From: Vincent Vanwaelscappel Date: Wed, 19 Apr 2023 12:41:17 +0000 (+0200) Subject: wait #5869 X-Git-Url: http://git.cubedesigners.com/?a=commitdiff_plain;h=d47f6e97782f37ce7ac7c56c1e8bdff4e91e2722;p=fluidbook-toolbox.git wait #5869 --- diff --git a/app/Fluidbook/Packager/MacOS.php b/app/Fluidbook/Packager/MacOS.php index e91603266..bbb453971 100644 --- a/app/Fluidbook/Packager/MacOS.php +++ b/app/Fluidbook/Packager/MacOS.php @@ -64,22 +64,20 @@ class MacOS extends WindowsZIP //$ssh = new SSH2('paris.cubedesigners.com', 'vincent', 'atacama', 22022); //$local_root = '/Users/vincent/Sign/'; $ssh = new SSH2('paris.cubedesigners.com', 'macossign', 'rntj55bw', 22622); - $local_root = '/Users/macossign/Documents/Sign/'; + $remote_root = '/Users/macossign/Documents/Sign/'; + $remoteSigned = $remote_root . '/' . $this->exeName . '.app.zip'; // Zip app Zip::archive($appPath . '/..', $appPath . ".zip", 1); $signScripts = resource_path('macossign'); // Copy zipped app and signing scripts to the remote mac server - $ssh->send($signScripts . '/toolbox/docodesign3', $local_root . 'docodesign3', 755); - $ssh->send($signScripts . '/toolbox/sign3', $local_root . 'sign3', 755); - $ssh->send($signScripts . '/toolbox/neededToRun3.entitlements', $local_root . 'neededToRun3.entitlements', 755); - $ssh->send($signScripts . '/workshop/docodesign', $local_root . 'docodesign', 755); - $ssh->send($signScripts . '/workshop/sign', $local_root . 'sign', 755); - $ssh->send($signScripts . '/workshop/neededToRun.entitlements', $local_root . 'neededToRun.entitlements', 755); - $ssh->send($appPath . ".zip", $local_root . $this->exeName . '.app.zip', 644); + $ssh->send($signScripts . '/docodesign3', $remote_root . 'docodesign3', 755); + $ssh->send($signScripts . '/sign3', $remote_root . 'sign3', 755); + $ssh->send($signScripts . '/neededToRun3.entitlements', $remote_root . 'neededToRun3.entitlements', 755); + $ssh->send($appPath . ".zip", $remoteSigned, 644); // Sign app - $cl = new CommandLine($local_root . 'sign3'); + $cl = new CommandLine($remote_root . 'sign3'); $cl->setArg(null, $this->exeName); $cl->execute($ssh); $cl->debug(); @@ -87,11 +85,12 @@ class MacOS extends WindowsZIP $finalPath = $this->getPathBase('zip'); // Copy back signed - $ssh->recv($local_root . '/' . $this->exeName . '.app.zip', $finalPath); + $ssh->recv($remoteSigned, $finalPath); + $ssh->unlink($remoteSigned); + $this->setFinalPath($finalPath); $this->setFinalURL($this->getDownloadURL('zip')); - //`rm -rf $path`; return $res; } diff --git a/app/Jobs/FluidbookCompiler.php b/app/Jobs/FluidbookCompiler.php index 456abf830..f43b1498f 100644 --- a/app/Jobs/FluidbookCompiler.php +++ b/app/Jobs/FluidbookCompiler.php @@ -3531,14 +3531,14 @@ height="0" width="0" style="display:none;visibility:hidden"> $fontforge->setArg(null, $f); $fontforge->setArg(null, $dest); $fontforge->execute(); - $fontforge->debug(); + //$fontforge->debug(); } $this->vdir->copy($dest, 'data/fonts/' . $hash . '.woff'); $fontline = new CommandLine('font-line'); $fontline->setArg(null, 'report'); $fontline->setArg(null, $f); $fontline->execute(); - $fontline->debug(); + //$fontline->debug(); $report = explode("\n", $fontline->getOutput()); foreach ($report as $item) { diff --git a/resources/macossign/docodesign3 b/resources/macossign/docodesign3 new file mode 100644 index 000000000..b0c025685 --- /dev/null +++ b/resources/macossign/docodesign3 @@ -0,0 +1,87 @@ +#!/usr/local/bin/node + +const APP = process.argv[2]; +const IDENTITY = process.argv[3]; + +/****************************************************************************/ + +console.log("### finding things to sign"); + +const fs = require('fs'); +const child_process = require('child_process'); + +const items = []; + +const frameworksDir = `${APP}/Contents/Frameworks/nwjs Framework.framework`; + +let currentVersionDir; +for (const dir of fs.readdirSync(`${frameworksDir}/Versions`)) { + if (fs.statSync(`${frameworksDir}/Versions/${dir}`).isDirectory) { + currentVersionDir = `${frameworksDir}/Versions/${dir}`; + break; + } +} +if (!currentVersionDir) { + console.error(`couldn't find "${frameworksDir}/Versions/[version]"`); + process.exit(1); +} +for (const file of fs.readdirSync(`${currentVersionDir}`)) { + if (file.endsWith('.dylib')) { + items.push(`${currentVersionDir}/${file}`); + } +} +for (const file of fs.readdirSync(`${currentVersionDir}/Helpers`)) { + if (/^[a-z0-9_]*$/.test(file) || file.endsWith('.app')) { + items.push(`${currentVersionDir}/Helpers/${file}`); + } +} + +for (const file of fs.readdirSync(`${currentVersionDir}/Libraries`)) { + if (file.endsWith('.dylib')) { + items.push(`${currentVersionDir}/Libraries/${file}`); + } +} + +if (fs.existsSync(`${APP}/Contents/Library/LaunchServices`)) { + for (const file of fs.readdirSync(`${APP}/Contents/Library/LaunchServices`)) { + items.push(`${APP}/Contents/Library/LaunchServices/${file}`); + } +} + +if (fs.existsSync(`${currentVersionDir}/XPCServices`)) { + for (const file of fs.readdirSync(`${currentVersionDir}/XPCServices`)) { + if (file.endsWith('.xpc')) { + items.push(`${currentVersionDir}/XPCServices/${file}`); + } + } +} + +items.push(frameworksDir); + +/****************************************************************************/ + +console.log(""); +console.log("### signing"); + +function exec(cmd) { + console.log(cmd); + const result = child_process.spawnSync(cmd, {shell: true, stdio: 'inherit'}); + if (result.status !== 0) { + console.log(`Command failed with status ${result.status}`); + if (result.error) console.log(result.error); + process.exit(1); + } +} + +for (const item of items) { + exec(`codesign --verbose --force --deep --strict --options runtime --timestamp --sign "${IDENTITY}" --entitlements ./neededToRun3.entitlements "${item}"`); +} + +exec(`codesign --verbose --force --deep --strict --options runtime --timestamp --sign "${IDENTITY}" --entitlements ./neededToRun3.entitlements "${APP}"`); + +/****************************************************************************/ + +console.log(""); +console.log("### verifying signature"); + +exec(`codesign --verify -vvvv "${APP}"`); diff --git a/resources/macossign/neededToRun3.entitlements b/resources/macossign/neededToRun3.entitlements new file mode 100644 index 000000000..b91ddfaa3 --- /dev/null +++ b/resources/macossign/neededToRun3.entitlements @@ -0,0 +1,18 @@ + + + + + com.apple.security.automation.apple-events + + com.apple.security.cs.allow-dyld-environment-variables + + com.apple.security.cs.allow-jit + + com.apple.security.cs.allow-unsigned-executable-memory + + com.apple.security.cs.disable-executable-page-protection + + com.apple.security.cs.disable-library-validation + + + \ No newline at end of file diff --git a/resources/macossign/sign3 b/resources/macossign/sign3 new file mode 100644 index 000000000..fef6dba50 --- /dev/null +++ b/resources/macossign/sign3 @@ -0,0 +1,22 @@ +#!/bin/sh +cd /Users/macossign/Documents/Sign +printf "Unlock keychain\n----\n\n" +security unlock-keychain -p "rntj55bw" /Users/macossign/Library/Keychains/Apple.keychain-db +printf "Unzip app file\n----\n\n" +rm -rf "$1.app" +unzip "$1.app.zip" +rm -f "$1.app.zip" +printf "Sign the app\n----\n\n" +./docodesign3 "$1.app" "Developer ID Application: Cubedesigners (82TNE4UQ7A)" +printf "Zip the app in order to be notarized\n----\n\n" +ditto -c -k --sequesterRsrc --keepParent "$1.app" "$1.app.zip" +printf "Notarize app and wait for confirmation\n----\n\n" +xcrun notarytool submit --wait --apple-id "contact@cubedesigners.com" --team-id "82TNE4UQ7A" --password "tqwj-saik-dtdl-yrpc" "$1.app.zip" +printf "Staple the app\n----\n\n" +xcrun stapler staple "$1.app" +printf "Rezip the app\n----\n\n" +rm -f "$1.app.zip" +ditto -c -k --sequesterRsrc --keepParent "$1.app" "$1.app.zip" +printf "Remove the app (keep only zip)\n----\n\n" +rm -rf "$1.app" +chmod 777 "$1.app.zip" diff --git a/resources/macossign/toolbox/docodesign3 b/resources/macossign/toolbox/docodesign3 deleted file mode 100644 index 5cf89ece4..000000000 --- a/resources/macossign/toolbox/docodesign3 +++ /dev/null @@ -1,82 +0,0 @@ -#!/usr/local/bin/node - -const APP = process.argv[2]; -const IDENTITY = process.argv[3]; - -/****************************************************************************/ - -console.log("### finding things to sign"); - -const fs = require('fs'); -const child_process = require('child_process'); - -const items = []; - -const frameworksDir = `${APP}/Contents/Frameworks/nwjs Framework.framework`; - -let currentVersionDir; -for (const dir of fs.readdirSync(`${frameworksDir}/Versions`)) { - if (fs.statSync(`${frameworksDir}/Versions/${dir}`).isDirectory) { - currentVersionDir = `${frameworksDir}/Versions/${dir}`; - break; - } -} -if (!currentVersionDir) { - console.error(`couldn't find "${frameworksDir}/Versions/[version]"`); - process.exit(1); -} -for (const file of fs.readdirSync(`${currentVersionDir}`)) { - if (file.endsWith('.dylib')) { - items.push(`${currentVersionDir}/${file}`); - } -} -for (const file of fs.readdirSync(`${currentVersionDir}/Helpers`)) { - if (/^[a-z0-9_]*$/.test(file) || file.endsWith('.app')) { - items.push(`${currentVersionDir}/Helpers/${file}`); - } -} - -for (const file of fs.readdirSync(`${currentVersionDir}/Libraries`)) { - if (file.endsWith('.dylib')) { - items.push(`${currentVersionDir}/Libraries/${file}`); - } -} - -for (const file of fs.readdirSync(`${APP}/Contents/Library/LaunchServices`)) { - items.push(`${APP}/Contents/Library/LaunchServices/${file}`); -} - -//for (const file of fs.readdirSync(`${currentVersionDir}/XPCServices`)) { -// if (file.endsWith('.xpc')) { -// items.push(`${currentVersionDir}/XPCServices/${file}`); -// } -// -items.push(frameworksDir); - -/****************************************************************************/ - -console.log(""); -console.log("### signing"); - -function exec(cmd) { - console.log(cmd); - const result = child_process.spawnSync(cmd, {shell: true, stdio: 'inherit'}); - if (result.status !== 0) { - console.log(`Command failed with status ${result.status}`); - if (result.error) console.log(result.error); - process.exit(1); - } -} - -for (const item of items) { - exec(`codesign --verbose --force --deep --strict --options runtime --timestamp --sign "${IDENTITY}" --entitlements ./neededToRun3.entitlements "${item}"`); -} - -exec(`codesign --verbose --force --deep --strict --options runtime --timestamp --sign "${IDENTITY}" --entitlements ./neededToRun3.entitlements "${APP}"`); - -/****************************************************************************/ - -console.log(""); -console.log("### verifying signature"); - -exec(`codesign --verify -vvvv "${APP}"`); diff --git a/resources/macossign/toolbox/neededToRun3.entitlements b/resources/macossign/toolbox/neededToRun3.entitlements deleted file mode 100644 index b91ddfaa3..000000000 --- a/resources/macossign/toolbox/neededToRun3.entitlements +++ /dev/null @@ -1,18 +0,0 @@ - - - - - com.apple.security.automation.apple-events - - com.apple.security.cs.allow-dyld-environment-variables - - com.apple.security.cs.allow-jit - - com.apple.security.cs.allow-unsigned-executable-memory - - com.apple.security.cs.disable-executable-page-protection - - com.apple.security.cs.disable-library-validation - - - \ No newline at end of file diff --git a/resources/macossign/toolbox/sign3 b/resources/macossign/toolbox/sign3 deleted file mode 100644 index fef6dba50..000000000 --- a/resources/macossign/toolbox/sign3 +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh -cd /Users/macossign/Documents/Sign -printf "Unlock keychain\n----\n\n" -security unlock-keychain -p "rntj55bw" /Users/macossign/Library/Keychains/Apple.keychain-db -printf "Unzip app file\n----\n\n" -rm -rf "$1.app" -unzip "$1.app.zip" -rm -f "$1.app.zip" -printf "Sign the app\n----\n\n" -./docodesign3 "$1.app" "Developer ID Application: Cubedesigners (82TNE4UQ7A)" -printf "Zip the app in order to be notarized\n----\n\n" -ditto -c -k --sequesterRsrc --keepParent "$1.app" "$1.app.zip" -printf "Notarize app and wait for confirmation\n----\n\n" -xcrun notarytool submit --wait --apple-id "contact@cubedesigners.com" --team-id "82TNE4UQ7A" --password "tqwj-saik-dtdl-yrpc" "$1.app.zip" -printf "Staple the app\n----\n\n" -xcrun stapler staple "$1.app" -printf "Rezip the app\n----\n\n" -rm -f "$1.app.zip" -ditto -c -k --sequesterRsrc --keepParent "$1.app" "$1.app.zip" -printf "Remove the app (keep only zip)\n----\n\n" -rm -rf "$1.app" -chmod 777 "$1.app.zip" diff --git a/resources/macossign/workshop/docodesign b/resources/macossign/workshop/docodesign deleted file mode 100644 index 9d12873e6..000000000 --- a/resources/macossign/workshop/docodesign +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/bin/env node - -const APP = process.argv[2]; -const IDENTITY = process.argv[3]; - -/****************************************************************************/ - -console.log("### finding things to sign"); - -const fs = require('fs'); -const child_process = require('child_process'); - -const items = []; - -const frameworksDir = `${APP}/Contents/Frameworks/nwjs Framework.framework`; - -let currentVersionDir; -for (const dir of fs.readdirSync(`${frameworksDir}/Versions`)) { - if (fs.statSync(`${frameworksDir}/Versions/${dir}`).isDirectory) { - currentVersionDir = `${frameworksDir}/Versions/${dir}`; - break; - } -} -if (!currentVersionDir) { - console.error(`couldn't find "${frameworksDir}/Versions/[version]"`); - process.exit(1); -} -for (const file of fs.readdirSync(`${currentVersionDir}`)) { - if (file.endsWith('.dylib')) { - items.push(`${currentVersionDir}/${file}`); - } -} -for (const file of fs.readdirSync(`${currentVersionDir}/Helpers`)) { - if (/^[a-z0-9_]*$/.test(file) || file.endsWith('.app')) { - items.push(`${currentVersionDir}/Helpers/${file}`); - } -} -for (const file of fs.readdirSync(`${currentVersionDir}/Libraries`)) { - if (file.endsWith('.dylib')) { - items.push(`${currentVersionDir}/Libraries/${file}`); - } -} -for (const file of fs.readdirSync(`${currentVersionDir}/XPCServices`)) { - if (file.endsWith('.xpc')) { - items.push(`${currentVersionDir}/XPCServices/${file}`); - } -} -items.push(frameworksDir); - -/****************************************************************************/ - -console.log(""); -console.log("### signing"); - -function exec(cmd) { - console.log(cmd); - const result = child_process.spawnSync(cmd, {shell: true, stdio: 'inherit'}); - if (result.status !== 0) { - console.log(`Command failed with status ${result.status}`); - if (result.error) console.log(result.error); - process.exit(1); - } -} - -for (const item of items) { - exec(`codesign --verbose --force --deep --strict --options runtime --timestamp --sign "${IDENTITY}" --entitlements neededToRun.entitlements "${item}"`); -} - -exec(`codesign --verbose --force --deep --strict --options runtime --timestamp --sign "${IDENTITY}" --entitlements neededToRun.entitlements "${APP}"`); - -/****************************************************************************/ - -console.log(""); -console.log("### verifying signature"); - -exec(`codesign --verify -vvvv "${APP}"`); \ No newline at end of file diff --git a/resources/macossign/workshop/neededToRun.entitlements b/resources/macossign/workshop/neededToRun.entitlements deleted file mode 100644 index b91ddfaa3..000000000 --- a/resources/macossign/workshop/neededToRun.entitlements +++ /dev/null @@ -1,18 +0,0 @@ - - - - - com.apple.security.automation.apple-events - - com.apple.security.cs.allow-dyld-environment-variables - - com.apple.security.cs.allow-jit - - com.apple.security.cs.allow-unsigned-executable-memory - - com.apple.security.cs.disable-executable-page-protection - - com.apple.security.cs.disable-library-validation - - - \ No newline at end of file diff --git a/resources/macossign/workshop/sign b/resources/macossign/workshop/sign deleted file mode 100644 index 55a075bfb..000000000 --- a/resources/macossign/workshop/sign +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -printf "Unlock keychain\n----\n\n" -security unlock-keychain -p "atacama" /Users/macossign/Library/Keychains/Apple.keychain-db -/Users/vincent/Sign/docodesign "$1" "Developer ID Application: Cubedesigners (82TNE4UQ7A)" -ditto -c -k --sequesterRsrc --keepParent "$1" "$1.zip" -#xcode-select -s $1 -xcrun notarytool submit --wait --apple-id "contact@cubedesigners.com" --team-id "82TNE4UQ7A" --password "tqwj-saik-dtdl-yrpc" "$1.zip" -xcrun stapler staple $1