Skip to content

Commit

Permalink
Try hand-fixing problematic macOS binary signatures
Browse files Browse the repository at this point in the history
  • Loading branch information
@brunchboy
brunchboy committed Sep 8, 2024
1 parent 741b04b commit a34be0f
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 7 deletions.
16 changes: 16 additions & 0 deletions .github/scripts/build_dmg.zsh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,22 @@ if [ "$IDENTITY_PASSPHRASE" != "" ]; then
# Set the keychain to allow use of the certificate without user interaction (we are headless!)
security set-key-partition-list -S apple-tool:,apple: -s -k "$IDENTITY_PASSPHRASE" build.keychain

# Explode the jar so we can fix code signatures on the problematic executables we embed.
mkdir jar_tmp
cd jar_tmp
jar xf ../"$dmg_name"
rm "$dmg_name"
codesign --timestamp -s "Deep Symmetry, LLC (9M6LKU948Y)" libnrepl-macos-universal.so
codesign --timestamp -s "Deep Symmetry, LLC (9M6LKU948Y)" META-INF/native/libnetty_transport_native_kqueue_x86_64.jnilib
codesign --timestamp -s "Deep Symmetry, LLC (9M6LKU948Y)" --force uk/co/xfactorylibrarians/coremidi4j/libCoreMidi4J.dylib
codesign --timestamp -s "Deep Symmetry, LLC (9M6LKU948Y)" com/sun/jna/darwin/libjnidispatch.jnilib

# Replace the jar with one containing the executables with corrected signatures.
rm -f ../"$dmg_name"
jar cf ../"$dmg_name" .
cd ..
rm -rf jar_tmp

# Run jpackage to build the native application as a code signed disk image
jpackage --name "$blt_name" --input Input --add-modules "$blt_java_modules" \
--icon .github/resources/BeatLink.icns --main-jar beat-link-trigger.jar \
Expand Down
7 changes: 0 additions & 7 deletions .github/workflows/uberjar.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,6 @@ jobs:
build_dmg:
name: Build macOS Apple Silicon Disk Image
runs-on: macos-latest
if: false # Disable until notarization of jpackage DMGs can work again

needs:
build_uberjar
Expand Down Expand Up @@ -186,7 +185,6 @@ jobs:
build_intel_dmg:
name: Build macOS Intel Disk Image
runs-on: macos-13
if: false # Disable until notarization of jpackage DMGs can work again

needs:
build_uberjar
Expand Down Expand Up @@ -239,11 +237,6 @@ jobs:
- build_dmg
- build_intel_dmg
- build_msi
if: |
always() &&
(needs.build_msi.result == 'success') &&
(needs.build_dmg.result == 'success' || needs.build_dmg.result == 'skipped') &&
(needs.build_intel_dmg.result == 'success' || needs.build_intel_dmg.result == 'skipped')

steps:
- uses: actions/checkout@v4
Expand Down

0 comments on commit a34be0f

Please sign in to comment.