fix: Use EXPANDED_CODE_SIGN_IDENTITY in codesign_sparkle_embedded_apps.sh

lwouis / alt-tab-macos

Windows alt-tab on macOS

https://alt-tab-macos.netlify.app

GNU General Public License v3.0

10.47k stars 318 forks source link

fix: Use EXPANDED_CODE_SIGN_IDENTITY in codesign_sparkle_embedded_apps.sh #3417

Closed delaneyb closed 2 months ago

delaneyb commented 2 months ago

Updated the codesign_sparkle_embedded_apps.sh script to use $EXPANDED_CODE_SIGN_IDENTITY instead of $CODE_SIGN_IDENTITY. This prevents "Apple Development: ambiguous" errors when there are multiple matching code-signing identities from XCode with automatic code-signing enabled, ensuring the correct identity is used for signing the Sparkle embedded app AutoUpdate.

Example comparison of the envvar values. These can be observed by enabling the "show environment variables in build log" checkbox under the Run Script build phase for codesign_sparkle_embedded_apps.sh, and then checking the build log:

    export CODE_SIGN_IDENTITY\=Apple\ Development
    export CODE_SIGN_IDENTITY_NO\=Apple\ Development
    export EXPANDED_CODE_SIGN_IDENTITY\=2FCF2E9C47BBF33DA64E1BXC648A32A6D7C6F314
    export EXPANDED_CODE_SIGN_IDENTITY_NAME\=Apple\ Development:\ example@me.com\ \(7X2KK4Z37L\)

lwouis commented 2 months ago

Hi,

Thank you for sharing this PR!

On this project, we manually set variables in .xcconfig files, such as this one. This is a way to have configuration on git, and avoid magic setup on XCode, for every contributor.

I'm not sure how this PR plays into this. I'm wondering: couldn't you just edit debug.xcconfig or release.xcconfig with the correct value for your case? Wouldn't that do it for you?

Thank you 🙇

delaneyb commented 2 months ago

Hi @lwouis, big thanks for your work on this project firstly, real productivity game-changer and great codebase to explore to get into swift :)

Regarding the proposed change, even with the code signing identity specified in the xcconfig files, the CODE_SIGN_IDENTITY environment variable still results in the vague --sign "Apple Development" being passed to the codesign command in the codesign_sparkle_embedded_apps.sh script. If a developer has both an "Apple Development" personal team certificate and a company team certificate with the same name, it will lead to the ambiguous certificate error.

lwouis commented 2 months ago

Thank you for your message

I'm confused how the ID could be Apple Development. In my case, it's Developer ID Application: Louis Pontoise (QXD7GW8FHY). It seems to contain a unique ID. Is it just my setup? Could you not write a specific/qualified string for the CODE_SIGN_IDENTITY variable, and have that be unambiguous when passed to codesign?

Thank you

delaneyb commented 2 months ago

Hi @lwouis,

Apologize for the confusion. I realized that the CODE_SIGN_IDENTITY specified in Debug.xcconfig was getting overridden by my changes in the Xcode signing & capabilities tab (which affect the .pbxproj file). These changes in Xcode seem to take precedence over the configuration from the .xcconfig files.

When I followed the instructions and properly set up CODE_SIGN_IDENTITY in Debug.xcconfig using scripts/codesign/setup_local.sh, the exact code signing identity from the xcconfig gets passed through as-is to scripts/codesign_sparkle_embedded_apps.sh. This resolves the ambiguous certificate issue.

Thank you for pointing me in the right direction. I'll close this PR as the proposed change is not necessary when the .xcconfig files are set up correctly.