search

fourlastor-alexandria / construo

A gradle plugin to cross compile jvm projects
MIT License
23 stars 1 forks source link

Support Apple codesign #36

Open fourlastor opened 10 months ago

fourlastor commented 10 months ago

https://crates.io/crates/apple-codesign

Use prebuilt CLI from github releases https://github.com/indygreg/apple-platform-rs/releases

Follow CLI reference https://gregoryszorc.com/docs/apple-codesign/main/apple_codesign_rcodesign_signing.html

The configuration should look like this


construo {
  macOs {
    signPackage true
    signOptions {
       developerIdP12.set(project.file('path/to/developer-id.p12'))
       p12PasswordFile.set(project.file('path/to/certificate-password-file'))
    }
    // macOS needs an identifier
    identifier.set("io.github.fourlastor.Game")
    // Optional: icon for macOS
    icon.set(project.file("path/to/mac-icon.icns"))
  }

developerIdP12 and p12PasswordFile should be optional, as without them it will attempt to create an ad-hoc signature (read: no code signing certificate)

Then invoke

rcodesign sign \
  --p12-file developer-id.p12 --p12-password-file ~/.certificate-password \
  path/to/My.app

Add only arguments for set options

fourlastor commented 7 months ago

Issues when trying to build the test project:

Plist not found if signing with rcodesign sign game-1.0.0-macM1/Game.app

➜  dist git:(update-docs) ✗ ./apple-codesign-0.27.0-x86_64-unknown-linux-musl/rcodesign sign game-1.0.0-macM1/Game.app 
signing game-1.0.0-macM1/Game.app in place
signing bundle at game-1.0.0-macM1/Game.app
signing bundle at game-1.0.0-macM1/Game.app into game-1.0.0-macM1/Game.app
encountered a non Mach-O file with a nested rule: Contents/MacOS/config.json
we do not know how to handle this scenario; either your bundle layout is invalid or you found a bug in this program
if the bundle signs and verifies with Apple's tooling, consider reporting this issue
encountered a non Mach-O file with a nested rule: Contents/MacOS/jdk/conf/net.properties
we do not know how to handle this scenario; either your bundle layout is invalid or you found a bug in this program
if the bundle signs and verifies with Apple's tooling, consider reporting this issue
encountered a non Mach-O file with a nested rule: Contents/MacOS/jdk/conf/security/java.policy
we do not know how to handle this scenario; either your bundle layout is invalid or you found a bug in this program
if the bundle signs and verifies with Apple's tooling, consider reporting this issue
encountered a non Mach-O file with a nested rule: Contents/MacOS/jdk/conf/security/java.security
we do not know how to handle this scenario; either your bundle layout is invalid or you found a bug in this program
if the bundle signs and verifies with Apple's tooling, consider reporting this issue
encountered a non Mach-O file with a nested rule: Contents/MacOS/jdk/conf/security/policy/README.txt
we do not know how to handle this scenario; either your bundle layout is invalid or you found a bug in this program
if the bundle signs and verifies with Apple's tooling, consider reporting this issue
encountered a non Mach-O file with a nested rule: Contents/MacOS/jdk/conf/security/policy/limited/default_US_export.policy
we do not know how to handle this scenario; either your bundle layout is invalid or you found a bug in this program
if the bundle signs and verifies with Apple's tooling, consider reporting this issue
encountered a non Mach-O file with a nested rule: Contents/MacOS/jdk/conf/security/policy/limited/default_local.policy
we do not know how to handle this scenario; either your bundle layout is invalid or you found a bug in this program
if the bundle signs and verifies with Apple's tooling, consider reporting this issue
encountered a non Mach-O file with a nested rule: Contents/MacOS/jdk/conf/security/policy/limited/exempt_local.policy
we do not know how to handle this scenario; either your bundle layout is invalid or you found a bug in this program
if the bundle signs and verifies with Apple's tooling, consider reporting this issue
encountered a non Mach-O file with a nested rule: Contents/MacOS/jdk/conf/security/policy/unlimited/default_US_export.policy
we do not know how to handle this scenario; either your bundle layout is invalid or you found a bug in this program
if the bundle signs and verifies with Apple's tooling, consider reporting this issue
encountered a non Mach-O file with a nested rule: Contents/MacOS/jdk/conf/security/policy/unlimited/default_local.policy
we do not know how to handle this scenario; either your bundle layout is invalid or you found a bug in this program
if the bundle signs and verifies with Apple's tooling, consider reporting this issue
Error: Info.plist not found; not a valid bundle

Is fixed by running rcodesign sign game-1.0.0-macM1/Game.app/Contents (so pointing at Contents)

Still has an error bundle has no main executable to sign specially

See https://github.com/indygreg/apple-platform-rs/issues/118 as it looks related

fourlastor commented 3 months ago

https://github.com/JetBrains/apple-notary-api-kotlin-client also worth testing