olcxjas-softworks/LarpixClient
2
0
Fork 1
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions 3

Update gitignore (sorry)
Some checks failed
Android Build / publish (push) Successful in 33s
Details
Linux Build / publish (push) Failing after 25s
Details

Browse source
This commit is contained in:
olcxja 2026-05-10 14:02:17 +02:00
commit cca8b02fea
6604 changed files with 1219661 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

467
electron/node_modules/electron-osx-sign/sign.js generated vendored Normal file
View file

@ -0,0 +1,467 @@
/**
* @module sign
*/
'use strict'
const path = require('path')
const Promise = require('bluebird')
const compareVersion = require('compare-version')
const pkg = require('./package.json')
const util = require('./util')
const debuglog = util.debuglog
const debugwarn = util.debugwarn
const getAppContentsPath = util.getAppContentsPath
const execFileAsync = util.execFileAsync
const validateOptsAppAsync = util.validateOptsAppAsync
const validateOptsPlatformAsync = util.validateOptsPlatformAsync
const walkAsync = util.walkAsync
const Identity = require('./util-identities').Identity
const findIdentitiesAsync = require('./util-identities').findIdentitiesAsync
const ProvisioningProfile = require('./util-provisioning-profiles').ProvisioningProfile
const preEmbedProvisioningProfile = require('./util-provisioning-profiles').preEmbedProvisioningProfile
const preAutoEntitlements = require('./util-entitlements').preAutoEntitlements
const osRelease = require('os').release()
/**
* This function returns a promise validating opts.binaries, the additional binaries to be signed along with the discovered enclosed components.
* @function
* @param {Object} opts - Options.
* @returns {Promise} Promise.
*/
function validateOptsBinariesAsync (opts) {
return new Promise(function (resolve, reject) {
if (opts.binaries) {
if (!Array.isArray(opts.binaries)) {
reject(new Error('Additional binaries should be an Array.'))
return
}
// TODO: Presence check for binary files, reject if any does not exist
}
resolve()
})
}
/**
* This function returns a promise validating all options passed in opts.
* @function
* @param {Object} opts - Options.
* @returns {Promise} Promise.
*/
function validateSignOptsAsync (opts) {
if (opts.ignore && !(opts.ignore instanceof Array)) {
opts.ignore = [opts.ignore]
}
if (opts['provisioning-profile']) {
if (typeof opts['provisioning-profile'] !== 'string' && !(opts['provisioning-profile'] instanceof ProvisioningProfile)) return Promise.reject(new Error('Path to provisioning profile should be a string or a ProvisioningProfile object.'))
}
if (opts['type']) {
if (opts['type'] !== 'development' && opts['type'] !== 'distribution') return Promise.reject(new Error('Type must be either `development` or `distribution`.'))
} else {
opts['type'] = 'distribution'
}
return Promise.map([
validateOptsAppAsync,
validateOptsPlatformAsync,
validateOptsBinariesAsync
], function (validate) {
return validate(opts)
})
}
/**
* This function returns a promise verifying the code sign of application bundle.
* @function
* @param {Object} opts - Options.
* @returns {Promise} Promise resolving output.
*/
function verifySignApplicationAsync (opts) {
// Verify with codesign
var compareVersion = require('compare-version')
debuglog('Verifying application bundle with codesign...')
var promise = execFileAsync('codesign', [
'--verify',
'--deep'
]
.concat(
opts['strict-verify'] !== false &&
compareVersion(osRelease, '15.0.0') >= 0 // Strict flag since darwin 15.0.0 --> OS X 10.11.0 El Capitan
? ['--strict' +
(opts['strict-verify']
? '=' + opts['strict-verify'] // Array should be converted to a comma separated string
: '')]
: [],
['--verbose=2', opts.app]))
// Additionally test Gatekeeper acceptance for darwin platform
if (opts.platform === 'darwin' && opts['gatekeeper-assess'] !== false) {
promise = promise
.then(function () {
debuglog('Verifying Gatekeeper acceptance for darwin platform...')
return execFileAsync('spctl', [
'--assess',
'--type', 'execute',
'--verbose',
'--ignore-cache',
'--no-cache',
opts.app
])
})
}
return promise
.thenReturn()
}
/**
* This function returns a promise codesigning only.
* @function
* @param {Object} opts - Options.
* @returns {Promise} Promise.
*/
function signApplicationAsync (opts) {
return walkAsync(getAppContentsPath(opts))
.then(function (childPaths) {
function ignoreFilePath (opts, filePath) {
if (opts.ignore) {
return opts.ignore.some(function (ignore) {
if (typeof ignore === 'function') {
return ignore(filePath)
}
return filePath.match(ignore)
})
}
return false
}
if (opts.binaries) childPaths = childPaths.concat(opts.binaries)
var args = [
'--sign', opts.identity.hash || opts.identity.name,
'--force'
]
if (opts.keychain) {
args.push('--keychain', opts.keychain)
}
if (opts.requirements) {
args.push('--requirements', opts.requirements)
}
if (opts.timestamp) {
args.push('--timestamp=' + opts.timestamp)
} else {
args.push('--timestamp')
}
if (opts['signature-size']) {
if (Number.isInteger(opts['signature-size']) && opts['signature-size'] > 0) {
args.push('--signature-size', opts['signature-size'])
} else {
debugwarn(`Invalid value provided for --signature-size (${opts['signature-size']}). Must be a positive integer.`)
}
}
var promise
/**
* Sort the child paths by how deep they are in the file tree. Some arcane apple
* logic expects the deeper files to be signed first otherwise strange errors get
* thrown our way
*/
childPaths = childPaths.sort((a, b) => {
const aDepth = a.split(path.sep).length
const bDepth = b.split(path.sep).length
return bDepth - aDepth
})
if (opts.entitlements) {
// Sign with entitlements
promise = Promise.mapSeries(childPaths, function (filePath) {
if (ignoreFilePath(opts, filePath)) {
debuglog('Skipped... ' + filePath)
return
}
debuglog('Signing... ' + filePath)
let optionsArguments = []
if (opts['signature-flags']) {
if (Array.isArray(opts['signature-flags'])) {
optionsArguments = [...opts['signature-flags']]
} else if (typeof opts['signature-flags'] === 'function') {
const flags = opts['signature-flags'](filePath)
optionsArguments = [...flags]
} else {
const flags = opts['signature-flags'].split(',').map(function (flag) { return flag.trim() })
optionsArguments = [...flags]
}
}
if (opts.hardenedRuntime || opts['hardened-runtime'] || optionsArguments.includes('runtime')) {
// Hardened runtime since darwin 17.7.0 --> macOS 10.13.6
if (compareVersion(osRelease, '17.7.0') >= 0) {
optionsArguments.push('runtime')
} else {
// Remove runtime if passed in with --signature-flags
debuglog('Not enabling hardened runtime, current macOS version too low, requires 10.13.6 and higher')
optionsArguments = optionsArguments.filter(function (element, index) { return element !== 'runtime' })
}
}
if (opts['restrict']) {
optionsArguments.push('restrict')
debugwarn('This flag is to be deprecated, consider using --signature-flags=restrict instead')
}
if (optionsArguments.length) {
args.push('--options', [...new Set(optionsArguments)].join(','))
}
let entitlementsFile = opts['entitlements-inherit']
if (filePath.includes('Library/LoginItems')) {
entitlementsFile = opts['entitlements-loginhelper']
}
const clonedArgs = args.concat([])
if (opts.entitlementsForFile) {
entitlementsFile = opts.entitlementsForFile(filePath, clonedArgs) || entitlementsFile
}
return execFileAsync('codesign', clonedArgs.concat('--entitlements', entitlementsFile, filePath))
})
.then(function () {
debuglog('Signing... ' + opts.app)
const clonedArgs = args.concat([])
let entitlementsFile = opts.entitlements
if (opts.entitlementsForFile) {
entitlementsFile = opts.entitlementsForFile(opts.app, clonedArgs) || entitlementsFile
}
return execFileAsync('codesign', clonedArgs.concat('--entitlements', entitlementsFile, opts.app))
})
} else {
// Otherwise normally
promise = Promise.mapSeries(childPaths, function (filePath) {
if (ignoreFilePath(opts, filePath)) {
debuglog('Skipped... ' + filePath)
return
}
debuglog('Signing... ' + filePath)
return execFileAsync('codesign', args.concat(filePath))
})
.then(function () {
debuglog('Signing... ' + opts.app)
return execFileAsync('codesign', args.concat(opts.app))
})
}
return promise
.then(function () {
// Verify code sign
debuglog('Verifying...')
var promise = verifySignApplicationAsync(opts)
.then(function (result) {
debuglog('Verified.')
})
// Check entitlements if applicable
if (opts.entitlements) {
promise = promise
.then(function () {
debuglog('Displaying entitlements...')
return execFileAsync('codesign', [
'--display',
'--entitlements', ':-', // Write to standard output and strip off the blob header
opts.app
])
})
.then(function (result) {
debuglog('Entitlements:', '\n',
result)
})
}
return promise
})
})
}
/**
* This function returns a promise signing the application.
* @function
* @param {mixed} opts - Options.
* @returns {Promise} Promise.
*/
var signAsync = module.exports.signAsync = function (opts) {
debuglog('electron-osx-sign@%s', pkg.version)
return validateSignOptsAsync(opts)
.then(function () {
// Determine identity for signing
var promise
if (opts.identity) {
debuglog('`identity` passed in arguments.')
if (opts['identity-validation'] === false) {
if (!(opts.identity instanceof Identity)) {
opts.identity = new Identity(opts.identity)
}
return Promise.resolve()
}
promise = findIdentitiesAsync(opts, opts.identity)
} else {
debugwarn('No `identity` passed in arguments...')
if (opts.platform === 'mas') {
if (opts.type === 'distribution') {
debuglog('Finding `3rd Party Mac Developer Application` certificate for signing app distribution in the Mac App Store...')
promise = findIdentitiesAsync(opts, '3rd Party Mac Developer Application:')
} else {
debuglog('Finding `Mac Developer` certificate for signing app in development for the Mac App Store signing...')
promise = findIdentitiesAsync(opts, 'Mac Developer:')
}
} else {
debuglog('Finding `Developer ID Application` certificate for distribution outside the Mac App Store...')
promise = findIdentitiesAsync(opts, 'Developer ID Application:')
}
}
return promise
.then(function (identities) {
if (identities.length > 0) {
// Identity(/ies) found
if (identities.length > 1) {
debugwarn('Multiple identities found, will use the first discovered.')
} else {
debuglog('Found 1 identity.')
}
opts.identity = identities[0]
} else {
// No identity found
return Promise.reject(new Error('No identity found for signing.'))
}
})
})
.then(function () {
// Determine entitlements for code signing
var filePath
if (opts.platform === 'mas') {
// To sign apps for Mac App Store, an entitlements file is required, especially for app sandboxing (as well some other services).
// Fallback entitlements for sandboxing by default: Note this may cause troubles while running an signed app due to missing keys special to the project.
// Further reading: https://developer.apple.com/library/mac/documentation/Miscellaneous/Reference/EntitlementKeyReference/Chapters/EnablingAppSandbox.html
if (!opts.entitlements) {
filePath = path.join(__dirname, 'default.entitlements.mas.plist')
debugwarn('No `entitlements` passed in arguments:', '\n',
'* Sandbox entitlements are required for Mac App Store distribution, your codesign entitlements file is default to:', filePath)
opts.entitlements = filePath
}
if (!opts['entitlements-inherit']) {
filePath = path.join(__dirname, 'default.entitlements.mas.inherit.plist')
debugwarn('No `entitlements-inherit` passed in arguments:', '\n',
'* Sandbox entitlements file for enclosed app files is default to:', filePath)
opts['entitlements-inherit'] = filePath
}
// The default value for opts['entitlements-file'] will be processed later
} else {
// Not necessary to have entitlements for non Mac App Store distribution
if (!opts.entitlements) {
debugwarn('No `entitlements` passed in arguments:', '\n',
'* Provide `entitlements` to specify entitlements file for codesign.')
} else {
// If entitlements is provided as a boolean flag, fallback to default
if (opts.entitlements === true) {
filePath = path.join(__dirname, 'default.entitlements.darwin.plist')
debugwarn('`entitlements` not specified in arguments:', '\n',
'* Provide `entitlements` to specify entitlements file for codesign.', '\n',
'* Entitlements file is default to:', filePath)
opts.entitlements = filePath
}
if (!opts['entitlements-inherit']) {
filePath = path.join(__dirname, 'default.entitlements.darwin.inherit.plist')
debugwarn('No `entitlements-inherit` passed in arguments:', '\n',
'* Entitlements file for enclosed app files is default to:', filePath)
opts['entitlements-inherit'] = filePath
}
// The default value for opts['entitlements-file'] will be processed later
}
}
})
.then(function () {
// Pre-sign operations
var preSignOperations = []
if (opts['pre-embed-provisioning-profile'] === false) {
debugwarn('Pre-sign operation disabled for provisioning profile embedding:', '\n',
'* Enable by setting `pre-embed-provisioning-profile` to `true`.')
} else {
debuglog('Pre-sign operation enabled for provisioning profile:', '\n',
'* Disable by setting `pre-embed-provisioning-profile` to `false`.')
preSignOperations.push(preEmbedProvisioningProfile)
}
if (opts['pre-auto-entitlements'] === false) {
debugwarn('Pre-sign operation disabled for entitlements automation.')
} else {
debuglog('Pre-sign operation enabled for entitlements automation with versions >= `1.1.1`:', '\n',
'* Disable by setting `pre-auto-entitlements` to `false`.')
if (opts.entitlements && (!opts.version || compareVersion(opts.version, '1.1.1') >= 0)) {
// Enable Mac App Store sandboxing without using temporary-exception, introduced in Electron v1.1.1. Relates to electron#5601
preSignOperations.push(preAutoEntitlements)
}
}
// preAutoEntitlements may update opts.entitlements,
// so we wait after it's done before giving opts['entitlements-loginhelper'] its default value
preSignOperations.push(function (opts) {
if (opts.entitlements) {
if (!opts['entitlements-loginhelper']) {
// Default to App Sandbox enabled
const filePath = opts.entitlements
debugwarn('No `entitlements-loginhelper` passed in arguments:', '\n',
'* Entitlements file for login helper is default to:', filePath)
opts['entitlements-loginhelper'] = filePath
}
}
})
return Promise.mapSeries(preSignOperations, function (preSignOperation) {
return preSignOperation(opts)
})
})
.then(function () {
debuglog('Signing application...', '\n',
'> Application:', opts.app, '\n',
'> Platform:', opts.platform, '\n',
'> Entitlements:', opts.entitlements, '\n',
'> Child entitlements:', opts['entitlements-inherit'], '\n',
'> Login helper entitlements:', opts['entitlements-loginhelper'], '\n',
'> Additional binaries:', opts.binaries, '\n',
'> Identity:', opts.identity)
return signApplicationAsync(opts)
})
.then(function () {
// Post-sign operations
debuglog('Application signed.')
})
}
/**
* This function is a normal callback implementation.
* @function
* @param {Object} opts - Options.
* @param {RequestCallback} cb - Callback.
*/
module.exports.sign = function (opts, cb) {
signAsync(opts)
.then(function () {
debuglog('Application signed: ' + opts.app)
if (cb) cb()
})
.catch(function (err) {
debuglog('Sign failed:')
if (err.message) debuglog(err.message)
else if (err.stack) debuglog(err.stack)
else debuglog(err)
if (cb) cb(err)
})
}