Description
- Electron-Builder Version: 25.1.8
- Node Version: 22.11.0
- Electron Version: N/A
- Electron Type (current, beta, nightly):
- Target: mas
Upgrading from v24 to v25 of the app-builder-lib introduced a small regression when determining the certPasswords that are provided to the importCerts function.
Previously, it would explicitly check that cscKeyPassword and cscIKeyPassword were not assigned to null , allowing for empty password strings ("") to satisfy the old filter condition:
return await importCerts(keychainFile, certPaths, [cscKeyPassword, cscIKeyPassword].filter(it => it != null) as Array<string>)
This seems to be the intended behaviour and was indeed the behaviour that we were relying on.
Now, cscIKeyPassword is checked using a truthy condition (instead of checking for null), before being supplied to importCerts.
const cscPasswords: Array<string> = [cscKeyPassword]
if (cscIKeyPassword) {
cscPasswords.push(cscIKeyPassword)
}
return await importCerts(keychainFile, certPaths, cscPasswords)
This allows empty strings to be provided as passwords for cscKeyPassword, but disallows them from being used for cscIKeyPassword. It's also inconsistent with how the cscILink is determined:
const certLinks = [cscLink];
if (cscILink != null) {
certLinks.push(cscILink);
}
The fix for this issue would just be to re-introduce the explicit null check for cscIKeyPassword as follows:
const cscPasswords = [cscKeyPassword];
if (cscIKeyPassword != null) {
cscPasswords.push(cscIKeyPassword);
}
return await importCerts(keychainFile, certPaths, cscPasswords);
If that seems reasonable, I can make a PR for you to review? It would just be the line change.