WIP

Signed-off-by: Joaquim Rocha <[email protected]>

.github/workflows/app-artifacts-mac.yml

@@ -136,7 +136,7 @@ jobs:
         }
         cd ./app/mac/scripts
         ls ../../../dmg
-        node ./esrp-notarize.js SIGN ../../../dmg/Headlamp*.dmg
+        node ./esrp-notarize.js SIGN ../../../dmg/
     - name: Notarize App
       shell: pwsh
       run: |
@@ -151,11 +151,11 @@ jobs:
         }
         cd ./app/mac/scripts
         ls ../../../dmg
-        node ./esrp-notarize.js NOTARIZE ../../../dmg/Headlamp*.dmg
+        node ./esrp-notarize.js NOTARIZE ../../../dmg/
     - name: Upload Notarized
       uses: actions/upload-artifact@v4
       with:
-        name: Win exes
+        name: dmg
         path: ./dmg/Headlamp*.dmg
         if-no-files-found: error
         retention-days: 2

app/mac/scripts/esrp-notarize.js

@@ -59,7 +59,10 @@ function getFileList(rootDir) {
           files[dirName] = [];
         }
 
-        files[dirName].push(file);
+        files[dirName].push({
+          path: file,
+          hash: getSHA256(filepath),
+        });
       }
     });
   }
@@ -106,14 +109,19 @@ function createNotarizeJson(pathToSign, fileName = 'test_SignInput.json') {
 function createJson(pathToSign, op, fileName = 'test_SignInput.json') {
   let rootDir = pathToSign;
   let files = {};
-  let hashes = {};
 
   // Check if we are signing one single file or all files in a directory
   const stat = fs.statSync(pathToSign);
   if (stat.isFile()) {
     rootDir = path.dirname(pathToSign);
-    files = { '.': [path.basename(pathToSign)] };
-    hashes[rootDir + path.basename(pathToSign)] = getSHA256(pathToSign);
+    files = {
+      '.': [
+        {
+          path: path.basename(pathToSign),
+          hash: getSHA256(pathToSign),
+        },
+      ],
+    };
   } else {
     files = getFileList(pathToSign);
   }
@@ -123,10 +131,10 @@ function createJson(pathToSign, op, fileName = 'test_SignInput.json') {
       SourceLocationType: 'UNC',
       SourceRootDirectory: path.resolve(rootDir, dir),
       SignRequestFiles: files.map(f => ({
-        SourceLocation: f,
-        SourceHash: hashes[rootDir + f] ?? '',
-        HashType: (hashes[rootDir + f] && 'SHA256') || null,
-        Name: f,
+        SourceLocation: f.path,
+        SourceHash: f.hash ?? '',
+        HashType: (f.hash && 'SHA256') || null,
+        Name: f.path,
       })),
       SigningInfo: {
         Operations: [op],
@@ -166,7 +174,7 @@ function sign(esrpTool, op, pathToSign) {
   fs.writeFileSync(policyJson, JSON.stringify(POLICY_JSON, undefined, 2));
   const authJson = path.resolve(os.tmpdir(), 'Auth.json');
   fs.writeFileSync(authJson, JSON.stringify(AUTH_JSON, undefined, 2));
-  console.log('>>>>', `${esrpTool} Sign -a ${authJson} -p ${policyJson} -i ${signInputJson}`);
+  console.log('>>>>', signInputJson);
   console.log(
     'EXEC',
     execSync(