GHA: Sign binaries inside kotlin-compiler jar

This commit is contained in:
aboyko
2023-11-18 01:44:04 -05:00
parent 238e8d214f
commit 60add43167
3 changed files with 28 additions and 4 deletions

View File

@@ -0,0 +1,18 @@
f=$1
entitlements=$2
echo "Looking for 'libjansi.jnilib' files inside ${f} to sign..."
f_name="$(basename -- $f)"
extracted_jar_dir=extracted_${f_name}
rm -rf $extracted_jar_dir
mkdir $extracted_jar_dir
echo "Extracting archive ${f}"
unzip -q $f -d ./${extracted_jar_dir}
for jnilib_file in `find $extracted_jar_dir -type f | grep -E ".*/libjansi\.jnilib$"`
do
echo "Signing binary file: ${jnilib_file}"
codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" $jnilib_file
done
cd $extracted_jar_dir
zip -r -u $f .
cd ..
rm -rf $extracted_jar_dir

View File

@@ -17,10 +17,16 @@ tar -zxf $file --directory ${dir}/${destination_folder_name}
echo "Successfully extracted ${filename}"
# sign problematic binaries
for file in `find ${dir}/${destination_folder_name}/SpringToolSuite4.app -type f | grep -E ".*/(kotlin-compiler-embeddable.*\.jar|fsevents\.node)$"`
for f in `find ${dir}/${destination_folder_name}/SpringToolSuite4.app -type f | grep -E ".*/fsevents\.node$"`
do
echo "Signing binary file: ${file}"
codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" $file
echo "Signing binary file: ${f}"
codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" $f
done
# sign libjansi.jnilib inside kotlin-compiler-embeddable.jar
for f in `find ${dir}/${destination_folder_name}/SpringToolSuite4.app -type f | grep -E ".*/kotlin-compiler-embeddable.*\.jar$"`
do
./sign-jnilib-files-inside-jar.sh $f $entitlements
done
# Sign the app