Revision: 12253
http://sourceforge.net/p/skim-app/code/12253
Author: hofman
Date: 2021-04-05 17:22:32 +0000 (Mon, 05 Apr 2021)
Log Message:
-----------
No need to use hardened runtime for frameworks. Use id for notarization
depending on archive type.
Modified Paths:
--------------
trunk/build_skim.py
trunk/codesign_skim.sh
Modified: trunk/build_skim.py
===================================================================
--- trunk/build_skim.py 2021-04-05 16:53:36 UTC (rev 12252)
+++ trunk/build_skim.py 2021-04-05 17:22:32 UTC (rev 12253)
@@ -130,10 +130,10 @@
print("codesign_skim.sh exited with status %s" % (rc))
assert rc == 0, "code signing failed"
-def notarize_dmg_or_zip(dmg_path, username, password):
- """dmg_path: zip file or dmg file"""
+def notarize_dmg_or_zip(archive_path, username, password):
- notarize_cmd = ["xcrun", "altool", "--notarize-app",
"--primary-bundle-id", "net.sourceforce.skim-app.skim.zip", "--username",
username, "--password", password, "--output-format", "xml", "--file", dmg_path]
+ bundle_id = "net.sourceforce.skim-app.skim" +
os.path.splitext(archive_path)[1]
+ notarize_cmd = ["xcrun", "altool", "--notarize-app",
"--primary-bundle-id", bundle_id, "--username", username, "--password",
password, "--output-format", "xml", "--file", archive_path]
notarize_task = Popen(notarize_cmd, cwd=SOURCE_DIR, stdout=PIPE,
stderr=PIPE)
[output, error] = notarize_task.communicate()
rc = notarize_task.returncode
Modified: trunk/codesign_skim.sh
===================================================================
--- trunk/codesign_skim.sh 2021-04-05 16:53:36 UTC (rev 12252)
+++ trunk/codesign_skim.sh 2021-04-05 17:22:32 UTC (rev 12253)
@@ -13,28 +13,28 @@
SKIM_ENTITLEMENTS=$(dirname "$0")/Skim.entitlements
# see
https://mjtsai.com/blog/2021/02/18/code-signing-when-building-on-apple-silicon/
-CODESIGN_FLAGS="--verbose --options runtime --timestamp --force
--digest-algorithm=sha1,sha256"
+# and https://developer.apple.com/forums/thread/130855
+CODESIGN_FLAGS="-v --timestamp -f --digest-algorithm=sha1,sha256"
CONTENTS_DIR="${SKIM_BUNDLE_PATH}/Contents"
# have to sign frameworks first
LOCATION="${CONTENTS_DIR}/Frameworks"
-codesign ${CODESIGN_FLAGS} --sign "${IDENTITY}"
"${LOCATION}/SkimNotes.framework/Versions/A"
-codesign ${CODESIGN_FLAGS} --sign "${IDENTITY}" --identifier
"org.sparkle-project.Sparkle.Autoupdate.fileop"
"${LOCATION}/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop"
-codesign ${CODESIGN_FLAGS} --sign "${IDENTITY}"
"${LOCATION}/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/Autoupdate"
-codesign ${CODESIGN_FLAGS} --sign "${IDENTITY}"
"${LOCATION}/Sparkle.framework/Versions/A"
+codesign ${CODESIGN_FLAGS} -s "${IDENTITY}" "${LOCATION}/SkimNotes.framework"
+codesign ${CODESIGN_FLAGS} -o runtime -s "${IDENTITY}" --identifier
"org.sparkle-project.Sparkle.Autoupdate.fileop"
"${LOCATION}/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop"
+codesign ${CODESIGN_FLAGS} -o runtime -s "${IDENTITY}"
"${LOCATION}/Sparkle.framework/Versions/A/Resources/Autoupdate.app"
+codesign ${CODESIGN_FLAGS} -s "${IDENTITY}" "${LOCATION}/Sparkle.framework"
LOCATION="${CONTENTS_DIR}/Library"
-codesign ${CODESIGN_FLAGS} --sign "${IDENTITY}"
"${LOCATION}/Spotlight/SkimImporter.mdimporter/Contents/Frameworks/SkimNotesBase.framework/Versions/A"
-codesign ${CODESIGN_FLAGS} --sign "${IDENTITY}"
"${LOCATION}/Spotlight/SkimImporter.mdimporter/Contents/MacOS/SkimImporter"
-codesign ${CODESIGN_FLAGS} --sign "${IDENTITY}"
"${LOCATION}/QuickLook/Skim.qlgenerator/Contents/MacOS/Skim"
+codesign ${CODESIGN_FLAGS} -s "${IDENTITY}"
"${LOCATION}/Spotlight/SkimImporter.mdimporter/Contents/Frameworks/SkimNotesBase.framework"
+codesign ${CODESIGN_FLAGS} -o runtime -s "${IDENTITY}"
"${LOCATION}/Spotlight/SkimImporter.mdimporter/Contents/MacOS/SkimImporter"
+codesign ${CODESIGN_FLAGS} -o runtime -s "${IDENTITY}"
"${LOCATION}/QuickLook/Skim.qlgenerator/Contents/MacOS/Skim"
LOCATION="${CONTENTS_DIR}/Plugins"
-codesign ${CODESIGN_FLAGS} --sign "${IDENTITY}"
"${LOCATION}/SkimTransitions.plugin/Contents/MacOS/SkimTransitions"
+codesign ${CODESIGN_FLAGS} -o runtime --sign "${IDENTITY}"
"${LOCATION}/SkimTransitions.plugin/Contents/MacOS/SkimTransitions"
LOCATION="${CONTENTS_DIR}/SharedSupport"
-codesign ${CODESIGN_FLAGS} --sign "${IDENTITY}" --identifier
"net.sourceforge.skim-app.tool.skimnotes" "${LOCATION}/skimnotes"
-codesign ${CODESIGN_FLAGS} --sign "${IDENTITY}" --identifier
"net.sourceforge.skim-app.tool.skimpdf" "${LOCATION}/skimpdf"
+codesign ${CODESIGN_FLAGS} -o runtime -s "${IDENTITY}" --identifier
"net.sourceforge.skim-app.tool.skimnotes" "${LOCATION}/skimnotes"
+codesign ${CODESIGN_FLAGS} -o runtime -s "${IDENTITY}" --identifier
"net.sourceforge.skim-app.tool.skimpdf" "${LOCATION}/skimpdf"
-LOCATION="${CONTENTS_DIR}/MacOS"
-codesign ${CODESIGN_FLAGS} --sign "${IDENTITY}" --entitlements
"${SKIM_ENTITLEMENTS}" "${SKIM_BUNDLE_PATH}"
+codesign ${CODESIGN_FLAGS} -o runtime -s "${IDENTITY}" --entitlements
"${SKIM_ENTITLEMENTS}" "${SKIM_BUNDLE_PATH}"
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
_______________________________________________
Skim-app-commit mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/skim-app-commit
