Try signing inside the JAR

This commit is contained in:
aboyko
2024-09-06 08:59:54 -04:00
parent 448ae23912
commit 336186f290
3 changed files with 30 additions and 18 deletions

View File

@@ -7,9 +7,7 @@ dmg_filename="$(basename -- $dmg_file)"
dir="$(dirname "$dmg_file")"
cd $dir
submission_id=`xcrun notarytool submit ./${dmg_filename} --keychain-profile $notarize_profile --wait --no-progress -f json | jq -r .id`
echo $submission_id
xcrun notarytool log --keychain-profile $notarize_profile $submission_id
xcrun notarytool submit ./${dmg_filename} --keychain-profile $notarize_profile --wait
echo "Staple and generate checksums for ${dmg_filename}"
xcrun stapler staple $dmg_filename
if [ $? -eq 0 ]; then

View File

@@ -24,6 +24,32 @@ do
codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" $f
done
function signExecutableInsideJar() {
# sign libjansi.jnilib inside kotlin-compiler-embeddable.jar
for f in `find ${dir}/${destination_folder_name}/SpringToolSuite4.app -type f | grep -E $1`
do
echo "Looking for '$2' files inside ${f} to sign..."
f_name="$(basename -- $f)"
extracted_jar_dir=extracted_${f_name}
rm -rf $extracted_jar_dir
mkdir $extracted_jar_dir
echo "Extracting archive ${f}"
unzip -q $f -d ./${extracted_jar_dir}
for jnilib_file in `find $extracted_jar_dir -type f | grep -E "$3"`
do
echo "Signing binary file: ${jnilib_file}"
codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" $jnilib_file
done
cd $extracted_jar_dir
zip -r -u ../$f .
cd ..
rm -rf $extracted_jar_dir
echo "Signing binary file: ${f}"
codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" $f
done
}
# sign libjansi.jnilib inside kotlin-compiler-embeddable.jar
for f in `find ${dir}/${destination_folder_name}/SpringToolSuite4.app -type f | grep -E ".*/kotlin-compiler-embeddable.*\.jar$"`
do
@@ -48,13 +74,13 @@ do
codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" $f
done
# sign libsnappyjava.jnilib inside snappy-java.jar
signExecutableInsideJar ".*/snappy-java.*\.jar$" "libsnappyjava.jnilib" ".*/libsnappyjava\.jnilib$"
# Sign the app
ls -la ${dir}/${destination_folder_name}/SpringToolSuite4.app/
codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" ${dir}/${destination_folder_name}/SpringToolSuite4.app
#Verify codesign
codesign --verify --deep --verbose ${dir}/${destination_folder_name}/SpringToolSuite4.app
cd ${dir}/${destination_folder_name}
echo "Generating dmg-config.json..."
echo '{' >> dmg-config.json