Skip to content

Commit

Permalink
[macOS] Codesign binary-dist tarballs (JuliaLang#44305)
Browse files Browse the repository at this point in the history 
Because we're starting to distribute macOS tarballs as well, let's
codesign them by default, when possible.
  • Loading branch information
@staticfloat
staticfloat committed Feb 24, 2022
1 parent f20d5de commit 6b29ebd
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
12 changes: 12 additions & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -427,9 +427,21 @@ ifeq ($(OS), Linux)
endif
ifeq ($(OS), WINNT)
cd $(BUILDROOT)/julia-$(JULIA_COMMIT)/bin && rm -f llvm* llc.exe lli.exe opt.exe LTO.dll bugpoint.exe macho-dump.exe
endif
# If we're on macOS, and we have a codesigning identity, then codesign the binary-dist tarball!
ifeq ($(OS),Darwin)
ifneq ($(MACOS_CODESIGN_IDENTITY),)
echo "Codesigning with identity $(MACOS_CODESIGN_IDENTITY)"; \
MACHO_FILES=$$(find "$(BUILDROOT)/julia-$(JULIA_COMMIT)" -type f -perm -0111 | cut -d: -f1); \
for f in $${MACHO_FILES}; do \
echo "Codesigning $${f}..."; \
codesign -s "$(MACOS_CODESIGN_IDENTITY)" --option=runtime --entitlements $(JULIAHOME)/contrib/mac/app/Entitlements.plist -vvv --timestamp --deep --force "$${f}"; \
done
endif
endif
cd $(BUILDROOT) && $(TAR) zcvf $(JULIA_BINARYDIST_FILENAME).tar.gz julia-$(JULIA_COMMIT)


exe:
# run Inno Setup to compile installer
$(call spawn,$(JULIAHOME)/dist-extras/inno/iscc.exe /DAppVersion=$(JULIA_VERSION) /DSourceDir="$(call cygpath_w,$(BUILDROOT)/julia-$(JULIA_COMMIT))" /DRepoDir="$(call cygpath_w,$(JULIAHOME))" /F"$(JULIA_BINARYDIST_FILENAME)" /O"$(call cygpath_w,$(BUILDROOT))" $(INNO_ARGS) $(call cygpath_w,$(JULIAHOME)/contrib/windows/build-installer.iss))
Expand Down
3 changes: 3 additions & 0 deletions contrib/mac/app/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,9 @@ dmg/$(APP_NAME): startup.applescript julia.icns
make -C $(JULIAHOME) binary-dist
tar zxf $(JULIAHOME)/$(JULIA_BINARYDIST_FILENAME).tar.gz -C $@/Contents/Resources/julia --strip-components 1
find $@/Contents/Resources/julia -type f -exec chmod -w {} \;
# Even though the tarball may already be signed, we re-sign here to make it easier to add
# unsigned executables (like the app launcher) and whatnot, without needing to maintain lists
# of what is or is not signed. Codesigning is cheap, so might as well do it early and often.
if [ -n "$$MACOS_CODESIGN_IDENTITY" ]; then \
echo "Codesigning with identity $$MACOS_CODESIGN_IDENTITY"; \
MACHO_FILES=$$(find "$@" -type f -perm -0111 | cut -d: -f1); \
Expand Down

0 comments on commit 6b29ebd

Please sign in to comment.