godotengine/godot-build-scripts
1
0
Fork 0
mirror of https://github.com/godotengine/godot-build-scripts.git synced 2026-01-04 02:09:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #24 from godotengine/macos-mono-codesign

Browse Source 
Mono/macOS: Change .app packaging and codesign editor binary
This commit is contained in:
Rémi Verschelde
2021-03-04 15:55:25 +01:00
committed by GitHub
parent e0da42acd5 c371cddcb5
commit f3a5097159
2 changed files with 75 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
build-macosx/editor_mono.entitlements Normal file
View File

@@ -0,0 +1,18 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.device.audio-input</key>
<true/>
<key>com.apple.security.device.camera</key>
<true/>
</dict>
</plist>

100
build-release.sh
View File

@@ -14,7 +14,7 @@ else
echo "Disabling binary signing as config.sh does not define the required data." echo "Disabling binary signing as config.sh does not define the required data."
fi fi
function sign { sign_windows() {
if [ $can_sign == 0 ]; then if [ $can_sign == 0 ]; then
return return
fi fi
@@ -22,6 +22,53 @@ function sign {
mv $1-signed $1 mv $1-signed $1
} }
sign_macos() {
if [ ! -z "${OSX_HOST}" ]; then
osx_tmpdir=$(ssh "${OSX_HOST}" "mktemp -d")
reldir="$1"
binname="$2"
is_mono="$3"
if [[ "${is_mono}" == "1" ]]; then
appname="Godot_mono.app"
entitlements=editor_mono.entitlements
sharpdir="${appname}/Contents/Resources/GodotSharp"
extra_files="${sharpdir}/Mono/lib/*.dylib ${sharpdir}/Tools/aot-compilers/*/*"
else
appname="Godot.app"
entitlements=editor.entitlements
fi
scp "${reldir}/${binname}.zip" "${OSX_HOST}:${osx_tmpdir}"
scp "${basedir}/build-macosx/${entitlements}" "${OSX_HOST}:${osx_tmpdir}"
ssh "${OSX_HOST}" "
cd ${osx_tmpdir} && \
unzip ${binname}.zip && \
codesign --force --timestamp \
--options=runtime --entitlements ${entitlements} \
-s ${OSX_KEY_ID} -v ${extra_files} ${appname} && \
zip -r ${binname}_signed.zip ${appname}"
request_uuid=$(ssh "${OSX_HOST}" "xcrun altool --notarize-app --primary-bundle-id \"${OSX_BUNDLE_ID}\" --username \"${APPLE_ID}\" --password \"${APPLE_ID_PASSWORD}\" --file ${osx_tmpdir}/${binname}_signed.zip")
request_uuid=$(echo ${request_uuid} | sed -e 's/.*RequestUUID = //')
ssh "${OSX_HOST}" "while xcrun altool --notarization-history 0 -u \"${APPLE_ID}\" -p \"${APPLE_ID_PASSWORD}\" | grep -q ${request_uuid}.*in\ progress; do echo Waiting on Apple notarization...; sleep 30s; done"
if ! ssh "${OSX_HOST}" "xcrun altool --notarization-history 0 -u \"${APPLE_ID}\" -p \"${APPLE_ID_PASSWORD}\" | grep -q ${request_uuid}.*success"; then
echo "Notarization failed."
notarization_log=$(ssh "${OSX_HOST}" "xcrun altool --notarization-info ${request_uuid} -u \"${APPLE_ID}\" -p \"${APPLE_ID_PASSWORD}\"")
echo "${notarization_log}"
ssh "${OSX_HOST}" "rm -rf ${osx_tmpdir}"
exit 1
else
ssh "${OSX_HOST}" "
cd ${osx_tmpdir} && \
xcrun stapler staple ${appname} && \
zip -r ${binname}_stapled.zip ${appname}"
scp "${OSX_HOST}:${osx_tmpdir}/${binname}_stapled.zip" ${reldir}/${binname}.zip
ssh "${OSX_HOST}" "rm -rf ${osx_tmpdir}"
fi
fi
}
godot_version="" godot_version=""
templates_version="" templates_version=""
build_classical=1 build_classical=1
@@ -117,14 +164,14 @@ if [ "${build_classical}" == "1" ]; then
binname="${godot_basename}_win64.exe" binname="${godot_basename}_win64.exe"
cp out/windows/x64/tools/godot.windows.opt.tools.64.exe ${binname} cp out/windows/x64/tools/godot.windows.opt.tools.64.exe ${binname}
strip ${binname} strip ${binname}
sign ${binname} sign_windows ${binname}
zip -q -9 "${reldir}/${binname}.zip" ${binname} zip -q -9 "${reldir}/${binname}.zip" ${binname}
rm ${binname} rm ${binname}
binname="${godot_basename}_win32.exe" binname="${godot_basename}_win32.exe"
cp out/windows/x86/tools/godot.windows.opt.tools.32.exe ${binname} cp out/windows/x86/tools/godot.windows.opt.tools.32.exe ${binname}
strip ${binname} strip ${binname}
sign ${binname} sign_windows ${binname}
zip -q -9 "${reldir}/${binname}.zip" ${binname} zip -q -9 "${reldir}/${binname}.zip" ${binname}
rm ${binname} rm ${binname}
@@ -147,34 +194,7 @@ if [ "${build_classical}" == "1" ]; then
chmod +x Godot.app/Contents/MacOS/Godot chmod +x Godot.app/Contents/MacOS/Godot
zip -q -9 -r "${reldir}/${binname}.zip" Godot.app zip -q -9 -r "${reldir}/${binname}.zip" Godot.app
rm -rf Godot.app rm -rf Godot.app
sign_macos ${reldir} ${binname} 0
if [ ! -z "${OSX_HOST}" ]; then
osx_tmpdir=$(ssh "${OSX_HOST}" "mktemp -d")
scp "${reldir}/${binname}.zip" "${OSX_HOST}:${osx_tmpdir}"
scp "${basedir}/build-macosx/editor.entitlements" "${OSX_HOST}:${osx_tmpdir}"
ssh "${OSX_HOST}" "
cd ${osx_tmpdir} && \
unzip ${binname}.zip &&\
codesign --timestamp --options=runtime --entitlements editor.entitlements -s ${OSX_KEY_ID} -v Godot.app/Contents/MacOS/Godot && \
zip -r ${binname}_signed.zip Godot.app"
request_uuid=$(ssh "${OSX_HOST}" "xcrun altool --notarize-app --primary-bundle-id \"${OSX_BUNDLE_ID}\" --username \"${APPLE_ID}\" --password \"${APPLE_ID_PASSWORD}\" --file ${osx_tmpdir}/${binname}_signed.zip")
request_uuid=$(echo ${request_uuid} | sed -e 's/.*RequestUUID = //')
ssh "${OSX_HOST}" "while xcrun altool --notarization-history 0 -u \"${APPLE_ID}\" -p \"${APPLE_ID_PASSWORD}\" | grep -q ${request_uuid}.*in\ progress; do echo Waiting on Apple signature; sleep 30s; done"
if ! ssh "${OSX_HOST}" "xcrun altool --notarization-history 0 -u \"${APPLE_ID}\" -p \"${APPLE_ID_PASSWORD}\" | grep -q ${request_uuid}.*success"; then
echo "Signing failed?"
ssh "${OSX_HOST}" "rm -rf ${osx_tmpdir}"
exit 1
else
ssh "${OSX_HOST}" "
cd ${osx_tmpdir} && \
xcrun stapler staple Godot.app && \
zip -r ${binname}_stapled.zip Godot.app"
scp "${OSX_HOST}:${osx_tmpdir}/${binname}_stapled.zip" ${reldir}/${binname}.zip
ssh "${OSX_HOST}" "rm -rf ${osx_tmpdir}"
fi
fi
# Templates # Templates
rm -rf osx_template.app rm -rf osx_template.app
@@ -366,28 +386,22 @@ if [ "${build_mono}" == "1" ]; then
binname="${godot_basename}_mono_osx.64" binname="${godot_basename}_mono_osx.64"
rm -rf Godot_mono.app rm -rf Godot_mono.app
cp -r git/misc/dist/osx_tools.app Godot_mono.app cp -r git/misc/dist/osx_tools.app Godot_mono.app
mkdir -p Godot_mono.app/Contents/MacOS mkdir -p Godot_mono.app/Contents/{MacOS,Resources}
cp out/macosx/tools-mono/godot.osx.opt.tools.x86_64.mono Godot_mono.app/Contents/MacOS/Godot cp out/macosx/tools-mono/godot.osx.opt.tools.x86_64.mono Godot_mono.app/Contents/MacOS/Godot
mkdir -p Godot_mono.app/Contents/{Frameworks,Resources} cp -rp out/macosx/tools-mono/GodotSharp Godot_mono.app/Contents/Resources/GodotSharp
mkdir -p Godot_mono.app/Contents/{Frameworks,Resources}/GodotSharp cp -rp out/aot-compilers Godot_mono.app/Contents/Resources/GodotSharp/Tools/
mkdir -p Godot_mono.app/Contents/{Frameworks,Resources}/GodotSharp/Mono
cp -rp out/macosx/tools-mono/GodotSharp/Api Godot_mono.app/Contents/Frameworks/GodotSharp
cp -rp out/macosx/tools-mono/GodotSharp/Mono/lib Godot_mono.app/Contents/Frameworks/GodotSharp/Mono
cp -rp out/macosx/tools-mono/GodotSharp/Tools Godot_mono.app/Contents/Frameworks/GodotSharp
cp -rp out/macosx/tools-mono/GodotSharp/Mono/etc Godot_mono.app/Contents/Resources/GodotSharp/Mono
cp -rp out/aot-compilers Godot_mono.app/Contents/Frameworks/GodotSharp/Tools/
chmod +x Godot_mono.app/Contents/MacOS/Godot chmod +x Godot_mono.app/Contents/MacOS/Godot
zip -q -9 -r "${reldir_mono}/${binname}.zip" Godot_mono.app zip -q -9 -r "${reldir_mono}/${binname}.zip" Godot_mono.app
rm -rf Godot_mono.app rm -rf Godot_mono.app
sign_macos ${reldir_mono} ${binname} 1
# Templates # Templates
rm -rf osx_template.app rm -rf osx_template.app
cp -r git/misc/dist/osx_template.app . cp -r git/misc/dist/osx_template.app .
mkdir -p osx_template.app/Contents/MacOS mkdir -p osx_template.app/Contents/{MacOS,Resources}
cp out/macosx/templates-mono/godot.osx.opt.debug.x86_64.mono osx_template.app/Contents/MacOS/godot_osx_debug.64 cp out/macosx/templates-mono/godot.osx.opt.debug.x86_64.mono osx_template.app/Contents/MacOS/godot_osx_debug.64
cp out/macosx/templates-mono/godot.osx.opt.x86_64.mono osx_template.app/Contents/MacOS/godot_osx_release.64 cp out/macosx/templates-mono/godot.osx.opt.x86_64.mono osx_template.app/Contents/MacOS/godot_osx_release.64
cp -rp out/macosx/templates-mono/data.mono.osx.64.* osx_template.app/Contents/MacOS/ cp -rp out/macosx/templates-mono/data.mono.osx.64.* osx_template.app/Contents/Resources/
chmod +x osx_template.app/Contents/MacOS/godot_osx* chmod +x osx_template.app/Contents/MacOS/godot_osx*
zip -q -9 -r "${templatesdir_mono}/osx.zip" osx_template.app zip -q -9 -r "${templatesdir_mono}/osx.zip" osx_template.app
rm -rf osx_template.app rm -rf osx_template.app