From 8a36ddf466385c724fa6abad7385fd79857cf669 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mos=C3=A8=20Giordano?= Date: Tue, 8 Mar 2022 22:52:45 +0000 Subject: [PATCH] Add shell sript for codesigning and use it in Makefile --- Makefile | 23 ++++++++--------------- contrib/codesign.sh | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 15 deletions(-) create mode 100755 contrib/codesign.sh diff --git a/Makefile b/Makefile index ba4238365cd37..df6e998d47c35 100644 --- a/Makefile +++ b/Makefile @@ -374,16 +374,16 @@ endif ifneq ($(LOADER_BUILD_DEP_LIBS),$(LOADER_INSTALL_DEP_LIBS)) # Next, overwrite relative path to libjulia-internal in our loader if $$(LOADER_BUILD_DEP_LIBS) != $$(LOADER_INSTALL_DEP_LIBS) $(call stringreplace,$(DESTDIR)$(shlibdir)/libjulia.$(JL_MAJOR_MINOR_SHLIB_EXT),$(LOADER_BUILD_DEP_LIBS)$$,$(LOADER_INSTALL_DEP_LIBS)) -ifeq ($(OS), Darwin) - # Fix codesign of the libjulia we just modified - $(call spawn,$(build_bindir)/julia$(EXE) --startup-file=no -e 'using Pkg; Pkg.activate(;temp=true); Pkg.add("ldid_jll"); using ldid_jll; run(`$$(ldid()) -S -d $(DESTDIR)$(shlibdir)/libjulia.$(JL_MAJOR_MINOR_SHLIB_EXT)`)') +ifeq ($(OS),Darwin) + # Codesign the libjulia we just modified + $(JULIAHOME)/contrib/codesign.sh "$(MACOS_CODESIGN_IDENTITY)" "$(DESTDIR)$(shlibdir)/libjulia.$(JL_MAJOR_MINOR_SHLIB_EXT)" endif ifeq ($(BUNDLE_DEBUG_LIBS),1) $(call stringreplace,$(DESTDIR)$(shlibdir)/libjulia-debug.$(JL_MAJOR_MINOR_SHLIB_EXT),$(LOADER_DEBUG_BUILD_DEP_LIBS)$$,$(LOADER_DEBUG_INSTALL_DEP_LIBS)) -ifeq ($(OS), Darwin) - # Fix codesign of the libjulia we just modified - $(call spawn,$(build_bindir)/julia$(EXE) --startup-file=no -e 'using Pkg; Pkg.activate(;temp=true); Pkg.add("ldid_jll"); using ldid_jll; run(`$$(ldid()) -S -d $(DESTDIR)$(shlibdir)/libjulia-debug.$(JL_MAJOR_MINOR_SHLIB_EXT)`)') +ifeq ($(OS),Darwin) + # Codesign the libjulia we just modified + $(JULIAHOME)/contrib/codesign.sh "$(MACOS_CODESIGN_IDENTITY)" "$(DESTDIR)$(shlibdir)/libjulia-debug.$(JL_MAJOR_MINOR_SHLIB_EXT)" endif endif endif @@ -436,16 +436,9 @@ endif ifeq ($(OS), WINNT) cd $(BUILDROOT)/julia-$(JULIA_COMMIT)/bin && rm -f llvm* llc.exe lli.exe opt.exe LTO.dll bugpoint.exe macho-dump.exe endif - # If we're on macOS, and we have a codesigning identity, then codesign the binary-dist tarball! ifeq ($(OS),Darwin) -ifneq ($(MACOS_CODESIGN_IDENTITY),) - echo "Codesigning with identity $(MACOS_CODESIGN_IDENTITY)"; \ - MACHO_FILES=$$(find "$(BUILDROOT)/julia-$(JULIA_COMMIT)" -type f -perm -0111 | cut -d: -f1); \ - for f in $${MACHO_FILES}; do \ - echo "Codesigning $${f}..."; \ - codesign -s "$(MACOS_CODESIGN_IDENTITY)" --option=runtime --entitlements $(JULIAHOME)/contrib/mac/app/Entitlements.plist -vvv --timestamp --deep --force "$${f}"; \ - done -endif + # If we're on macOS, and we have a codesigning identity, then codesign the binary-dist tarball! + $(JULIAHOME)/contrib/codesign.sh "$(MACOS_CODESIGN_IDENTITY)" "$(BUILDROOT)/julia-$(JULIA_COMMIT)" endif cd $(BUILDROOT) && $(TAR) zcvf $(JULIA_BINARYDIST_FILENAME).tar.gz julia-$(JULIA_COMMIT) diff --git a/contrib/codesign.sh b/contrib/codesign.sh new file mode 100755 index 0000000000000..77180ac29c9ff --- /dev/null +++ b/contrib/codesign.sh @@ -0,0 +1,38 @@ +#!/bin/sh +# This file is a part of Julia. License is MIT: https://julialang.org/license + +# Codesign binary files for macOS. + +usage() { + echo "Usage: ${0} MACOS_CODESIGN_IDENTITY FILE-OR-DIRECTORY" + exit 0 +} + +# Default codesign identity to `-` if not provided +if [ -z "${1}" ]; then + MACOS_CODESIGN_IDENTITY="-" + ENTITLEMENTS="" +else + MACOS_CODESIGN_IDENTITY="${1}" + ENTITLEMENTS="--entitlements $(dirname "${0}")/mac/app/Entitlements.plist" +fi + +if [ "${#}" -eq 2 ]; then + if [ -f "${2}" ]; then + # Codesign only the given file + MACHO_FILES="${2}" + elif [ -d "${2}" ]; then + # Find all files in the given directory + MACHO_FILES=$(find "${2}" -type f -perm -0111 | cut -d: -f1) + else + usage + fi +else + usage +fi + +echo "Codesigning with identity ${MACOS_CODESIGN_IDENTITY}" +for f in ${MACHO_FILES}; do + echo "Codesigning ${f}..." + codesign -s "${MACOS_CODESIGN_IDENTITY}" --option=runtime "${ENTITLEMENTS}" -vvv --timestamp --deep --force "${f}" +done