Merge pull request #30 from godotengine/osx-dummy-sign-templates

OSX: Dummy sign templates with linker-signed
2026-01-04 02:09:44 +03:00 · 2021-03-30 09:26:03 +02:00
parent 39d2591051 01bf08cd9b
commit 162cced016
1 changed files with 71 additions and 43 deletions
--- a/build-release.sh
+++ b/build-release.sh
@@ -23,50 +23,76 @@ sign_windows() {
 }

 sign_macos() {
-  if [ ! -z "${OSX_HOST}" ]; then
-    osx_tmpdir=$(ssh "${OSX_HOST}" "mktemp -d")
-    reldir="$1"
-    binname="$2"
-    is_mono="$3"
-
-    if [[ "${is_mono}" == "1" ]]; then
-      appname="Godot_mono.app"
-      entitlements=editor_mono.entitlements
-      sharpdir="${appname}/Contents/Resources/GodotSharp"
-      extra_files="${sharpdir}/Mono/lib/*.dylib ${sharpdir}/Tools/aot-compilers/*/*"
-    else
-      appname="Godot.app"
-      entitlements=editor.entitlements
-    fi
-
-    scp "${reldir}/${binname}.zip" "${OSX_HOST}:${osx_tmpdir}"
-    scp "${basedir}/build-macosx/${entitlements}" "${OSX_HOST}:${osx_tmpdir}"
-    ssh "${OSX_HOST}" "
-              cd ${osx_tmpdir} && \
-              unzip ${binname}.zip && \
-              codesign --force --timestamp \
-                --options=runtime --entitlements ${entitlements} \
-                -s ${OSX_KEY_ID} -v ${extra_files} ${appname} && \
-              zip -r ${binname}_signed.zip ${appname}"
-
-    request_uuid=$(ssh "${OSX_HOST}" "xcrun altool --notarize-app --primary-bundle-id \"${OSX_BUNDLE_ID}\" --username \"${APPLE_ID}\" --password \"${APPLE_ID_PASSWORD}\" --file ${osx_tmpdir}/${binname}_signed.zip")
-    request_uuid=$(echo ${request_uuid} | sed -e 's/.*RequestUUID = //')
-    ssh "${OSX_HOST}" "while xcrun altool --notarization-info ${request_uuid} -u \"${APPLE_ID}\" -p \"${APPLE_ID_PASSWORD}\" | grep -q Status:\ in\ progress; do echo Waiting on Apple notarization...; sleep 30s; done"
-    if ! ssh "${OSX_HOST}" "xcrun altool --notarization-info ${request_uuid} -u \"${APPLE_ID}\" -p \"${APPLE_ID_PASSWORD}\" | grep -q Status:\ success"; then
-      echo "Notarization failed."
-      notarization_log=$(ssh "${OSX_HOST}" "xcrun altool --notarization-info ${request_uuid} -u \"${APPLE_ID}\" -p \"${APPLE_ID_PASSWORD}\"")
-      echo "${notarization_log}"
-      ssh "${OSX_HOST}" "rm -rf ${osx_tmpdir}"
-      exit 1
-    else
-      ssh "${OSX_HOST}" "
-              cd ${osx_tmpdir} && \
-              xcrun stapler staple ${appname} && \
-              zip -r ${binname}_stapled.zip ${appname}"
-      scp "${OSX_HOST}:${osx_tmpdir}/${binname}_stapled.zip" ${reldir}/${binname}.zip
-      ssh "${OSX_HOST}" "rm -rf ${osx_tmpdir}"
-    fi
+  if [ -z "${OSX_HOST}" ]; then
+    return
  fi
+  osx_tmpdir=$(ssh "${OSX_HOST}" "mktemp -d")
+  reldir="$1"
+  binname="$2"
+  is_mono="$3"
+
+  if [[ "${is_mono}" == "1" ]]; then
+    appname="Godot_mono.app"
+    entitlements=editor_mono.entitlements
+    sharpdir="${appname}/Contents/Resources/GodotSharp"
+    extra_files="${sharpdir}/Mono/lib/*.dylib ${sharpdir}/Tools/aot-compilers/*/*"
+  else
+    appname="Godot.app"
+    entitlements=editor.entitlements
+  fi
+
+  scp "${reldir}/${binname}.zip" "${OSX_HOST}:${osx_tmpdir}"
+  scp "${basedir}/build-macosx/${entitlements}" "${OSX_HOST}:${osx_tmpdir}"
+  ssh "${OSX_HOST}" "
+            cd ${osx_tmpdir} && \
+            unzip ${binname}.zip && \
+            codesign --force --timestamp \
+              --options=runtime --entitlements ${entitlements} \
+              -s ${OSX_KEY_ID} -v ${extra_files} ${appname} && \
+            zip -r ${binname}_signed.zip ${appname}"
+
+  request_uuid=$(ssh "${OSX_HOST}" "xcrun altool --notarize-app --primary-bundle-id \"${OSX_BUNDLE_ID}\" --username \"${APPLE_ID}\" --password \"${APPLE_ID_PASSWORD}\" --file ${osx_tmpdir}/${binname}_signed.zip")
+  request_uuid=$(echo ${request_uuid} | sed -e 's/.*RequestUUID = //')
+  ssh "${OSX_HOST}" "while xcrun altool --notarization-info ${request_uuid} -u \"${APPLE_ID}\" -p \"${APPLE_ID_PASSWORD}\" | grep -q Status:\ in\ progress; do echo Waiting on Apple notarization...; sleep 30s; done"
+  if ! ssh "${OSX_HOST}" "xcrun altool --notarization-info ${request_uuid} -u \"${APPLE_ID}\" -p \"${APPLE_ID_PASSWORD}\" | grep -q Status:\ success"; then
+    echo "Notarization failed."
+    notarization_log=$(ssh "${OSX_HOST}" "xcrun altool --notarization-info ${request_uuid} -u \"${APPLE_ID}\" -p \"${APPLE_ID_PASSWORD}\"")
+    echo "${notarization_log}"
+    ssh "${OSX_HOST}" "rm -rf ${osx_tmpdir}"
+    exit 1
+  else
+    ssh "${OSX_HOST}" "
+            cd ${osx_tmpdir} && \
+            xcrun stapler staple ${appname} && \
+            zip -r ${binname}_stapled.zip ${appname}"
+    scp "${OSX_HOST}:${osx_tmpdir}/${binname}_stapled.zip" ${reldir}/${binname}.zip
+    ssh "${OSX_HOST}" "rm -rf ${osx_tmpdir}"
+  fi
+}
+
+sign_macos_template() {
+  if [ -z "${OSX_HOST}" ]; then
+    return
+  fi
+  osx_tmpdir=$(ssh "${OSX_HOST}" "mktemp -d")
+  reldir="$1"
+  is_mono="$2"
+
+  if [[ "${is_mono}" == "1" ]]; then
+    extra_files="osx_template.app/Contents/Resources/data.mono.*/Mono/lib/*.dylib"
+  fi
+
+  scp "${reldir}/osx.zip" "${OSX_HOST}:${osx_tmpdir}"
+  ssh "${OSX_HOST}" "
+            cd ${osx_tmpdir} && \
+            unzip osx.zip && \
+            codesign --force -s - \
+              --options=linker-signed \
+              -v ${extra_files} osx_template.app/Contents/MacOS/* && \
+            zip -r osx_signed.zip osx_template.app"
+
+  scp "${OSX_HOST}:${osx_tmpdir}/osx_signed.zip" ${reldir}/osx.zip
+  ssh "${OSX_HOST}" "rm -rf ${osx_tmpdir}"
 }

 godot_version=""
@@ -208,6 +234,7 @@ if [ "${build_classical}" == "1" ]; then
  chmod +x osx_template.app/Contents/MacOS/godot_osx*
  zip -q -9 -r "${templatesdir}/osx.zip" osx_template.app
  rm -rf osx_template.app
+  sign_macos_template ${templatesdir} 0

  ## Server (Classical) ##

@@ -413,6 +440,7 @@ if [ "${build_mono}" == "1" ]; then
  chmod +x osx_template.app/Contents/MacOS/godot_osx*
  zip -q -9 -r "${templatesdir_mono}/osx.zip" osx_template.app
  rm -rf osx_template.app
+  sign_macos_template ${templatesdir_mono} 1

  ## Server (Mono) ##