Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
microsoft
GitHub Repository: microsoft/vscode
 Path: blob/main/build/darwin/sign-server.ts
5242 views
1
/*---------------------------------------------------------------------------------------------

2
 *  Copyright (c) Microsoft Corporation. All rights reserved.

3
 *  Licensed under the MIT License. See License.txt in the project root for license information.

4
 *--------------------------------------------------------------------------------------------*/

5


6
import { spawn } from '@malept/cross-spawn-promise';

7
import fs from 'fs';

8
import path from 'path';

9


10
const MACHO_MAGIC_NUMBERS = new Set([

11
	0xFEEDFACE, // MH_MAGIC (32-bit)

12
	0xCEFAEDFE, // MH_CIGAM (32-bit, byte-swapped)

13
	0xFEEDFACF, // MH_MAGIC_64 (64-bit)

14
	0xCFFAEDFE, // MH_CIGAM_64 (64-bit, byte-swapped)

15
	0xCAFEBABE, // FAT_MAGIC (universal binary)

16
	0xBEBAFECA, // FAT_CIGAM (universal binary, byte-swapped)

17
]);

18


19
function isMachOBinary(filePath: string): boolean {

20
	try {

21
		let fd: number | undefined;

22
		try {

23
			fd = fs.openSync(filePath, 'r');

24
			const buffer = Buffer.alloc(4);

25
			fs.readSync(fd, buffer, 0, 4, 0);

26
			const magic = buffer.readUInt32BE(0);

27
			return MACHO_MAGIC_NUMBERS.has(magic);

28
		} finally {

29
			if (fd !== undefined) {

30
				fs.closeSync(fd);

31
			}

32
		}

33
	} catch {

34
		return false;

35
	}

36
}

37


38
async function main(serverDir: string): Promise<void> {

39
	if (!serverDir || !fs.existsSync(serverDir)) {

40
		throw new Error('Server directory argument is required');

41
	}

42


43
	const tempDir = process.env['AGENT_TEMPDIRECTORY'];

44
	if (!tempDir) {

45
		throw new Error('$AGENT_TEMPDIRECTORY not set');

46
	}

47


48
	const identity = process.env['CODESIGN_IDENTITY'];

49
	if (!identity) {

50
		throw new Error('$CODESIGN_IDENTITY not set');

51
	}

52


53
	const keychain = path.join(tempDir, 'buildagent.keychain');

54
	const baseDir = path.dirname(import.meta.dirname);

55
	const entitlementsPath = path.join(baseDir, 'azure-pipelines', 'darwin', 'server-entitlements.plist');

56


57
	console.log(`Signing Mach-O binaries in: ${serverDir}`);

58
	for (const entry of fs.readdirSync(serverDir, { withFileTypes: true, recursive: true })) {

59
		if (entry.isFile()) {

60
			const filePath = path.join(entry.parentPath, entry.name);

61
			if (isMachOBinary(filePath)) {

62
				console.log(`Signing: ${filePath}`);

63
				await spawn('codesign', [

64
					'--sign', identity,

65
					'--keychain', keychain,

66
					'--options', 'runtime',

67
					'--timestamp',

68
					'--force',

69
					'--entitlements', entitlementsPath,

70
					filePath

71
				]);

72
			}

73
		}

74
	}

75
}

76


77
if (import.meta.main) {

78
	main(process.argv[2]).catch(err => {

79
		console.error(err);

80
		process.exit(1);

81
	});

82
}

83


84