Try signing inside the JAR
This commit is contained in:
4
.github/scripts/notarize-osx-distro-file.sh
vendored
4
.github/scripts/notarize-osx-distro-file.sh
vendored
@@ -7,9 +7,7 @@ dmg_filename="$(basename -- $dmg_file)"
|
||||
dir="$(dirname "$dmg_file")"
|
||||
|
||||
cd $dir
|
||||
submission_id=`xcrun notarytool submit ./${dmg_filename} --keychain-profile $notarize_profile --wait --no-progress -f json | jq -r .id`
|
||||
echo $submission_id
|
||||
xcrun notarytool log --keychain-profile $notarize_profile $submission_id
|
||||
xcrun notarytool submit ./${dmg_filename} --keychain-profile $notarize_profile --wait
|
||||
echo "Staple and generate checksums for ${dmg_filename}"
|
||||
xcrun stapler staple $dmg_filename
|
||||
if [ $? -eq 0 ]; then
|
||||
|
||||
32
.github/scripts/sign-osx-distro-file.sh
vendored
32
.github/scripts/sign-osx-distro-file.sh
vendored
@@ -24,6 +24,32 @@ do
|
||||
codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" $f
|
||||
done
|
||||
|
||||
function signExecutableInsideJar() {
|
||||
# sign libjansi.jnilib inside kotlin-compiler-embeddable.jar
|
||||
for f in `find ${dir}/${destination_folder_name}/SpringToolSuite4.app -type f | grep -E $1`
|
||||
do
|
||||
echo "Looking for '$2' files inside ${f} to sign..."
|
||||
f_name="$(basename -- $f)"
|
||||
extracted_jar_dir=extracted_${f_name}
|
||||
rm -rf $extracted_jar_dir
|
||||
mkdir $extracted_jar_dir
|
||||
echo "Extracting archive ${f}"
|
||||
unzip -q $f -d ./${extracted_jar_dir}
|
||||
for jnilib_file in `find $extracted_jar_dir -type f | grep -E "$3"`
|
||||
do
|
||||
echo "Signing binary file: ${jnilib_file}"
|
||||
codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" $jnilib_file
|
||||
done
|
||||
cd $extracted_jar_dir
|
||||
zip -r -u ../$f .
|
||||
cd ..
|
||||
rm -rf $extracted_jar_dir
|
||||
|
||||
echo "Signing binary file: ${f}"
|
||||
codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" $f
|
||||
done
|
||||
}
|
||||
|
||||
# sign libjansi.jnilib inside kotlin-compiler-embeddable.jar
|
||||
for f in `find ${dir}/${destination_folder_name}/SpringToolSuite4.app -type f | grep -E ".*/kotlin-compiler-embeddable.*\.jar$"`
|
||||
do
|
||||
@@ -48,13 +74,13 @@ do
|
||||
codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" $f
|
||||
done
|
||||
|
||||
# sign libsnappyjava.jnilib inside snappy-java.jar
|
||||
signExecutableInsideJar ".*/snappy-java.*\.jar$" "libsnappyjava.jnilib" ".*/libsnappyjava\.jnilib$"
|
||||
|
||||
# Sign the app
|
||||
ls -la ${dir}/${destination_folder_name}/SpringToolSuite4.app/
|
||||
codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" ${dir}/${destination_folder_name}/SpringToolSuite4.app
|
||||
|
||||
#Verify codesign
|
||||
codesign --verify --deep --verbose ${dir}/${destination_folder_name}/SpringToolSuite4.app
|
||||
|
||||
cd ${dir}/${destination_folder_name}
|
||||
echo "Generating dmg-config.json..."
|
||||
echo '{' >> dmg-config.json
|
||||
|
||||
Reference in New Issue
Block a user