Move get_binary_arches into common, and code sign every binary in the app bundle

2024-10-01 01:35:40 -04:00 · 2023-10-20 15:15:40 -07:00 · 2023-10-20 15:15:40 -07:00 · 0631d14d78
commit 0631d14d78
parent c524afd87b
3 changed files with 45 additions and 49 deletions
--- a/desktop/scripts/build-macos.py
+++ b/desktop/scripts/build-macos.py
@ -7,6 +7,8 @@ import shutil
 import glob
 import itertools

+from common import get_binary_arches
+
 root = os.path.dirname(
    os.path.dirname(
        os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe())))
@ -54,6 +56,10 @@ def sign(path, entitlements, identity):
    )


+def get_binaries():
+    pass
+
+
@click.group()
 def main():
    """
@ -159,7 +165,7 @@ def cleanup_build():
        "QtSvgWidgets",
        "QtUiTools",
        "QtWebEngineQuick",
-        "QtWebEngineQuickDelegatesQml"
+        "QtWebEngineQuickDelegatesQml",
    ]:
        shutil.rmtree(
            f"{app_path}/Contents/MacOS/lib/PySide6/Qt/lib/{framework}.framework"
@ -229,26 +235,11 @@ def cleanup_build():
@click.argument("app_path")
 def codesign(app_path):
    """Sign macOS binaries before packaging"""
-    for path in itertools.chain(
-        glob.glob(f"{app_path}/Contents/Resources/lib/**/*.so", recursive=True),
-        glob.glob(f"{app_path}/Contents/Resources/lib/**/*.dylib", recursive=True),
-        [
-            f"{app_path}/Contents/Frameworks/QtCore.framework/Versions/A/QtCore",
-            f"{app_path}/Contents/Frameworks/QtDBus.framework/Versions/A/QtDBus",
-            f"{app_path}/Contents/Frameworks/QtGui.framework/Versions/A/QtGui",
-            f"{app_path}/Contents/Frameworks/QtWidgets.framework/Versions/A/QtWidgets",
-            f"{app_path}/Contents/Resources/lib/Python",
-            f"{app_path}/Contents/Resources/lib/onionshare/resources/tor/meek-client",
-            f"{app_path}/Contents/Resources/lib/onionshare/resources/tor/obfs4proxy",
-            f"{app_path}/Contents/Resources/lib/onionshare/resources/tor/snowflake-client",
-            f"{app_path}/Contents/Resources/lib/onionshare/resources/tor/tor",
-            f"{app_path}/Contents/Resources/lib/onionshare/resources/tor/libevent-2.1.7.dylib",
-            f"{app_path}/Contents/MacOS/onionshare",
-            f"{app_path}/Contents/MacOS/onionshare-cli",
-            f"{app_path}",
-        ],
-    ):
-        sign(path, entitlements_plist_path, identity_name_application)
+    bin_universal, bin_silicon, bin_intel = get_binary_arches(app_path)
+    binaries = bin_universal + bin_silicon + bin_intel + [app_path]
+
+    for filename in binaries:
+        sign(filename, entitlements_plist_path, identity_name_application)

    print(f"> Signed app bundle: {app_path}")

--- a/desktop/scripts/common.py
+++ b/desktop/scripts/common.py
@ -0,0 +1,32 @@
+import os
+import subprocess
+
+
+def get_binary_arches(app_dir):
+    universal = []
+    silicon = []
+    intel = []
+    for dirpath, dirnames, filenames in os.walk(app_dir):
+        for basename in filenames:
+            filename = os.path.join(dirpath, basename)
+            if os.path.isfile(filename):
+                out = subprocess.check_output(["file", filename]).decode("utf-8")
+                if (
+                    "Mach-O 64-bit executable" in out
+                    or "Mach-O 64-bit bundle" in out
+                    or "Mach-O 64-bit dynamically linked shared library" in out
+                ):
+                    arm64, x86 = False, False
+                    if "arm64" in out:
+                        arm64 = True
+                    if "x86_64" in out:
+                        x86 = True
+
+                    if arm64 and x86:
+                        universal.append(filename)
+                    elif arm64:
+                        silicon.append(filename)
+                    elif x86:
+                        intel.append(filename)
+
+    return universal, silicon, intel
--- a/desktop/scripts/macos-merge-universal.py
+++ b/desktop/scripts/macos-merge-universal.py
@ -5,34 +5,7 @@ import click
 import subprocess


-def get_binary_arches(app_dir):
-    universal = []
-    silicon = []
-    intel = []
-    for dirpath, dirnames, filenames in os.walk(app_dir):
-        for basename in filenames:
-            filename = os.path.join(dirpath, basename)
-            if os.path.isfile(filename):
-                out = subprocess.check_output(["file", filename]).decode("utf-8")
-                if (
-                    "Mach-O 64-bit executable" in out
-                    or "Mach-O 64-bit bundle" in out
-                    or "Mach-O 64-bit dynamically linked shared library" in out
-                ):
-                    arm64, x86 = False, False
-                    if "arm64" in out:
-                        arm64 = True
-                    if "x86_64" in out:
-                        x86 = True
-
-                    if arm64 and x86:
-                        universal.append(filename)
-                    elif arm64:
-                        silicon.append(filename)
-                    elif x86:
-                        intel.append(filename)
-
-    return universal, silicon, intel
+from common import get_binary_arches


@click.command()