diff --git a/.github/scripts/build_dmg.zsh b/.github/scripts/build_dmg.zsh index 8266806..11c206c 100644 --- a/.github/scripts/build_dmg.zsh +++ b/.github/scripts/build_dmg.zsh @@ -28,6 +28,22 @@ if [ "$IDENTITY_PASSPHRASE" != "" ]; then # Set the keychain to allow use of the certificate without user interaction (we are headless!) security set-key-partition-list -S apple-tool:,apple: -s -k "$IDENTITY_PASSPHRASE" build.keychain + # Explode the jar so we can fix code signatures on the problematic executables we embed. + mkdir jar_tmp + cd jar_tmp + jar xf ../"$dmg_name" + rm "$dmg_name" + codesign --timestamp -s "Deep Symmetry, LLC (9M6LKU948Y)" libnrepl-macos-universal.so + codesign --timestamp -s "Deep Symmetry, LLC (9M6LKU948Y)" META-INF/native/libnetty_transport_native_kqueue_x86_64.jnilib + codesign --timestamp -s "Deep Symmetry, LLC (9M6LKU948Y)" --force uk/co/xfactorylibrarians/coremidi4j/libCoreMidi4J.dylib + codesign --timestamp -s "Deep Symmetry, LLC (9M6LKU948Y)" com/sun/jna/darwin/libjnidispatch.jnilib + + # Replace the jar with one containing the executables with corrected signatures. + rm -f ../"$dmg_name" + jar cf ../"$dmg_name" . + cd .. + rm -rf jar_tmp + # Run jpackage to build the native application as a code signed disk image jpackage --name "$blt_name" --input Input --add-modules "$blt_java_modules" \ --icon .github/resources/BeatLink.icns --main-jar beat-link-trigger.jar \ diff --git a/.github/workflows/uberjar.yml b/.github/workflows/uberjar.yml index cbac326..327a0b4 100644 --- a/.github/workflows/uberjar.yml +++ b/.github/workflows/uberjar.yml @@ -139,7 +139,6 @@ jobs: build_dmg: name: Build macOS Apple Silicon Disk Image runs-on: macos-latest - if: false # Disable until notarization of jpackage DMGs can work again needs: build_uberjar @@ -186,7 +185,6 @@ jobs: build_intel_dmg: name: Build macOS Intel Disk Image runs-on: macos-13 - if: false # Disable until notarization of jpackage DMGs can work again needs: build_uberjar @@ -239,11 +237,6 @@ jobs: - build_dmg - build_intel_dmg - build_msi - if: | - always() && - (needs.build_msi.result == 'success') && - (needs.build_dmg.result == 'success' || needs.build_dmg.result == 'skipped') && - (needs.build_intel_dmg.result == 'success' || needs.build_intel_dmg.result == 'skipped') steps: - uses: actions/checkout@v4