Sign bundle instead of individual mach-o files

clowd · Jun 20, 2022 · 6abdeb1 · 6abdeb1
1 parent 072e47f
commit 6abdeb1
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 8 deletions.
diff --git a/src/Squirrel.CommandLine/OSX/Commands.cs b/src/Squirrel.CommandLine/OSX/Commands.cs
@@ -126,11 +126,8 @@ private static void Pack(PackOptions options)
 
             // code signing all mach-o binaries
             if (SquirrelRuntimeInfo.IsOSX && !String.IsNullOrEmpty(options.signAppIdentity) && !String.IsNullOrEmpty(options.notaryProfile)) {
-                var machoFiles = Directory.EnumerateFiles(appBundlePath, "*", SearchOption.AllDirectories)
-                    .Where(f => PlatformUtil.IsMachOImage(f))
-                    .ToArray();
-
-                HelperExe.CodeSign(options.signAppIdentity, options.signEntitlements, machoFiles);
+                HelperExe.CodeSign(options.signAppIdentity, options.signEntitlements, new []{ appBundlePath });
+                HelperExe.AssessCodeSign(appBundlePath);
 
                 // notarize and staple the .app before creating a Squirrel release
                 HelperExe.CreateDittoZip(appBundlePath, zipPath);

diff --git a/src/Squirrel.CommandLine/OSX/HelperExe.cs b/src/Squirrel.CommandLine/OSX/HelperExe.cs
@@ -37,12 +37,12 @@ public static void CodeSign(string identity, string entitlements, string[] files
                 "--options", "runtime",
                 "--entitlements", entitlements
             };
-
+            
             args.AddRange(files);
 
-            Log.Info($"Preparing to codesign {files.Length} Mach-O files...");
+            Log.Info($"Preparing to codesign package...");
 
-            InvokeAndThrowIfNonZero("codesign", args, null);
+            Console.WriteLine(InvokeAndThrowIfNonZero("codesign", args, null));
 
             Log.Info("codesign completed successfully");
         }
@@ -135,6 +135,7 @@ public static void CreateDittoZip(string folder, string outputZip)
             var args = new List<string> {
                 "-c",
                 "-k",
+                "--rsrc",
                 "--keepParent",
                 "--sequesterRsrc",
                 folder,
@@ -144,5 +145,17 @@ public static void CreateDittoZip(string folder, string outputZip)
             Log.Info($"Creating ditto bundle '{outputZip}'");
             InvokeAndThrowIfNonZero("ditto", args, null);
         }
+
+        [SupportedOSPlatform("osx")]
+        public static void AssessCodeSign(string filePath)
+        {
+            var args = new List<string> {
+                "--assess",
+                "-vvvv",
+                filePath
+            };
+
+            Console.WriteLine(InvokeAndThrowIfNonZero("spctl", args, null));
+        }
     }
 }