From d47f6e97782f37ce7ac7c56c1e8bdff4e91e2722 Mon Sep 17 00:00:00 2001 From: Vincent Vanwaelscappel Date: Wed, 19 Apr 2023 14:41:17 +0200 Subject: [PATCH] wait #5869 --- app/Fluidbook/Packager/MacOS.php | 21 +++-- app/Jobs/FluidbookCompiler.php | 4 +- resources/macossign/{toolbox => }/docodesign3 | 19 +++-- .../{toolbox => }/neededToRun3.entitlements | 0 resources/macossign/{toolbox => }/sign3 | 0 resources/macossign/workshop/docodesign | 76 ------------------- .../workshop/neededToRun.entitlements | 18 ----- resources/macossign/workshop/sign | 8 -- 8 files changed, 24 insertions(+), 122 deletions(-) rename resources/macossign/{toolbox => }/docodesign3 (82%) rename resources/macossign/{toolbox => }/neededToRun3.entitlements (100%) rename resources/macossign/{toolbox => }/sign3 (100%) delete mode 100644 resources/macossign/workshop/docodesign delete mode 100644 resources/macossign/workshop/neededToRun.entitlements delete mode 100644 resources/macossign/workshop/sign diff --git a/app/Fluidbook/Packager/MacOS.php b/app/Fluidbook/Packager/MacOS.php index e91603266..bbb453971 100644 --- a/app/Fluidbook/Packager/MacOS.php +++ b/app/Fluidbook/Packager/MacOS.php @@ -64,22 +64,20 @@ class MacOS extends WindowsZIP //$ssh = new SSH2('paris.cubedesigners.com', 'vincent', 'atacama', 22022); //$local_root = '/Users/vincent/Sign/'; $ssh = new SSH2('paris.cubedesigners.com', 'macossign', 'rntj55bw', 22622); - $local_root = '/Users/macossign/Documents/Sign/'; + $remote_root = '/Users/macossign/Documents/Sign/'; + $remoteSigned = $remote_root . '/' . $this->exeName . '.app.zip'; // Zip app Zip::archive($appPath . '/..', $appPath . ".zip", 1); $signScripts = resource_path('macossign'); // Copy zipped app and signing scripts to the remote mac server - $ssh->send($signScripts . '/toolbox/docodesign3', $local_root . 'docodesign3', 755); - $ssh->send($signScripts . '/toolbox/sign3', $local_root . 'sign3', 755); - $ssh->send($signScripts . '/toolbox/neededToRun3.entitlements', $local_root . 'neededToRun3.entitlements', 755); - $ssh->send($signScripts . '/workshop/docodesign', $local_root . 'docodesign', 755); - $ssh->send($signScripts . '/workshop/sign', $local_root . 'sign', 755); - $ssh->send($signScripts . '/workshop/neededToRun.entitlements', $local_root . 'neededToRun.entitlements', 755); - $ssh->send($appPath . ".zip", $local_root . $this->exeName . '.app.zip', 644); + $ssh->send($signScripts . '/docodesign3', $remote_root . 'docodesign3', 755); + $ssh->send($signScripts . '/sign3', $remote_root . 'sign3', 755); + $ssh->send($signScripts . '/neededToRun3.entitlements', $remote_root . 'neededToRun3.entitlements', 755); + $ssh->send($appPath . ".zip", $remoteSigned, 644); // Sign app - $cl = new CommandLine($local_root . 'sign3'); + $cl = new CommandLine($remote_root . 'sign3'); $cl->setArg(null, $this->exeName); $cl->execute($ssh); $cl->debug(); @@ -87,11 +85,12 @@ class MacOS extends WindowsZIP $finalPath = $this->getPathBase('zip'); // Copy back signed - $ssh->recv($local_root . '/' . $this->exeName . '.app.zip', $finalPath); + $ssh->recv($remoteSigned, $finalPath); + $ssh->unlink($remoteSigned); + $this->setFinalPath($finalPath); $this->setFinalURL($this->getDownloadURL('zip')); - //`rm -rf $path`; return $res; } diff --git a/app/Jobs/FluidbookCompiler.php b/app/Jobs/FluidbookCompiler.php index 456abf830..f43b1498f 100644 --- a/app/Jobs/FluidbookCompiler.php +++ b/app/Jobs/FluidbookCompiler.php @@ -3531,14 +3531,14 @@ height="0" width="0" style="display:none;visibility:hidden"> $fontforge->setArg(null, $f); $fontforge->setArg(null, $dest); $fontforge->execute(); - $fontforge->debug(); + //$fontforge->debug(); } $this->vdir->copy($dest, 'data/fonts/' . $hash . '.woff'); $fontline = new CommandLine('font-line'); $fontline->setArg(null, 'report'); $fontline->setArg(null, $f); $fontline->execute(); - $fontline->debug(); + //$fontline->debug(); $report = explode("\n", $fontline->getOutput()); foreach ($report as $item) { diff --git a/resources/macossign/toolbox/docodesign3 b/resources/macossign/docodesign3 similarity index 82% rename from resources/macossign/toolbox/docodesign3 rename to resources/macossign/docodesign3 index 5cf89ece4..b0c025685 100644 --- a/resources/macossign/toolbox/docodesign3 +++ b/resources/macossign/docodesign3 @@ -42,15 +42,20 @@ for (const file of fs.readdirSync(`${currentVersionDir}/Libraries`)) { } } -for (const file of fs.readdirSync(`${APP}/Contents/Library/LaunchServices`)) { - items.push(`${APP}/Contents/Library/LaunchServices/${file}`); +if (fs.existsSync(`${APP}/Contents/Library/LaunchServices`)) { + for (const file of fs.readdirSync(`${APP}/Contents/Library/LaunchServices`)) { + items.push(`${APP}/Contents/Library/LaunchServices/${file}`); + } +} + +if (fs.existsSync(`${currentVersionDir}/XPCServices`)) { + for (const file of fs.readdirSync(`${currentVersionDir}/XPCServices`)) { + if (file.endsWith('.xpc')) { + items.push(`${currentVersionDir}/XPCServices/${file}`); + } + } } -//for (const file of fs.readdirSync(`${currentVersionDir}/XPCServices`)) { -// if (file.endsWith('.xpc')) { -// items.push(`${currentVersionDir}/XPCServices/${file}`); -// } -// items.push(frameworksDir); /****************************************************************************/ diff --git a/resources/macossign/toolbox/neededToRun3.entitlements b/resources/macossign/neededToRun3.entitlements similarity index 100% rename from resources/macossign/toolbox/neededToRun3.entitlements rename to resources/macossign/neededToRun3.entitlements diff --git a/resources/macossign/toolbox/sign3 b/resources/macossign/sign3 similarity index 100% rename from resources/macossign/toolbox/sign3 rename to resources/macossign/sign3 diff --git a/resources/macossign/workshop/docodesign b/resources/macossign/workshop/docodesign deleted file mode 100644 index 9d12873e6..000000000 --- a/resources/macossign/workshop/docodesign +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/bin/env node - -const APP = process.argv[2]; -const IDENTITY = process.argv[3]; - -/****************************************************************************/ - -console.log("### finding things to sign"); - -const fs = require('fs'); -const child_process = require('child_process'); - -const items = []; - -const frameworksDir = `${APP}/Contents/Frameworks/nwjs Framework.framework`; - -let currentVersionDir; -for (const dir of fs.readdirSync(`${frameworksDir}/Versions`)) { - if (fs.statSync(`${frameworksDir}/Versions/${dir}`).isDirectory) { - currentVersionDir = `${frameworksDir}/Versions/${dir}`; - break; - } -} -if (!currentVersionDir) { - console.error(`couldn't find "${frameworksDir}/Versions/[version]"`); - process.exit(1); -} -for (const file of fs.readdirSync(`${currentVersionDir}`)) { - if (file.endsWith('.dylib')) { - items.push(`${currentVersionDir}/${file}`); - } -} -for (const file of fs.readdirSync(`${currentVersionDir}/Helpers`)) { - if (/^[a-z0-9_]*$/.test(file) || file.endsWith('.app')) { - items.push(`${currentVersionDir}/Helpers/${file}`); - } -} -for (const file of fs.readdirSync(`${currentVersionDir}/Libraries`)) { - if (file.endsWith('.dylib')) { - items.push(`${currentVersionDir}/Libraries/${file}`); - } -} -for (const file of fs.readdirSync(`${currentVersionDir}/XPCServices`)) { - if (file.endsWith('.xpc')) { - items.push(`${currentVersionDir}/XPCServices/${file}`); - } -} -items.push(frameworksDir); - -/****************************************************************************/ - -console.log(""); -console.log("### signing"); - -function exec(cmd) { - console.log(cmd); - const result = child_process.spawnSync(cmd, {shell: true, stdio: 'inherit'}); - if (result.status !== 0) { - console.log(`Command failed with status ${result.status}`); - if (result.error) console.log(result.error); - process.exit(1); - } -} - -for (const item of items) { - exec(`codesign --verbose --force --deep --strict --options runtime --timestamp --sign "${IDENTITY}" --entitlements neededToRun.entitlements "${item}"`); -} - -exec(`codesign --verbose --force --deep --strict --options runtime --timestamp --sign "${IDENTITY}" --entitlements neededToRun.entitlements "${APP}"`); - -/****************************************************************************/ - -console.log(""); -console.log("### verifying signature"); - -exec(`codesign --verify -vvvv "${APP}"`); \ No newline at end of file diff --git a/resources/macossign/workshop/neededToRun.entitlements b/resources/macossign/workshop/neededToRun.entitlements deleted file mode 100644 index b91ddfaa3..000000000 --- a/resources/macossign/workshop/neededToRun.entitlements +++ /dev/null @@ -1,18 +0,0 @@ - - - - - com.apple.security.automation.apple-events - - com.apple.security.cs.allow-dyld-environment-variables - - com.apple.security.cs.allow-jit - - com.apple.security.cs.allow-unsigned-executable-memory - - com.apple.security.cs.disable-executable-page-protection - - com.apple.security.cs.disable-library-validation - - - \ No newline at end of file diff --git a/resources/macossign/workshop/sign b/resources/macossign/workshop/sign deleted file mode 100644 index 55a075bfb..000000000 --- a/resources/macossign/workshop/sign +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -printf "Unlock keychain\n----\n\n" -security unlock-keychain -p "atacama" /Users/macossign/Library/Keychains/Apple.keychain-db -/Users/vincent/Sign/docodesign "$1" "Developer ID Application: Cubedesigners (82TNE4UQ7A)" -ditto -c -k --sequesterRsrc --keepParent "$1" "$1.zip" -#xcode-select -s $1 -xcrun notarytool submit --wait --apple-id "contact@cubedesigners.com" --team-id "82TNE4UQ7A" --password "tqwj-saik-dtdl-yrpc" "$1.zip" -xcrun stapler staple $1 -- 2.39.5