From fb396c06e35647fd6ee22bd0e44a407f72457952 Mon Sep 17 00:00:00 2001 From: Jan Dubois Date: Thu, 5 Sep 2024 16:21:08 -0700 Subject: [PATCH 1/2] Create "Rancher Desktop.app" for the sudo-prompt script on macOS See pkg/rancher-desktop/sudo-prompt/CHANGELOG.md for details. Signed-off-by: Jan Dubois --- .github/actions/spelling/expect.txt | 2 + pkg/rancher-desktop/backend/lima.ts | 4 +- pkg/rancher-desktop/sudo-prompt/CHANGELOG.md | 35 +++- pkg/rancher-desktop/sudo-prompt/README.md | 10 ++ pkg/rancher-desktop/sudo-prompt/index.js | 171 ++++--------------- resources/icons/mac-icon.icns | Bin 0 -> 19220 bytes scripts/dependencies/sudo-prompt.ts | 27 +++ scripts/lib/sign-macos.ts | 22 ++- scripts/postinstall.ts | 13 ++ src/sudo-prompt/build-sudo-prompt | 20 +++ src/sudo-prompt/sudo-prompt-script | 13 ++ src/sudo-prompt/sudo-prompt.applescript | 8 + 12 files changed, 182 insertions(+), 143 deletions(-) create mode 100644 resources/icons/mac-icon.icns create mode 100644 scripts/dependencies/sudo-prompt.ts create mode 100755 src/sudo-prompt/build-sudo-prompt create mode 100755 src/sudo-prompt/sudo-prompt-script create mode 100644 src/sudo-prompt/sudo-prompt.applescript diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt index 8833969113c..2ef81c5f747 100644 --- a/.github/actions/spelling/expect.txt +++ b/.github/actions/spelling/expect.txt @@ -34,6 +34,7 @@ APPDIR appimage appimagekit APPLEID +applescript APPLICATIONFOLDER AProject ARPNOMODIFY @@ -568,6 +569,7 @@ opentelekomcloudcontainerengine opsgenie oracleoke orsection +osacompile osascript osc oswald diff --git a/pkg/rancher-desktop/backend/lima.ts b/pkg/rancher-desktop/backend/lima.ts index f7c6aca16e1..7cc8471f904 100644 --- a/pkg/rancher-desktop/backend/lima.ts +++ b/pkg/rancher-desktop/backend/lima.ts @@ -1381,9 +1381,7 @@ export default class LimaBackend extends events.EventEmitter implements VMBacken */ protected async sudoExec(this: unknown, command: string) { await new Promise((resolve, reject) => { - const iconPath = path.join(paths.resources, 'icons', 'logo-square-512.png'); - - sudo(command, { name: 'Rancher Desktop', icns: iconPath }, (error, stdout, stderr) => { + sudo(command, { name: 'Rancher Desktop' }, (error, stdout, stderr) => { if (stdout) { console.log(`Prompt for sudo: stdout: ${ stdout }`); } diff --git a/pkg/rancher-desktop/sudo-prompt/CHANGELOG.md b/pkg/rancher-desktop/sudo-prompt/CHANGELOG.md index 46ba454c45e..eb98407f8ed 100644 --- a/pkg/rancher-desktop/sudo-prompt/CHANGELOG.md +++ b/pkg/rancher-desktop/sudo-prompt/CHANGELOG.md @@ -1,3 +1,36 @@ +# Rancher Desktop related changes + +This module has been imported from https://github.com/jorangreef/sudo-prompt/tree/v9.2.1 (commit c3cc31a) and modified for Rancher Desktop: + +The `applet.app` used to be included as a base64 encoded ZIP file inside `index.js` and extracted at runtime into a temp directory. The extracted app was renamed to match the `name` and `icns` specified by the caller, and the commands were written into `applet.app/Content/MacOS/sudo-prompt-command`. + +The bundled applet did not include support for `aarch64` machines, so needed Rosetta2 installed to run. It was also not signed. + +## Changes + +The applet source code has been moved to `/src/sudo-prompt` and is build from source using `osacompile`, so `applet` will be an up-to-date universal binary supporting `x86_64` and `aarch64`. + +The applet is placed into `/resources/darwin/internal/Rancher Desktop.app`. The app name is displayed as part of the dialog: "Rancher Desktop wants to make changes". + +The `Contents/Info.plist` file has the `CFBundleName` set to "Rancher Desktop Password Prompt". + +A `.icns` format icon has been created (the old `.png` file doesn't seem to work with the new applet) and is stored into `Contents/Resources/applet.icns`. + +The `sudo-prompt-script` has been moved from `Contents/MacOS` to `Contents/Resources/Scripts` because it cannot be code-signed. + +When the `RD_SUDO_PROMPT_OSASCRIPT` environment variable is set then the `Contents/Resources/Scripts/main.scpt` file (the compiled version of `sudo-prompt.applescript`) is executed via `osascript` instead of the applet. This will show an approval prompt that supports the Apple watch, or a touch id keyboard, but will not use the `Rancher Desktop` name or icon in the dialog. + +The `sudo-prompt.applescript` has been modified to locate the `sudo-prompt-script` inside the applet because the working directory will no longer be inside the app. + +All this means that the app can now be code-signed and notarized and will not be modified at runtime. + +The app is being build by `yarn` during the `postinstall` phase with a custom dependency script. + +The `index.js` code to modify the app at runtime has been removed and the logic simplified. `name` and `icns` options are ignored in the macOS `sudo` function. +
+ +# Original CHANGELOG below + ## [9.2.0] 2020-04-29 ### Fixed @@ -38,7 +71,7 @@ [#88](https://github.com/jorangreef/sudo-prompt/issues/88). - Fix Windows to return `PERMISSION_DENIED` Error even when Windows' error -messages are internationalized, see +messages are internationalized, see [#96](https://github.com/jorangreef/sudo-prompt/issues/96). ## [8.2.5] 2018-12-12 diff --git a/pkg/rancher-desktop/sudo-prompt/README.md b/pkg/rancher-desktop/sudo-prompt/README.md index 2ae7536ebb8..b7a470d5878 100644 --- a/pkg/rancher-desktop/sudo-prompt/README.md +++ b/pkg/rancher-desktop/sudo-prompt/README.md @@ -1,3 +1,13 @@ +# Rancher Desktop sudo-prompt + +This module has been imported from [jorangreef/sudo-prompt: Run a command using sudo, prompting the user with an OS dialog if necessary.](https://github.com/jorangreef/sudo-prompt). + +It is no longer a reusable module, but has been modified specifically for Rancher Desktop usage; see details in the [changelog](CHANGELOG.md). + +
+ +# Original README below + # sudo-prompt Run a non-graphical terminal command using `sudo`, prompting the user with a graphical OS dialog if necessary. Useful for background Node.js applications or native Electron apps that need `sudo`. diff --git a/pkg/rancher-desktop/sudo-prompt/index.js b/pkg/rancher-desktop/sudo-prompt/index.js index 4c4555b480f..ff1eb0adfc1 100644 --- a/pkg/rancher-desktop/sudo-prompt/index.js +++ b/pkg/rancher-desktop/sudo-prompt/index.js @@ -1,11 +1,12 @@ const Node = { - child: require('child_process'), - crypto: require('crypto'), - fs: require('fs'), - os: require('os'), - path: require('path'), + child: require('child_process'), + crypto: require('crypto'), + electron: require('electron'), + fs: require('fs'), + os: require('os'), + path: require('path'), process, - util: require('util'), + util: require('util'), }; function Attempt(instance, end) { @@ -271,10 +272,10 @@ function Mac(instance, callback) { instance.path = Node.path.join( temp, instance.uuid, - `${ instance.options.name }.app`, ); + Node.fs.mkdirSync(instance.path); function end(error, stdout, stderr) { - Remove(Node.path.dirname(instance.path), + Remove(instance.path, (errorRemove) => { if (error) { return callback(error); @@ -286,38 +287,17 @@ function Mac(instance, callback) { }, ); } - MacApplet(instance, - (error, stdout, stderr) => { + MacCommand(instance, + (error) => { if (error) { - return end(error, stdout, stderr); + return end(error); } - MacIcon(instance, - (error) => { + MacOpen(instance, + (error, stdout, stderr) => { if (error) { - return end(error); + return end(error, stdout, stderr); } - MacPropertyList(instance, - (error, stdout, stderr) => { - if (error) { - return end(error, stdout, stderr); - } - MacCommand(instance, - (error) => { - if (error) { - return end(error); - } - MacOpen(instance, - (error, stdout, stderr) => { - if (error) { - return end(error, stdout, stderr); - } - MacResult(instance, end); - }, - ); - }, - ); - }, - ); + MacResult(instance, end); }, ); }, @@ -326,42 +306,8 @@ function Mac(instance, callback) { ); } -function MacApplet(instance, end) { - const parent = Node.path.dirname(instance.path); - - Node.fs.mkdir(parent, - (error) => { - if (error) { - return end(error); - } - const zip = Node.path.join(parent, 'sudo-prompt-applet.zip'); - - Node.fs.writeFile(zip, APPLET, 'base64', - (error) => { - if (error) { - return end(error); - } - let command = []; - - command.push('/usr/bin/unzip'); - command.push('-o'); // Overwrite any existing applet. - command.push(`"${ EscapeDoubleQuotes(zip) }"`); - command.push(`-d "${ EscapeDoubleQuotes(instance.path) }"`); - command = command.join(' '); - Node.child.exec(command, { encoding: 'utf-8' }, end); - }, - ); - }, - ); -} - function MacCommand(instance, end) { - const path = Node.path.join( - instance.path, - 'Contents', - 'MacOS', - 'sudo-prompt-command', - ); + const path = Node.path.join(instance.path, 'sudo-prompt-command'); let script = []; // Preserve current working directory: @@ -379,70 +325,35 @@ function MacCommand(instance, end) { Node.fs.writeFile(path, script, 'utf-8', end); } -function MacIcon(instance, end) { - if (!instance.options.icns) { - return end(); - } - Node.fs.readFile(instance.options.icns, - (error, buffer) => { - if (error) { - return end(error); - } - const icns = Node.path.join( - instance.path, - 'Contents', - 'Resources', - 'applet.icns', - ); +function MacOpen(instance, end) { + let basePath; - Node.fs.writeFile(icns, buffer, end); - }, - ); -} + if (Node.electron.app?.isPackaged) { + basePath = process.resourcesPath; + } else { + basePath = process.cwd(); + } -function MacOpen(instance, end) { - // We must run the binary directly so that the cwd will apply. - const binary = Node.path.join(instance.path, 'Contents', 'MacOS', 'applet'); - // We must set the cwd so that the AppleScript can find the shell scripts. + // We must set the cwd so that the AppleScript can find the sudo-prompt-command script. const options = { - cwd: Node.path.dirname(binary), + cwd: instance.path, encoding: 'utf-8', }; - // We use the relative path rather than the absolute path. The instance.path - // may contain spaces which the cwd can handle, but which exec() cannot. - Node.child.exec(`./${ Node.path.basename(binary) }`, options, end); -} + if (Node.process.env.RD_SUDO_PROMPT_OSASCRIPT) { + const script = Node.path.join(basePath, 'resources', 'darwin', 'internal', 'Rancher Desktop.app', 'Contents', 'Resources', 'Scripts', 'main.scpt'); -function MacPropertyList(instance, end) { - // Value must be in single quotes (not double quotes) according to man entry. - // e.g. defaults write com.companyname.appname "Default Color" '(255, 0, 0)' - // The defaults command will be changed in an upcoming major release to only - // operate on preferences domains. General plist manipulation utilities will - // be folded into a different command-line program. - const plist = Node.path.join(instance.path, 'Contents', 'Info.plist'); - const path = EscapeDoubleQuotes(plist); - const key = EscapeDoubleQuotes('CFBundleName'); - const value = `${ instance.options.name } Password Prompt`; - - if (/'/.test(value)) { - return end(new Error('Value should not contain single quotes.')); - } - let command = []; + Node.child.exec(`/usr/bin/osascript "${ EscapeDoubleQuotes(Node.path.normalize(script)) }"`, options, end); + } else { + // We must run the binary directly so that the cwd will apply. + const binary = Node.path.join(basePath, 'resources', 'darwin', 'internal', 'Rancher Desktop.app', 'Contents', 'MacOS', 'applet'); - command.push('/usr/bin/defaults'); - command.push('write'); - command.push(`"${ path }"`); - command.push(`"${ key }"`); - command.push(`'${ value }'`); // We must use single quotes for value. - command = command.join(' '); - Node.child.exec(command, { encoding: 'utf-8' }, end); + Node.child.exec(`"${ EscapeDoubleQuotes(Node.path.normalize(binary)) }"`, options, end); + } } function MacResult(instance, end) { - const cwd = Node.path.join(instance.path, 'Contents', 'MacOS'); - - Node.fs.readFile(Node.path.join(cwd, 'code'), 'utf-8', + Node.fs.readFile(Node.path.join(instance.path, 'code'), 'utf-8', (error, code) => { if (error) { if (error.code === 'ENOENT') { @@ -450,12 +361,12 @@ function MacResult(instance, end) { } end(error); } else { - Node.fs.readFile(Node.path.join(cwd, 'stdout'), 'utf-8', + Node.fs.readFile(Node.path.join(instance.path, 'stdout'), 'utf-8', (error, stdout) => { if (error) { return end(error); } - Node.fs.readFile(Node.path.join(cwd, 'stderr'), 'utf-8', + Node.fs.readFile(Node.path.join(instance.path, 'stderr'), 'utf-8', (error, stderr) => { if (error) { return end(error); @@ -768,14 +679,6 @@ function WindowsWriteExecuteScript(instance, end) { export const exec = Exec; -// We used to expect that applet.app would be included with this module. -// This could not be copied when sudo-prompt was packaged within an asar file. -// We now store applet.app as a zip file in base64 within index.js instead. -// To recreate: "zip -r ../applet.zip Contents" (with applet.app as CWD). -// The zip file must not include applet.app as the root directory so that we -// can extract it directly to the target app directory. -const APPLET = 'UEsDBAoAAAAAAO1YcEcAAAAAAAAAAAAAAAAJABwAQ29udGVudHMvVVQJAAPNnElWLZEQV3V4CwABBPUBAAAEFAAAAFBLAwQUAAAACACgeXBHlHaGqKEBAAC+AwAAEwAcAENvbnRlbnRzL0luZm8ucGxpc3RVVAkAA1zWSVYtkRBXdXgLAAEE9QEAAAQUAAAAfZNRb5swFIWfl1/BeA9OpSmqJkqVBCJFop1VyKQ9Ta59S6wa27NNCfv1M0naJWTsEXO+c8+9vo7v97UI3sBYruRdeBPNwgAkVYzL6i7cluvpbXifTOLP6bdV+QNngRbcugBvl/lmFYRThBZaC0AoLdMA55uiDLwHQtljGIQ75/RXhNq2jUiviqiqe6FF2CgNxnW5N5t6IGKOhb7M0f0ijj9lnLpk8il+hS5ZrZeNZAIWQqj2ge+B5YoSwX8T5xEbo17ktc40gIZQCm8glK5BuieovP5Dbp3xHSeZrHyCXYxO3wM+2wNtHHkWMAQP/bkxbkOVXPMxKuK0Dz6CMh+Wv3AwQ9gPM7INU1NtVK3Ha8sXlfoB+m6J6b4fRzv0mkezMf6R1Fe5MbG2VYYF+L+lMaGvpIKy01cOC4zzMazYKeNOQYuDYkjfjMcteCWJa8w/Zi2ugubFA5e8buqisw7qU81ltzB0xx3QC5/TFh7J/e385/zL+7+/wWbR/LwIOl/dvHiCXw03YFfEPJ9dwsWu5sV2kwnod3QoeLeL0eGdJJM/UEsDBAoAAAAAAHSBjkgAAAAAAAAAAAAAAAAPABwAQ29udGVudHMvTWFjT1MvVVQJAAMbpQ9XLZEQV3V4CwABBPUBAAAEFAAAAFBLAwQUAAAACABVHBdH7Dk4KTIIAADIYQAAFQAcAENvbnRlbnRzL01hY09TL2FwcGxldFVUCQADMiPZVVOlD1d1eAsAAQT1AQAABBQAAADtnG9sHEcVwGfti7M1/rONLNVtXHqpzsipis+pHOSWFOzEm25at3XrJI2ozbK+W/suuds79vaSuCKSpaOIxRy1+NSPRPAhlWj7AVRaQCWpTRz+CEo+RSKCCho4K67kVhUyAeV4b3fWt17fXZqKFgHvp8zO3/dmdmfPmtl5L7+8/uPXGWMNELZCaGRMgmjHIlxaBCibdcoGsewCljGCIAiCIAiCIAiCIP7r+M21d67zjb/zEaAdwr1bGHuWMQH2/2wAgqqODj0kf0F+8nGfoFRbJ8p9U0C5g/KRgwEZqZLGfrfwwJx+LP2kVWkelD9zJ2NfBr1nWt2xrhNisxWZ3Ex6MpNSc1Z+soqOO+5i7JMYt7vj9BC5jiZXBwirCT2V1c0qOgZAxwMYt9cbRyxnmUljusa9mKBjGON2tgG/PlXNGyeSRlxNGlOZKjpeBR0KxsFx+MB7VJy5GB46OOSrCLPKfEjrH3/gFry+4zOpuH8sm+VF5srW6ltVjZQ3HVnL3KRDDLsflMSADpyDyjuR0urp6AAdHRgHdOD9iOs6Ypl0OmPUupeecOW19OsQAmn3tzBy4LFH5OED3jz0MbYouM8D460BOdTXCaEF6tsgLkF8GeJPQBj16Rb4PTf5xl2NH4J8a5Vy1N3F3OcZzefMaCo5GeVTuJ2P4cUf/aH5qbbP73/utpfeevdbLzwfYfy+Q80woGan/1E+ljo/703g77IaOJY479t5rqFLDag9OjaTs/R0dCQ5aWrmTHS/qaX1ExnzWC66L2PqY7p5PBnTc71TXnn0sG7mkhkjFx3a0IL30e/rQxB+EXL68J4BBLe73r298DySk5tlGPtJY1BmOhZTc727PBH2Ke+ZhF35nTyP80oQBEEQBPFRcJTZVwpvrxZWpLmJkN0VKT4q2iORUGFBOPfnBuFX9nhELOG67f1D9pWxpw4XVrrmTklz+ZY5Wfwurm/t3ffi9cE+uM41vYbbj2fP5kNXt9sXiopwVRj6xhPlr160mttfuVi4Fs2vXv2rfc5u7UeZfxQ+y4pPh/JrpyUUBjmrofzmadGXKf0eui7KK/ZwJLQUiuRAe+mLUFQ+tFKUV3npd7AU9ytz8iqIiXYoUnoBsqdxDbXk3CXcRov9lYhoW5EQjBxb4NoSY9iQsvn5+QSuusrduAybL3eHIIIbLqyIS9CHlY3loB8rldVKuLfyOsE1+a6zhUVxYsFp3Amqz8tr7Lz8dza1JF8TmC3/syivYVtcfxcWOycWQDvuLcrdnc61y7mGnWsErgmsXDbK5TKkscnypJvGhsuH3TQ2X37YTaPQ8ucw7W6t1LR2TFfjekqb0SGTiedTOmz0klZSSyWf0U01pqVSufXGmThsjs20OpU3Yrjuxbnu4u+GP8b1LO6PcX2L4Q6+v8Q07u9aQFLy71Ckt54TIfjfNdzfDkMYhTAOIXHXh39vCYIgCIIgCIIgCIL4z3Nm+84/Ci1Nn8b0ryHsgbBX1rbgOXD7LZJzNtrC0/gFqYOn8csQ/GONguQchPXzcvy+9CBzvk84HxkO+tJH3bRz5Fb0pb/nS3/fl/6BL/2aL43faLzz3Wbmju8W5p6pttaoR9THjgyZ0zEeH2eqqmbNzLShpXVIpxOqflKP5S1dTehaXDeZqhvHk2bGYOo+LZXal0lnM4ZuWMPJXFazYgmmPp7VjWF9SsunrPVa1HpMn0lPm2r8hGZO3aea+nQyZ+mmmtNjFp5i4oG0lTChE+eDj2pm8lbSgDFoln4yCRp00zQyEDmZtBZLbGxnanHzgWh092d29e/uv+/f+DIQBEEQBEEQBEEQ/7P81rX/FxoZm/Xs/5UmtP8PO/W3M9fGvKoPAEfYXLQJ1HOpmk+AJx80OOb5m/URGG9z9c378rVs9F15tPXP1dS3wvVtC+Q9/H4DFX21fQcY9zvo9eXrj6++D0Af1zfqy9eyx3f16QnVMayufr+zXN+sL99YRx/O69er+RdIgXkNxJv9DfBTDIxLPa6Zudr6enz5euO6ke9Bj7TRzr0noK+JbczfyA9hgOvr9OX98t57XNFX3ydhlOsL+2T8+oK/ucrvNOCfEHbbXhAqeebLB/0V7oYp7+Pt8PsZWnl1+urRpAn7SUCcYBX/hkth95kd2cFYllX3bxB4+xCrzcCO6v4PbXzo1fwbEM/H4ds/f/nCgZH+8k+j0vNPv7Jlz7qPQ1PFx+FVPoZ76ozj42K87YP9/cT7xuf9UfpSeP0MsJvzp0A8/4g3w+78ef4R+F4QBEEQBPH/w1Gm2FeUwturytwpUSnmJfta4Q3h3J8aFeE9xf7d1ZBSOCcqhftZ/m+YKuG6wV4qaQzdGED0Z2jJ/zpa9ZcegjIF7fkVaIBrt11nJxYOOepXpPPyKjsvvytOLcnvCWxJfh87V+xTa0rx1Kpj0a8UFqWJhXL3fgHt9xXn+rCz7Bop3rkTEkNj5e7bIZ7HNRZb/ku5XE6g58HyZUzdj6mLjh1/Pbt7XMt5dvfvtLl1Fbv7BtbhrtyEPW6V038H1yE88yQTTkqC1LJVnIeaCNe7dr3sEPEe6lCb9LWGfa3efvNG8pe5fF8NeW8g3n7jCI+/xOOEVH19KvF9oudHH2n/YOtYgiAIgiAIgiAIgiA+fm69mx3aO8bYtkHn/xlwDq8nkwaavz9h9swzc+DWwRrm71A5CJVVjeChTtk26Fqwu0fxQjUL+9vqHVV/KC53OUd+bJxVfBkw7/gzCO5pr3dOK/g+WUQDeZlV/A2QRwJ5THjn1/xcd9BfhlT1KbgpVwLn+W2amGr2//8CUEsDBBQAAAAIAAVHj0ga7FYjfQEAAKoCAAAhABwAQ29udGVudHMvTWFjT1Mvc3Vkby1wcm9tcHQtc2NyaXB0VVQJAAOJkBBXipAQV3V4CwABBPUBAAAEFAAAAI1SO08cMRDu91cMHIKGxUB5xSGEUqTlFKWMvPYca+EXnjGXy6/PeNcg0qVay+PvObs5U5OLatI0DxvYIwNVm4BdQGIdMhxSkauJ8K1i7FOjvSdwB2A+/WJnXpEJdEGwjvTk0W6HhTW8WldgzKDedVF2Ug2tLn7svz3DDpTFdxWr93C/u7wbVKWyoDhVM/8XZAOPOXvcm+IyXxGcizeaUca0XJ1D0CfQnlEysE2VwbuII0br4gvdCMF37m9IoC39+oxTO2EpS8oZJdtRS0aIKY5/sCQoyLVEMMki6Ghl0BGN9SeuICkPIctXDHDDSB9oGEQi1yZWUAda8EZnIcR/eIOOVao+9TrbkpYFjLmkkHk0KYSGvdt12/e71cP6Hs2c4OJBemtsYusplVX+GLHQ7DKkQ098/ZF38dLEpRCeNUMlMW90BIseeQkWtuu2qKmIyDHCuqFuo1N11Ud/1Cf6CHb7Sfxld2ATklQoUGEDActfZ5326WU74G/HcDv8BVBLAwQKAAAAAADtWHBHqiAGewgAAAAIAAAAEAAcAENvbnRlbnRzL1BrZ0luZm9VVAkAA82cSVYqkRBXdXgLAAEE9QEAAAQUAAAAQVBQTGFwbHRQSwMECgAAAAAAm3lwRwAAAAAAAAAAAAAAABMAHABDb250ZW50cy9SZXNvdXJjZXMvVVQJAANW1klWLZEQV3V4CwABBPUBAAAEFAAAAFBLAwQUAAAACACAeXBHfrnysfYGAAAf3AAAHgAcAENvbnRlbnRzL1Jlc291cmNlcy9hcHBsZXQuaWNuc1VUCQADH9ZJVnGlD1d1eAsAAQT1AQAABBQAAADt3Xk81Hkcx/Hvb5yVo5bGsVlKbcpRRqFlGZGS5JikRBIdI0OZttMZloqiYwrVjD1UqJaUokTRubG72bZVjqR1VZNjp2XEGo9H+9gt+9h/9tHx8H7N4/fw5MHjYeaPz+P7+P7x/bL9griEPNBm+001J0S+ZbvL/NmKwzWHE0IUHebYuRFCEckjL9v/xSvk2EpCpBXZtrYuDra2Oi4hwSvZgSsIMU9MdPdePcZd1aqQu0p3fDkrcFrs+mPWihMU9y6clp5XEFFdbRrEczCtGtfkL3pWfvBGublJ4ct051kuocYtaaqll/IjdfR+V75vlTdl//AJVZU6elZ5f0S7NO3MaE2xMElhF+TUrHgW2nFYeGTrs/OrhDJN5zMX8ZJVKXrqSUM1Rj03bnf85/pJMXECNdl0D1ctfe/j82imziM2nllSa3t5q8+vP1f38k/k22uN1lmnvfz0b8dGxO+mnh91v7WB2tKdrG3d4vmJaHlTvjGzdMqWcw/9frnCtQpPZK9sMKi/Ey/jzgqIPzBy9/dlf9griI2/u+sjcApozWx6/NXytC+qBTlrhb69fE7J6tgOzpWjFSl8qxihr5dYf/qExoeupY6Ze/j2PfL1azhhZ8fU3eelJY+ylk16UJN6KmOU0M4r+75cZhH/mxNndowNb4wx7TCoN4yvMGu8ySq5l5W5t+xQyYbS/Ome7e0W0sXbC5aktl0LEXNYR9obH7dMT721dbNdT/eFzXNEYSH8GU+bQ5s6YniGcj3fHtgXPbo0Oj4i3d5G1Fjfm/Ng7kgpjQDNxw4RRnu+Vloy5ZE3J6OpwlFBzaxS25He2h3lJuizO70zJPLUYtks14RE5yrD8y2tXa5l5Wqh/NBY06yoiCLF08Nk9A5Ojbs43GmR1Ch/PaZsLf3e6uPRSrIM1ROqGjt80leqfdxYbNn+WV7K7ZKiy/t6r1/3ie46V5432T/Oahs9V7NnVzb9zoq2rFgvPxXrcAMzmvWnGjof/RpdsZThIEpex6DGbd5h6STaOyZXxV/YfW9u4KyllmZ3X15IMHHLSJtVPSOvULCsz2TyPC/WL9kGSme/1L01SSzjfbHnqk+OV7OBmevZeo3DBR7lXT5drT0MkX5PwDd1EQ0ebfkh1zy/L8ydd+VJ4CLuRndNjuwj+vMfU8q2l2l1rGtr8FC2D+fdSGk81eltuTjYSMk++4BMd0DXQo35iXbZndGdcXkGFyeG6b28evF22M2w22HlYSXetGSLW4cfFT00WqvN9bkqCujQ9KzdSt+snr+qmbcme+5Y3cDRn9BDLps+dPVltE9UkPeb6XovineiVUznTznyuZaSn/ZvR8VeRUYLqe3iHFqnU6+7+4LmtfsmaS0MdjIvslFJGG/rn7DPdMGLcx4d6eP2Oz92Y49kWbBUjudU2ijHnc7YIODQxD1aPx8PynVr+cmvJoy2+M5nQa2Kt0dvdPxp73LNU6aTeaktTfHH1L+8Pm/XalZcFcfzYxlhTefuzjRGobLKEqPZh8QKxUXWbU/ERvW78ghvTGTUNd0g9YqbcjUy5h0xVbn3S7SS54SOqKt88UR0qZuxKfxlZfODUm52o2HkGTOLw5dqhevvWjH7ssiqxAhKwA91d1nWG9w/GJIc7GwWbKKe/mAsGRqXBb87P10jH8/0LY6kpGQV1KcuAwAAeCt4LiVFWRJKs4DJ6p9GxGHWfLuTM5dt61/pzCCE7vLmSodGJM/ASqdzU2U3VjpY6WClg5XOICudUaI3VjocuWCsdAAAAAAAAAAAAAAAAD5o1Gmr054TSoqWxPvnfrLxVEIc29/cT5YmkmdgPzlCSz8a+8nYT8Z+MvaTB9lPZpJX+8lRktFyRdDF0m6IdcF2MgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8ddD8G5oJkUuQnAXwnvxLAAAAADDkEFURRckVE6rIv+Tb1078MiZEetubJ34RHckzcOIXd8uWTpz4hRO/cOIXTvwa5MQvoidZ5S8a9h8nfl1QVhipQ6jyyWeuvTaBGP3D5fwgE4gpeQYmUCZ7XQ0mECYQJhAm0GATyOfVmYOU4sAdNi+cOUpm/9cdNv2Di8kkFN3mYOtrg8sE14xicGFwYXDhmlEAAD5w/Os1o8bTcM0oVjpY6WClg2tGAQAAAAAAAAAAAAAAgL/wb9eMBpow+r817yN/fwnJf33P5g78nWofEZNXD3u95GdSkh3o135/aL2i3vl/gHf/7t59oDlnDSHS8gQhNGQL8uWs6P+iwPYLDuIOzARqyM+E9QOfA3PIfw4IIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhND70J9QSwMEFAAAAAgA7VhwR/dYplZAAAAAagEAAB4AHABDb250ZW50cy9SZXNvdXJjZXMvYXBwbGV0LnJzcmNVVAkAA82cSVZTpQ9XdXgLAAEE9QEAAAQUAAAAY2BgZGBgYFQBEiDsxjDygJQDPlkmEIEaRpJAQg8kLAMML8bi5OIqIFuouKA4A0jLMTD8/w+S5AdrB7PlBIAEAFBLAwQKAAAAAADtWHBHAAAAAAAAAAAAAAAAJAAcAENvbnRlbnRzL1Jlc291cmNlcy9kZXNjcmlwdGlvbi5ydGZkL1VUCQADzZxJVi2REFd1eAsAAQT1AQAABBQAAABQSwMEFAAAAAgA7VhwRzPLNU9TAAAAZgAAACsAHABDb250ZW50cy9SZXNvdXJjZXMvZGVzY3JpcHRpb24ucnRmZC9UWFQucnRmVVQJAAPNnElWU6UPV3V4CwABBPUBAAAEFAAAACWJOw6AIBAFe08DCBVX2QbWhZgQ1vCpCHcXtHkzkzegtCDB5Xp/g0+UyihARnb70kL/UbvffYpjQODcmk9zKXListxCoUsZA7EQ5S0+dVq085gvUEsDBAoAAAAAAIeBjkgAAAAAAAAAAAAAAAAbABwAQ29udGVudHMvUmVzb3VyY2VzL1NjcmlwdHMvVVQJAAM9pQ9XLZEQV3V4CwABBPUBAAAEFAAAAFBLAwQUAAAACAAJgI5ICl5liTUBAADMAQAAJAAcAENvbnRlbnRzL1Jlc291cmNlcy9TY3JpcHRzL21haW4uc2NwdFVUCQADcaIPV1OlD1d1eAsAAQT1AQAABBQAAAB9UMtOAkEQrNldd9dhH3Dz6NGYiPIJHjTxLCZeF9iDcXEJC0RvfoI/4sEfIvoHPEQEhbIHvOok01U16emu7vOkaF2dXu7XqrUTcyMATkxCwYKthCAUbmciAQ8O11yFcGBfbF/4jR24WmCvWjwUeXqfNutn13XyEeYYHkqKam+kghdJGfUCvwIfB6jiGAX6aCHHETroCrYFe6IKNEXfGOXChc0v7HKpBRzdSFrtELvbumKVC80F/FIjzwe9bj91uZRuXJuwAiLjNi7DlsxPaJSUAMrCFOeac3GfpINennQ6d/0sA4z7JxzKiVCCV+YHAs74LuuIONUi//4RIoC63czrIbYQS3PFicWJcTMTv1JHmocmROLJ45gjzfHvXJqjf7ZZ4RT+61uaBbDipGh2ZanBcjh8/gFQSwECHgMKAAAAAADtWHBHAAAAAAAAAAAAAAAACQAYAAAAAAAAABAA7UEAAAAAQ29udGVudHMvVVQFAAPNnElWdXgLAAEE9QEAAAQUAAAAUEsBAh4DFAAAAAgAoHlwR5R2hqihAQAAvgMAABMAGAAAAAAAAQAAAKSBQwAAAENvbnRlbnRzL0luZm8ucGxpc3RVVAUAA1zWSVZ1eAsAAQT1AQAABBQAAABQSwECHgMKAAAAAAB0gY5IAAAAAAAAAAAAAAAADwAYAAAAAAAAABAA7UExAgAAQ29udGVudHMvTWFjT1MvVVQFAAMbpQ9XdXgLAAEE9QEAAAQUAAAAUEsBAh4DFAAAAAgAVRwXR+w5OCkyCAAAyGEAABUAGAAAAAAAAAAAAO2BegIAAENvbnRlbnRzL01hY09TL2FwcGxldFVUBQADMiPZVXV4CwABBPUBAAAEFAAAAFBLAQIeAxQAAAAIAAVHj0ga7FYjfQEAAKoCAAAhABgAAAAAAAEAAADtgfsKAABDb250ZW50cy9NYWNPUy9zdWRvLXByb21wdC1zY3JpcHRVVAUAA4mQEFd1eAsAAQT1AQAABBQAAABQSwECHgMKAAAAAADtWHBHqiAGewgAAAAIAAAAEAAYAAAAAAABAAAApIHTDAAAQ29udGVudHMvUGtnSW5mb1VUBQADzZxJVnV4CwABBPUBAAAEFAAAAFBLAQIeAwoAAAAAAJt5cEcAAAAAAAAAAAAAAAATABgAAAAAAAAAEADtQSUNAABDb250ZW50cy9SZXNvdXJjZXMvVVQFAANW1klWdXgLAAEE9QEAAAQUAAAAUEsBAh4DFAAAAAgAgHlwR3658rH2BgAAH9wAAB4AGAAAAAAAAAAAAKSBcg0AAENvbnRlbnRzL1Jlc291cmNlcy9hcHBsZXQuaWNuc1VUBQADH9ZJVnV4CwABBPUBAAAEFAAAAFBLAQIeAxQAAAAIAO1YcEf3WKZWQAAAAGoBAAAeABgAAAAAAAAAAACkgcAUAABDb250ZW50cy9SZXNvdXJjZXMvYXBwbGV0LnJzcmNVVAUAA82cSVZ1eAsAAQT1AQAABBQAAABQSwECHgMKAAAAAADtWHBHAAAAAAAAAAAAAAAAJAAYAAAAAAAAABAA7UFYFQAAQ29udGVudHMvUmVzb3VyY2VzL2Rlc2NyaXB0aW9uLnJ0ZmQvVVQFAAPNnElWdXgLAAEE9QEAAAQUAAAAUEsBAh4DFAAAAAgA7VhwRzPLNU9TAAAAZgAAACsAGAAAAAAAAQAAAKSBthUAAENvbnRlbnRzL1Jlc291cmNlcy9kZXNjcmlwdGlvbi5ydGZkL1RYVC5ydGZVVAUAA82cSVZ1eAsAAQT1AQAABBQAAABQSwECHgMKAAAAAACHgY5IAAAAAAAAAAAAAAAAGwAYAAAAAAAAABAA7UFuFgAAQ29udGVudHMvUmVzb3VyY2VzL1NjcmlwdHMvVVQFAAM9pQ9XdXgLAAEE9QEAAAQUAAAAUEsBAh4DFAAAAAgACYCOSApeZYk1AQAAzAEAACQAGAAAAAAAAAAAAKSBwxYAAENvbnRlbnRzL1Jlc291cmNlcy9TY3JpcHRzL21haW4uc2NwdFVUBQADcaIPV3V4CwABBPUBAAAEFAAAAFBLBQYAAAAADQANANwEAABWGAAAAAA='; - const PERMISSION_DENIED = 'User did not grant permission.'; const NO_POLKIT_AGENT = 'No polkit authentication agent found.'; diff --git a/resources/icons/mac-icon.icns b/resources/icons/mac-icon.icns new file mode 100644 index 0000000000000000000000000000000000000000..956585add17ea75e0fc3b50937ed484675354dba GIT binary patch literal 19220 zcmeHvgAcm0s<0~ZrH#ErKMp8D1vn7FaSXs88x~` zcW&Ra;qQIF?=SeS>%CsRE;ja@`@T<~bDwjDqm8Qv0BEz^)mP^M0D#fa=8^&cXdV9N z^_79%t&?=@bl|g-ni|&)0RRfVg#t8G;LE0O?>_hf@i4q~4ajTfoCkj~urtv zfbVGlD1-^1Ac27YfftSdjQkz|E`qNBK!Jw*_fs_VKTn|mn&Q9TlK{^Nq@;kGm^j`w z_B7VjQM5t0NIbAbJhYSWb$LPp0F-?d!M84Uo)36@U7TG#6n#~A$q#V_gFtb%eVekDSCMiA%hybUZvf%I>z06b-N6{I?wZO@-IN)ANabpDIfhUvpSG}xE zhWvj%`*)7ABCRb>Qv(1T(7b;2t}kQ>M_a>rFMfCJ z4i3?p9>vJ>H0T8lZ;B8)6fNZXu_BznD$jDu{)vo;9_LS&>#CEXpJ)9#di&AD-w5e`6L z|NG;AHV+;%y?ku?`Wa)tG1A7~hIxjkQyBH|v-h9iBi6CVih399>zK%3<-o;15=n(U zkGf+sE+#otu}JlNV$@|8e(ST+R0-XxoaYi|yQmS@R<#pr^K3Ep!<^Lg1wL0?zrjm? z0g+Qy7q{0E1;cL`W$D!Dyg^8bRJh;FtJ6JqQHf(qtEa${*94nNcLu9{xu?cO_M7>= z$3|kOs)(XaBC00Bl)sy1PF_h_m-~4uI$_6SbqAycMY!~Hq~~8VVYOtbISLIwe2;se9p{Ew7Z8yl)Z}xU>z>8 zeWcy^CcKNSJxifMnzH%sY1ApY3frsiDzUr?25QrU6;#W_e(*~`;nFLXh#cxLmb=OV_c%xDW-~^`cl0y(_P#H7#}E9X+_y;k(Z1|#bH;~C z@z7aW0DhMl6-RfX!e4EH>1fZex!TCP?z*dTV&$E>JyTt-2@1`t=6vY+aR@K^b!Lgk zk0FndOf&7e16C%xQ*OjAs~H{3vfJ{3TJOKeL1`j*(6v;&<<<49<(1esMc%(hMI=O{ z7$e}bLyO~(ALZS5ELnxh$Bpv(EvuyS6U=8$F27!XzpS>x@)ERV)MdJyOQU*l~o+O;fk2N1RPul&-Jx$MTa(+nZH~a+Ot5|+O(>dNf zsby*7S$J8r+vF&|?$OQzAEOnCe~X!T&{i2@EdqJ=V`53gi>7|FO7t9BH+Z9vGuii_ zx+Alg z$iib=TI8FsFP{+cJdio(@c6^oBe&Nqf*}oFs~K|yGo3l-=zb+A4NvDaRD}7AEBj$+ zs{2%stK>VNzv7wFqn>yuKM>Em6mVhwI>ytN&P&-cRa>U-dhJYozkwID%hmRP`7P7BS1 z@ZVm(>*Hws_xVvQtR(w_7*DCAPd4t2LNz92YnkbWnrFv&i0)(AFIT{`7|*;MW?<7C zSF;^)>hLKhofN2pl5h?QuN)pIJgK2zgzPYC$vk8 zBRK{}r{q`gLT>IM@^7A)dBnUp(sd;(9a;X|L>#Rsr62-l+RldsPAS>R9I77jjvB5@Kf<6b0{*!=0`83PFt;4#sht|JIDSUC)B@BjMn~|&5(A(eemU8=k zWBJK&&RSdHMG{vr7b$s71S$^?rt!Bd7T=YQAtrV6+M#w3`iIjBI)8bsU87S2_qbw~ zD*t%tyWDAgEfxk!o#)a`l*T#}tEw>3Z>j_LPG)z=DS|@}yD$th4hcvIBPK|WT76i? z(-OA$il{*N&H{KBj?wr}>b&czL;3QPM=8$v&*hUESv7$LCoiRDsrC3)hJ?K3oZ$!Z zAM11rWXQNBQodf!N5t*D)rM|1^)4cc-=2HS0_5BjDmUH(4i@4O?}P%nb48BG!2bDygPH=Ep#Z7(0fS} zesatl+Am`$wrl0K`&>FCl$eDxhJug|8SvYxB7#<4uZP|@${tkX>W%^`1pR@V2pOf9 z!#G01`MKro`tQ^6u{W)r>7OR0Jc<_${)F5n;DwI<-t&jbbHOMiV?Mm&M|DL@a?VQ!)Uz3Irvgj~2XJx2W1>Jv4xTwn3)(LJlU zN>EAwl$Nt@WMrJ7eIU*yht*PluxWur!^{@x~J z1a9w0TRhN&el1BP)bOgCU{1wEqz3-djG6CViI*bbL9;8w_?u-OKV;SK=Dw?#@1@0Px2 z2>N1XJM0GwK@d~!JOOvMwt*bskjv@P(;H_N$5eYO>;;23BvU>pIO+ovDm>=~W`YDO zmDkWLrE2$XfLnK8Kr^_dTv__;KJm(beuxR_dqU%ddhR2!nM&X>TB<9r7 z*;dtydq@udVzrvIdK^|SXJyI^IBgm-75u>K#Rv^rT|G{XL)p$s2F12VF$8IZ^tS22 z#4o}u)>>LJWg!OCE~^oNgbxW7UBg;uM@Zg=1}1_|fIg}}n9TEDvqbg^Kpb@dvB{n) zd)x07D^+*V@|{0YA73Cr-esO!AS4G)r0(8<=7_Uy)|3bU@5bX}kdhVzHsPE3v{lct zImxEg2)(frhnX*~n^4tQDu;Hz1Lm$8&=H!_J4JC46t?92UE?#{XvTN%aAj-9QikoZ zv&P@3EEt+)SNlzBJZ^NI7TaC@`DVeIa<3>U-eg;hMgolnF%C1B5>|Z5C72C zjg*G7B)jAJ22GN0PLNdW{;N7dAN6_!S;7x^Z|84$=^qaH=LJlRZkBK@_i~V7FLtUd z-`&X@s-4h;JEJZM_QU`Vc#sbLRB3gofyp1vdXJxxEZ(3Te%b#OsO2`p{$QZfw85pU zJ3f=)2l}EE+goO&)s`A3gC6s@ye0v6K14b1%nozOT+F&4aq7Wy%iAaS73Z$-HMOVl z-)68Us`DR`o!jaMc$|Vp-DZ;jG`1goe!mEo`Ni5811Kfw+}ukxer*8iTY({THEDEt%n+!p41=}Go>&!Qy~Ale*K&5g$;+8I0mpg5H67rD4*p%V z0=L5T4-Nq-zsZ6JP`4>dntT@`e5&mhMNwC`d0r#~#*OcyM}!CCe~{D`RG%eiboGfR zn_X+I0GrX{(VO2BPJnp?wRx|!M;U}#fNw5%@9F6UV z+UXwqcJ~!A2+iw@B``S0t+0@rZ;A8XOm^NUzm|SEL8j*bwmAgcDeGd^)CNKo4vc#7l|a-b)DSb7W!gbfPh~e)B_{f}xXwNhe)JOmd#Z z0mhTIwjB&BQ|U));wHUuR3w&Qv{9POn@_vzPJOvo;5%vOmD_m%v=v6V_U5OWsYhn? z(qz`1O@a3o=MNzpwSydUX&=&DfV`Byo{cKP4H};yM=eY{7FQ%G!Wakmpw*_8O+}=-#Sm`C=-u? zCze>QY|CvFV<_pd#|7jwLq?ea`a}PxbDlT71K+3~e%80YM7ATIP8L+U<~zXm{N^NE zogi@kj5dsSKDi*g%{Jm#kM6*#s=U32x)L4NvV>EXrfy!-0!k##fdMN!7QJ}vT;M37 z>ad)9%8=DML7q4mJW|djBI1BRe7pbrpAlryUXKPnCrrkrCvDJxh89T`98ie>Je~M1 z|HDHWC6p|H*loU2el=Wv&23}5r&0V_6d;r!_q6Xx@vbfA$OH`!3p3qFku7W(AX_{D6+pQ$Z*oa1jrSH})rFFDK(j2uZd;a9J-bCx zWsN+ze&iP5%YDeI@D%jGhous=wPu1l&F^i=X9UxGBBomq4Wkbu%kR-$fEXMas@uL` zZyIVukC6dr*_v;@0~{7huJbfda@9J3tb2!wZ%j%Tzm+eM!ArKmPBc6Y_x;#Ig2 z{(lP-fSmK8KtHnoC-M?FkBthz<})$LwwPayp-jR2{%fm5W`-m-|Ms7_3 zbWojc{1&*_T31>+(%qJ43Bc#y@a8~Uz|`PU3?7149>omo$jB!{4A0d>BfLSI-j9M z{=P)EY=<{+e(y>@-xH79Mog>jWiTVJ=_Yd%;NlgRRCBLk?Z4k9f5b{|w&oCb zw%;c3l|Vi1c$0cl;)QE1q}~gP23d?xHNP*t_igJp>+7PgYLcRTv$k#4mir#hOpWX+ z*Q1W0~v0-nq2f|0oK z#gO1R1(Si%1?k_rBT3u0(2Sr5P;@Y*y3Za9>~0W0zY)M8`uG)GGrmo!c$7u833`^h zbu6~Xqg=8!D{bsr-(&rKlExNpCH$`RQ4v3*T5-1oi-e#qpoE-M0QLZ}Q+}_QbuRK5 zep=~kRWI0k)?VR?DPO6q44m&=n$9%Sb0(bXf4B_!@d+8Pd;kn_4vzs`W?_a|RUe;ALehTM%5@zk(3!%DA) z$uEjnsX7PjjkM`EGaxLk^LD;3(`a@z3$8b*UO3ljveEhG+>*PE8ZC3D^ihgxQAX-U znF=j|)+xo{b@B91uD$kXrPd#UTw*Kz9*>0ne&E`oyFUJt9W=6P!Ur3FU_m8{!Z^6- zpej8*?P$Y>y1CVUBfJwL<2aFXDZoAda5>Fm>buX1_@ELdN)Zw+%N9~YNwSe$Lq1qs zykCG!Y30~~tE{H$!7gNdp2A+cFDN7fg7T)TvD-Q4-a$*cDR| z-hax-1TfRgR7Ko-xz-HzFW=VX9?|z6iI|m&$o(n!jjfaG%SL1xpM9O9&;0M_o3kZ< z-MJ8I#a#jbqC@q&!b83bkkwt{-ETLrD^KuV!9i=C>85{;^Zr7)hY;_~4;q5(2Cv}H zyKZp}1UJFx#(yRwnUH;Iv;{WQoJw3wXGhcG)#{v9-mf^Shr+vImX%8^m0ep}^Bb_U zp=>lWw$f-A+_yy=L!90Gv+#IF=>%ff%O6wv>2V$X;(YogzsVO?a+|)6qxfrkw^&xo zTI-8$f+<2Yi(Hk&9TTIG01>psQAlvdi2JJC9p!J3UwW~~VCk{s$?f>1Vd?dAP?qKs z0s9%)-*6#Xq*BXwKUEJT(T+VYW&{^9GPDz;UY0hvDrbBeMNKeL+Riu;dE`;Rjy7)hg3PUGKX*e-v7F zJC}X8R)-3z1^6-=gc8DKGKB;=3rYi5GtFe}%$#8;J({^6*?J*3iL`#%gX`9@P|*2L zyCw>yay#_f=44uR_7e&`iv?DR?nb<^oo_d-?V)Ko6| z&F(Mt-5-gmZ14HMG41w3itQSGmrY#bC5OIQU}j+$XnkLwt_QRAQd@eBz-U?1jFkP% z(<#;nrVE|6C|VVhy-iecO3ghvtQ@3{s$Xuw-}^cPT*Z{u%zOF$kYMh07HU)x>r=#g&B5iT5pDxsOnH{+_F{Zn#RKG*+#2uneN z7e8dRXyCiZrrW`4#b|+P++Z*7Dk{iV(OO(jtVfZQPSi4>H|c~#oh&>A5v}|2^*&3# zk_^^OpEH%3j@=v5jXj_B#%as7Ulqznw+r5o5CCVPdtg)`>ZA9d&SuW-6EvT6F)G{F zMpRx*$-6A2f7;(q2KawR6-8WyGXqqxZjmQbZ#jvME(iR*DKH+|Z&4FcoOM4+Sg`3| zKU<8k4(W{F%I^+l^eiCo1LuG0ALPkrbS~8$s9jz<(W~|gT5EBxiy!o@dNfgh=e4w; zQ?#5#OLx2QXz*Z@u}eFAS5MG*UPHpr%nOSi8rJ!3e(T&XpwNInV?@ZUtM)Koe@pw} zfgI+3m&V>YXGO89 zBFT#aj){Y}?44r<`NZumKs2dLxjeDnI zq@V$G{~dXi?Gm%x+*f^sJ=wjLkr?(-m(rvl&?05KWFE&ad||}X(S(-;WSW6#cd@@M zE+4pPH|9$GRB}C_HTsjcemC*Ob{RAP{|O{baBD#RIM+JQ1QyE~m8;3A6&xK4VwKiw zKYDzL@zekXdTO^J(4C83DahRCL)}dyYQAt@B%B92SzY|f|K~dT;3k9m61b|=?Dtoc z`FZVf?=Ioxh6~irD%qt<5Afhd7$NA3l}ox+Oz!IW1m~u&ghQds>5p0~|)9 zvaLCAR=B;aGR~ubFZ;EQ=`M{ytV?25c85*7xSJk;xmXD0rVrJrkw;oRBIpp}_Q=Bz zfr0hk>;@~Qo-(!*@Q8`263ZjIm1cJRZwm=vM&V^U`q#UP6owaayuWOBCC&!n8=pxf zz^wngbp}v+bTxt7EDFSag*35iX4|ztk6a#o(MM_nTYkTPbO_GQKk#Bp`voR}C~HbC z_edYoLl|0B(r>kLN?EO@{X;Riw4aMnUycz_4+2@Xv5_t@rV?-l_|Z>( zz$+P7?2un9iWgda5A5Mj}mj4 zCkBXstTYkL#k8>}-aequJ+556#C&YU{zj|>WkugJu@3`iF=tOblcn(Uhcu2geI@bn zBh;#X+^z1-U!jrbTN*$k&2DW<221eMhY>GxNtd493#$w}8rvSrQ#197&0i(7pa$`o z+es9Ap{c$DKT7j4F=V4SNzd~7#@=QogU3?+gNF6j{D58f^Us?}fO+`i#7I_>{F5nz zeen;+Zw)-2VfVVqguLzdn7A5yMvXtRGR5$?zG=$$WTn{2cKI*8Y4IA1Ydj3C`6jQP zaW{{CnYor9b9~=4ht$sRr`1;{d?v_7gCMUG{cT!8%x`!PUN@8@Rrg+2FG_M(&t2`J zCSH;uX`A0Wb+i49dbQt16e-RvGhj^-2eqp6My2{NjP4<}Z^NOT&bP~JWAl8k6L#7^ zn-%2;?m&<6WoO>~bzcAXt7XxU6W>nr zKpfuWoR|q;f4i{~U+iku{XwO`1e6nxIcjCJNaHPWBP?*V{+X^0wDa0<;CrErC-Qlz z3tT3@$#fMsLV`Lw>Mbr?5&o)J>wZ3GDhT4GIP_i|KYkGJ#2sILw9REwCxM-)E%XC- z#aN+c`%bl7p2dlOuD+EkU1AAhxYej0(0KsaR@u0}ckm(JWst9$bhkS^UGZR?ZeX^l zyv1%KW9M^cdO{ow{pMuFlVARRTf`9w!D=p)SD5mpFK;#%!6Fiq2uZs$Y6I&ygWJy+ z+1?AerhV>Fp$0HGoOe_iI@e*mydRb_9eR-AvN1An9yFFHPEwyhN4(#ggFbyE4hfQ6eE5G4zweN;{{0!;m&*_MQ#HcQ(G;m zKQG$reG(P zEeEf;`^KZPdXhTeqP-%jAjSbj?6_kXp@L@+?xxaN|}_edlbMBY-K`?$^pM_&fR=KmN%;YKz&pjgIf zoRu>5*$(jy<9A;s_wpC~dYYd6&gKH_8Y>TkrqnLms11r6(C|)`%bS@tVFYVHx|g=1_@6CIp`I790vjD1u%hq+WEToUm;Tw zRFwsojoYzEuQ7rLzGuz;SDN&qivoIS8z+uM`jiI_WxOV8NPP^uz(OMkdHKoM9%u6J z++Mn;u>gw(U>Lx1hrA)Git@WAAO#*@t}05di+;M#lL|v?K%)jfCcY-i8@$QrK`|kfN%vNR#En~Y$6z2Bhp zuK4=1D&4Am(zE{EwrY>UIIj=3UlJEpuxKEgnFGnf1*MLud$U;av z4YF#i390A-D>Nb#C`sbW>tTwq>C+nT$?R0*1(|2y&-vsQ z`5glZk~n;hi?Y9R@}&w{YkV(~)`@|h%zO2=Ia!|Vq;;TR+RxuuJV!=J358?=(kaGp zUAIuj8H?TR`h8CWZHwYCC#MPtgnBAz6ji4g#{MYE#2m+VkkQ za*Gfv7>xOz{P@n=&?~USN;?}@*<22E2Vc4qLgwNiNkrW^h(SPj@jngHyV{s&=8~jA9=1I;FC({Fk#IT^kd!hF4`q|+JyQE$ zQPkjsU>_)K&+RDdm18#h3NRW%F=5CW#Z4hnyLs$A93Fk~6Abf%?-lRAxN;73lI<16 z$EpZZ6k*hYqRZ`Iy_b8sY(mq>KoR_mohN6(3K^d)>p#-q=+~r*j0$isIl+W{m@X@g z5b1cC(q{u_k9GC|J@`9p)3>pJLE$k;fWDy7<1Q_c0 zNu@X+ZPx9U_=n_i7akMnc&hVr&~sPPUNRwS3Y`RLVnhQ80Mo#ihT+6$4GTJQEav&H zi+rU_7g~9lFS?3_ycSNm>0Ue%a=(t+Ww%6P@)u)^0B{s^aT&5Y5%n<(oM{UIse z6br0~uxdfa#^^TzU!UFE)}W4H=xg+rRj_~z@UBqJUxgY2``xo#0Hx&QELHC98fO|hvg02^VXQ6n3k1;m}A@w=cnVDG4wnXPc7RQr>C4! zx3=wi3A`H!84+#cKhn?KVjm1RTOdz%0?Dw~PLl~KwRJ3v*TBv>TAyO-CMNlW>W(M&7g@q#TvcjMFKI-$c&?4s@jPEe7f9)6NupQRsr9{%g z1$-4w3$bNnA4csQi$dlGT8N@(Y{JgfjLoM;4+a)yCw6ZLpHLl&yZMOk7{;03z*xiw zckfB@WTE}X%)q4a04TbBT1PD5Gc_iGFVdZq=-1J*toz3}Hq^T>nz{U(h4H+#(t^@a z@B<^~Ls>`z2CLW6i9KiUyq3@8HEO(|FJdT?)j^Bwv%W&GCiYm)-!Ue8tPt3`dhMTg zfbrql=R;P3Efq-TLL7(9lDj`3!k$=8Mo5?GY~UIbTwz(pu_vux2kiS+vQB5;$|#XP zwmwFOuNX|#4cCD9hS8yPBxtklHs*o*^ve(6%1jm6x0E@^uKX;M?|9`iSLe&O?EN?n zOTjKPsl_g#ae?^se#C!wm?iqv+`}&d+p_Tdu==XqbijD%v3eYPW)vUf5^EzFp|;aP zEa~y}Y31!MfAp?s0?B-4JNG9}GG<6LV~~#={&i+$^wC#5-Os5Vl=t`41eN${U)TcT z*lnKRCSBxgNfW35^gaEQyZ6y(46x$F3Ci3g@hyGPqiLIwaynMB&)0Yd7lss!aYri2 zrRA>o8IYPXVOY292d=w+1AU%7LO-u6ra5+orL?)`+eotlPN&CaqFvg1>A=}M0Vt*4 zZey_U)XWg|KUSUnh-`cpfRoFm#x&XtJKGyEfC@`ZG@NANSM#;9HyI$!sv_Z+pwA8` z-EorltM-3V)c@i_3n&ddGCkD)SNyw14hRV2rd z_X{l8V83+DDWWDNI-%ijNHN1PEKg??Jdb$aZ)ydPt710;=a$q{w7a#yV8ed+?Sa;$ zJ=cL#3|g2pYl}p_fI8jBO=+Evl=Lpjw#k1H#RRy}IDM)~J=mjMPJo;Vz$qSI;LycT zeHAnz{n>+q&`+0%B@(#e(oW)}?V;Y3rVgYt@pg2`)%cZlB1MK{6zkDKXaTv2Jg zm4EmF95G@|Rtq><6&2qBj@PKPUWEm#(||hiyzqHT>r#lZCK|Li%#882-?p`J2Hb>H-z*Ity;e_0GlZ+98IyvROP*~UtA@W zH%Q3_qedtu*)HCm2;xC2;H-7-nkI1Khd(eu3%3kb+Bw}7@%EnrcENbDPJvk6gz6hI zb7uNQjVwwHC2J05YZJwtOu!9n<13$`xV-UPbMNA|1is|hq zg(02j{4mN8JZ0z2KfhhD`SGQq5@$_ALyq&cFD%U`hcDJ&nGcq)4qP`T`1>8girsZ3 zM_}fSI?m_LG8ymh=HvQF%3r_Np(hpAKqn4)Y45Pc0nt9` zzvU-tdnCejg5}S+_6<@hbCGt6iYwkpzk0ysTd$M377S!htan^$+tYVIVy*ym(045_ zHC6e^Btq^_vEA`d(kBb+>F$lG=v!2rKO9tmt6R{g$-vzE+>>^-Kyp{S<(afH<9)1o zHvPZJ9-e21ch<`@@D!6GVQMNs`gtyJHn3q76!dj%P$@>e>?;qERK^8|q|2 z&1M`HR^K+axu&3ZqMk4sgY)+PcwqDLJJNv#JBR!!{En?Jksgj^OMJ(C7;Gqy2-GOj>`WS6&Q54*h%R{5@ubGG(^i3#Hu zeI9oRA?YAQh@Ne(G(;N^+clGP4;tEZm?zEKh5ACRvEC)o)KlBx_p3AL2ub42$0Lt+ z&?Be(_+sLbo{RU0XK4@Rq(ie)hP3T0DLF$`w+J>d;AT*2);}P`hR~+IpIT7OAR+`XO|kGw>HVxf}UvZ zQ1eMRD1}QfdmGcM8M*j2!?QE&ET$QPEv0LY>l#G4z*bv83>T#&o68^^GE(8B6>JYSTAwA`tm*d%&q zmf;ESV8*MF8GBCChOw|uh18gK!je$m&NLU066{Z~D8fEC(8zMqHj5(rXyh&EuL+UL zgR0o6=T<6st#7E&_QO`eK;ivCE4$Xr%aE5GKVwn8Oi|I(`r$f>o+*C@Cuv@NSX+xf z&Yv|ZkgDTb*?SvPHI+M6F>hH8mjZ~{3i!x!Q*g*x2_I?JU*pcZ+U!D6)Rw-}QeyI= znjfuHcd3V*fY7oT7fv;~H{Qy7BG8*hcub4LZGi)8jkI}pJ;LAh!L0djXhU1%sYX27 z=mzHP7%E@DY6mTZFi!jmGo)CodD^&kGr@iTAb9DuG&o3k05RP7Ss$JJ40%7M3zHuv z04Q4ML6<8IO$L_6o=N%bKj4_b&mPAFO=jcj^@n@Qo#%;bWBFElJ$T|EGrB?TuLUuW zpsqeh8aA9c&5gHz2fOY*B%p1Zk5v|B&Z_Bd<94atl{+TiApuTYsBiWe**{;dbds=N zgyCi&WUuU(&uD;2>nT1;k2JNztw=Q$i2&}>n~l1PoxrgpT@>2DQGd_EF8LETxW1r>PT%8OrfG8XBngKENx}6Si&CvQH5P75Ra$1#4)?=&4imgy}W$ zGs--YZV42P`hJyW5^osp3>rr$kStITwvQ#~N)Yz3Q|TPCyF)m_-%vH|k?7zH82ZEq zNbslkQsuQ7gw7EtW!qpvzp5r!CdNu(uP#Zt_TqRC)}=BYM@aRtba3x1?qbje-o zt)h+TYJ}R4C3T8GcS*I9d~&WQAKQblF#kYH)cy zRfsN3q~ox1zT^E}4h`UI_T3D5!);?N*vx2=-hE~FZ_WoruezmOcNS8tNpT4YSBLKB z1p8R17`3bI1(y@DLhDD?tOmA5J6+W+v)?T*N8#(Us|HN!-pZPEClD^eSDs_9$oIL1 z1dL8*RZl(5;1-ZBJBk2pXXPAO?2Wvg^)vpJns!g0IV!MbtiG znY52A{DH>^EhXfH3Pet_E?$E$UU#7Ym+sRXC%%&)Bz=K!;n)gg>8EUe#Yj(=_z>=< zn|wjlnXX3q955d`WlbvpUIr({P0t-J)xMpq6^_P#^|!R$`dc)e9-H~ue)e?-9w*sK zvc!3&=99`2k%urxBPI5N`1CoAex@7!x>O^=x{1-~2C z#6Q10kSUWALQZv_(@s&JX*nDs-f7?8y;rp0NWZLDhUTsxL1YZI1;dCB5>tZJ88BII zL=wI%(iWspEai^+Q%p=6>LV@P_nP%BC5pWdBUOi93iOBGyfcq3_wvG_2I1X}t%)gbx7?8zA#2*uqdj_AX8xHPk^=8Pj{`Ym%h2LoK$-kP6&9#+*!Qmn@|sa zb#2I`Uc$znz_$AhE1Ma$Wi$jeIdUp`K48LR{R)}Bgx97Bt~mq$ydl3Wfbgkice;c%I?S~St4-U&m(ZNi}al-`24!J2up>T3j4VPoQf|suz*DWDGc2-@E^c7X0#_ zCj8J0`i{nd0VzPS#*gmhKqoMbc(mk61+<&leV;Pw;$!TwV*(qVXPOzrqT@R(#IVFo zrpf~C|X3v=OBn0ADmLo<(E8dD1n2qHtPhxla)Y0~b z-hJHqz@dz$Mz*+vz^5xCXMQMqIlqDne@So!O29OskI%XmlF0$nZjE0SymGkfxZaJe z{f*;$QerE0rxyDj^aW9DsMK7upklGQ6^3=Zq{^I#3&fnFp2`cq9!VXN^44d^?7MY? z)zKBa(X)#u*b0&hgyl{%7r@~5j+e?gV6x{r#}JZu$^w4Oj9JH3N8Gpa6wJ)feT^3ZSoI*n~sF|rcCrq>R$7MPA<$G91`*BtSzUrrpdZ6XqP zOu@h3Fi!eg04}LDRRPAlVDC{jdB9YPQ6IMGJPNH7fNonhl|^jv%1-VOFx=X1SGzpvN_w_M7#qBzQe zs@Wf%%8sXK_!wW6*$Pxqdq_~Ob$d`Oidj(vDX%sKP%KJoLp_~`nwwK*+utqCatg&} zElUp6)ec*FDv?4q+=+6XLceA3FEMU5{qVE7M?0=)S3)JH9O-hkUTW10TSpa~Qlhc@;lW~D8*rgPfzBC2 z>t%H=cf$3?jGnQbVoNlwpqD$(d}+m(3Ei_M9jJsaFBG8IAF-^e(F3oWHbbub`NS#D z0oQyB+wT!+xFCuEEu)oXiJi{R%;c}oeWYihZ?&~PIx6!1byW0lo^L%;ts{Xt51T)0 zf-FP2*w9b0^~?4ffu*6Ow=RAbR^{0?=f&oRDr6Eu%y_LK*#aE)AMa64%&-;6BJm|@ z15Qt{^Sc8ffrCsCv-Z9m9oS~=spvn0)!L{0@MTgqO%`^;KL@&TO4?Qak2JHKL?zD0 zMeUwJ_0rC%`>ls*+ja)sst;LWGFjV%`fcWKOgF0Kxv{Y=PTJ7#Dwgr&P5M45$8d8S zQ3YAtD%T$Kp-E$(X!vr+P6Hp@rm9*778uxjmslBg|7N);Xv3Uyhss&?0`#ELt28a9@!PpGMX9o7CQKZ?6)isH0qHK_h74cB}b;h*pzz>!FwDJO@C3 zk$XsLt&kGG+YhaLyA&}JTH98{aW^%)GFw{Lzk*h>D3Lii}w+3)$ly$i5?aFx$tsPaBOV(i>pP!;#ZK_mX{kSMM za#8Nvq%Won?uxQ#itmw=R2}ULj}$Hcw&Ie`)-!_dr%EX+Y>(6*a{t(t?~}BEPP1yloLb@{9u zG(t+44QqPO{1_Be?Q;w;F=S+zV_S7eug&Mg%Q+|QdOO!GeRR)#^I^lYpu^eUVdnXs zoP|P}m*_11pi4EUOnHNG^`3PJ{7Sd|8u-K|cjIP&V?kfXEQ~KOWjg%9cC<03zEk(^k?w_ z=bh_x8QLO_Y+46$TXs^C5gF1qc~~GP-^HtoZ#XACwn>xk)}|;6zVG7PFsxd>6K`{% zOd_IEGqjF(S1MxjMSsHj=fc!Axt!F#oxhfB7I{Nug(FC4=yOggLL*b=m=Uvi+9@z}#lB7H { + // Rather than actually downloading anything, this builds the source code. + const sourceDir = path.join(process.cwd(), 'src', 'sudo-prompt'); + + console.log(`Building sudo-prompt applet`); + await simpleSpawn('./build-sudo-prompt', [], { cwd: sourceDir }); + } + + getAvailableVersions(_includePrerelease?: boolean | undefined): Promise { + throw new Error('sudo-prompt dependencies do not have available versions.'); + } + + rcompareVersions(_version1: string | AlpineLimaISOVersion, _version2: string): 0 | 1 | -1 { + throw new Error('sudo-prompt dependencies do not have available versions.'); + } +} diff --git a/scripts/lib/sign-macos.ts b/scripts/lib/sign-macos.ts index 9523a29aabd..c7b35702122 100644 --- a/scripts/lib/sign-macos.ts +++ b/scripts/lib/sign-macos.ts @@ -207,7 +207,7 @@ async function *findFilesToSign(dir: string): AsyncIterable { continue; // We only sign regular files. } - if (isBundleExecutable(fullPath)) { + if (await isBundleExecutable(fullPath)) { // For bundles (apps and frameworks), we skip signing the executable // itself as it will be signed when signing the bundle. continue; @@ -249,15 +249,27 @@ async function *findFilesToSign(dir: string): AsyncIterable { /** * Detect if the path of a plain file indicates that it's the bundle executable */ -function isBundleExecutable(fullPath: string): boolean { +async function isBundleExecutable(fullPath: string): Promise { const parts = fullPath.split(path.sep).reverse(); if (parts.length >= 4) { - // Foo.app/Contents/MacOS/Foo - the check style here avoids spell checker. - if (fullPath.endsWith(`${ parts[0] }.app/Contents/MacOS/${ parts[0] }`)) { - return true; + // Anything.app/Contents/MacOS/executable - the check style here avoids spell checker. + if (fullPath.endsWith(`.app/Contents/MacOS/${ parts[0] }`)) { + // Check Anything.app/Contents/Info.plist for CFBundleExecutable + const infoPlist = path.sep + path.join(...parts.slice(2).reverse(), 'Info.plist'); + + try { + const { stdout } = await spawnFile('/usr/bin/defaults', ['read', infoPlist, 'CFBundleExecutable'], { stdio: 'pipe' }); + + return stdout.trimEnd() === parts[0]; + } catch { + log.info({ infoPlist }, 'Failed to read Info.plist, assuming not the bundle executable.'); + + return false; + } } } + if (parts.length >= 4) { // Foo.framework/Versions/A/Foo if (parts[3] === `${ parts[0] }.framework` && parts[2] === 'Versions') { diff --git a/scripts/postinstall.ts b/scripts/postinstall.ts index 0dcc5b20a43..05f00878ff7 100644 --- a/scripts/postinstall.ts +++ b/scripts/postinstall.ts @@ -5,6 +5,7 @@ import path from 'path'; import * as goUtils from 'scripts/dependencies/go-source'; import { Lima, LimaAndQemu, AlpineLimaISO } from 'scripts/dependencies/lima'; import { MobyOpenAPISpec } from 'scripts/dependencies/moby-openapi'; +import { SudoPrompt } from 'scripts/dependencies/sudo-prompt'; import { ExtensionProxyImage, WSLDistroImage } from 'scripts/dependencies/tar-archives'; import * as tools from 'scripts/dependencies/tools'; import { Wix } from 'scripts/dependencies/wix'; @@ -46,6 +47,11 @@ const unixDependencies = [ new AlpineLimaISO(), ]; +// Dependencies that are specific to macOS hosts. +const macOSDependencies = [ + new SudoPrompt(), +]; + // Dependencies that are specific to windows hosts. const windowsDependencies = [ new WSLDistro(), @@ -173,6 +179,13 @@ async function runScripts(): Promise { dependencies.push({ dependency, context: hostDownloadContext }); } + // download things for macOS host + if (platform === 'darwin') { + for (const dependency of macOSDependencies) { + dependencies.push({ dependency, context: hostDownloadContext }); + } + } + // download things that go inside Lima VM const vmDownloadContext = buildDownloadContextFor('linux', depVersions); diff --git a/src/sudo-prompt/build-sudo-prompt b/src/sudo-prompt/build-sudo-prompt new file mode 100755 index 00000000000..72928f44ed2 --- /dev/null +++ b/src/sudo-prompt/build-sudo-prompt @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + +# defaults domain must be an absolute path +REPO=$(cd "$(dirname "${BASH_SOURCE[0]}")/../.."; pwd) + +# The APP name must be "Rancher Desktop.app" because this name is used in the dialog as +# "Rancher Desktop wants to make changes." +RESOURCES="${REPO}/resources" +APP="${RESOURCES}/darwin/internal/Rancher Desktop.app" +CONTENTS="${APP}/Contents" + +rm -rf "$APP" +mkdir -p "$(dirname "$APP")" +osacompile -o "$APP" sudo-prompt.applescript + +# Don't put the script into ${CONTENTS}/MacOS/ because that breaks signing the applet +cp sudo-prompt-script "${CONTENTS}/Resources/Scripts/" +cp "${RESOURCES}/icons/mac-icon.icns" "${CONTENTS}/Resources/applet.icns" + +defaults write "${CONTENTS}/Info.plist" CFBundleName "Rancher Desktop Password Prompt" diff --git a/src/sudo-prompt/sudo-prompt-script b/src/sudo-prompt/sudo-prompt-script new file mode 100755 index 00000000000..d5b8dbe9d64 --- /dev/null +++ b/src/sudo-prompt/sudo-prompt-script @@ -0,0 +1,13 @@ +#!/bin/bash +# Set sudo timestamp for subsequent sudo calls if tty_tickets are disabled: +/bin/mkdir -p /var/db/sudo/$USER > /dev/null 2>&1 +/usr/bin/touch /var/db/sudo/$USER > /dev/null 2>&1 +# AppleScript's "do shell script" may alter stdout line-endings. +# It may also set stdout to stderr if there was a non-zero return code and no stderr. +# We therefore prefer to redirect output streams and capture return code manually: +/bin/bash sudo-prompt-command 1>stdout 2>stderr +/bin/echo $? > code +# Correct ownership of stdout, stderr and code so that user can delete them: +/usr/sbin/chown $USER stdout stderr code +# Always return 0 so that AppleScript does not show error dialog: +exit 0 diff --git a/src/sudo-prompt/sudo-prompt.applescript b/src/sudo-prompt/sudo-prompt.applescript new file mode 100644 index 00000000000..f524a9a340c --- /dev/null +++ b/src/sudo-prompt/sudo-prompt.applescript @@ -0,0 +1,8 @@ +set appletPath to POSIX path of (path to me) +if appletPath ends with ".app/" then + set appletPath to appletPath & "Content/Resources/Scripts" +else + set appletPath to do shell script "dirname " & quoted form of appletPath +end if +set promptScript to appletPath & "/sudo-prompt-script" +do shell script (quoted form of promptScript) with administrator privileges From 1938702230d2a6f3263ecaf62efc4f6f6bfad16d Mon Sep 17 00:00:00 2001 From: Jan Dubois Date: Tue, 10 Sep 2024 13:39:32 -0700 Subject: [PATCH 2/2] Code review feedback Signed-off-by: Jan Dubois --- pkg/rancher-desktop/sudo-prompt/CHANGELOG.md | 2 +- pkg/rancher-desktop/sudo-prompt/index.js | 46 +++++++++++-------- resources/icons/mac-icon.icns | Bin 19220 -> 0 bytes scripts/lib/sign-macos.ts | 4 +- src/sudo-prompt/build-sudo-prompt | 6 +-- src/sudo-prompt/sudo-prompt-script | 6 +++ src/sudo-prompt/sudo-prompt.applescript | 2 +- 7 files changed, 40 insertions(+), 26 deletions(-) delete mode 100644 resources/icons/mac-icon.icns diff --git a/pkg/rancher-desktop/sudo-prompt/CHANGELOG.md b/pkg/rancher-desktop/sudo-prompt/CHANGELOG.md index eb98407f8ed..7d406a5d7da 100644 --- a/pkg/rancher-desktop/sudo-prompt/CHANGELOG.md +++ b/pkg/rancher-desktop/sudo-prompt/CHANGELOG.md @@ -8,7 +8,7 @@ The bundled applet did not include support for `aarch64` machines, so needed Ros ## Changes -The applet source code has been moved to `/src/sudo-prompt` and is build from source using `osacompile`, so `applet` will be an up-to-date universal binary supporting `x86_64` and `aarch64`. +The applet source code has been moved to `/src/sudo-prompt` and is built from source using `osacompile`, so `applet` will be an up-to-date universal binary supporting `x86_64` and `aarch64`. The applet is placed into `/resources/darwin/internal/Rancher Desktop.app`. The app name is displayed as part of the dialog: "Rancher Desktop wants to make changes". diff --git a/pkg/rancher-desktop/sudo-prompt/index.js b/pkg/rancher-desktop/sudo-prompt/index.js index ff1eb0adfc1..e052a12f9c7 100644 --- a/pkg/rancher-desktop/sudo-prompt/index.js +++ b/pkg/rancher-desktop/sudo-prompt/index.js @@ -273,31 +273,37 @@ function Mac(instance, callback) { temp, instance.uuid, ); - Node.fs.mkdirSync(instance.path); - function end(error, stdout, stderr) { - Remove(instance.path, - (errorRemove) => { - if (error) { - return callback(error); - } - if (errorRemove) { - return callback(errorRemove); - } - callback(undefined, stdout, stderr); - }, - ); - } - MacCommand(instance, + Node.fs.mkdir(instance.path, 0o700, (error) => { if (error) { - return end(error); + return callback(error); } - MacOpen(instance, - (error, stdout, stderr) => { + function end(error, stdout, stderr) { + Remove(instance.path, + (errorRemove) => { + if (error) { + return callback(error); + } + if (errorRemove) { + return callback(errorRemove); + } + callback(undefined, stdout, stderr); + }, + ); + } + MacCommand(instance, + (error) => { if (error) { - return end(error, stdout, stderr); + return end(error); } - MacResult(instance, end); + MacOpen(instance, + (error, stdout, stderr) => { + if (error) { + return end(error, stdout, stderr); + } + MacResult(instance, end); + }, + ); }, ); }, diff --git a/resources/icons/mac-icon.icns b/resources/icons/mac-icon.icns deleted file mode 100644 index 956585add17ea75e0fc3b50937ed484675354dba..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 19220 zcmeHvgAcm0s<0~ZrH#ErKMp8D1vn7FaSXs88x~` zcW&Ra;qQIF?=SeS>%CsRE;ja@`@T<~bDwjDqm8Qv0BEz^)mP^M0D#fa=8^&cXdV9N z^_79%t&?=@bl|g-ni|&)0RRfVg#t8G;LE0O?>_hf@i4q~4ajTfoCkj~urtv zfbVGlD1-^1Ac27YfftSdjQkz|E`qNBK!Jw*_fs_VKTn|mn&Q9TlK{^Nq@;kGm^j`w z_B7VjQM5t0NIbAbJhYSWb$LPp0F-?d!M84Uo)36@U7TG#6n#~A$q#V_gFtb%eVekDSCMiA%hybUZvf%I>z06b-N6{I?wZO@-IN)ANabpDIfhUvpSG}xE zhWvj%`*)7ABCRb>Qv(1T(7b;2t}kQ>M_a>rFMfCJ z4i3?p9>vJ>H0T8lZ;B8)6fNZXu_BznD$jDu{)vo;9_LS&>#CEXpJ)9#di&AD-w5e`6L z|NG;AHV+;%y?ku?`Wa)tG1A7~hIxjkQyBH|v-h9iBi6CVih399>zK%3<-o;15=n(U zkGf+sE+#otu}JlNV$@|8e(ST+R0-XxoaYi|yQmS@R<#pr^K3Ep!<^Lg1wL0?zrjm? z0g+Qy7q{0E1;cL`W$D!Dyg^8bRJh;FtJ6JqQHf(qtEa${*94nNcLu9{xu?cO_M7>= z$3|kOs)(XaBC00Bl)sy1PF_h_m-~4uI$_6SbqAycMY!~Hq~~8VVYOtbISLIwe2;se9p{Ew7Z8yl)Z}xU>z>8 zeWcy^CcKNSJxifMnzH%sY1ApY3frsiDzUr?25QrU6;#W_e(*~`;nFLXh#cxLmb=OV_c%xDW-~^`cl0y(_P#H7#}E9X+_y;k(Z1|#bH;~C z@z7aW0DhMl6-RfX!e4EH>1fZex!TCP?z*dTV&$E>JyTt-2@1`t=6vY+aR@K^b!Lgk zk0FndOf&7e16C%xQ*OjAs~H{3vfJ{3TJOKeL1`j*(6v;&<<<49<(1esMc%(hMI=O{ z7$e}bLyO~(ALZS5ELnxh$Bpv(EvuyS6U=8$F27!XzpS>x@)ERV)MdJyOQU*l~o+O;fk2N1RPul&-Jx$MTa(+nZH~a+Ot5|+O(>dNf zsby*7S$J8r+vF&|?$OQzAEOnCe~X!T&{i2@EdqJ=V`53gi>7|FO7t9BH+Z9vGuii_ zx+Alg z$iib=TI8FsFP{+cJdio(@c6^oBe&Nqf*}oFs~K|yGo3l-=zb+A4NvDaRD}7AEBj$+ zs{2%stK>VNzv7wFqn>yuKM>Em6mVhwI>ytN&P&-cRa>U-dhJYozkwID%hmRP`7P7BS1 z@ZVm(>*Hws_xVvQtR(w_7*DCAPd4t2LNz92YnkbWnrFv&i0)(AFIT{`7|*;MW?<7C zSF;^)>hLKhofN2pl5h?QuN)pIJgK2zgzPYC$vk8 zBRK{}r{q`gLT>IM@^7A)dBnUp(sd;(9a;X|L>#Rsr62-l+RldsPAS>R9I77jjvB5@Kf<6b0{*!=0`83PFt;4#sht|JIDSUC)B@BjMn~|&5(A(eemU8=k zWBJK&&RSdHMG{vr7b$s71S$^?rt!Bd7T=YQAtrV6+M#w3`iIjBI)8bsU87S2_qbw~ zD*t%tyWDAgEfxk!o#)a`l*T#}tEw>3Z>j_LPG)z=DS|@}yD$th4hcvIBPK|WT76i? z(-OA$il{*N&H{KBj?wr}>b&czL;3QPM=8$v&*hUESv7$LCoiRDsrC3)hJ?K3oZ$!Z zAM11rWXQNBQodf!N5t*D)rM|1^)4cc-=2HS0_5BjDmUH(4i@4O?}P%nb48BG!2bDygPH=Ep#Z7(0fS} zesatl+Am`$wrl0K`&>FCl$eDxhJug|8SvYxB7#<4uZP|@${tkX>W%^`1pR@V2pOf9 z!#G01`MKro`tQ^6u{W)r>7OR0Jc<_${)F5n;DwI<-t&jbbHOMiV?Mm&M|DL@a?VQ!)Uz3Irvgj~2XJx2W1>Jv4xTwn3)(LJlU zN>EAwl$Nt@WMrJ7eIU*yht*PluxWur!^{@x~J z1a9w0TRhN&el1BP)bOgCU{1wEqz3-djG6CViI*bbL9;8w_?u-OKV;SK=Dw?#@1@0Px2 z2>N1XJM0GwK@d~!JOOvMwt*bskjv@P(;H_N$5eYO>;;23BvU>pIO+ovDm>=~W`YDO zmDkWLrE2$XfLnK8Kr^_dTv__;KJm(beuxR_dqU%ddhR2!nM&X>TB<9r7 z*;dtydq@udVzrvIdK^|SXJyI^IBgm-75u>K#Rv^rT|G{XL)p$s2F12VF$8IZ^tS22 z#4o}u)>>LJWg!OCE~^oNgbxW7UBg;uM@Zg=1}1_|fIg}}n9TEDvqbg^Kpb@dvB{n) zd)x07D^+*V@|{0YA73Cr-esO!AS4G)r0(8<=7_Uy)|3bU@5bX}kdhVzHsPE3v{lct zImxEg2)(frhnX*~n^4tQDu;Hz1Lm$8&=H!_J4JC46t?92UE?#{XvTN%aAj-9QikoZ zv&P@3EEt+)SNlzBJZ^NI7TaC@`DVeIa<3>U-eg;hMgolnF%C1B5>|Z5C72C zjg*G7B)jAJ22GN0PLNdW{;N7dAN6_!S;7x^Z|84$=^qaH=LJlRZkBK@_i~V7FLtUd z-`&X@s-4h;JEJZM_QU`Vc#sbLRB3gofyp1vdXJxxEZ(3Te%b#OsO2`p{$QZfw85pU zJ3f=)2l}EE+goO&)s`A3gC6s@ye0v6K14b1%nozOT+F&4aq7Wy%iAaS73Z$-HMOVl z-)68Us`DR`o!jaMc$|Vp-DZ;jG`1goe!mEo`Ni5811Kfw+}ukxer*8iTY({THEDEt%n+!p41=}Go>&!Qy~Ale*K&5g$;+8I0mpg5H67rD4*p%V z0=L5T4-Nq-zsZ6JP`4>dntT@`e5&mhMNwC`d0r#~#*OcyM}!CCe~{D`RG%eiboGfR zn_X+I0GrX{(VO2BPJnp?wRx|!M;U}#fNw5%@9F6UV z+UXwqcJ~!A2+iw@B``S0t+0@rZ;A8XOm^NUzm|SEL8j*bwmAgcDeGd^)CNKo4vc#7l|a-b)DSb7W!gbfPh~e)B_{f}xXwNhe)JOmd#Z z0mhTIwjB&BQ|U));wHUuR3w&Qv{9POn@_vzPJOvo;5%vOmD_m%v=v6V_U5OWsYhn? z(qz`1O@a3o=MNzpwSydUX&=&DfV`Byo{cKP4H};yM=eY{7FQ%G!Wakmpw*_8O+}=-#Sm`C=-u? zCze>QY|CvFV<_pd#|7jwLq?ea`a}PxbDlT71K+3~e%80YM7ATIP8L+U<~zXm{N^NE zogi@kj5dsSKDi*g%{Jm#kM6*#s=U32x)L4NvV>EXrfy!-0!k##fdMN!7QJ}vT;M37 z>ad)9%8=DML7q4mJW|djBI1BRe7pbrpAlryUXKPnCrrkrCvDJxh89T`98ie>Je~M1 z|HDHWC6p|H*loU2el=Wv&23}5r&0V_6d;r!_q6Xx@vbfA$OH`!3p3qFku7W(AX_{D6+pQ$Z*oa1jrSH})rFFDK(j2uZd;a9J-bCx zWsN+ze&iP5%YDeI@D%jGhous=wPu1l&F^i=X9UxGBBomq4Wkbu%kR-$fEXMas@uL` zZyIVukC6dr*_v;@0~{7huJbfda@9J3tb2!wZ%j%Tzm+eM!ArKmPBc6Y_x;#Ig2 z{(lP-fSmK8KtHnoC-M?FkBthz<})$LwwPayp-jR2{%fm5W`-m-|Ms7_3 zbWojc{1&*_T31>+(%qJ43Bc#y@a8~Uz|`PU3?7149>omo$jB!{4A0d>BfLSI-j9M z{=P)EY=<{+e(y>@-xH79Mog>jWiTVJ=_Yd%;NlgRRCBLk?Z4k9f5b{|w&oCb zw%;c3l|Vi1c$0cl;)QE1q}~gP23d?xHNP*t_igJp>+7PgYLcRTv$k#4mir#hOpWX+ z*Q1W0~v0-nq2f|0oK z#gO1R1(Si%1?k_rBT3u0(2Sr5P;@Y*y3Za9>~0W0zY)M8`uG)GGrmo!c$7u833`^h zbu6~Xqg=8!D{bsr-(&rKlExNpCH$`RQ4v3*T5-1oi-e#qpoE-M0QLZ}Q+}_QbuRK5 zep=~kRWI0k)?VR?DPO6q44m&=n$9%Sb0(bXf4B_!@d+8Pd;kn_4vzs`W?_a|RUe;ALehTM%5@zk(3!%DA) z$uEjnsX7PjjkM`EGaxLk^LD;3(`a@z3$8b*UO3ljveEhG+>*PE8ZC3D^ihgxQAX-U znF=j|)+xo{b@B91uD$kXrPd#UTw*Kz9*>0ne&E`oyFUJt9W=6P!Ur3FU_m8{!Z^6- zpej8*?P$Y>y1CVUBfJwL<2aFXDZoAda5>Fm>buX1_@ELdN)Zw+%N9~YNwSe$Lq1qs zykCG!Y30~~tE{H$!7gNdp2A+cFDN7fg7T)TvD-Q4-a$*cDR| z-hax-1TfRgR7Ko-xz-HzFW=VX9?|z6iI|m&$o(n!jjfaG%SL1xpM9O9&;0M_o3kZ< z-MJ8I#a#jbqC@q&!b83bkkwt{-ETLrD^KuV!9i=C>85{;^Zr7)hY;_~4;q5(2Cv}H zyKZp}1UJFx#(yRwnUH;Iv;{WQoJw3wXGhcG)#{v9-mf^Shr+vImX%8^m0ep}^Bb_U zp=>lWw$f-A+_yy=L!90Gv+#IF=>%ff%O6wv>2V$X;(YogzsVO?a+|)6qxfrkw^&xo zTI-8$f+<2Yi(Hk&9TTIG01>psQAlvdi2JJC9p!J3UwW~~VCk{s$?f>1Vd?dAP?qKs z0s9%)-*6#Xq*BXwKUEJT(T+VYW&{^9GPDz;UY0hvDrbBeMNKeL+Riu;dE`;Rjy7)hg3PUGKX*e-v7F zJC}X8R)-3z1^6-=gc8DKGKB;=3rYi5GtFe}%$#8;J({^6*?J*3iL`#%gX`9@P|*2L zyCw>yay#_f=44uR_7e&`iv?DR?nb<^oo_d-?V)Ko6| z&F(Mt-5-gmZ14HMG41w3itQSGmrY#bC5OIQU}j+$XnkLwt_QRAQd@eBz-U?1jFkP% z(<#;nrVE|6C|VVhy-iecO3ghvtQ@3{s$Xuw-}^cPT*Z{u%zOF$kYMh07HU)x>r=#g&B5iT5pDxsOnH{+_F{Zn#RKG*+#2uneN z7e8dRXyCiZrrW`4#b|+P++Z*7Dk{iV(OO(jtVfZQPSi4>H|c~#oh&>A5v}|2^*&3# zk_^^OpEH%3j@=v5jXj_B#%as7Ulqznw+r5o5CCVPdtg)`>ZA9d&SuW-6EvT6F)G{F zMpRx*$-6A2f7;(q2KawR6-8WyGXqqxZjmQbZ#jvME(iR*DKH+|Z&4FcoOM4+Sg`3| zKU<8k4(W{F%I^+l^eiCo1LuG0ALPkrbS~8$s9jz<(W~|gT5EBxiy!o@dNfgh=e4w; zQ?#5#OLx2QXz*Z@u}eFAS5MG*UPHpr%nOSi8rJ!3e(T&XpwNInV?@ZUtM)Koe@pw} zfgI+3m&V>YXGO89 zBFT#aj){Y}?44r<`NZumKs2dLxjeDnI zq@V$G{~dXi?Gm%x+*f^sJ=wjLkr?(-m(rvl&?05KWFE&ad||}X(S(-;WSW6#cd@@M zE+4pPH|9$GRB}C_HTsjcemC*Ob{RAP{|O{baBD#RIM+JQ1QyE~m8;3A6&xK4VwKiw zKYDzL@zekXdTO^J(4C83DahRCL)}dyYQAt@B%B92SzY|f|K~dT;3k9m61b|=?Dtoc z`FZVf?=Ioxh6~irD%qt<5Afhd7$NA3l}ox+Oz!IW1m~u&ghQds>5p0~|)9 zvaLCAR=B;aGR~ubFZ;EQ=`M{ytV?25c85*7xSJk;xmXD0rVrJrkw;oRBIpp}_Q=Bz zfr0hk>;@~Qo-(!*@Q8`263ZjIm1cJRZwm=vM&V^U`q#UP6owaayuWOBCC&!n8=pxf zz^wngbp}v+bTxt7EDFSag*35iX4|ztk6a#o(MM_nTYkTPbO_GQKk#Bp`voR}C~HbC z_edYoLl|0B(r>kLN?EO@{X;Riw4aMnUycz_4+2@Xv5_t@rV?-l_|Z>( zz$+P7?2un9iWgda5A5Mj}mj4 zCkBXstTYkL#k8>}-aequJ+556#C&YU{zj|>WkugJu@3`iF=tOblcn(Uhcu2geI@bn zBh;#X+^z1-U!jrbTN*$k&2DW<221eMhY>GxNtd493#$w}8rvSrQ#197&0i(7pa$`o z+es9Ap{c$DKT7j4F=V4SNzd~7#@=QogU3?+gNF6j{D58f^Us?}fO+`i#7I_>{F5nz zeen;+Zw)-2VfVVqguLzdn7A5yMvXtRGR5$?zG=$$WTn{2cKI*8Y4IA1Ydj3C`6jQP zaW{{CnYor9b9~=4ht$sRr`1;{d?v_7gCMUG{cT!8%x`!PUN@8@Rrg+2FG_M(&t2`J zCSH;uX`A0Wb+i49dbQt16e-RvGhj^-2eqp6My2{NjP4<}Z^NOT&bP~JWAl8k6L#7^ zn-%2;?m&<6WoO>~bzcAXt7XxU6W>nr zKpfuWoR|q;f4i{~U+iku{XwO`1e6nxIcjCJNaHPWBP?*V{+X^0wDa0<;CrErC-Qlz z3tT3@$#fMsLV`Lw>Mbr?5&o)J>wZ3GDhT4GIP_i|KYkGJ#2sILw9REwCxM-)E%XC- z#aN+c`%bl7p2dlOuD+EkU1AAhxYej0(0KsaR@u0}ckm(JWst9$bhkS^UGZR?ZeX^l zyv1%KW9M^cdO{ow{pMuFlVARRTf`9w!D=p)SD5mpFK;#%!6Fiq2uZs$Y6I&ygWJy+ z+1?AerhV>Fp$0HGoOe_iI@e*mydRb_9eR-AvN1An9yFFHPEwyhN4(#ggFbyE4hfQ6eE5G4zweN;{{0!;m&*_MQ#HcQ(G;m zKQG$reG(P zEeEf;`^KZPdXhTeqP-%jAjSbj?6_kXp@L@+?xxaN|}_edlbMBY-K`?$^pM_&fR=KmN%;YKz&pjgIf zoRu>5*$(jy<9A;s_wpC~dYYd6&gKH_8Y>TkrqnLms11r6(C|)`%bS@tVFYVHx|g=1_@6CIp`I790vjD1u%hq+WEToUm;Tw zRFwsojoYzEuQ7rLzGuz;SDN&qivoIS8z+uM`jiI_WxOV8NPP^uz(OMkdHKoM9%u6J z++Mn;u>gw(U>Lx1hrA)Git@WAAO#*@t}05di+;M#lL|v?K%)jfCcY-i8@$QrK`|kfN%vNR#En~Y$6z2Bhp zuK4=1D&4Am(zE{EwrY>UIIj=3UlJEpuxKEgnFGnf1*MLud$U;av z4YF#i390A-D>Nb#C`sbW>tTwq>C+nT$?R0*1(|2y&-vsQ z`5glZk~n;hi?Y9R@}&w{YkV(~)`@|h%zO2=Ia!|Vq;;TR+RxuuJV!=J358?=(kaGp zUAIuj8H?TR`h8CWZHwYCC#MPtgnBAz6ji4g#{MYE#2m+VkkQ za*Gfv7>xOz{P@n=&?~USN;?}@*<22E2Vc4qLgwNiNkrW^h(SPj@jngHyV{s&=8~jA9=1I;FC({Fk#IT^kd!hF4`q|+JyQE$ zQPkjsU>_)K&+RDdm18#h3NRW%F=5CW#Z4hnyLs$A93Fk~6Abf%?-lRAxN;73lI<16 z$EpZZ6k*hYqRZ`Iy_b8sY(mq>KoR_mohN6(3K^d)>p#-q=+~r*j0$isIl+W{m@X@g z5b1cC(q{u_k9GC|J@`9p)3>pJLE$k;fWDy7<1Q_c0 zNu@X+ZPx9U_=n_i7akMnc&hVr&~sPPUNRwS3Y`RLVnhQ80Mo#ihT+6$4GTJQEav&H zi+rU_7g~9lFS?3_ycSNm>0Ue%a=(t+Ww%6P@)u)^0B{s^aT&5Y5%n<(oM{UIse z6br0~uxdfa#^^TzU!UFE)}W4H=xg+rRj_~z@UBqJUxgY2``xo#0Hx&QELHC98fO|hvg02^VXQ6n3k1;m}A@w=cnVDG4wnXPc7RQr>C4! zx3=wi3A`H!84+#cKhn?KVjm1RTOdz%0?Dw~PLl~KwRJ3v*TBv>TAyO-CMNlW>W(M&7g@q#TvcjMFKI-$c&?4s@jPEe7f9)6NupQRsr9{%g z1$-4w3$bNnA4csQi$dlGT8N@(Y{JgfjLoM;4+a)yCw6ZLpHLl&yZMOk7{;03z*xiw zckfB@WTE}X%)q4a04TbBT1PD5Gc_iGFVdZq=-1J*toz3}Hq^T>nz{U(h4H+#(t^@a z@B<^~Ls>`z2CLW6i9KiUyq3@8HEO(|FJdT?)j^Bwv%W&GCiYm)-!Ue8tPt3`dhMTg zfbrql=R;P3Efq-TLL7(9lDj`3!k$=8Mo5?GY~UIbTwz(pu_vux2kiS+vQB5;$|#XP zwmwFOuNX|#4cCD9hS8yPBxtklHs*o*^ve(6%1jm6x0E@^uKX;M?|9`iSLe&O?EN?n zOTjKPsl_g#ae?^se#C!wm?iqv+`}&d+p_Tdu==XqbijD%v3eYPW)vUf5^EzFp|;aP zEa~y}Y31!MfAp?s0?B-4JNG9}GG<6LV~~#={&i+$^wC#5-Os5Vl=t`41eN${U)TcT z*lnKRCSBxgNfW35^gaEQyZ6y(46x$F3Ci3g@hyGPqiLIwaynMB&)0Yd7lss!aYri2 zrRA>o8IYPXVOY292d=w+1AU%7LO-u6ra5+orL?)`+eotlPN&CaqFvg1>A=}M0Vt*4 zZey_U)XWg|KUSUnh-`cpfRoFm#x&XtJKGyEfC@`ZG@NANSM#;9HyI$!sv_Z+pwA8` z-EorltM-3V)c@i_3n&ddGCkD)SNyw14hRV2rd z_X{l8V83+DDWWDNI-%ijNHN1PEKg??Jdb$aZ)ydPt710;=a$q{w7a#yV8ed+?Sa;$ zJ=cL#3|g2pYl}p_fI8jBO=+Evl=Lpjw#k1H#RRy}IDM)~J=mjMPJo;Vz$qSI;LycT zeHAnz{n>+q&`+0%B@(#e(oW)}?V;Y3rVgYt@pg2`)%cZlB1MK{6zkDKXaTv2Jg zm4EmF95G@|Rtq><6&2qBj@PKPUWEm#(||hiyzqHT>r#lZCK|Li%#882-?p`J2Hb>H-z*Ity;e_0GlZ+98IyvROP*~UtA@W zH%Q3_qedtu*)HCm2;xC2;H-7-nkI1Khd(eu3%3kb+Bw}7@%EnrcENbDPJvk6gz6hI zb7uNQjVwwHC2J05YZJwtOu!9n<13$`xV-UPbMNA|1is|hq zg(02j{4mN8JZ0z2KfhhD`SGQq5@$_ALyq&cFD%U`hcDJ&nGcq)4qP`T`1>8girsZ3 zM_}fSI?m_LG8ymh=HvQF%3r_Np(hpAKqn4)Y45Pc0nt9` zzvU-tdnCejg5}S+_6<@hbCGt6iYwkpzk0ysTd$M377S!htan^$+tYVIVy*ym(045_ zHC6e^Btq^_vEA`d(kBb+>F$lG=v!2rKO9tmt6R{g$-vzE+>>^-Kyp{S<(afH<9)1o zHvPZJ9-e21ch<`@@D!6GVQMNs`gtyJHn3q76!dj%P$@>e>?;qERK^8|q|2 z&1M`HR^K+axu&3ZqMk4sgY)+PcwqDLJJNv#JBR!!{En?Jksgj^OMJ(C7;Gqy2-GOj>`WS6&Q54*h%R{5@ubGG(^i3#Hu zeI9oRA?YAQh@Ne(G(;N^+clGP4;tEZm?zEKh5ACRvEC)o)KlBx_p3AL2ub42$0Lt+ z&?Be(_+sLbo{RU0XK4@Rq(ie)hP3T0DLF$`w+J>d;AT*2);}P`hR~+IpIT7OAR+`XO|kGw>HVxf}UvZ zQ1eMRD1}QfdmGcM8M*j2!?QE&ET$QPEv0LY>l#G4z*bv83>T#&o68^^GE(8B6>JYSTAwA`tm*d%&q zmf;ESV8*MF8GBCChOw|uh18gK!je$m&NLU066{Z~D8fEC(8zMqHj5(rXyh&EuL+UL zgR0o6=T<6st#7E&_QO`eK;ivCE4$Xr%aE5GKVwn8Oi|I(`r$f>o+*C@Cuv@NSX+xf z&Yv|ZkgDTb*?SvPHI+M6F>hH8mjZ~{3i!x!Q*g*x2_I?JU*pcZ+U!D6)Rw-}QeyI= znjfuHcd3V*fY7oT7fv;~H{Qy7BG8*hcub4LZGi)8jkI}pJ;LAh!L0djXhU1%sYX27 z=mzHP7%E@DY6mTZFi!jmGo)CodD^&kGr@iTAb9DuG&o3k05RP7Ss$JJ40%7M3zHuv z04Q4ML6<8IO$L_6o=N%bKj4_b&mPAFO=jcj^@n@Qo#%;bWBFElJ$T|EGrB?TuLUuW zpsqeh8aA9c&5gHz2fOY*B%p1Zk5v|B&Z_Bd<94atl{+TiApuTYsBiWe**{;dbds=N zgyCi&WUuU(&uD;2>nT1;k2JNztw=Q$i2&}>n~l1PoxrgpT@>2DQGd_EF8LETxW1r>PT%8OrfG8XBngKENx}6Si&CvQH5P75Ra$1#4)?=&4imgy}W$ zGs--YZV42P`hJyW5^osp3>rr$kStITwvQ#~N)Yz3Q|TPCyF)m_-%vH|k?7zH82ZEq zNbslkQsuQ7gw7EtW!qpvzp5r!CdNu(uP#Zt_TqRC)}=BYM@aRtba3x1?qbje-o zt)h+TYJ}R4C3T8GcS*I9d~&WQAKQblF#kYH)cy zRfsN3q~ox1zT^E}4h`UI_T3D5!);?N*vx2=-hE~FZ_WoruezmOcNS8tNpT4YSBLKB z1p8R17`3bI1(y@DLhDD?tOmA5J6+W+v)?T*N8#(Us|HN!-pZPEClD^eSDs_9$oIL1 z1dL8*RZl(5;1-ZBJBk2pXXPAO?2Wvg^)vpJns!g0IV!MbtiG znY52A{DH>^EhXfH3Pet_E?$E$UU#7Ym+sRXC%%&)Bz=K!;n)gg>8EUe#Yj(=_z>=< zn|wjlnXX3q955d`WlbvpUIr({P0t-J)xMpq6^_P#^|!R$`dc)e9-H~ue)e?-9w*sK zvc!3&=99`2k%urxBPI5N`1CoAex@7!x>O^=x{1-~2C z#6Q10kSUWALQZv_(@s&JX*nDs-f7?8y;rp0NWZLDhUTsxL1YZI1;dCB5>tZJ88BII zL=wI%(iWspEai^+Q%p=6>LV@P_nP%BC5pWdBUOi93iOBGyfcq3_wvG_2I1X}t%)gbx7?8zA#2*uqdj_AX8xHPk^=8Pj{`Ym%h2LoK$-kP6&9#+*!Qmn@|sa zb#2I`Uc$znz_$AhE1Ma$Wi$jeIdUp`K48LR{R)}Bgx97Bt~mq$ydl3Wfbgkice;c%I?S~St4-U&m(ZNi}al-`24!J2up>T3j4VPoQf|suz*DWDGc2-@E^c7X0#_ zCj8J0`i{nd0VzPS#*gmhKqoMbc(mk61+<&leV;Pw;$!TwV*(qVXPOzrqT@R(#IVFo zrpf~C|X3v=OBn0ADmLo<(E8dD1n2qHtPhxla)Y0~b z-hJHqz@dz$Mz*+vz^5xCXMQMqIlqDne@So!O29OskI%XmlF0$nZjE0SymGkfxZaJe z{f*;$QerE0rxyDj^aW9DsMK7upklGQ6^3=Zq{^I#3&fnFp2`cq9!VXN^44d^?7MY? z)zKBa(X)#u*b0&hgyl{%7r@~5j+e?gV6x{r#}JZu$^w4Oj9JH3N8Gpa6wJ)feT^3ZSoI*n~sF|rcCrq>R$7MPA<$G91`*BtSzUrrpdZ6XqP zOu@h3Fi!eg04}LDRRPAlVDC{jdB9YPQ6IMGJPNH7fNonhl|^jv%1-VOFx=X1SGzpvN_w_M7#qBzQe zs@Wf%%8sXK_!wW6*$Pxqdq_~Ob$d`Oidj(vDX%sKP%KJoLp_~`nwwK*+utqCatg&} zElUp6)ec*FDv?4q+=+6XLceA3FEMU5{qVE7M?0=)S3)JH9O-hkUTW10TSpa~Qlhc@;lW~D8*rgPfzBC2 z>t%H=cf$3?jGnQbVoNlwpqD$(d}+m(3Ei_M9jJsaFBG8IAF-^e(F3oWHbbub`NS#D z0oQyB+wT!+xFCuEEu)oXiJi{R%;c}oeWYihZ?&~PIx6!1byW0lo^L%;ts{Xt51T)0 zf-FP2*w9b0^~?4ffu*6Ow=RAbR^{0?=f&oRDr6Eu%y_LK*#aE)AMa64%&-;6BJm|@ z15Qt{^Sc8ffrCsCv-Z9m9oS~=spvn0)!L{0@MTgqO%`^;KL@&TO4?Qak2JHKL?zD0 zMeUwJ_0rC%`>ls*+ja)sst;LWGFjV%`fcWKOgF0Kxv{Y=PTJ7#Dwgr&P5M45$8d8S zQ3YAtD%T$Kp-E$(X!vr+P6Hp@rm9*778uxjmslBg|7N);Xv3Uyhss&?0`#ELt28a9@!PpGMX9o7CQKZ?6)isH0qHK_h74cB}b;h*pzz>!FwDJO@C3 zk$XsLt&kGG+YhaLyA&}JTH98{aW^%)GFw{Lzk*h>D3Lii}w+3)$ly$i5?aFx$tsPaBOV(i>pP!;#ZK_mX{kSMM za#8Nvq%Won?uxQ#itmw=R2}ULj}$Hcw&Ie`)-!_dr%EX+Y>(6*a{t(t?~}BEPP1yloLb@{9u zG(t+44QqPO{1_Be?Q;w;F=S+zV_S7eug&Mg%Q+|QdOO!GeRR)#^I^lYpu^eUVdnXs zoP|P}m*_11pi4EUOnHNG^`3PJ{7Sd|8u-K|cjIP&V?kfXEQ~KOWjg%9cC<03zEk(^k?w_ z=bh_x8QLO_Y+46$TXs^C5gF1qc~~GP-^HtoZ#XACwn>xk)}|;6zVG7PFsxd>6K`{% zOd_IEGqjF(S1MxjMSsHj=fc!Axt!F#oxhfB7I{Nug(FC4=yOggLL*b=m=Uvi+9@z}#lB7H { const infoPlist = path.sep + path.join(...parts.slice(2).reverse(), 'Info.plist'); try { - const { stdout } = await spawnFile('/usr/bin/defaults', ['read', infoPlist, 'CFBundleExecutable'], { stdio: 'pipe' }); + const { stdout } = await spawnFile('/usr/bin/plutil', + ['-extract', 'CFBundleExecutable', 'raw', '-expect', 'string', infoPlist], + { stdio: 'pipe' }); return stdout.trimEnd() === parts[0]; } catch { diff --git a/src/sudo-prompt/build-sudo-prompt b/src/sudo-prompt/build-sudo-prompt index 72928f44ed2..0714e7c277d 100755 --- a/src/sudo-prompt/build-sudo-prompt +++ b/src/sudo-prompt/build-sudo-prompt @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# defaults domain must be an absolute path +# shellcheck disable=SC2164 # Use 'cd ... || exit' or 'cd ... || return' in case cd fails. REPO=$(cd "$(dirname "${BASH_SOURCE[0]}")/../.."; pwd) # The APP name must be "Rancher Desktop.app" because this name is used in the dialog as @@ -15,6 +15,6 @@ osacompile -o "$APP" sudo-prompt.applescript # Don't put the script into ${CONTENTS}/MacOS/ because that breaks signing the applet cp sudo-prompt-script "${CONTENTS}/Resources/Scripts/" -cp "${RESOURCES}/icons/mac-icon.icns" "${CONTENTS}/Resources/applet.icns" +sips -s format icns "${RESOURCES}/icons/mac-icon.png" --out "${CONTENTS}/Resources/applet.icns" -defaults write "${CONTENTS}/Info.plist" CFBundleName "Rancher Desktop Password Prompt" +plutil -replace CFBundleName -string "Rancher Desktop Password Prompt" "${CONTENTS}/Info.plist" diff --git a/src/sudo-prompt/sudo-prompt-script b/src/sudo-prompt/sudo-prompt-script index d5b8dbe9d64..5ffb305b9ab 100755 --- a/src/sudo-prompt/sudo-prompt-script +++ b/src/sudo-prompt/sudo-prompt-script @@ -1,4 +1,10 @@ #!/bin/bash +# This script is executed by the applet with root permissions. +# The caller will have created a temporary directory containing just the +# `sudo-prompt-command` shell script. This script will add the `code`, +# `stdout` and `stderr` files. The caller will delete this directory +# again after reading the files. + # Set sudo timestamp for subsequent sudo calls if tty_tickets are disabled: /bin/mkdir -p /var/db/sudo/$USER > /dev/null 2>&1 /usr/bin/touch /var/db/sudo/$USER > /dev/null 2>&1 diff --git a/src/sudo-prompt/sudo-prompt.applescript b/src/sudo-prompt/sudo-prompt.applescript index f524a9a340c..f2187ee5250 100644 --- a/src/sudo-prompt/sudo-prompt.applescript +++ b/src/sudo-prompt/sudo-prompt.applescript @@ -1,6 +1,6 @@ set appletPath to POSIX path of (path to me) if appletPath ends with ".app/" then - set appletPath to appletPath & "Content/Resources/Scripts" + set appletPath to appletPath & "Contents/Resources/Scripts" else set appletPath to do shell script "dirname " & quoted form of appletPath end if