diff options
| author | RĂ©mi Verschelde <rverschelde@gmail.com> | 2019-10-03 09:44:11 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-10-03 09:44:11 +0200 |
| commit | cd408c7f066be1277fe6684e5bdba42058f4e14d (patch) | |
| tree | e37727c89da66fe6a1955ab48c617b4b0b510fb3 | |
| parent | c9781df31604b8dbf463d8ef9f56bcbadfbc8eb6 (diff) | |
| parent | 5dca2e4f38106fa855c44ee636dbc283f30a85a6 (diff) | |
Merge pull request #32499 from bruvzg/macos_codesign_improvements
macOS export/code signing improvements.
| -rw-r--r-- | platform/osx/export/export.cpp | 35 |
1 files changed, 19 insertions, 16 deletions
diff --git a/platform/osx/export/export.cpp b/platform/osx/export/export.cpp index 94090bcdc1..c8ecbd5a2d 100644 --- a/platform/osx/export/export.cpp +++ b/platform/osx/export/export.cpp @@ -133,7 +133,9 @@ void EditorExportPlatformOSX::get_export_options(List<ExportOption> *r_options) #ifdef OSX_ENABLED r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "codesign/identity"), "")); - r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "codesign/entitlements"), "")); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/timestamp"), true)); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/hardened_runtime"), true)); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "codesign/entitlements", PROPERTY_HINT_GLOBAL_FILE, "*.plist"), "")); #endif r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "texture_format/s3tc"), true)); @@ -360,9 +362,17 @@ void EditorExportPlatformOSX::_fix_plist(const Ref<EditorExportPreset> &p_preset Error EditorExportPlatformOSX::_code_sign(const Ref<EditorExportPreset> &p_preset, const String &p_path) { List<String> args; + if (p_preset->get("codesign/timestamp")) { + args.push_back("--timestamp"); + } + if (p_preset->get("codesign/hardened_runtime")) { + args.push_back("--options"); + args.push_back("runtime"); + } + if (p_preset->get("codesign/entitlements") != "") { /* this should point to our entitlements.plist file that sandboxes our application, I don't know if this should also be placed in our app bundle */ - args.push_back("-entitlements"); + args.push_back("--entitlements"); args.push_back(p_preset->get("codesign/entitlements")); } args.push_back("-s"); @@ -379,6 +389,10 @@ Error EditorExportPlatformOSX::_code_sign(const Ref<EditorExportPreset> &p_prese EditorNode::add_io_error("codesign: no identity found"); return FAILED; } + if ((str.find("unrecognized blob type") != -1) || (str.find("cannot read entitlement data") != -1)) { + EditorNode::add_io_error("codesign: invalid entitlements file"); + return FAILED; + } return OK; } @@ -386,7 +400,9 @@ Error EditorExportPlatformOSX::_code_sign(const Ref<EditorExportPreset> &p_prese Error EditorExportPlatformOSX::_create_dmg(const String &p_dmg_path, const String &p_pkg_name, const String &p_app_path_name) { List<String> args; - OS::get_singleton()->move_to_trash(p_dmg_path); + if (FileAccess::exists(p_dmg_path)) { + OS::get_singleton()->move_to_trash(p_dmg_path); + } args.push_back("create"); args.push_back(p_dmg_path); @@ -673,19 +689,6 @@ Error EditorExportPlatformOSX::export_project(const Ref<EditorExportPreset> &p_p ///@TODO we should check the contents of /Contents/Frameworks for frameworks to sign } - if (err == OK && identity != "") { - // we should probably loop through all resources and sign them? - err = _code_sign(p_preset, tmp_app_path_name + "/Contents/Resources/icon.icns"); - } - - if (err == OK && identity != "") { - err = _code_sign(p_preset, pack_path); - } - - if (err == OK && identity != "") { - err = _code_sign(p_preset, tmp_app_path_name + "/Contents/Info.plist"); - } - // and finally create a DMG if (err == OK) { if (ep.step("Making DMG", 3)) { |