osx-sign icon indicating copy to clipboard operation
osx-sign copied to clipboard

Published 20 hours ago verified publisher icon electron

Deep signing equivalent?

Open axfelix opened this issue 3 years ago • 4 comments

Hi,

Is there a way to run electron-osx-sign with the equivalent of the --deep flag from Apple's own codesign tool, so that it will recursively walk directories and sign included binaries? I have some Pyinstaller-bundled dependencies of my Electron app that work fine on Windows and Linux and under earlier versions of macOS, but I'm having trouble working out a way of signing them with the available Electron tooling without having to package an app bundle within an app bundle, which won't pass notarization, or expand a list of every .dylib and .so in the bundle...

Thanks!

axfelix avatar Nov 21 '20 00:11 axfelix

Would it make sense to simply run it this way, to get every included binary?

electron-osx-sign ProveIt-darwin-x64/ProveIt.app/ $(find ProveIt-darwin-x64/ProveIt.app/Contents/ -type f -perm -u+x)

axfelix avatar Nov 23 '20 22:11 axfelix

Note that this doesn't seem to work because escaping spaces or quoting filenames when doing shell expansion this way isn't picked up by electron-osx-sign -- it seems to have some problem parsing paths.

axfelix avatar Nov 25 '20 00:11 axfelix

I noticed there was an open PR #231 that hasn't been merged yet, but this was somewhat impacting to my build pipeline...especially since the newest version of Mac requires a hardened runtime now. I got around this by creating a hook that deep signs the finished .app after it's been packaged. You'd just need to change the app name in the path.resolve() function.

const { exec } = require('child_process');

const config = {
   hooks: {
    postPackage: (forgeConfig, options) => {
      if (process.platform == "darwin") {
        let appPath = path.resolve(options.outputPaths[0], 'CHANGEME.app');
        console.log(`Signing App: ${appPath}`);
        exec(`codesign --force --deep --sign - ${appPath}`,
        (err, stdout, stderr) => {
          if (err) {
            console.log(`ERROR: ${err}`);
          }
          if (stdout) {
            console.log(stdout);
          }
          if (stderr) {
            console.log(stderr);
          }
        });
      }
    }
  },
}

dvigne avatar Nov 12 '21 06:11 dvigne

Hello, is there any progress on this issue? I can't move forward when I encounter this problem at present.

cc @MarshallOfSound

PBK-B avatar Jan 19 '24 07:01 PBK-B

:tada: This issue has been resolved in version 1.3.0 :tada:

The release is available on:

Your semantic-release bot :package::rocket:

continuous-auth[bot] avatar May 15 '24 02:05 continuous-auth[bot]