Home Explore Help
Register Sign In
coolbeer
/
cryptomator
mirror of https://github.com/cryptomator/cryptomator.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

added provisioning profile to mac build process with updated entitlements

Tobias Hagemann 7 months ago
parent
7a789d2eed
commit
45c7d2b071
5 changed files with 27 additions and 5 deletions
Split View Show Diff Stats
  1. 5 0
      .github/workflows/mac-dmg.yml
  2. 1 0
      dist/mac/.gitignore
  3. 8 0
      dist/mac/Cryptomator.entitlements
  4. 2 1
      dist/mac/dmg/.gitignore
  5. 11 4
      dist/mac/dmg/build.sh

+ 5 - 0
.github/workflows/mac-dmg.yml
View File 

@@ -137,9 +137,11 @@ jobs:
 
           mv dist/mac/resources/Cryptomator-Vault.icns Cryptomator.app/Contents/Resources/
 
           sed -i '' "s|###BUNDLE_SHORT_VERSION_STRING###|${VERSION_NO}|g" Cryptomator.app/Contents/Info.plist
 
           sed -i '' "s|###BUNDLE_VERSION###|${REVISION_NO}|g" Cryptomator.app/Contents/Info.plist
 
+          echo -n "$PROVISIONING_PROFILE_BASE64" | base64 --decode --output Cryptomator.app/Contents/embedded.provisionprofile
 
         env:
 
           VERSION_NO: ${{ needs.get-version.outputs.semVerNum }}
 
           REVISION_NO: ${{ needs.get-version.outputs.revNum }}
 
+          PROVISIONING_PROFILE_BASE64: ${{ secrets.MACOS_PROVISIONING_PROFILE_BASE64 }}
 
       - name: Generate license for dmg
 
         run: >
 
           mvn -B -Djavafx.platform=mac license:add-third-party
 
@@ -194,9 +196,12 @@ jobs:
 
             fi
 
           done
 
           echo "Codesigning Cryptomator.app..."
 
+          sed -i '' "s|###APP_IDENTIFIER_PREFIX###|${TEAM_IDENTIFIER}.|g" dist/mac/Cryptomator.entitlements
 
+          sed -i '' "s|###TEAM_IDENTIFIER###|${TEAM_IDENTIFIER}|g" dist/mac/Cryptomator.entitlements
 
           codesign --force --deep --entitlements dist/mac/Cryptomator.entitlements -o runtime -s ${CODESIGN_IDENTITY} Cryptomator.app
 
         env:
 
           CODESIGN_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }}
 
+          TEAM_IDENTIFIER: ${{ secrets.MACOS_TEAM_IDENTIFIER }}
 
       - name: Prepare .dmg contents
 
         run: |
 
           mkdir dmg

+ 1 - 0
dist/mac/.gitignore
View File 

@@ -0,0 +1 @@
 
+embedded.provisionprofile

+ 8 - 0
dist/mac/Cryptomator.entitlements
View File 

@@ -2,6 +2,10 @@
 
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 
 <plist version="1.0">
 
 <dict>
 
+	<key>com.apple.application-identifier</key>
 
+	<string>###APP_IDENTIFIER_PREFIX###org.cryptomator</string>
 
+	<key>com.apple.developer.team-identifier</key>
 
+	<string>###TEAM_IDENTIFIER###</string>
 
 	<key>com.apple.security.cs.allow-jit</key>
 
 	<true/>
 
 	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
 
@@ -10,5 +14,9 @@
 
 	<true/>
 
 	<key>com.apple.security.cs.disable-library-validation</key>
 
 	<true/>
 
+	<key>keychain-access-groups</key>
 
+	<array>
 
+		<string>###APP_IDENTIFIER_PREFIX###org.cryptomator</string>
 
+	</array>
 
 </dict>
 
 </plist>

+ 2 - 1
dist/mac/dmg/.gitignore
View File 

@@ -5,4 +5,5 @@ dmg/
 
 *.dmg
 
 license.rtf
 
 openjfx-jmods.zip
 
-*.jmod
 
+*.jmod
 
+Cryptomator.entitlements

+ 11 - 4
dist/mac/dmg/build.sh
View File 

@@ -1,12 +1,15 @@
 
 #!/bin/bash
 
 
 # parse options
 
-usage() { echo "Usage: $0 [-s <codesign-identity>]" 1>&2; exit 1; }
 
-while getopts ":s:" o; do
 
+usage() { echo "Usage: $0 [-s <codesign-identity>] [-t <team-identifier>]" 1>&2; exit 1; }
 
+while getopts ":s:t:" o; do
 
     case "${o}" in
 
         s)
 
             CODESIGN_IDENTITY=${OPTARG}
 
             ;;
 
+        t)
 
+            TEAM_IDENTIFIER=${OPTARG}
 
+            ;;
 
         *)
 
             usage
 
             ;;
 
@@ -121,6 +124,7 @@ ${JAVA_HOME}/bin/jpackage \
 
 cp ../resources/${APP_NAME}-Vault.icns ${APP_NAME}.app/Contents/Resources/
 
 sed -i '' "s|###BUNDLE_SHORT_VERSION_STRING###|${VERSION_NO}|g" ${APP_NAME}.app/Contents/Info.plist
 
 sed -i '' "s|###BUNDLE_VERSION###|${REVISION_NO}|g" ${APP_NAME}.app/Contents/Info.plist
 
+cp ../embedded.provisionprofile ${APP_NAME}.app/Contents/
 
 
 # generate license
 
 mvn -B -Djavafx.platform=mac -f../../../pom.xml license:add-third-party \
 
@@ -133,7 +137,7 @@ mvn -B -Djavafx.platform=mac -f../../../pom.xml license:add-third-party \
 
     -Dlicense.licenseMergesUrl=file://$(pwd)/../../../license/merges
 
 
 # codesign
 
-if [ -n "${CODESIGN_IDENTITY}" ]; then
 
+if [ -n "${CODESIGN_IDENTITY}" ] && [ -n "${TEAM_IDENTIFIER}" ]; then
 
     find ${APP_NAME}.app/Contents/runtime/Contents/MacOS -name '*.dylib' -exec codesign --force -s ${CODESIGN_IDENTITY} {} \;
 
     for JAR_PATH in `find ${APP_NAME}.app -name "*.jar"`; do
 
     if [[ `unzip -l ${JAR_PATH} | grep '.dylib\|.jnilib'` ]]; then
 
@@ -151,7 +155,10 @@ if [ -n "${CODESIGN_IDENTITY}" ]; then
 
     fi
 
     done
 
     echo "Codesigning ${APP_NAME}.app..."
 
-    codesign --force --deep --entitlements ../${APP_NAME}.entitlements -o runtime -s ${CODESIGN_IDENTITY} ${APP_NAME}.app
 
+    cp ../${APP_NAME}.entitlements .
 
+    sed -i '' "s|###APP_IDENTIFIER_PREFIX###|${TEAM_IDENTIFIER}.|g" ${APP_NAME}.entitlements
 
+    sed -i '' "s|###TEAM_IDENTIFIER###|${TEAM_IDENTIFIER}|g" ${APP_NAME}.entitlements
 
+    codesign --force --deep --entitlements ${APP_NAME}.entitlements -o runtime -s ${CODESIGN_IDENTITY} ${APP_NAME}.app
 
 fi
 
 
 # prepare dmg contents