Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
microsoft
GitHub Repository: microsoft/vscode
 Path: blob/main/build/darwin/sign.ts
3520 views
1
/*---------------------------------------------------------------------------------------------

2
 *  Copyright (c) Microsoft Corporation. All rights reserved.

3
 *  Licensed under the MIT License. See License.txt in the project root for license information.

4
 *--------------------------------------------------------------------------------------------*/

5


6
import fs from 'fs';

7
import path from 'path';

8
import { sign, SignOptions } from '@electron/osx-sign';

9
import { spawn } from '@malept/cross-spawn-promise';

10


11
const root = path.dirname(path.dirname(__dirname));

12
const baseDir = path.dirname(__dirname);

13
const product = JSON.parse(fs.readFileSync(path.join(root, 'product.json'), 'utf8'));

14
const helperAppBaseName = product.nameShort;

15
const gpuHelperAppName = helperAppBaseName + ' Helper (GPU).app';

16
const rendererHelperAppName = helperAppBaseName + ' Helper (Renderer).app';

17
const pluginHelperAppName = helperAppBaseName + ' Helper (Plugin).app';

18


19
function getElectronVersion(): string {

20
	const npmrc = fs.readFileSync(path.join(root, '.npmrc'), 'utf8');

21
	const target = /^target="(.*)"$/m.exec(npmrc)![1];

22
	return target;

23
}

24


25
function getEntitlementsForFile(filePath: string): string {

26
	if (filePath.includes(gpuHelperAppName)) {

27
		return path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-gpu-entitlements.plist');

28
	} else if (filePath.includes(rendererHelperAppName)) {

29
		return path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-renderer-entitlements.plist');

30
	} else if (filePath.includes(pluginHelperAppName)) {

31
		return path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-plugin-entitlements.plist');

32
	}

33
	return path.join(baseDir, 'azure-pipelines', 'darwin', 'app-entitlements.plist');

34
}

35


36
async function main(buildDir?: string): Promise<void> {

37
	const tempDir = process.env['AGENT_TEMPDIRECTORY'];

38
	const arch = process.env['VSCODE_ARCH'];

39
	const identity = process.env['CODESIGN_IDENTITY'];

40


41
	if (!buildDir) {

42
		throw new Error('$AGENT_BUILDDIRECTORY not set');

43
	}

44


45
	if (!tempDir) {

46
		throw new Error('$AGENT_TEMPDIRECTORY not set');

47
	}

48


49
	const appRoot = path.join(buildDir, `VSCode-darwin-${arch}`);

50
	const appName = product.nameLong + '.app';

51
	const infoPlistPath = path.resolve(appRoot, appName, 'Contents', 'Info.plist');

52


53
	const appOpts: SignOptions = {

54
		app: path.join(appRoot, appName),

55
		platform: 'darwin',

56
		optionsForFile: (filePath) => ({

57
			entitlements: getEntitlementsForFile(filePath),

58
			hardenedRuntime: true,

59
		}),

60
		preAutoEntitlements: false,

61
		preEmbedProvisioningProfile: false,

62
		keychain: path.join(tempDir, 'buildagent.keychain'),

63
		version: getElectronVersion(),

64
		identity,

65
	};

66


67
	// Only overwrite plist entries for x64 and arm64 builds,

68
	// universal will get its copy from the x64 build.

69
	if (arch !== 'universal') {

70
		await spawn('plutil', [

71
			'-insert',

72
			'NSAppleEventsUsageDescription',

73
			'-string',

74
			'An application in Visual Studio Code wants to use AppleScript.',

75
			`${infoPlistPath}`

76
		]);

77
		await spawn('plutil', [

78
			'-replace',

79
			'NSMicrophoneUsageDescription',

80
			'-string',

81
			'An application in Visual Studio Code wants to use the Microphone.',

82
			`${infoPlistPath}`

83
		]);

84
		await spawn('plutil', [

85
			'-replace',

86
			'NSCameraUsageDescription',

87
			'-string',

88
			'An application in Visual Studio Code wants to use the Camera.',

89
			`${infoPlistPath}`

90
		]);

91
	}

92


93
	await sign(appOpts);

94
}

95


96
if (require.main === module) {

97
	main(process.argv[2]).catch(async err => {

98
		console.error(err);

99
		const tempDir = process.env['AGENT_TEMPDIRECTORY'];

100
		if (tempDir) {

101
			const keychain = path.join(tempDir, 'buildagent.keychain');

102
			const identities = await spawn('security', ['find-identity', '-p', 'codesigning', '-v', keychain]);

103
			console.error(`Available identities:\n${identities}`);

104
			const dump = await spawn('security', ['dump-keychain', keychain]);

105
			console.error(`Keychain dump:\n${dump}`);

106
		}

107
		process.exit(1);

108
	});

109
}

110


111