From c3064a2cb302481f7e6db4d47d6c89056d91f2b5 Mon Sep 17 00:00:00 2001 From: Baptiste Augrain Date: Sun, 2 Jun 2024 17:45:59 +0200 Subject: [PATCH] build(macos): allow local codesign [skip ci] --- build/build.sh | 6 ++++++ macos-codesign.env.template | 5 +++++ patches/fix-darwin-codesign.patch | 28 ++++++++++++++++++++++++++++ patches/fix-darwin-sign.patch | 19 ------------------- prepare_assets.sh | 10 +++++++++- 5 files changed, 48 insertions(+), 20 deletions(-) create mode 100644 macos-codesign.env.template create mode 100644 patches/fix-darwin-codesign.patch delete mode 100644 patches/fix-darwin-sign.patch diff --git a/build/build.sh b/build/build.sh index c370f6a..8618dbf 100755 --- a/build/build.sh +++ b/build/build.sh @@ -120,5 +120,11 @@ if [[ "${SKIP_ASSETS}" == "no" ]]; then rm -rf build/windows/msi/releasedir fi + if [[ "${OS_NAME}" == "osx" && -f "./macos-codesign.env" ]]; then + . macos-codesign.env + + echo "CERTIFICATE_OSX_ID: ${CERTIFICATE_OSX_ID}" + fi + . prepare_assets.sh fi diff --git a/macos-codesign.env.template b/macos-codesign.env.template new file mode 100644 index 0000000..43b6c90 --- /dev/null +++ b/macos-codesign.env.template @@ -0,0 +1,5 @@ +CERTIFICATE_OSX_APP_PASSWORD= +CERTIFICATE_OSX_ID= +CERTIFICATE_OSX_P12_DATA= +CERTIFICATE_OSX_P12_PASSWORD= +CERTIFICATE_OSX_TEAM_ID= diff --git a/patches/fix-darwin-codesign.patch b/patches/fix-darwin-codesign.patch new file mode 100644 index 0000000..062ef9b --- /dev/null +++ b/patches/fix-darwin-codesign.patch @@ -0,0 +1,28 @@ +diff --git a/build/darwin/sign.js b/build/darwin/sign.js +index f5913b7..100b950 100644 +--- a/build/darwin/sign.js ++++ b/build/darwin/sign.js +@@ -53,5 +53,7 @@ async function main(buildDir) { + ignore: (filePath) => { ++ const ext = path.extname(filePath); + return filePath.includes(gpuHelperAppName) || + filePath.includes(rendererHelperAppName) || +- filePath.includes(pluginHelperAppName); ++ filePath.includes(pluginHelperAppName) || ++ ext == '.asar' || ext == '.dat' || ext == '.gif' || ext == '.icns' || ext == '.ico' || ext == '.json' || ext == '.mp3' || ext == '.nib' || ext == '.pak' || ext == '.png' || ext == '.scpt' || ext == '.ttf' || ext == '.wasm' || ext == '.woff' || ext == '.woff2'; + } +@@ -83,3 +85,3 @@ async function main(buildDir) { + '-string', +- 'An application in Visual Studio Code wants to use AppleScript.', ++ 'An application in VSCodium wants to use AppleScript.', + `${infoPlistPath}` +@@ -90,3 +92,3 @@ async function main(buildDir) { + '-string', +- 'An application in Visual Studio Code wants to use the Microphone.', ++ 'An application in VSCodium wants to use the Microphone.', + `${infoPlistPath}` +@@ -97,3 +99,3 @@ async function main(buildDir) { + '-string', +- 'An application in Visual Studio Code wants to use the Camera.', ++ 'An application in VSCodium wants to use the Camera.', + `${infoPlistPath}` diff --git a/patches/fix-darwin-sign.patch b/patches/fix-darwin-sign.patch deleted file mode 100644 index 665fe71..0000000 --- a/patches/fix-darwin-sign.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff --git a/build/darwin/sign.js b/build/darwin/sign.js -index f5913b7..c861e3e 100644 ---- a/build/darwin/sign.js -+++ b/build/darwin/sign.js -@@ -83,3 +83,3 @@ async function main(buildDir) { - '-string', -- 'An application in Visual Studio Code wants to use AppleScript.', -+ 'An application in VSCodium wants to use AppleScript.', - `${infoPlistPath}` -@@ -90,3 +90,3 @@ async function main(buildDir) { - '-string', -- 'An application in Visual Studio Code wants to use the Microphone.', -+ 'An application in VSCodium wants to use the Microphone.', - `${infoPlistPath}` -@@ -97,3 +97,3 @@ async function main(buildDir) { - '-string', -- 'An application in Visual Studio Code wants to use the Camera.', -+ 'An application in VSCodium wants to use the Camera.', - `${infoPlistPath}` diff --git a/prepare_assets.sh b/prepare_assets.sh index 514d755..d591c6b 100755 --- a/prepare_assets.sh +++ b/prepare_assets.sh @@ -20,13 +20,19 @@ sum_file() { mkdir -p assets if [[ "${OS_NAME}" == "osx" ]]; then - if [[ "${CI_BUILD}" != "no" ]]; then + if [[ -n "${CERTIFICATE_OSX_P12_DATA}" ]]; then + if [[ "${CI_BUILD}" == "no" ]]; then + RUNNER_TEMP="${TMPDIR}" + fi + CERTIFICATE_P12="${APP_NAME}.p12" KEYCHAIN="${RUNNER_TEMP}/buildagent.keychain" AGENT_TEMPDIRECTORY="${RUNNER_TEMP}" # shellcheck disable=SC2006 KEYCHAINS=`security list-keychains | xargs` + rm -f "${KEYCHAIN}" + echo "${CERTIFICATE_OSX_P12_DATA}" | base64 --decode > "${CERTIFICATE_P12}" echo "+ create temporary keychain" @@ -48,6 +54,7 @@ if [[ "${OS_NAME}" == "osx" ]]; then export CODESIGN_IDENTITY AGENT_TEMPDIRECTORY DEBUG="electron-osx-sign*" node vscode/build/darwin/sign.js "$( pwd )" + # codesign --display --entitlements :- "" echo "+ notarize" @@ -57,6 +64,7 @@ if [[ "${OS_NAME}" == "osx" ]]; then zip -r -X -y "${ZIP_FILE}" ./*.app xcrun notarytool store-credentials "${APP_NAME}" --apple-id "${CERTIFICATE_OSX_ID}" --team-id "${CERTIFICATE_OSX_TEAM_ID}" --password "${CERTIFICATE_OSX_APP_PASSWORD}" --keychain "${KEYCHAIN}" + # xcrun notarytool history --keychain-profile "${APP_NAME}" --keychain "${KEYCHAIN}" xcrun notarytool submit "${ZIP_FILE}" --keychain-profile "${APP_NAME}" --wait --keychain "${KEYCHAIN}" echo "+ attach staple"