1
0
mirror of https://gitlab.com/kelteseth/ScreenPlay.git synced 2024-11-25 12:13:00 +01:00

WIP add macos dmg signing

This commit is contained in:
Elias Steurer 2023-12-03 11:42:51 +01:00
parent 3657ebb026
commit 0cd141a12b
4 changed files with 41 additions and 5 deletions

View File

@ -22,7 +22,7 @@ function(copy_recursive SOURCE_PATH DESTINATION_PATH REGEX)
file(RELATIVE_PATH RELATIVE_FILE_PATH ${SOURCE_PATH} ${file}) file(RELATIVE_PATH RELATIVE_FILE_PATH ${SOURCE_PATH} ${file})
get_filename_component(FOLDER ${RELATIVE_FILE_PATH} DIRECTORY ${SOURCE_PATH}) get_filename_component(FOLDER ${RELATIVE_FILE_PATH} DIRECTORY ${SOURCE_PATH})
file(MAKE_DIRECTORY ${DESTINATION_PATH}/${FOLDER} ) file(MAKE_DIRECTORY ${DESTINATION_PATH}/${FOLDER} )
message(STATUS "${file} - ${DESTINATION_PATH}/${RELATIVE_FILE_PATH}") #message(STATUS "${file} - ${DESTINATION_PATH}/${RELATIVE_FILE_PATH}")
configure_file(${file} "${DESTINATION_PATH}/${RELATIVE_FILE_PATH}" COPYONLY) configure_file(${file} "${DESTINATION_PATH}/${RELATIVE_FILE_PATH}" COPYONLY)
endforeach() endforeach()

View File

@ -119,4 +119,24 @@ Run the follwoing if you get an signing error:
Error: HTTP status code: 403. A required agreement is missing or has expired. This request requires an in-effect agreement that has not been signed or has expired. Ensure your team has signed the necessary legal agreements and that they are not expired. Error: HTTP status code: 403. A required agreement is missing or has expired. This request requires an in-effect agreement that has not been signed or has expired. Ensure your team has signed the necessary legal agreements and that they are not expired.
``` ```
Go to [appstoreconnect.apple.com](https://appstoreconnect.apple.com) and accept the updated 'Apple Developer Program License Agreement'. Go to [appstoreconnect.apple.com](https://appstoreconnect.apple.com) and accept the updated 'Apple Developer Program License Agreement'.
## Dmg signing
Ensure you have both a Developer ID Application certificate and a Developer ID Installer certificate in your Keychain. You can check this in the Keychain Access app.
- Developer ID Application Certificate:
- Used for code signing the application itself. This ensures that the app is from a known developer and hasn't been tampered with since it was signed.
- Developer ID Installer Certificate:
- Used specifically for signing installer packages like PKG files or disk images (DMGs). This is separate from the application certificate and is specifically for the installer.
1. Check Your Certificates at https://developer.apple.com/account/resources/certificates/list and create a new one `Mac Installer Distribution
This certificate is used to sign your app's Installer Package for submission to the Mac App Store.`
2. `Upload a Certificate Signing Request`. To manually generate a Certificate, you need a Certificate Signing Request (CSR) file from your Mac. https://developer.apple.com/help/account/create-certificates/create-a-certificate-signing-request
1. Launch Keychain Access located in /Applications/Utilities.
1. Choose Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority.
1. In the Certificate Assistant dialog, enter an email address in the User Email Address field.
1. In the Common Name field, enter a name for the key (for example, Gita Kumar Dev Key).
1. Leave the CA Email Address field empty.
1. Choose “Saved to disk,” call it something like `CertificateSigningRequest_Tachiom_Installer_Certificate` then click Continue.
3. Download the new certificate
4. Download your certificate to your Mac, then double click the .cer file to install in Keychain Access. IMPORTANT: Select `Keychan: Login` in the dropdown! Make sure to save a backup copy of your private and public keys somewhere secure.
- The "login" keychain is tied to your user account and unlocks when you log in, making it a convenient location for development-related certificates. The "System" keychain is more restrictive and requires admin permissions for access, while the "Local Items" keychain is specific to iCloud Keychain items.
5. This should now be displayed like `3rd Party Mac Developer Installer: Elias Steurer (V887LHYKRH)` and be valid one year.

View File

@ -78,10 +78,26 @@ def execute(
print(f"⏱️ build_installer_duration: {build_installer_duration}s") print(f"⏱️ build_installer_duration: {build_installer_duration}s")
if platform.system() == "Darwin": if platform.system() == "Darwin":
# TODO FIX installer signing
return
if (build_config.sign_osx): if (build_config.sign_osx):
# Base directory
base_dir = Path(build_config.build_folder)
# Paths for the original and new filenames
original_file = base_dir / 'ScreenPlay-Installer-ScreenPlayComponent.dmg'
new_file = base_dir / 'ScreenPlay-Installer.dmg'
# Renaming the file
try:
original_file.rename(new_file)
print(f"File renamed successfully to {new_file}")
except OSError as error:
print(f"Error: {error}")
print( print(
f"Sign ScreenPlay-installer.dmg at: {build_config.bin_dir}") f"Sign ScreenPlay-installer.dmg at: {new_file}")
macos_sign.sign_dmg(build_config=build_config) macos_sign.sign_dmg(build_config)
# Create a zip file of the build # Create a zip file of the build
if platform.system() != "Darwin": if platform.system() != "Darwin":

View File

@ -48,7 +48,7 @@ def sign(build_config: BuildConfig):
def sign_dmg(build_config: BuildConfig): def sign_dmg(build_config: BuildConfig):
# Sign the DMG # Sign the DMG
run("codesign -f -s \"Developer ID Application: Elias Steurer (V887LHYKRH)\" --timestamp --options \"runtime\" -f --deep \"ScreenPlay-Installer.dmg\"", cwd=build_config.build_folder) run("codesign -f -s \"3rd Party Mac Developer Installer: Elias Steurer (V887LHYKRH)\" --timestamp -f --deep \"ScreenPlay-Installer.dmg\"", cwd=build_config.build_folder)
# Verify the DMG's signature # Verify the DMG's signature
run("codesign --verify --verbose=4 \"ScreenPlay-Installer.dmg\"", run("codesign --verify --verbose=4 \"ScreenPlay-Installer.dmg\"",