From 119883965a61be67fddb75ad0ca4bc42c8e521af Mon Sep 17 00:00:00 2001
From: Claudio Cambra <claudio.cambra@nextcloud.com>
Date: Thu, 21 Nov 2024 23:08:38 +0800
Subject: [PATCH 1/4] Do not take current dir pth for filemanager for recursive
 codesign executable path check

Signed-off-by: Claudio Cambra <claudio.cambra@nextcloud.com>
---
 admin/osx/mac-crafter/Sources/Utils/Codesign.swift | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/admin/osx/mac-crafter/Sources/Utils/Codesign.swift b/admin/osx/mac-crafter/Sources/Utils/Codesign.swift
index 426d3ce05a4d6..cbbdf0eb32d15 100644
--- a/admin/osx/mac-crafter/Sources/Utils/Codesign.swift
+++ b/admin/osx/mac-crafter/Sources/Utils/Codesign.swift
@@ -70,7 +70,7 @@ func recursivelyCodesign(
     }
 
     for case let enumeratedItem as String in pathEnumerator {
-        let isExecutableFile = try isExecutable(fm.currentDirectoryPath + "/" + path + "/" + enumeratedItem)
+        let isExecutableFile = try isExecutable(path + "/" + enumeratedItem)
         guard isLibrary(enumeratedItem) || isAppExtension(enumeratedItem) || isExecutableFile else {
             continue
         }

From 8d01462c80b29037ae86e864ebaeeec42bdbe9fa Mon Sep 17 00:00:00 2001
From: Claudio Cambra <claudio.cambra@nextcloud.com>
Date: Thu, 21 Nov 2024 23:09:13 +0800
Subject: [PATCH 2/4] Ensure path passed to codesigning is absolute when using
 mac-crafter codesign

Signed-off-by: Claudio Cambra <claudio.cambra@nextcloud.com>
---
 admin/osx/mac-crafter/Sources/main.swift | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/admin/osx/mac-crafter/Sources/main.swift b/admin/osx/mac-crafter/Sources/main.swift
index d7e680a30fe41..654954ec965c0 100644
--- a/admin/osx/mac-crafter/Sources/main.swift
+++ b/admin/osx/mac-crafter/Sources/main.swift
@@ -275,7 +275,10 @@ struct Codesign: ParsableCommand {
     var codeSignIdentity: String
 
     mutating func run() throws {
-        try codesignClientAppBundle(at: appBundlePath, withCodeSignIdentity: codeSignIdentity)
+        let absolutePath = appBundlePath.hasPrefix("/")
+            ? appBundlePath
+            : "\(FileManager.default.currentDirectoryPath)/\(appBundlePath)"
+        try codesignClientAppBundle(at: absolutePath, withCodeSignIdentity: codeSignIdentity)
     }
 }
 

From d4b94058702956f2f3f7052f79f238a967929d19 Mon Sep 17 00:00:00 2001
From: Claudio Cambra <claudio.cambra@nextcloud.com>
Date: Fri, 22 Nov 2024 00:36:12 +0800
Subject: [PATCH 3/4] Only define enumeratedItemPath once

Signed-off-by: Claudio Cambra <claudio.cambra@nextcloud.com>
---
 admin/osx/mac-crafter/Sources/Utils/Codesign.swift | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/admin/osx/mac-crafter/Sources/Utils/Codesign.swift b/admin/osx/mac-crafter/Sources/Utils/Codesign.swift
index cbbdf0eb32d15..a3fb29d827531 100644
--- a/admin/osx/mac-crafter/Sources/Utils/Codesign.swift
+++ b/admin/osx/mac-crafter/Sources/Utils/Codesign.swift
@@ -70,11 +70,12 @@ func recursivelyCodesign(
     }
 
     for case let enumeratedItem as String in pathEnumerator {
-        let isExecutableFile = try isExecutable(path + "/" + enumeratedItem)
+        let enumeratedItemPath = "\(path)/\(enumeratedItem)"
+        let isExecutableFile = try isExecutable(enumeratedItemPath)
         guard isLibrary(enumeratedItem) || isAppExtension(enumeratedItem) || isExecutableFile else {
             continue
         }
-        try codesign(identity: identity, path: "\(path)/\(enumeratedItem)", options: options)
+        try codesign(identity: identity, path: enumeratedItemPath, options: options)
     }
 }
 

From 07d6456d5b3d63743e5668ac3e1c0918a33f2be7 Mon Sep 17 00:00:00 2001
From: Claudio Cambra <claudio.cambra@nextcloud.com>
Date: Fri, 22 Nov 2024 00:36:25 +0800
Subject: [PATCH 4/4] Ensure we sign the app bundle's main executable last

Signed-off-by: Claudio Cambra <claudio.cambra@nextcloud.com>
---
 admin/osx/mac-crafter/Sources/Utils/Codesign.swift | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/admin/osx/mac-crafter/Sources/Utils/Codesign.swift b/admin/osx/mac-crafter/Sources/Utils/Codesign.swift
index a3fb29d827531..405371f1106d4 100644
--- a/admin/osx/mac-crafter/Sources/Utils/Codesign.swift
+++ b/admin/osx/mac-crafter/Sources/Utils/Codesign.swift
@@ -145,6 +145,15 @@ func codesignClientAppBundle(
     }
 
     // Now we do the final codesign bit
+    let binariesDir = "\(clientContentsDir)/MacOS"
     print("Code-signing Nextcloud Desktop Client binaries...")
-    try recursivelyCodesign(path: "\(clientContentsDir)/MacOS/", identity: codeSignIdentity)
+    try recursivelyCodesign(path: binariesDir, identity: codeSignIdentity)
+
+    guard let appName = clientAppDir.components(separatedBy: "/").last, clientAppDir.hasSuffix(".app") else {
+        throw AppBundleSigningError.couldNotEnumerate("Failed to determine main executable name.")
+    }
+
+    // Sign the main executable last
+    let mainExecutableName = String(appName.dropLast(".app".count))
+    try codesign(identity: codeSignIdentity, path: "\(binariesDir)/\(mainExecutableName)")
 }