -perm -u+x)
Note that this doesn't seem to work because escaping spaces or quoting filenames when doing shell expansion this way isn't picked up by electron-osx-sign
-- it seems to have some problem parsing paths.
I noticed there was an open PR #231 that hasn't been merged yet, but this was somewhat impacting to my build pipeline...especially since the newest version of Mac requires a hardened runtime now. I got around this by creating a hook that deep signs the finished .app after it's been packaged. You'd just need to change the app name in the path.resolve()
function.
const { exec } = require('child_process');
const config = {
hooks: {
postPackage: (forgeConfig, options) => {
if (process.platform == "darwin") {
let appPath = path.resolve(options.outputPaths[0], 'CHANGEME.app');
console.log(`Signing App: ${appPath}`);
exec(`codesign --force --deep --sign - ${appPath}`,
(err, stdout, stderr) => {
if (err) {
console.log(`ERROR: ${err}`);
}
if (stdout) {
console.log(stdout);
}
if (stderr) {
console.log(stderr);
}
});
}
}
},
}
Hello, is there any progress on this issue? I can't move forward when I encounter this problem at present.
cc @MarshallOfSound
:tada: This issue has been resolved in version 1.3.0 :tada:
The release is available on:
Your semantic-release bot :package::rocket: