From 2add10313153f5516c613b271bcfa37a4f931f61 Mon Sep 17 00:00:00 2001 From: Mehmet Bektas Date: Wed, 25 Oct 2023 22:12:20 -0700 Subject: [PATCH] ad-hoc sign all binaries on mac --- Release.md | 4 +--- src/main/utils.ts | 11 ++++------- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/Release.md b/Release.md index 4f66a7f7..e04da82a 100644 --- a/Release.md +++ b/Release.md @@ -42,9 +42,7 @@ In order to change the JupyterLab version bundled with the application: yarn create_env_installer:osx-arm64 && yarn update_binary_sign_list --platform osx-arm64 ``` -4. If python version is updated in [`env_installer/jlab_server.yaml`](env_installer/jlab_server.yaml), also update `pythonBin` variables in [`util.ts`](src/main/utils.ts) that are used in code signing related methods. - -5. Update `ipywidgets` python package version in [`env_installer/jlab_server.yaml`](env_installer/jlab_server.yaml) if there is a compatible newer version available. +4. Update `ipywidgets` python package version in [`env_installer/jlab_server.yaml`](env_installer/jlab_server.yaml) if there is a compatible newer version available. Note that after updating the bundled JupyterLab version, it is necessary to bump JupyterLab Desktop version using `tbump` as described in the section below. Run `check_version_match` script before committing the changes to ensure version integrity. diff --git a/src/main/utils.ts b/src/main/utils.ts index 5800df29..9cb52cff 100644 --- a/src/main/utils.ts +++ b/src/main/utils.ts @@ -499,7 +499,6 @@ export function createCommandScriptInEnv( back to ad-hoc signed. */ export function createUnsignScriptInEnv(envPath: string): string { - const pythonBin = 'bin/python3.8'; const appDir = getAppDir(); const signListFile = path.join( appDir, @@ -510,17 +509,15 @@ export function createUnsignScriptInEnv(envPath: string): string { const signList: string[] = []; fileContents.split(/\r?\n/).forEach(line => { - if (line && line !== pythonBin) { + if (line) { signList.push(`"${line}"`); } }); - // remove hardened runtime flag, convert to ad-hoc - const removeRuntimeFlagCommand = `codesign -s - -o 0x2 -f ${pythonBin}`; - - return `cd ${envPath} && codesign --remove-signature ${signList.join( + // sign all binaries with ad-hoc signature + return `cd ${envPath} && codesign -s - -o 0x2 -f ${signList.join( ' ' - )} && ${removeRuntimeFlagCommand} && cd -`; + )} && cd -`; } export function getLogFilePath(processType: 'main' | 'renderer' = 'main') {