From c55e37da2f15edc7684a5393b2efe15f74bcb0b4 Mon Sep 17 00:00:00 2001
From: Devin Binnie <52460000+devinbinnie@users.noreply.github.com>
Date: Mon, 11 Mar 2024 09:37:38 -0400
Subject: [PATCH] [MM-45780] Update to macos-notification-state 3.0, update
entitlements and provisioning profile to allow Communication Notification
access (#2972)
* [MM-45780] Update to macos-notification-state 3.0, update entitlements and provisioning profile to allow Communication Notification access
* Remove extra entitlements
* Add proper inherit
---
.github/workflows/build-for-pr.yml | 2 ++
.github/workflows/nightly-main.yml | 2 ++
.github/workflows/nightly-rainforest.yml | 2 ++
.github/workflows/release.yaml | 2 ++
electron-builder.json | 8 +++++---
entitlements.mac.inherit.plist | 12 ++++++++++++
entitlements.mac.plist | 2 ++
entitlements.mas.plist | 2 ++
package-lock.json | 16 +++++++++++-----
package.json | 2 +-
src/main/notifications/index.test.ts | 12 ++++++------
src/main/notifications/index.ts | 16 ++++++++--------
12 files changed, 55 insertions(+), 23 deletions(-)
create mode 100644 entitlements.mac.inherit.plist
diff --git a/.github/workflows/build-for-pr.yml b/.github/workflows/build-for-pr.yml
index 70aab65b..095998b5 100644
--- a/.github/workflows/build-for-pr.yml
+++ b/.github/workflows/build-for-pr.yml
@@ -163,7 +163,9 @@ jobs:
CSC_FOR_PULL_REQUEST: true
CSC_KEY_PASSWORD: ${{ secrets.MM_DESKTOP_MAC_INSTALLER_CSC_KEY_PASSWORD }}
CSC_LINK: ${{ secrets.MM_DESKTOP_MAC_INSTALLER_CSC_LINK }}
+ MAC_PROFILE: ${{ secrets.MM_DESKTOP_MAC_INSTALLER_DMG_PROFILE }}
run: |
+ echo $MAC_PROFILE | base64 -D > ./mac.provisionprofile
mkdir -p ./build/macos
npm run package:mac
bash -x ./scripts/patch_updater_yml.sh
diff --git a/.github/workflows/nightly-main.yml b/.github/workflows/nightly-main.yml
index 081c66b7..85b5ae10 100644
--- a/.github/workflows/nightly-main.yml
+++ b/.github/workflows/nightly-main.yml
@@ -172,7 +172,9 @@ jobs:
CSC_FOR_PULL_REQUEST: true
CSC_KEY_PASSWORD: ${{ secrets.MM_DESKTOP_MAC_INSTALLER_CSC_KEY_PASSWORD }}
CSC_LINK: ${{ secrets.MM_DESKTOP_MAC_INSTALLER_CSC_LINK }}
+ MAC_PROFILE: ${{ secrets.MM_DESKTOP_MAC_INSTALLER_DMG_PROFILE }}
run: |
+ echo $MAC_PROFILE | base64 -D > ./mac.provisionprofile
mkdir -p ./build/macos-release
npm run package:mac-with-universal
bash -x ./scripts/patch_updater_yml.sh
diff --git a/.github/workflows/nightly-rainforest.yml b/.github/workflows/nightly-rainforest.yml
index 23b9c984..e7d10450 100644
--- a/.github/workflows/nightly-rainforest.yml
+++ b/.github/workflows/nightly-rainforest.yml
@@ -102,7 +102,9 @@ jobs:
CSC_FOR_PULL_REQUEST: true
CSC_KEY_PASSWORD: ${{ secrets.MM_DESKTOP_MAC_INSTALLER_CSC_KEY_PASSWORD }}
CSC_LINK: ${{ secrets.MM_DESKTOP_MAC_INSTALLER_CSC_LINK }}
+ MAC_PROFILE: ${{ secrets.MM_DESKTOP_MAC_INSTALLER_DMG_PROFILE }}
run: |
+ echo $MAC_PROFILE | base64 -D > ./mac.provisionprofile
mkdir -p ./build/macos
npm run package:mac-with-universal
bash -x ./scripts/patch_updater_yml.sh
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 55ee694d..6967aab9 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -144,7 +144,9 @@ jobs:
CSC_FOR_PULL_REQUEST: true
CSC_KEY_PASSWORD: ${{ secrets.MM_DESKTOP_MAC_INSTALLER_CSC_KEY_PASSWORD }}
CSC_LINK: ${{ secrets.MM_DESKTOP_MAC_INSTALLER_CSC_LINK }}
+ MAC_PROFILE: ${{ secrets.MM_DESKTOP_MAC_INSTALLER_DMG_PROFILE }}
run: |
+ echo $MAC_PROFILE | base64 -D > ./mac.provisionprofile
mkdir -p ./build/macos-release
npm run package:mac-with-universal
bash -x ./scripts/patch_updater_yml.sh
diff --git a/electron-builder.json b/electron-builder.json
index 7ebb849f..3a6bf99f 100644
--- a/electron-builder.json
+++ b/electron-builder.json
@@ -100,12 +100,14 @@
"hardenedRuntime": true,
"gatekeeperAssess": true,
"entitlements": "./entitlements.mac.plist",
- "entitlementsInherit": "./entitlements.mac.plist",
+ "entitlementsInherit": "./entitlements.mac.inherit.plist",
"extendInfo": {
"NSMicrophoneUsageDescription": "Microphone access may be used by Mattermost plugins, such as Jitsi video conferencing.",
"NSCameraUsageDescription": "Camera access may be used by Mattermost plugins, such as Jitsi video conferencing.",
+ "NSFocusStatusUsageDescription": "Focus status is used by Mattermost to determine whether to send notifications or not.",
"LSFileQuarantineEnabled": true
- }
+ },
+ "provisioningProfile": "./mac.provisionprofile"
},
"mas": {
"hardenedRuntime": false,
@@ -119,7 +121,7 @@
"singleArchFiles": "*"
},
"masDev": {
- "provisioningProfile": "./mas-dev.provisionprofile"
+ "provisioningProfile": "./dev.provisionprofile"
},
"dmg": {
"background": "src/assets/osx/DMG_BG.png",
diff --git a/entitlements.mac.inherit.plist b/entitlements.mac.inherit.plist
new file mode 100644
index 00000000..c1d66628
--- /dev/null
+++ b/entitlements.mac.inherit.plist
@@ -0,0 +1,12 @@
+
+
+
+
+ com.apple.security.cs.allow-jit
+
+ com.apple.security.cs.allow-unsigned-executable-memory
+
+ com.apple.security.inherit
+
+
+
diff --git a/entitlements.mac.plist b/entitlements.mac.plist
index b4fb81fc..eadd75c2 100644
--- a/entitlements.mac.plist
+++ b/entitlements.mac.plist
@@ -14,5 +14,7 @@
com.apple.security.cs.allow-dyld-environment-variables
+ com.apple.developer.usernotifications.communication
+
diff --git a/entitlements.mas.plist b/entitlements.mas.plist
index 34a231ed..e218973a 100644
--- a/entitlements.mas.plist
+++ b/entitlements.mas.plist
@@ -36,5 +36,7 @@
com.apple.security.files.bookmarks.document-scope
+ com.apple.developer.usernotifications.communication
+
diff --git a/package-lock.json b/package-lock.json
index d33ae416..ccd50803 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,7 +10,7 @@
"hasInstallScript": true,
"license": "Apache-2.0",
"dependencies": {
- "macos-notification-state": "2.0.2",
+ "macos-notification-state": "3.0.0",
"windows-focus-assist": "1.3.0"
},
"devDependencies": {
@@ -17523,14 +17523,20 @@
}
},
"node_modules/macos-notification-state": {
- "version": "2.0.2",
- "resolved": "https://registry.npmjs.org/macos-notification-state/-/macos-notification-state-2.0.2.tgz",
- "integrity": "sha512-rTKda+694hvxXm4s00I5LEwlQxGwwCZKaCXogxEXyGagmsP7mGfLiyoI6MX360GQ0V6lmHOCqivg4LLQPFYb6A==",
+ "version": "3.0.0",
+ "resolved": "https://registry.npmjs.org/macos-notification-state/-/macos-notification-state-3.0.0.tgz",
+ "integrity": "sha512-tvFDZajIcwIsYg1WQAXGtrJFljlL1PEOK2cCoPDrN//XxIwTiVNvaXznxLjV4mYkyXctIDVs0ujGdrbGzeOY/w==",
"hasInstallScript": true,
"dependencies": {
- "bindings": "^1.5.0"
+ "bindings": "^1.5.0",
+ "node-addon-api": "3.0.0"
}
},
+ "node_modules/macos-notification-state/node_modules/node-addon-api": {
+ "version": "3.0.0",
+ "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-3.0.0.tgz",
+ "integrity": "sha512-sSHCgWfJ+Lui/u+0msF3oyCgvdkhxDbkCS6Q8uiJquzOimkJBvX6hl5aSSA7DR1XbMpdM8r7phjcF63sF4rkKg=="
+ },
"node_modules/magic-string": {
"version": "0.30.8",
"resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.8.tgz",
diff --git a/package.json b/package.json
index 8dafb561..f0973d81 100644
--- a/package.json
+++ b/package.json
@@ -220,7 +220,7 @@
"yargs": "17.4.0"
},
"dependencies": {
- "macos-notification-state": "2.0.2",
+ "macos-notification-state": "3.0.0",
"windows-focus-assist": "1.3.0"
}
}
diff --git a/src/main/notifications/index.test.ts b/src/main/notifications/index.test.ts
index ff7d1072..5acc963f 100644
--- a/src/main/notifications/index.test.ts
+++ b/src/main/notifications/index.test.ts
@@ -121,7 +121,7 @@ describe('main/notifications', () => {
PermissionsManager.doPermissionRequest.mockReturnValue(Promise.resolve(true));
Notification.isSupported.mockImplementation(() => true);
getFocusAssist.mockReturnValue({value: 0, name: ''});
- getDarwinDoNotDisturb.mockReturnValue(false);
+ getDarwinDoNotDisturb.mockReturnValue(Promise.resolve(false));
Config.notifications = {
flashWindow: 0,
bounceIcon: false,
@@ -184,7 +184,7 @@ describe('main/notifications', () => {
value: 'darwin',
});
- getDarwinDoNotDisturb.mockReturnValue(true);
+ getDarwinDoNotDisturb.mockReturnValue(Promise.resolve(true));
await NotificationManager.displayMention(
'test',
'test body',
@@ -389,13 +389,13 @@ describe('main/notifications', () => {
beforeEach(() => {
Notification.isSupported.mockImplementation(() => true);
getFocusAssist.mockReturnValue({value: 0, name: ''});
- getDarwinDoNotDisturb.mockReturnValue(false);
+ getDarwinDoNotDisturb.mockReturnValue(Promise.resolve(false));
});
- it('should open file when clicked', () => {
- getDarwinDoNotDisturb.mockReturnValue(false);
+ it('should open file when clicked', async () => {
+ getDarwinDoNotDisturb.mockReturnValue(Promise.resolve(false));
localizeMessage.mockReturnValue('test_filename');
- NotificationManager.displayDownloadCompleted(
+ await NotificationManager.displayDownloadCompleted(
'test_filename',
'/path/to/file',
'server_name',
diff --git a/src/main/notifications/index.ts b/src/main/notifications/index.ts
index ebdab954..5cfda980 100644
--- a/src/main/notifications/index.ts
+++ b/src/main/notifications/index.ts
@@ -34,7 +34,7 @@ class NotificationManager {
return;
}
- if (getDoNotDisturb()) {
+ if (await getDoNotDisturb()) {
return;
}
@@ -102,7 +102,7 @@ class NotificationManager {
mention.show();
}
- public displayDownloadCompleted(fileName: string, path: string, serverName: string) {
+ public async displayDownloadCompleted(fileName: string, path: string, serverName: string) {
log.debug('displayDownloadCompleted', {fileName, path, serverName});
if (!Notification.isSupported()) {
@@ -110,7 +110,7 @@ class NotificationManager {
return;
}
- if (getDoNotDisturb()) {
+ if (await getDoNotDisturb()) {
return;
}
@@ -136,12 +136,12 @@ class NotificationManager {
download.show();
}
- public displayUpgrade(version: string, handleUpgrade: () => void): void {
+ public async displayUpgrade(version: string, handleUpgrade: () => void) {
if (!Notification.isSupported()) {
log.error('notification not supported');
return;
}
- if (getDoNotDisturb()) {
+ if (await getDoNotDisturb()) {
return;
}
@@ -156,12 +156,12 @@ class NotificationManager {
this.upgradeNotification.show();
}
- public displayRestartToUpgrade(version: string, handleUpgrade: () => void): void {
+ public async displayRestartToUpgrade(version: string, handleUpgrade: () => void) {
if (!Notification.isSupported()) {
log.error('notification not supported');
return;
}
- if (getDoNotDisturb()) {
+ if (await getDoNotDisturb()) {
return;
}
@@ -174,7 +174,7 @@ class NotificationManager {
}
}
-function getDoNotDisturb() {
+async function getDoNotDisturb() {
if (process.platform === 'win32') {
return getWindowsDoNotDisturb();
}