From 3bc3b6a726452397cb8689d37d3579e2573bd60b Mon Sep 17 00:00:00 2001 From: Claudio Cambra Date: Thu, 21 Nov 2024 13:16:16 +0800 Subject: [PATCH 1/3] Do not do deep codesign as default Signed-off-by: Claudio Cambra --- admin/osx/mac-crafter/Sources/Utils/Codesign.swift | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/admin/osx/mac-crafter/Sources/Utils/Codesign.swift b/admin/osx/mac-crafter/Sources/Utils/Codesign.swift index dab7299bdf5af..7b4654762dd4f 100644 --- a/admin/osx/mac-crafter/Sources/Utils/Codesign.swift +++ b/admin/osx/mac-crafter/Sources/Utils/Codesign.swift @@ -14,7 +14,7 @@ import Foundation -fileprivate let defaultCodesignOptions = "--timestamp --force --preserve-metadata=entitlements --verbose=4 --options runtime --deep" +fileprivate let defaultCodesignOptions = "--timestamp --force --preserve-metadata=entitlements --verbose=4 --options runtime" enum CodeSigningError: Error { case failedToCodeSign(String) From d446c4d378066f3e6c079cc6a21383ab1b0dbf3f Mon Sep 17 00:00:00 2001 From: Claudio Cambra Date: Thu, 21 Nov 2024 13:16:33 +0800 Subject: [PATCH 2/3] Also sign executables during recursive codesign Signed-off-by: Claudio Cambra --- admin/osx/mac-crafter/Sources/Utils/Codesign.swift | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/admin/osx/mac-crafter/Sources/Utils/Codesign.swift b/admin/osx/mac-crafter/Sources/Utils/Codesign.swift index 7b4654762dd4f..12999abb5ed00 100644 --- a/admin/osx/mac-crafter/Sources/Utils/Codesign.swift +++ b/admin/osx/mac-crafter/Sources/Utils/Codesign.swift @@ -32,6 +32,10 @@ func isAppExtension(_ path: String) -> Bool { path.hasSuffix(".appex") } +func isExecutable(_ path: String) -> Bool { + FileManager.default.isExecutableFile(atPath: path) +} + func codesign(identity: String, path: String, options: String = defaultCodesignOptions) throws { print("Code-signing \(path)...") let command = "codesign -s \"\(identity)\" \(options) \"\(path)\"" @@ -53,7 +57,10 @@ func recursivelyCodesign( } for case let enumeratedItem as String in pathEnumerator { - guard isLibrary(enumeratedItem) || isAppExtension(enumeratedItem) else { continue } + guard isLibrary(enumeratedItem) || + isAppExtension(enumeratedItem) || + isExecutable(enumeratedItem) + else { continue } try codesign(identity: identity, path: "\(path)/\(enumeratedItem)") } } From 237f2ce0d23d7203639782919c687a4a08f812e3 Mon Sep 17 00:00:00 2001 From: Claudio Cambra Date: Thu, 21 Nov 2024 13:16:45 +0800 Subject: [PATCH 3/3] Do a codesign of the app bundle itself as final step Signed-off-by: Claudio Cambra --- admin/osx/mac-crafter/Sources/Utils/Codesign.swift | 3 +++ 1 file changed, 3 insertions(+) diff --git a/admin/osx/mac-crafter/Sources/Utils/Codesign.swift b/admin/osx/mac-crafter/Sources/Utils/Codesign.swift index 12999abb5ed00..a2b961eb87e3d 100644 --- a/admin/osx/mac-crafter/Sources/Utils/Codesign.swift +++ b/admin/osx/mac-crafter/Sources/Utils/Codesign.swift @@ -133,4 +133,7 @@ func codesignClientAppBundle( // Now we do the final codesign bit print("Code-signing Nextcloud Desktop Client binaries...") try recursivelyCodesign(path: "\(clientContentsDir)/MacOS/", identity: codeSignIdentity) + + print("Code-signing Nextcloud Desktop Client app bundle...") + try codesign(identity: codeSignIdentity, path: clientAppDir) }