From 379bf486c8327e1af2b767e023f97ec349ac6e3d Mon Sep 17 00:00:00 2001 From: Tae Won Ha Date: Thu, 6 Feb 2020 23:22:44 +0100 Subject: [PATCH] Use codesign to sign, not Xcode --- Brewfile | 1 + NvimView/NvimServer/NvimServer.entitlements | 4 ---- NvimView/NvimView.xcodeproj/project.pbxproj | 12 ++---------- VimR/VimR.xcodeproj/project.pbxproj | 11 +---------- bin/build.sh | 2 ++ bin/build_vimr.sh | 11 ++++++++++- 6 files changed, 16 insertions(+), 25 deletions(-) diff --git a/Brewfile b/Brewfile index 5bf2b45c..34312a90 100644 --- a/Brewfile +++ b/Brewfile @@ -6,5 +6,6 @@ brew 'cmake' brew 'pkg-config' brew 'gettext' brew 'ninja' +brew 'coreutils' brew 'python3' diff --git a/NvimView/NvimServer/NvimServer.entitlements b/NvimView/NvimServer/NvimServer.entitlements index 00f46d64..a2dce986 100644 --- a/NvimView/NvimServer/NvimServer.entitlements +++ b/NvimView/NvimServer/NvimServer.entitlements @@ -2,15 +2,11 @@ - com.apple.security.cs.allow-dyld-environment-variables - com.apple.security.cs.allow-jit com.apple.security.cs.allow-unsigned-executable-memory com.apple.security.cs.disable-executable-page-protection - com.apple.security.cs.disable-library-validation - diff --git a/NvimView/NvimView.xcodeproj/project.pbxproj b/NvimView/NvimView.xcodeproj/project.pbxproj index 7be957dc..370ccf25 100644 --- a/NvimView/NvimView.xcodeproj/project.pbxproj +++ b/NvimView/NvimView.xcodeproj/project.pbxproj @@ -1146,6 +1146,7 @@ CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_IDENTITY = "-"; COPY_PHASE_STRIP = NO; CURRENT_PROJECT_VERSION = 341; DEBUG_INFORMATION_FORMAT = dwarf; @@ -1208,7 +1209,7 @@ CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_INJECT_BASE_ENTITLEMENTS = NO; + CODE_SIGN_IDENTITY = "-"; COPY_PHASE_STRIP = NO; CURRENT_PROJECT_VERSION = 341; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; @@ -1259,20 +1260,16 @@ isa = XCBuildConfiguration; buildSettings = { CLANG_ENABLE_MODULES = YES; - CODE_SIGN_IDENTITY = "Developer ID Application: Tae Won Ha (H96Q2NKTQH)"; COMBINE_HIDPI_IMAGES = YES; DEFINES_MODULE = YES; - DEVELOPMENT_TEAM = H96Q2NKTQH; DYLIB_COMPATIBILITY_VERSION = 1; DYLIB_CURRENT_VERSION = 341; DYLIB_INSTALL_NAME_BASE = "@rpath"; - ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = "$(PROJECT_DIR)/../Carthage/Build/Mac"; FRAMEWORK_VERSION = A; INFOPLIST_FILE = NvimView/Info.plist; INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Frameworks"; LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks @loader_path/Frameworks"; - OTHER_CODE_SIGN_FLAGS = "--timestamp"; PRODUCT_BUNDLE_IDENTIFIER = com.qvacua.NvimView; PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)"; SKIP_INSTALL = YES; @@ -1329,10 +1326,6 @@ CLANG_ENABLE_MODULES = NO; CLANG_LINK_OBJC_RUNTIME = NO; CLANG_MODULES_AUTOLINK = NO; - CODE_SIGN_ENTITLEMENTS = NvimServer/NvimServer.entitlements; - CODE_SIGN_IDENTITY = "Developer ID Application: Tae Won Ha (H96Q2NKTQH)"; - DEVELOPMENT_TEAM = H96Q2NKTQH; - ENABLE_HARDENED_RUNTIME = YES; GCC_PREPROCESSOR_DEFINITIONS = "INCLUDE_GENERATED_DECLARATIONS=1"; HEADER_SEARCH_PATHS = ( "$(PROJECT_DIR)/neovim/src", @@ -1345,7 +1338,6 @@ "$(PROJECT_DIR)/neovim/build/lib", "$(PROJECT_DIR)/neovim/.deps/usr/lib", ); - OTHER_CODE_SIGN_FLAGS = "--timestamp"; OTHER_LDFLAGS = ( "-liconv", "-lpthread", diff --git a/VimR/VimR.xcodeproj/project.pbxproj b/VimR/VimR.xcodeproj/project.pbxproj index 274b98d2..f8898bcf 100644 --- a/VimR/VimR.xcodeproj/project.pbxproj +++ b/VimR/VimR.xcodeproj/project.pbxproj @@ -1331,8 +1331,8 @@ projectRoot = ""; targets = ( 4BEBA5041CFF374B00673FDF /* VimR */, - 4BEBA5131CFF374B00673FDF /* VimRTests */, 4B2636A7223A487B00021586 /* VimR.dev */, + 4BEBA5131CFF374B00673FDF /* VimRTests */, ); }; /* End PBXProject section */ @@ -1838,7 +1838,6 @@ ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; COMBINE_HIDPI_IMAGES = YES; DEFINES_MODULE = YES; - DEVELOPMENT_TEAM = H96Q2NKTQH; FRAMEWORK_SEARCH_PATHS = ( "$(inherited)", "$(PROJECT_DIR)/../Carthage/Build/Mac", @@ -1868,7 +1867,6 @@ ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; COMBINE_HIDPI_IMAGES = YES; DEFINES_MODULE = YES; - DEVELOPMENT_TEAM = H96Q2NKTQH; FRAMEWORK_SEARCH_PATHS = ( "$(inherited)", "$(PROJECT_DIR)/../Carthage/Build/Mac", @@ -1925,7 +1923,6 @@ COPY_PHASE_STRIP = NO; CURRENT_PROJECT_VERSION = 341; DEBUG_INFORMATION_FORMAT = dwarf; - ENABLE_HARDENED_RUNTIME = YES; ENABLE_STRICT_OBJC_MSGSEND = YES; ENABLE_TESTABILITY = YES; GCC_C_LANGUAGE_STANDARD = gnu99; @@ -1983,11 +1980,9 @@ CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; CODE_SIGN_IDENTITY = "-"; - CODE_SIGN_INJECT_BASE_ENTITLEMENTS = NO; COPY_PHASE_STRIP = NO; CURRENT_PROJECT_VERSION = 341; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - ENABLE_HARDENED_RUNTIME = YES; ENABLE_NS_ASSERTIONS = NO; ENABLE_STRICT_OBJC_MSGSEND = YES; GCC_C_LANGUAGE_STANDARD = gnu99; @@ -2040,11 +2035,8 @@ isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; - CODE_SIGN_IDENTITY = "Developer ID Application: Tae Won Ha (H96Q2NKTQH)"; COMBINE_HIDPI_IMAGES = YES; DEFINES_MODULE = YES; - DEVELOPMENT_TEAM = H96Q2NKTQH; - ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = ( "$(inherited)", "$(PROJECT_DIR)/../Carthage/Build/Mac", @@ -2055,7 +2047,6 @@ ); INFOPLIST_FILE = VimR/Info.plist; LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks"; - OTHER_CODE_SIGN_FLAGS = "--timestamp"; OTHER_LDFLAGS = ( "$(PROJECT_DIR)/../third-party/libxz/lib/liblzma.a", "$(PROJECT_DIR)/../third-party/libpcre/lib/libpcre.a", diff --git a/bin/build.sh b/bin/build.sh index 2d9f3f38..28338bae 100755 --- a/bin/build.sh +++ b/bin/build.sh @@ -43,6 +43,8 @@ if [[ "${is_snapshot}" == true ]] && [[ "${branch}" == "master" ]] ; then exit 1 fi +git lfs install + echo "### Installing some python packages" pip3 install requests diff --git a/bin/build_vimr.sh b/bin/build_vimr.sh index dfb5f43d..c8b246df 100755 --- a/bin/build_vimr.sh +++ b/bin/build_vimr.sh @@ -54,8 +54,17 @@ rm -rf ${build_path} if [[ ${code_sign} == true ]] ; then identity="Developer ID Application: Tae Won Ha (H96Q2NKTQH)" entitlements_path=$(realpath NvimView/NvimServer/NvimServer.entitlements) - xcodebuild -configuration Release -scheme VimR -workspace VimR.xcworkspace -derivedDataPath ${build_path} clean build + + xcodebuild \ + CODE_SIGN_IDENTITY="${identity}" \ + OTHER_CODE_SIGN_FLAGS="--timestamp --options=runtime" \ + CODE_SIGN_INJECT_BASE_ENTITLEMENTS=NO \ + -configuration Release -derivedDataPath ./build -workspace VimR.xcworkspace -scheme VimR clean build + pushd ${build_path}/Build/Products/Release > /dev/null + codesign --force -s "${identity}" --timestamp --options=runtime --entitlements="${entitlements_path}" \ + VimR.app/Contents/Frameworks/NvimView.framework/Versions/A/NvimServer + codesign --force -s "${identity}" --timestamp --options=runtime VimR.app/Contents/Frameworks/NvimView.framework/Versions/A codesign --force -s "${identity}" --deep --timestamp --options=runtime VimR.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app codesign --force -s "${identity}" --deep --timestamp --options=runtime VimR.app/Contents/Frameworks/Sparkle.framework/Versions/A popd > /dev/null