Not possible in Mac App Store, aka app-sandbox

[marcj]

Hi, first: Thanks for this great library!

I have an issue with getting an app using this library to the Mac App Store. The problem is that the source contains a binary at https://github.com/jorangreef/sudo-prompt/blob/master/index.js#L668 var APPLET = .., which you extract at runtime. In the app-sandbox environment of macOS (which is required by the Mac App Store) such a behavior is forbidden. One way around it is to include that binary as plain file, which I can then code-sign to allow to be executed. That code signing needs to happen during build time and can run during runtime.

So my question is: Would it be possible to place that file inside the package as plain file? What was the intent in encoding it as base64 in the javascript code?

[jorangreef]

Thanks @marcj !

That's actually how we used to have it, with the applet as a separate file inside the package. However, we ran into an issue with Electron's ASAR and solved that by including it in the source code directly as base64.

I guess we could do both, ship a separate file as well as base64 and then branch depending on whether the runtime is Electron or Node.js.

[jorangreef]

This was the original ASAR issue: #10

[marcj]

Thanks @jorangreef! But the problem is, I use Electron as well, but not with ASAR though 😅

[jorangreef]

That's fine.

[jorangreef]

@marcj, would you be able to do a PR for this?

You would need to have the code branch on whether you detect the user is using ASAR or not, and then first unpack the base64 string or use the standalone applet directly respectively.

On the plus side, this would speed up sudo-prompt for apps that don't use ASAR.

One thing to keep in mind though is that for icon and name support, we don't just use the applet, we also modify the plist of the applet. I don't know if that will survive code-signing but if you could test that would be appreciated.