Prepare for 1.12.3

.github/actions/spelling/expect.txt

@@ -68,6 +68,7 @@ bindir
 binfmt
 bitnami
 blkio
+blockmap
 bootfs
 bosco
 bottlesofbeeronthewall

package.json

@@ -2,7 +2,7 @@
   "name": "rancher-desktop",
   "productName": "Rancher Desktop",
   "license": "Apache-2.0",
-  "version": "1.12.2",
+  "version": "1.12.3",
   "author": {
     "name": "SUSE",
     "email": "containers@suse.com"

pkg/rancher-desktop/assets/dependencies.yaml

@@ -1,9 +1,9 @@
 lima: 0.19.0.rd5
 limaAndQemu: 1.31.2
 alpineLimaISO:
-  isoVersion: 0.2.31.rd11
+  isoVersion: 0.2.31.rd12
   alpineVersion: 3.18.0
-WSLDistro: "0.51"
+WSLDistro: 0.51.1
 kuberlr: 0.4.4
 helm: 3.13.3
 dockerCLI: 24.0.7

scripts/lib/sign-macos.ts

@@ -31,7 +31,7 @@ type SigningConfig = {
   remove: string[];
 };
 
-export async function sign(workDir: string): Promise<string> {
+export async function sign(workDir: string): Promise<string[]> {
   const certFingerprint = process.env.CSC_FINGERPRINT ?? '';
   const appleId = process.env.APPLEID;
   const appleIdPassword = process.env.AC_PASSWORD;
@@ -125,28 +125,42 @@ export async function sign(workDir: string): Promise<string> {
     throw new Error(message.join('\n'));
   }
 
-  console.log('Building disk image...');
+  console.log('Building disk image and update archive...');
   const arch = process.env.M1 ? Arch.arm64 : Arch.x64;
   const productFileName = config.productName?.replace(/\s+/g, '.');
   const productArch = process.env.M1 ? 'aarch64' : 'x86_64';
-  const artifactName = `${ productFileName }-\${version}.${ productArch }.\${ext}`;
+  const artifactName = `${ productFileName }-\${version}-mac.${ productArch }.\${ext}`;
+  const formats = ['dmg', 'zip'];
 
   // Build the dmg, explicitly _not_ using an identity; we just signed
   // everything as we wanted already.
   const results = await build({
-    targets:     new Map([[Platform.MAC, new Map([[arch, ['dmg']]])]]),
+    targets:     new Map([[Platform.MAC, new Map([[arch, formats]])]]),
     config:      _.merge<Configuration, Configuration>(config, { mac: { artifactName, identity: null } }),
     prepackaged: appDir,
   });
 
-  const dmgFile = results.find(v => v.endsWith('.dmg'));
+  // The .dmg and the .zip have slightly different file names, so we need to
+  // deal with them separately.
+
+  const dmgFile = results.find(f => f.endsWith('.dmg'));
+  const zipFile = results.find(f => f.endsWith('.zip'));
 
   if (!dmgFile) {
-    throw new Error(`Could not find signed disk image`);
+    throw new Error(`Could not find build disk image`);
+  }
+  if (!zipFile) {
+    throw new Error(`Could not find build zip file`);
   }
-  await spawnFile('codesign', ['--sign', certFingerprint, '--timestamp', dmgFile], { stdio: 'inherit' });
 
-  return dmgFile;
+  const dmgRenamedFile = dmgFile.replace('-mac.', '.');
+
+  await fs.promises.rename(dmgFile, dmgRenamedFile);
+  await Promise.all([dmgRenamedFile, zipFile].map((f) => {
+    return spawnFile('codesign', ['--sign', certFingerprint, '--timestamp', f], { stdio: 'inherit' });
+  }));
+
+  return Object.values([dmgRenamedFile, zipFile]);
 }
 
 /**

scripts/lib/sign-win32.ts

@@ -44,7 +44,7 @@ interface ElectronBuilderConfiguration {
   }
 }
 
-export async function sign(workDir: string): Promise<string> {
+export async function sign(workDir: string): Promise<string[]> {
   const certFingerprint = process.env.CSC_FINGERPRINT ?? '';
   const certPassword = process.env.CSC_KEY_PASSWORD ?? '';
 
@@ -98,7 +98,7 @@ export async function sign(workDir: string): Promise<string> {
 
   await signFn(...filesToSign);
 
-  return await buildWiX(workDir, unpackedDir, signFn);
+  return [await buildWiX(workDir, unpackedDir, signFn)];
 }
 
 /**

scripts/sign.ts

@@ -21,7 +21,7 @@ async function signArchive(archive: string): Promise<void> {
   await fs.promises.mkdir(distDir, { recursive: true });
   const workDir = await fs.promises.mkdtemp(path.join(distDir, 'sign-'));
   const archiveDir = path.join(workDir, 'unpacked');
-  let artifact: string | undefined;
+  let artifacts: string[] | undefined;
 
   try {
     // Extract the archive
@@ -32,20 +32,23 @@ async function signArchive(archive: string): Promise<void> {
     // Detect the archive type
     for (const file of await fs.promises.readdir(archiveDir)) {
       if (file.endsWith('.exe')) {
-        artifact = await windows.sign(workDir);
+        artifacts = await windows.sign(workDir);
         break;
       }
       if (file.endsWith('.app')) {
-        artifact = await macos.sign(workDir);
+        artifacts = await macos.sign(workDir);
         break;
       }
     }
 
-    if (!artifact) {
+    if (!artifacts) {
       throw new Error(`Could not find any files to sign in ${ archive }`);
     }
-    await computeChecksum(artifact);
-    console.log(`Signed result: ${ artifact }`);
+    await Promise.all(artifacts.map(f => computeChecksum(f)));
+
+    for (const line of ['Signed results:', ...artifacts.map(f => ` - ${ f }`)]) {
+      console.log(line);
+    }
   } finally {
     await fs.promises.rm(workDir, { recursive: true, maxRetries: 3 });
   }