ScreenPlay/Tools/macos_sign.py

#!/usr/bin/python3
# SPDX-License-Identifier: LicenseRef-EliasSteurerTachiom OR AGPL-3.0-only
from build_config import BuildConfig
from util import run
from sys import stdout
stdout.reconfigure(encoding='utf-8')


def sign(build_config: BuildConfig):
    print("Run codedesign")
    # run("codesign -f -s 'Developer ID Application: Elias Steurer (V887LHYKRH)' --verbose --force  --timestamp --options 'runtime' -f --entitlements '../../ScreenPlay/entitlements.plist' 'ScreenPlay.app/' ",
    #    cwd=build_config.bin_dir)
    # Do not use --deep https://developer.apple.com/forums/thread/129980
    # base_sign_command = "codesign  -s \"Developer ID Application: Elias Steurer (V887LHYKRH)\" --verbose --force --timestamp --options \"runtime\" \"ScreenPlay.app/Contents/MacOS/{app}\""
    # run(base_sign_command.format(app="ffmpeg"),  cwd=build_config.bin_dir)
    # run(base_sign_command.format(app="ffprobe"), cwd=build_config.bin_dir)
    run("codesign --deep -s \"Developer ID Application: Elias Steurer (V887LHYKRH)\" --verbose --force --timestamp --options \"runtime\" --entitlements \"../../ScreenPlay/entitlements.plist\"  \"ScreenPlay.app/\"",
        cwd=build_config.bin_dir)

    print("Run codedesign verify")
    run("codesign --verify --verbose=4  'ScreenPlay.app/'",
        cwd=build_config.bin_dir)

    # Note the profile is the one name of the first step of (App Store Connect API) in the macOSSigning.md
    # xcrun notarytool submit "ScreenPlay.app.zip" --keychain-profile "ScreenPlay" --wait
    # xcrun stapler staple "ScreenPlay.app"
    print("Packing .apps for upload")
    run("ditto -c -k --keepParent 'ScreenPlay.app' 'ScreenPlay.app.zip'",
        cwd=build_config.bin_dir)

    # run this  if you get an error:
    # `xcrun notarytool log --apple-id "xxxxx@xxxx.com"  --password "xxxx-xxxx-xxxx-xxxx" --team-id "xxxxxxxxxxx"  <ID>`
    # Processing complete
    # id: xxxxxx-xxxxxx-xxxx-xxxxx-xxxxx
    # status: Invalid
    print("Run xcnotary submit")
    run("xcrun notarytool submit --keychain-profile 'ScreenPlay' ScreenPlay.app.zip  --wait",
        cwd=build_config.bin_dir)

    print("Run stapler staple")
    run("xcrun stapler staple ScreenPlay.app", cwd=build_config.bin_dir)
    print("Run spctl assess")
    run("spctl --assess --verbose  'ScreenPlay.app/'", cwd=build_config.bin_dir)

    print("Remove ScreenPlay.app.zip.")
    run("rm ScreenPlay.app.zip",  cwd=build_config.bin_dir)


def sign_dmg(build_config: BuildConfig):
    # Sign the DMG
    run("codesign -f -s \"3rd Party Mac Developer Installer: Elias Steurer (V887LHYKRH)\" --timestamp  -f --deep \"ScreenPlay-Installer.dmg\"", cwd=build_config.build_folder)

    # Verify the DMG's signature
    run("codesign --verify --verbose=4  \"ScreenPlay-Installer.dmg\"",
        cwd=build_config.build_folder)

    # Pack the DMG for notarization
    run("ditto -c -k --keepParent ScreenPlay-Installer.dmg ScreenPlay-Installer.dmg.zip",
        cwd=build_config.build_folder)

    # Notarize the DMG using notarytool
    run("xcrun notarytool submit ScreenPlay-Installer.dmg.zip --keychain-profile 'ScreenPlay' --wait",
        cwd=build_config.build_folder)

    # Staple the notarization ticket to the DMG
    run("xcrun stapler staple ScreenPlay-Installer.dmg",
        cwd=build_config.build_folder)

    # Check the notarization status for the DMG
    run("spctl --assess --verbose  \"ScreenPlay-Installer.dmg\"",
        cwd=build_config.build_folder)

    # Clean up the zip file
    run("rm ScreenPlay-Installer.dmg.zip", cwd=build_config.build_folder)
Fix macOS universal signing 2022-08-26 15:45:49 +02:00			`#!/usr/bin/python3`
Update to use SPDX-License-Identifier 2023-01-19 10:33:49 +01:00			`# SPDX-License-Identifier: LicenseRef-EliasSteurerTachiom OR AGPL-3.0-only`
Move BuildConfig and BuildResult into dedicated files this fixed the circular dependency in the build_and_publish script than internally imports the macos_sign 2023-08-24 16:17:48 +02:00			`from build_config import BuildConfig`
			`from util import run`
Update python to output utf-8 2022-11-02 12:15:34 +01:00			`from sys import stdout`
			`stdout.reconfigure(encoding='utf-8')`
Fix macOS universal signing 2022-08-26 15:45:49 +02:00
WIP: Add mac .dmg installer This does not yet work with signing of the macos .dmg ScreenPlay-Installer.dmg: rejected (the code is valid but does not seem to be an app) 2023-08-24 16:02:43 +02:00
Fix macOS universal signing 2022-08-26 15:45:49 +02:00			`def sign(build_config: BuildConfig):`
			`print("Run codedesign")`
Move BuildConfig and BuildResult into dedicated files this fixed the circular dependency in the build_and_publish script than internally imports the macos_sign 2023-08-24 16:17:48 +02:00			`# run("codesign -f -s 'Developer ID Application: Elias Steurer (V887LHYKRH)' --verbose --force --timestamp --options 'runtime' -f --entitlements '../../ScreenPlay/entitlements.plist' 'ScreenPlay.app/' ",`
Fix compilation and signing Move TrayIcon back to ScreenPlay: - This fixes the missing labs plugins when running the macdeployqt script - We don't need it here only in the SP main folder anyway Move building and sign of the osx version for x64 and arm64 into the actual build script. Remove the qml plugin path workaround from the addImportPath 2023-02-11 11:57:09 +01:00			`# cwd=build_config.bin_dir)`
			`# Do not use --deep https://developer.apple.com/forums/thread/129980`
			`# base_sign_command = "codesign -s \"Developer ID Application: Elias Steurer (V887LHYKRH)\" --verbose --force --timestamp --options \"runtime\" \"ScreenPlay.app/Contents/MacOS/{app}\""`
			`# run(base_sign_command.format(app="ffmpeg"), cwd=build_config.bin_dir)`
			`# run(base_sign_command.format(app="ffprobe"), cwd=build_config.bin_dir)`
Move BuildConfig and BuildResult into dedicated files this fixed the circular dependency in the build_and_publish script than internally imports the macos_sign 2023-08-24 16:17:48 +02:00			`run("codesign --deep -s \"Developer ID Application: Elias Steurer (V887LHYKRH)\" --verbose --force --timestamp --options \"runtime\" --entitlements \"../../ScreenPlay/entitlements.plist\" \"ScreenPlay.app/\"",`
Fix macOS universal signing 2022-08-26 15:45:49 +02:00			`cwd=build_config.bin_dir)`

			`print("Run codedesign verify")`
Move BuildConfig and BuildResult into dedicated files this fixed the circular dependency in the build_and_publish script than internally imports the macos_sign 2023-08-24 16:17:48 +02:00			`run("codesign --verify --verbose=4 'ScreenPlay.app/'",`
Fix macOS universal signing 2022-08-26 15:45:49 +02:00			`cwd=build_config.bin_dir)`

			`# Note the profile is the one name of the first step of (App Store Connect API) in the macOSSigning.md`
			`# xcrun notarytool submit "ScreenPlay.app.zip" --keychain-profile "ScreenPlay" --wait`
			`# xcrun stapler staple "ScreenPlay.app"`
			`print("Packing .apps for upload")`
Move BuildConfig and BuildResult into dedicated files this fixed the circular dependency in the build_and_publish script than internally imports the macos_sign 2023-08-24 16:17:48 +02:00			`run("ditto -c -k --keepParent 'ScreenPlay.app' 'ScreenPlay.app.zip'",`
			`cwd=build_config.bin_dir)`
Add docs 2023-02-09 11:52:12 +01:00
			`# run this if you get an error:`
			# `xcrun notarytool log --apple-id "xxxxx@xxxx.com" --password "xxxx-xxxx-xxxx-xxxx" --team-id "xxxxxxxxxxx" <ID>`
			`# Processing complete`
			`# id: xxxxxx-xxxxxx-xxxx-xxxxx-xxxxx`
			`# status: Invalid`
Fix macOS universal signing 2022-08-26 15:45:49 +02:00			`print("Run xcnotary submit")`
Move BuildConfig and BuildResult into dedicated files this fixed the circular dependency in the build_and_publish script than internally imports the macos_sign 2023-08-24 16:17:48 +02:00			`run("xcrun notarytool submit --keychain-profile 'ScreenPlay' ScreenPlay.app.zip --wait",`
			`cwd=build_config.bin_dir)`
Fix macOS universal signing 2022-08-26 15:45:49 +02:00
			`print("Run stapler staple")`
			`run("xcrun stapler staple ScreenPlay.app", cwd=build_config.bin_dir)`
			`print("Run spctl assess")`
Add docs 2023-02-09 11:52:12 +01:00			`run("spctl --assess --verbose 'ScreenPlay.app/'", cwd=build_config.bin_dir)`
Fix macOS universal signing 2022-08-26 15:45:49 +02:00
WIP: Add mac .dmg installer This does not yet work with signing of the macos .dmg ScreenPlay-Installer.dmg: rejected (the code is valid but does not seem to be an app) 2023-08-24 16:02:43 +02:00			`print("Remove ScreenPlay.app.zip.")`
Fix macOS universal signing 2022-08-26 15:45:49 +02:00			`run("rm ScreenPlay.app.zip", cwd=build_config.bin_dir)`

Move BuildConfig and BuildResult into dedicated files this fixed the circular dependency in the build_and_publish script than internally imports the macos_sign 2023-08-24 16:17:48 +02:00
WIP: Add mac .dmg installer This does not yet work with signing of the macos .dmg ScreenPlay-Installer.dmg: rejected (the code is valid but does not seem to be an app) 2023-08-24 16:02:43 +02:00			`def sign_dmg(build_config: BuildConfig):`
			`# Sign the DMG`
WIP add macos dmg signing 2023-12-03 11:42:51 +01:00			`run("codesign -f -s \"3rd Party Mac Developer Installer: Elias Steurer (V887LHYKRH)\" --timestamp -f --deep \"ScreenPlay-Installer.dmg\"", cwd=build_config.build_folder)`
Move BuildConfig and BuildResult into dedicated files this fixed the circular dependency in the build_and_publish script than internally imports the macos_sign 2023-08-24 16:17:48 +02:00
WIP: Add mac .dmg installer This does not yet work with signing of the macos .dmg ScreenPlay-Installer.dmg: rejected (the code is valid but does not seem to be an app) 2023-08-24 16:02:43 +02:00			`# Verify the DMG's signature`
Move BuildConfig and BuildResult into dedicated files this fixed the circular dependency in the build_and_publish script than internally imports the macos_sign 2023-08-24 16:17:48 +02:00			`run("codesign --verify --verbose=4 \"ScreenPlay-Installer.dmg\"",`
			`cwd=build_config.build_folder)`

WIP: Add mac .dmg installer This does not yet work with signing of the macos .dmg ScreenPlay-Installer.dmg: rejected (the code is valid but does not seem to be an app) 2023-08-24 16:02:43 +02:00			`# Pack the DMG for notarization`
Move BuildConfig and BuildResult into dedicated files this fixed the circular dependency in the build_and_publish script than internally imports the macos_sign 2023-08-24 16:17:48 +02:00			`run("ditto -c -k --keepParent ScreenPlay-Installer.dmg ScreenPlay-Installer.dmg.zip",`
			`cwd=build_config.build_folder)`

WIP: Add mac .dmg installer This does not yet work with signing of the macos .dmg ScreenPlay-Installer.dmg: rejected (the code is valid but does not seem to be an app) 2023-08-24 16:02:43 +02:00			`# Notarize the DMG using notarytool`
Move BuildConfig and BuildResult into dedicated files this fixed the circular dependency in the build_and_publish script than internally imports the macos_sign 2023-08-24 16:17:48 +02:00			`run("xcrun notarytool submit ScreenPlay-Installer.dmg.zip --keychain-profile 'ScreenPlay' --wait",`
			`cwd=build_config.build_folder)`

WIP: Add mac .dmg installer This does not yet work with signing of the macos .dmg ScreenPlay-Installer.dmg: rejected (the code is valid but does not seem to be an app) 2023-08-24 16:02:43 +02:00			`# Staple the notarization ticket to the DMG`
Move BuildConfig and BuildResult into dedicated files this fixed the circular dependency in the build_and_publish script than internally imports the macos_sign 2023-08-24 16:17:48 +02:00			`run("xcrun stapler staple ScreenPlay-Installer.dmg",`
			`cwd=build_config.build_folder)`

WIP: Add mac .dmg installer This does not yet work with signing of the macos .dmg ScreenPlay-Installer.dmg: rejected (the code is valid but does not seem to be an app) 2023-08-24 16:02:43 +02:00			`# Check the notarization status for the DMG`
Move BuildConfig and BuildResult into dedicated files this fixed the circular dependency in the build_and_publish script than internally imports the macos_sign 2023-08-24 16:17:48 +02:00			`run("spctl --assess --verbose \"ScreenPlay-Installer.dmg\"",`
			`cwd=build_config.build_folder)`

WIP: Add mac .dmg installer This does not yet work with signing of the macos .dmg ScreenPlay-Installer.dmg: rejected (the code is valid but does not seem to be an app) 2023-08-24 16:02:43 +02:00			`# Clean up the zip file`
			`run("rm ScreenPlay-Installer.dmg.zip", cwd=build_config.build_folder)`