Exclude NOTICE files from binary detection to reduce unnecessary installation prompts

Author: Explosion-Scratch

lib/installers.js

@@ -1,7 +1,7 @@
 const fs = require("fs");
 const path = require("path");
 const os = require("os");
-const { execSync } = require("child_process");
+const { safeExecSync } = require("./utils");
 const { extractName } = require("./config");
 
 const getPlatformInfo = () => {
@@ -53,7 +53,7 @@ const getPlatformInfo = () => {
 const getInstallCapabilities = () => {
   const ebool = (cmd) => {
     try {
-      return execSync(cmd, { stdio: "ignore" }).length > 0;
+      return safeExecSync(cmd, [], { stdio: "ignore" }).length > 0;
     } catch (e) {
       return false;
     }
@@ -165,30 +165,19 @@ const selectBestAsset = (assets, platformInfo, capabilities) => {
 const extractArchive = (filePath, outputDir, extension) => {
   switch (extension) {
     case "tar.gz":
-      execSync(
-        `tar -xzf ${JSON.stringify(filePath)} --directory ${JSON.stringify(
-          outputDir
-        )}`
-      );
+      safeExecSync("tar", ["-xzf", filePath, "--directory", outputDir]);
       break;
     case "tar.xz":
-      execSync(
-        `tar -xJf ${JSON.stringify(filePath)} --directory ${JSON.stringify(
-          outputDir
-        )}`
-      );
+      safeExecSync("tar", ["-xJf", filePath, "--directory", outputDir]);
+      break;
+    case "tar.bz2":
+      safeExecSync("tar", ["-xjf", filePath, "--directory", outputDir]);
       break;
     case "zip":
-      execSync(
-        `unzip ${JSON.stringify(filePath)} -d ${JSON.stringify(outputDir)}`
-      );
+      safeExecSync("unzip", [filePath, "-d", outputDir]);
       break;
     case "tar.zst":
-      execSync(
-        `unzstd < ${JSON.stringify(filePath)} | tar -xf - --directory ${JSON.stringify(
-          outputDir
-        )}`
-      );
+      safeExecSync("sh", ["-c", `unzstd < ${JSON.stringify(filePath)} | tar -xf - --directory ${JSON.stringify(outputDir)}`]);
       break;
     default:
       // For files without known extensions, just copy them
@@ -201,10 +190,8 @@ const getBinaries = (dir) => {
   // First, find .app directories (these are app bundles on macOS)
   let appDirectories = [];
   try {
-    appDirectories = execSync(
-      `find ${JSON.stringify(
-        path.resolve(dir)
-      )} -maxdepth 2 -type d -name "*.app"`
+    appDirectories = safeExecSync(
+      "find", [path.resolve(dir), "-maxdepth", "2", "-type", "d", "-name", "*.app"]
     )
       .toString()
       .split("\n")
@@ -217,8 +204,8 @@ const getBinaries = (dir) => {
   }
 
   // Then find all files
-  const allFiles = execSync(
-    `find ${JSON.stringify(path.resolve(dir))} -type f ! -size 0`
+  const allFiles = safeExecSync(
+    "find", [path.resolve(dir), "-type", "f", "!", "-size", "0"]
   )
     .toString()
     .split("\n")
@@ -247,7 +234,7 @@ const getBinaries = (dir) => {
       }
 
       const filePath = path.resolve(dir, f);
-      const fileOutput = execSync(`file ${JSON.stringify(filePath)}`).toString();
+      const fileOutput = safeExecSync("file", [filePath]).toString();
 
       // Check if it's an executable binary or script
       return fileOutput.includes("executable") ||
@@ -274,11 +261,12 @@ const getBinaries = (dir) => {
     if (filename.includes("readme") || filename.includes("license") ||
       filename.includes("changelog") || filename.includes("copying") ||
       filename.includes("install") || filename.includes("makefile") ||
-      filename.includes(".md") || filename.includes(".txt") ||
-      filename.includes(".1") || filename.includes(".json") ||
-      filename.includes(".yaml") || filename.includes(".yml") ||
-      filename.includes(".toml") || filename.includes(".cfg") ||
-      filename.includes(".conf") || filename.includes(".ini")) {
+      filename.includes("notice") || filename.includes(".md") ||
+      filename.includes(".txt") || filename.includes(".1") ||
+      filename.includes(".json") || filename.includes(".yaml") ||
+      filename.includes(".yml") || filename.includes(".toml") ||
+      filename.includes(".cfg") || filename.includes(".conf") ||
+      filename.includes(".ini")) {
       return false;
     }
 
@@ -319,6 +307,7 @@ const selectBinaries = async (binaries, packageName, logger = null, yesFlag = fa
     return !filename.includes('readme') &&
       !filename.includes('license') &&
       !filename.includes('changelog') &&
+      !filename.includes('notice') &&
       !filename.includes('.md') &&
       !filename.includes('.txt') &&
       !filename.includes('.1') && // man pages
@@ -487,13 +476,20 @@ const installApp = async (appPath, outputDir, checkPathFn, logger = null, yesFla
   const dest = path.join("/Applications", `${cleaned}.app`);
   await checkPathFn(dest);
 
-  fs.cpSync(path.join(outputDir, appPath), dest, { recursive: true });
+  // Use rsync to preserve all file attributes, permissions, and symlinks
+  try {
+    safeExecSync("rsync", ["-a", "--copy-links", "--protect-args", `${path.join(outputDir, appPath)}/`, dest]);
+  } catch (e) {
+    // Fallback to fs.cpSync if rsync fails
+    if (logger) {
+      logger.warn(`rsync failed, falling back to fs.cpSync: ${e.message}`);
+    }
+    fs.cpSync(path.join(outputDir, appPath), dest, { recursive: true, preserveTimestamps: true });
+  }
 
   // Code sign
   try {
-    execSync(
-      `codesign --sign - --force --deep ${JSON.stringify(dest)} 2> /dev/null`
-    );
+    safeExecSync("codesign", ["--sign", "-", "--force", "--deep", dest], { stdio: "pipe" });
     if (logger) {
       logger.debug(`Successfully codesigned ${dest}`);
     }
@@ -505,9 +501,7 @@ const installApp = async (appPath, outputDir, checkPathFn, logger = null, yesFla
 
   // Remove quarantine
   try {
-    execSync(
-      `xattr -rd com.apple.quarantine ${JSON.stringify(dest)} 2> /dev/null`
-    );
+    safeExecSync("xattr", ["-rd", "com.apple.quarantine", dest], { stdio: "pipe" });
     if (logger) {
       logger.debug(`Removed quarantine from ${dest}`);
     }
@@ -521,7 +515,7 @@ const installApp = async (appPath, outputDir, checkPathFn, logger = null, yesFla
 };
 
 const installPkg = (pkgPath) => {
-  execSync(`sudo installer -pkg ${JSON.stringify(pkgPath)} -target /`);
+  safeExecSync("sudo", ["installer", "-pkg", pkgPath, "-target", "/"]);
   return ["System-wide package installation"];
 };
 
@@ -533,11 +527,7 @@ const mountDMG = (dmgPath, mountPoint, logger = null) => {
     }
     fs.mkdirSync(mountPoint, { recursive: true });
 
-    execSync(
-      `hdiutil attach ${JSON.stringify(
-        dmgPath
-      )} -nobrowse -mountpoint ${JSON.stringify(mountPoint)}`
-    );
+    safeExecSync("hdiutil", ["attach", dmgPath, "-nobrowse", "-mountpoint", mountPoint]);
 
     if (!fs.existsSync(mountPoint)) {
       throw new Error(
@@ -555,7 +545,7 @@ const mountDMG = (dmgPath, mountPoint, logger = null) => {
 
 const ejectDMG = (mountPoint, logger = null) => {
   try {
-    execSync(`hdiutil eject ${JSON.stringify(mountPoint)}`);
+    safeExecSync("hdiutil", ["eject", mountPoint]);
     if (logger) {
       logger.debug(`Successfully ejected DMG at: ${mountPoint}`);
     }
@@ -567,7 +557,7 @@ const ejectDMG = (mountPoint, logger = null) => {
     }
     // Try force eject as fallback
     try {
-      execSync(`hdiutil eject ${JSON.stringify(mountPoint)} -force`);
+      safeExecSync("hdiutil", ["eject", mountPoint, "-force"]);
       if (logger) {
         logger.debug(`Force ejected DMG at: ${mountPoint}`);
       }
@@ -600,7 +590,7 @@ const installBinaries = async (
     // Don't try to chmod files on mounted volumes (like DMGs)
     if (!isMountedVolume) {
       try {
-        execSync(`chmod +x ${JSON.stringify(binaryPath)}`);
+        safeExecSync("chmod", ["+x", binaryPath]);
       } catch (e) {
         if (logger) {
           logger.warn(`Failed to make ${binary} executable: ${e.message}`);
@@ -612,7 +602,7 @@ const installBinaries = async (
 
     // Make sure the copied file is executable
     try {
-      execSync(`chmod +x ${JSON.stringify(dest)}`);
+      safeExecSync("chmod", ["+x", dest]);
     } catch (e) {
       if (logger) {
         logger.warn(`Failed to make copied binary executable: ${e.message}`);
@@ -626,7 +616,7 @@ const installBinaries = async (
 };
 
 const installDeb = (debPath) => {
-  execSync(`sudo dpkg -i ${JSON.stringify(debPath)}`);
+  safeExecSync("sudo", ["dpkg", "-i", debPath]);
   return ["System-wide deb installation"];
 };