Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Apple codesign #36

Open
fourlastor opened this issue Jan 27, 2024 · 2 comments
Open

Support Apple codesign #36

fourlastor opened this issue Jan 27, 2024 · 2 comments

Comments

@fourlastor
Copy link
Member

fourlastor commented Jan 27, 2024
edited
Loading

https://crates.io/crates/apple-codesign

Use prebuilt CLI from github releases https://github.com/indygreg/apple-platform-rs/releases

Follow CLI reference https://gregoryszorc.com/docs/apple-codesign/main/apple_codesign_rcodesign_signing.html

The configuration should look like this

construo {
  macOs {
    signPackage true
    signOptions {
       developerIdP12.set(project.file('path/to/developer-id.p12'))
       p12PasswordFile.set(project.file('path/to/certificate-password-file'))
    }
    // macOS needs an identifier
    identifier.set("io.github.fourlastor.Game")
    // Optional: icon for macOS
    icon.set(project.file("path/to/mac-icon.icns"))
  }

developerIdP12 and p12PasswordFile should be optional, as without them it will attempt to create an ad-hoc signature (read: no code signing certificate)

Then invoke

rcodesign sign \
  --p12-file developer-id.p12 --p12-password-file ~/.certificate-password \
  path/to/My.app

Add only arguments for set options
@fourlastor
Copy link
Member Author

Issues when trying to build the test project:

Plist not found if signing with rcodesign sign game-1.0.0-macM1/Game.app

➜  dist git:(update-docs) ✗ ./apple-codesign-0.27.0-x86_64-unknown-linux-musl/rcodesign sign game-1.0.0-macM1/Game.app 
signing game-1.0.0-macM1/Game.app in place
signing bundle at game-1.0.0-macM1/Game.app
signing bundle at game-1.0.0-macM1/Game.app into game-1.0.0-macM1/Game.app
encountered a non Mach-O file with a nested rule: Contents/MacOS/config.json
we do not know how to handle this scenario; either your bundle layout is invalid or you found a bug in this program
if the bundle signs and verifies with Apple's tooling, consider reporting this issue
encountered a non Mach-O file with a nested rule: Contents/MacOS/jdk/conf/net.properties
we do not know how to handle this scenario; either your bundle layout is invalid or you found a bug in this program
if the bundle signs and verifies with Apple's tooling, consider reporting this issue
encountered a non Mach-O file with a nested rule: Contents/MacOS/jdk/conf/security/java.policy
we do not know how to handle this scenario; either your bundle layout is invalid or you found a bug in this program
if the bundle signs and verifies with Apple's tooling, consider reporting this issue
encountered a non Mach-O file with a nested rule: Contents/MacOS/jdk/conf/security/java.security
we do not know how to handle this scenario; either your bundle layout is invalid or you found a bug in this program
if the bundle signs and verifies with Apple's tooling, consider reporting this issue
encountered a non Mach-O file with a nested rule: Contents/MacOS/jdk/conf/security/policy/README.txt
we do not know how to handle this scenario; either your bundle layout is invalid or you found a bug in this program
if the bundle signs and verifies with Apple's tooling, consider reporting this issue
encountered a non Mach-O file with a nested rule: Contents/MacOS/jdk/conf/security/policy/limited/default_US_export.policy
we do not know how to handle this scenario; either your bundle layout is invalid or you found a bug in this program
if the bundle signs and verifies with Apple's tooling, consider reporting this issue
encountered a non Mach-O file with a nested rule: Contents/MacOS/jdk/conf/security/policy/limited/default_local.policy
we do not know how to handle this scenario; either your bundle layout is invalid or you found a bug in this program
if the bundle signs and verifies with Apple's tooling, consider reporting this issue
encountered a non Mach-O file with a nested rule: Contents/MacOS/jdk/conf/security/policy/limited/exempt_local.policy
we do not know how to handle this scenario; either your bundle layout is invalid or you found a bug in this program
if the bundle signs and verifies with Apple's tooling, consider reporting this issue
encountered a non Mach-O file with a nested rule: Contents/MacOS/jdk/conf/security/policy/unlimited/default_US_export.policy
we do not know how to handle this scenario; either your bundle layout is invalid or you found a bug in this program
if the bundle signs and verifies with Apple's tooling, consider reporting this issue
encountered a non Mach-O file with a nested rule: Contents/MacOS/jdk/conf/security/policy/unlimited/default_local.policy
we do not know how to handle this scenario; either your bundle layout is invalid or you found a bug in this program
if the bundle signs and verifies with Apple's tooling, consider reporting this issue
Error: Info.plist not found; not a valid bundle

Is fixed by running rcodesign sign game-1.0.0-macM1/Game.app/Contents (so pointing at Contents)

Still has an error bundle has no main executable to sign specially

See indygreg/apple-platform-rs#118 as it looks related

@fourlastor
Copy link
Member Author

https://github.com/JetBrains/apple-notary-api-kotlin-client also worth testing

@fourlastor fourlastor mentioned this issue Oct 24, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fourlastor