From b19696ac42a9e67ea0bbd01adfdb6470c391e52d Mon Sep 17 00:00:00 2001 From: aboyko Date: Tue, 12 Dec 2023 19:04:24 -0500 Subject: [PATCH] GHA: Put back script signing jnilib and fsevents.node --- .github/scripts/sign-osx-distro-file.sh | 60 ++++++++++++------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/.github/scripts/sign-osx-distro-file.sh b/.github/scripts/sign-osx-distro-file.sh index d238df7fd..c15148b80 100755 --- a/.github/scripts/sign-osx-distro-file.sh +++ b/.github/scripts/sign-osx-distro-file.sh @@ -17,36 +17,36 @@ mkdir ${dir}/${destination_folder_name} tar -zxf $file --directory ${dir}/${destination_folder_name} echo "Successfully extracted ${filename}" -## sign problematic binaries -#for f in `find ${dir}/${destination_folder_name}/SpringToolSuite4.app -type f | grep -E ".*/fsevents\.node$"` -#do -# echo "Signing binary file: ${f}" -# codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" $f -#done -# -## sign libjansi.jnilib inside kotlin-compiler-embeddable.jar -#for f in `find ${dir}/${destination_folder_name}/SpringToolSuite4.app -type f | grep -E ".*/kotlin-compiler-embeddable.*\.jar$"` -#do -# echo "Looking for 'libjansi.jnilib' files inside ${f} to sign..." -# f_name="$(basename -- $f)" -# extracted_jar_dir=extracted_${f_name} -# rm -rf $extracted_jar_dir -# mkdir $extracted_jar_dir -# echo "Extracting archive ${f}" -# unzip -q $f -d ./${extracted_jar_dir} -# for jnilib_file in `find $extracted_jar_dir -type f | grep -E ".*/libjansi\.jnilib$"` -# do -# echo "Signing binary file: ${jnilib_file}" -# codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" $jnilib_file -# done -# cd $extracted_jar_dir -# zip -r -u ../$f . -# cd .. -# rm -rf $extracted_jar_dir -# -# echo "Signing binary file: ${f}" -# codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" $f -#done +# sign problematic binaries +for f in `find ${dir}/${destination_folder_name}/SpringToolSuite4.app -type f | grep -E ".*/fsevents\.node$"` +do + echo "Signing binary file: ${f}" + codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" $f +done + +# sign libjansi.jnilib inside kotlin-compiler-embeddable.jar +for f in `find ${dir}/${destination_folder_name}/SpringToolSuite4.app -type f | grep -E ".*/kotlin-compiler-embeddable.*\.jar$"` +do + echo "Looking for 'libjansi.jnilib' files inside ${f} to sign..." + f_name="$(basename -- $f)" + extracted_jar_dir=extracted_${f_name} + rm -rf $extracted_jar_dir + mkdir $extracted_jar_dir + echo "Extracting archive ${f}" + unzip -q $f -d ./${extracted_jar_dir} + for jnilib_file in `find $extracted_jar_dir -type f | grep -E ".*/libjansi\.jnilib$"` + do + echo "Signing binary file: ${jnilib_file}" + codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" $jnilib_file + done + cd $extracted_jar_dir + zip -r -u ../$f . + cd .. + rm -rf $extracted_jar_dir + + echo "Signing binary file: ${f}" + codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" $f +done # These end being inside osx distro tar.gz file built on Linux rm -rf ${dir}/${destination_folder_name}/SpringToolSuite4.app/plugins