Skip to content

Commit

Permalink
fix: only apply preAutoEntitlements to top-level app bundle (#292)
Browse files Browse the repository at this point in the history
  • Loading branch information
quanglam2807 authored Aug 18, 2023
1 parent 01bd4c2 commit 06b32b5
Showing 1 changed file with 25 additions and 21 deletions.
46 changes: 25 additions & 21 deletions src/sign.ts
Original file line number Diff line number Diff line change
Expand Up @@ -208,27 +208,31 @@ async function signApplication (opts: ValidatedSignOptions, identity: Identity)
defaultOptionsForFile(filePath, opts.platform)
);

if (opts.preAutoEntitlements === false) {
debugWarn('Pre-sign operation disabled for entitlements automation.');
} else {
debugLog(
'Pre-sign operation enabled for entitlements automation with versions >= `1.1.1`:',
'\n',
'* Disable by setting `pre-auto-entitlements` to `false`.'
);
if (!opts.version || compareVersion(opts.version, '1.1.1') >= 0) {
// Enable Mac App Store sandboxing without using temporary-exception, introduced in Electron v1.1.1. Relates to electron#5601
const newEntitlements = await preAutoEntitlements(opts, perFileOptions, {
identity,
provisioningProfile: opts.provisioningProfile
? await getProvisioningProfile(opts.provisioningProfile, opts.keychain)
: undefined
});

// preAutoEntitlements may provide us new entitlements, if so we update our options
// and ensure that entitlements-loginhelper has a correct default value
if (newEntitlements) {
perFileOptions.entitlements = newEntitlements;
// preAutoEntitlements should only be applied to the top level app bundle.
// Applying it other files will cause the app to crash and be rejected by Apple.
if (!filePath.includes('.app/')) {
if (opts.preAutoEntitlements === false) {
debugWarn('Pre-sign operation disabled for entitlements automation.');
} else {
debugLog(
'Pre-sign operation enabled for entitlements automation with versions >= `1.1.1`:',
'\n',
'* Disable by setting `pre-auto-entitlements` to `false`.'
);
if (!opts.version || compareVersion(opts.version, '1.1.1') >= 0) {
// Enable Mac App Store sandboxing without using temporary-exception, introduced in Electron v1.1.1. Relates to electron#5601
const newEntitlements = await preAutoEntitlements(opts, perFileOptions, {
identity,
provisioningProfile: opts.provisioningProfile
? await getProvisioningProfile(opts.provisioningProfile, opts.keychain)
: undefined
});

// preAutoEntitlements may provide us new entitlements, if so we update our options
// and ensure that entitlements-loginhelper has a correct default value
if (newEntitlements) {
perFileOptions.entitlements = newEntitlements;
}
}
}
}
Expand Down

0 comments on commit 06b32b5

Please sign in to comment.