build(deps-dev): bump electron-builder from 25.1.8 to 26.0.12

package.json

@@ -143,7 +143,7 @@
     "css-loader": "7.1.2",
     "ejs": "3.1.10",
     "electron": "35.2.0",
-    "electron-builder": "25.1.8",
+    "electron-builder": "26.0.12",
     "eslint": "8.57.1",
     "eslint-plugin-deprecation": "3.0.0",
     "eslint-plugin-import": "2.31.0",
@@ -163,6 +163,7 @@
     "node-gyp-build": "4.8.4",
     "node-loader": "^2.1.0",
     "octokit": "4.1.3",
+    "plist": "3.1.0",
     "ps-tree": "1.2.0",
     "raw-loader": "4.0.2",
     "sass": "1.87.0",

packaging/electron-builder.yml

@@ -24,11 +24,6 @@ mac:
   darkModeSupport: true
   hardenedRuntime: true
   gatekeeperAssess: false
-  extendInfo:
-    NSBluetoothAlwaysUsageDescription: ~
-    NSBluetoothPeripheralUsageDescription: ~
-    NSCameraUsageDescription: ~
-    NSMicrophoneUsageDescription: ~
   icon: ./resources/icons/mac-icon.png
   target: [ dmg, zip ]
   identity: ~ # We sign in a separate step

scripts/lib/sign-macos.ts

@@ -259,13 +259,17 @@ async function isBundleExecutable(fullPath: string): Promise<boolean> {
       const infoPlist = path.sep + path.join(...parts.slice(2).reverse(), 'Info.plist');
 
       try {
-        const { stdout } = await spawnFile('/usr/bin/plutil',
-          ['-extract', 'CFBundleExecutable', 'raw', '-expect', 'string', infoPlist],
-          { stdio: 'pipe' });
+        const executableKey = 'CFBundleExecutable';
+        const plistContents = await fs.promises.readFile(infoPlist, 'utf-8');
+        const value = plist.parse(plistContents);
 
-        return stdout.trimEnd() === parts[0];
-      } catch {
-        log.info({ infoPlist }, 'Failed to read Info.plist, assuming not the bundle executable.');
+        if (typeof value !== 'object' || !(executableKey in value)) {
+          return false;
+        }
+
+        return value[executableKey] === parts[0];
+      } catch (ex) {
+        log.info({ ex, infoPlist }, 'Failed to read Info.plist, assuming not the bundle executable.');
 
         return false;
       }

scripts/package.ts

@@ -15,6 +15,7 @@ import {
   AfterPackContext, Arch, build, CliOptions, Configuration, LinuxTargetSpecificOptions,
 } from 'electron-builder';
 import _ from 'lodash';
+import plist from 'plist';
 import yaml from 'yaml';
 
 import buildUtils from './lib/build-utils';
@@ -98,9 +99,41 @@ class Builder {
     await helper.writeDesktopEntry(options, context.packager.executableName, destination);
   }
 
+  /**
+   * Edit the application's `Info.plist` file to remove the UsageDescription
+   * keys; there is no reason for the application to get any of those permissions.
+   */
+  protected async removeMacUsageDescriptions(context: AfterPackContext) {
+    const { MacPackager } = await import('app-builder-lib/out/macPackager');
+    const { packager } = context;
+    const config = packager.config.mac;
+
+    if (!(packager instanceof MacPackager) || !config) {
+      return;
+    }
+
+    const { productFilename } = packager.appInfo;
+    const plistPath = path.join(context.appOutDir, `${ productFilename }.app`, 'Contents', 'Info.plist');
+    const plistContents = await fs.promises.readFile(plistPath, 'utf-8');
+    const plistData = plist.parse(plistContents);
+
+    if (typeof plistData !== 'object' || !('CFBundleName' in plistData)) {
+      return;
+    }
+    const plistCopy: Record<string, plist.PlistValue> = structuredClone(plistData);
+
+    for (const key in plistData) {
+      if (/^NS.*UsageDescription$/.test(key)) {
+        delete plistCopy[key];
+      }
+    }
+    await fs.promises.writeFile(plistPath, plist.build(plistCopy), 'utf-8');
+  }
+
   protected async afterPack(context: AfterPackContext) {
     await this.flipFuses(context);
     await this.writeLinuxDesktopFile(context);
+    await this.removeMacUsageDescriptions(context);
   }
 
   async package(): Promise<CliOptions> {