Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
configuration.cscKeyPassword = ""
}
else if ((configuration as Configuration).cscLink == null) {
packagerOptions = deepAssign({}, packagerOptions, {config: {mac: {identity: null}}})
}
const projectDirCreated = checkOptions.projectDirCreated
let projectDir = path.join(__dirname, "..", "..", "fixtures", fixtureName)
// const isDoNotUseTempDir = platform === "darwin"
const customTmpDir = process.env.TEST_APP_TMP_DIR
const tmpDir = checkOptions.tmpDir || new TmpDir(`pack-tester: ${fixtureName}`)
// non-macOS test uses the same dir as macOS test, but we cannot share node_modules (because tests executed in parallel)
const dir = customTmpDir == null ? await tmpDir.createTempDir({prefix: "test-project"}) : path.resolve(customTmpDir)
if (customTmpDir != null) {
await emptyDir(dir)
log.info({customTmpDir}, "custom temp dir used")
}
await copyDir(projectDir, dir, {
filter: it => {
const basename = path.basename(it)
// if custom project dir specified, copy node_modules (i.e. do not ignore it)
return (packagerOptions.projectDir != null || basename !== "node_modules") && (!basename.startsWith(".") || basename === ".babelrc")
},
isUseHardLink: USE_HARD_LINKS,
})
projectDir = dir
await executeFinally((async () => {
if (projectDirCreated != null) {
await projectDirCreated(projectDir, tmpDir)
}
private getOrCreatePublisher(publishConfig: PublishConfiguration, appInfo: AppInfo): Publisher | null {
// to not include token into cache key
const providerCacheKey = safeStringifyJson(publishConfig)
let publisher = this.nameToPublisher.get(providerCacheKey)
if (publisher == null) {
publisher = createPublisher(this, appInfo.version, publishConfig, this.publishOptions, this.packager)
this.nameToPublisher.set(providerCacheKey, publisher)
log.info({publisher: publisher!!.toString()}, "publishing")
}
return publisher
}
const performDependenciesInstallOrRebuild = await beforeBuild({
appDir: this.appDir,
electronVersion: this.config.electronVersion!,
platform,
arch: Arch[arch]
})
// If beforeBuild resolves to false, it means that handling node_modules is done outside of electron-builder.
this._nodeModulesHandledExternally = !performDependenciesInstallOrRebuild
if (!performDependenciesInstallOrRebuild) {
return
}
}
if (config.buildDependenciesFromSource === true && platform.nodeName !== process.platform) {
log.info({reason: "platform is different and buildDependenciesFromSource is set to true"}, "skipped dependencies rebuild")
}
else {
await installOrRebuild(config, this.appDir, {
frameworkInfo,
platform: platform.nodeName,
arch: Arch[arch],
productionDeps: this.getNodeDependencyInfo(null),
})
}
}
identity: identity!,
type,
platform: isMas ? "mas" : "darwin",
version: this.config.electronVersion,
app: appPath,
keychain: keychainFile || undefined,
binaries: options.binaries || undefined,
requirements: isMas || this.platformSpecificBuildOptions.requirements == null ? undefined : await this.getResource(this.platformSpecificBuildOptions.requirements),
// https://github.com/electron-userland/electron-osx-sign/issues/196
// will fail on 10.14.5+ because a signed but unnotarized app is also rejected.
"gatekeeper-assess": options.gatekeeperAssess === true,
hardenedRuntime: options.hardenedRuntime !== false,
}
await this.adjustSignOptions(signOptions, masOptions)
log.info({
file: log.filePath(appPath),
identityName: identity.name,
identityHash: identity.hash,
provisioningProfile: signOptions["provisioning-profile"] || "none",
}, "signing")
await this.doSign(signOptions)
// https://github.com/electron-userland/electron-builder/issues/1196#issuecomment-312310209
if (masOptions != null && !isDevelopment) {
const certType = isDevelopment ? "Mac Developer" : "3rd Party Mac Developer Installer"
const masInstallerIdentity = await findIdentity(certType, masOptions.identity, keychainFile)
if (masInstallerIdentity == null) {
throw new InvalidConfigurationError(`Cannot find valid "${certType}" identity to sign MAS installer, please see https://electron.build/code-signing`)
}
// mas uploaded to AppStore, so, use "-" instead of space for name
async function compileUsingElectronCompile(mainFileSet: ResolvedFileSet, packager: Packager): Promise {
log.info("compiling using electron-compile")
const electronCompileCache = await packager.tempDirManager.getTempDir({prefix: "electron-compile-cache"})
const cacheDir = path.join(electronCompileCache, ".cache")
// clear and create cache dir
await ensureDir(cacheDir)
const compilerHost = await createElectronCompilerHost(mainFileSet.src, cacheDir)
const nextSlashIndex = mainFileSet.src.length + 1
// pre-compute electron-compile to cache dir - we need to process only subdirectories, not direct files of app dir
await BluebirdPromise.map(mainFileSet.files, file => {
if (file.includes(NODE_MODULES_PATTERN) || file.includes(BOWER_COMPONENTS_PATTERN)
|| !file.includes(path.sep, nextSlashIndex) // ignore not root files
|| !mainFileSet.metadata.get(file)!.isFile()) {
return null
}
return compilerHost.compile(file)
.then(() => null)
log.info(chalk.bold('When asked to enter a password ("Create Private Key Password"), please select "None".'))
try {
await ensureDir(path.dirname(tempPrefix))
const vendorPath = path.join(await getSignVendorPath(), "windows-10", process.arch)
await exec(path.join(vendorPath, "makecert.exe"),
["-r", "-h", "0", "-n", `CN=${quoteString(publisher)}`, "-eku", "1.3.6.1.5.5.7.3.3", "-pe", "-sv", pvk, cer])
const pfx = path.join(targetDir, `${sanitizeFileName(publisher)}.pfx`)
await unlinkIfExists(pfx)
await exec(path.join(vendorPath, "pvk2pfx.exe"), ["-pvk", pvk, "-spc", cer, "-pfx", pfx])
log.info({file: pfx}, `created. Please see https://electron.build/code-signing how to use it to sign.`)
const certLocation = "Cert:\\LocalMachine\\TrustedPeople"
log.info({file: pfx, certLocation}, `importing. Operation will be succeed only if runned from root. Otherwise import file manually.`)
await spawn("powershell.exe", ["-NoProfile", "-NonInteractive", "-Command", "Import-PfxCertificate", "-FilePath", `"${pfx}"`, "-CertStoreLocation", ""])
}
finally {
await tmpDir.cleanup()
}
}
zstdProcess.stdout.on("end", () => {
log.info({time: compressAndUploadTimer.endAndGet()}, "uploaded to remote builder")
})
})
export async function createSelfSignedCert(publisher: string) {
const tmpDir = new TmpDir("create-self-signed-cert")
const targetDir = process.cwd()
const tempPrefix = path.join(await tmpDir.getTempDir({prefix: "self-signed-cert-creator"}), sanitizeFileName(publisher))
const cer = `${tempPrefix}.cer`
const pvk = `${tempPrefix}.pvk`
log.info(chalk.bold('When asked to enter a password ("Create Private Key Password"), please select "None".'))
try {
await ensureDir(path.dirname(tempPrefix))
const vendorPath = path.join(await getSignVendorPath(), "windows-10", process.arch)
await exec(path.join(vendorPath, "makecert.exe"),
["-r", "-h", "0", "-n", `CN=${quoteString(publisher)}`, "-eku", "1.3.6.1.5.5.7.3.3", "-pe", "-sv", pvk, cer])
const pfx = path.join(targetDir, `${sanitizeFileName(publisher)}.pfx`)
await unlinkIfExists(pfx)
await exec(path.join(vendorPath, "pvk2pfx.exe"), ["-pvk", pvk, "-spc", cer, "-pfx", pfx])
log.info({file: pfx}, `created. Please see https://electron.build/code-signing how to use it to sign.`)
const certLocation = "Cert:\\LocalMachine\\TrustedPeople"
log.info({file: pfx, certLocation}, `importing. Operation will be succeed only if runned from root. Otherwise import file manually.`)
await spawn("powershell.exe", ["-NoProfile", "-NonInteractive", "-Command", "Import-PfxCertificate", "-FilePath", `"${pfx}"`, "-CertStoreLocation", ""])
}