()
| 618 | |
| 619 | let alreadyDoneSignCheck = false |
| 620 | async function codesignRipgrepIfNecessary() { |
| 621 | if (process.platform !== 'darwin' || alreadyDoneSignCheck) { |
| 622 | return |
| 623 | } |
| 624 | |
| 625 | alreadyDoneSignCheck = true |
| 626 | |
| 627 | // Only sign the standalone vendored rg binary (npm builds) |
| 628 | const config = getRipgrepConfig() |
| 629 | if (config.mode !== 'builtin') { |
| 630 | return |
| 631 | } |
| 632 | const builtinPath = config.command |
| 633 | |
| 634 | // First, check to see if ripgrep is already signed |
| 635 | const lines = ( |
| 636 | await execFileNoThrow('codesign', ['-vv', '-d', builtinPath], { |
| 637 | preserveOutputOnError: false, |
| 638 | }) |
| 639 | ).stdout.split('\n') |
| 640 | |
| 641 | const needsSigned = lines.find(line => line.includes('linker-signed')) |
| 642 | if (!needsSigned) { |
| 643 | return |
| 644 | } |
| 645 | |
| 646 | try { |
| 647 | const signResult = await execFileNoThrow('codesign', [ |
| 648 | '--sign', |
| 649 | '-', |
| 650 | '--force', |
| 651 | '--preserve-metadata=entitlements,requirements,flags,runtime', |
| 652 | builtinPath, |
| 653 | ]) |
| 654 | |
| 655 | if (signResult.code !== 0) { |
| 656 | logError( |
| 657 | new Error( |
| 658 | `Failed to sign ripgrep: ${signResult.stdout} ${signResult.stderr}`, |
| 659 | ), |
| 660 | ) |
| 661 | } |
| 662 | |
| 663 | const quarantineResult = await execFileNoThrow('xattr', [ |
| 664 | '-d', |
| 665 | 'com.apple.quarantine', |
| 666 | builtinPath, |
| 667 | ]) |
| 668 | |
| 669 | if (quarantineResult.code !== 0) { |
| 670 | logError( |
| 671 | new Error( |
| 672 | `Failed to remove quarantine: ${quarantineResult.stdout} ${quarantineResult.stderr}`, |
| 673 | ), |
| 674 | ) |
| 675 | } |
| 676 | } catch (e) { |
| 677 | logError(e) |
no test coverage detected