From 9bcede88f2083d41266e48dfa712adc2d223bd7f Mon Sep 17 00:00:00 2001 From: beyondkmp Date: Fri, 8 Mar 2024 04:44:00 +0800 Subject: [PATCH] fix(mac): add retry in mac code sign (#8101) --- .changeset/wild-buttons-pretend.md | 5 +++++ .../app-builder-lib/src/codeSign/macCodeSign.ts | 13 +++++-------- packages/app-builder-lib/src/macPackager.ts | 5 ++--- 3 files changed, 12 insertions(+), 11 deletions(-) create mode 100644 .changeset/wild-buttons-pretend.md diff --git a/.changeset/wild-buttons-pretend.md b/.changeset/wild-buttons-pretend.md new file mode 100644 index 0000000000..f893c8cfeb --- /dev/null +++ b/.changeset/wild-buttons-pretend.md @@ -0,0 +1,5 @@ +--- +"app-builder-lib": patch +--- + +fix(mac): add retry mechanism in mac code signing for `electron/osx-sign`. diff --git a/packages/app-builder-lib/src/codeSign/macCodeSign.ts b/packages/app-builder-lib/src/codeSign/macCodeSign.ts index f9110ee2e7..c93076158d 100644 --- a/packages/app-builder-lib/src/codeSign/macCodeSign.ts +++ b/packages/app-builder-lib/src/codeSign/macCodeSign.ts @@ -1,5 +1,5 @@ import BluebirdPromise from "bluebird-lst" -import { exec, InvalidConfigurationError, isEmptyOrSpaces, isEnvTrue, isPullRequest, log, TmpDir } from "builder-util/out/util" +import { exec, InvalidConfigurationError, isEmptyOrSpaces, isEnvTrue, isPullRequest, log, TmpDir, retry } from "builder-util/out/util" import { copyFile, unlinkIfExists } from "builder-util/out/fs" import { Fields, Logger } from "builder-util/out/log" import { randomBytes, createHash } from "crypto" @@ -11,6 +11,8 @@ import { getTempName } from "temp-file" import { isAutoDiscoveryCodeSignIdentity } from "../util/flags" import { importCertificate } from "./codesign" import { Identity as _Identity } from "@electron/osx-sign/dist/cjs/util-identities" +import { SignOptions } from "@electron/osx-sign/dist/cjs/types" +import { signAsync } from "@electron/osx-sign" export const appleCertificatePrefixes = ["Developer ID Application:", "Developer ID Installer:", "3rd Party Mac Developer Application:", "3rd Party Mac Developer Installer:"] @@ -213,13 +215,8 @@ async function importCerts(keychainFile: string, paths: Array, keyPasswo } } -/** @private */ -export function sign(path: string, name: string, keychain: string): Promise { - const args = ["--deep", "--force", "--sign", name, path] - if (keychain != null) { - args.push("--keychain", keychain) - } - return exec("/usr/bin/codesign", args) +export async function sign(opts: SignOptions): Promise { + return retry(() => signAsync(opts), 3, 5000, 5000) } export let findIdentityRawResult: Promise> | null = null diff --git a/packages/app-builder-lib/src/macPackager.ts b/packages/app-builder-lib/src/macPackager.ts index 5c1a56c4eb..e4e4fdf625 100644 --- a/packages/app-builder-lib/src/macPackager.ts +++ b/packages/app-builder-lib/src/macPackager.ts @@ -1,6 +1,5 @@ import BluebirdPromise from "bluebird-lst" import { deepAssign, Arch, AsyncTaskManager, exec, InvalidConfigurationError, log, use, getArchSuffix } from "builder-util" -import { signAsync } from "@electron/osx-sign" import { PerFileSignOptions, SignOptions } from "@electron/osx-sign/dist/cjs/types" import { mkdir, readdir } from "fs/promises" import { Lazy } from "lazy-val" @@ -8,7 +7,7 @@ import * as path from "path" import { copyFile, statOrNull, unlinkIfExists } from "builder-util/out/fs" import { orIfFileNotExist } from "builder-util/out/promise" import { AppInfo } from "./appInfo" -import { CertType, CodeSigningInfo, createKeychain, findIdentity, Identity, isSignAllowed, removeKeychain, reportError } from "./codeSign/macCodeSign" +import { CertType, CodeSigningInfo, createKeychain, findIdentity, Identity, isSignAllowed, removeKeychain, reportError, sign } from "./codeSign/macCodeSign" import { DIR_TARGET, Platform, Target } from "./core" import { AfterPackContext, ElectronPlatformName } from "./index" import { MacConfiguration, MasConfiguration, NotarizeLegacyOptions, NotarizeNotaryOptions } from "./options/macOptions" @@ -408,7 +407,7 @@ export default class MacPackager extends PlatformPackager { customSign ? "executing custom sign" : "signing" ) - return customSign ? Promise.resolve(customSign(opts, this)) : signAsync(opts) + return customSign ? Promise.resolve(customSign(opts, this)) : sign(opts) } //noinspection JSMethodCanBeStatic