summaryrefslogtreecommitdiff
path: root/platform/macos/export
diff options
context:
space:
mode:
Diffstat (limited to 'platform/macos/export')
-rw-r--r--platform/macos/export/codesign.cpp1564
-rw-r--r--platform/macos/export/codesign.h368
-rw-r--r--platform/macos/export/export.cpp43
-rw-r--r--platform/macos/export/export.h36
-rw-r--r--platform/macos/export/export_plugin.cpp1684
-rw-r--r--platform/macos/export/export_plugin.h137
-rw-r--r--platform/macos/export/lipo.cpp236
-rw-r--r--platform/macos/export/lipo.h76
-rw-r--r--platform/macos/export/macho.cpp548
-rw-r--r--platform/macos/export/macho.h215
-rw-r--r--platform/macos/export/plist.cpp570
-rw-r--r--platform/macos/export/plist.h116
12 files changed, 5593 insertions, 0 deletions
diff --git a/platform/macos/export/codesign.cpp b/platform/macos/export/codesign.cpp
new file mode 100644
index 0000000000..fd044c00cc
--- /dev/null
+++ b/platform/macos/export/codesign.cpp
@@ -0,0 +1,1564 @@
+/*************************************************************************/
+/* codesign.cpp */
+/*************************************************************************/
+/* This file is part of: */
+/* GODOT ENGINE */
+/* https://godotengine.org */
+/*************************************************************************/
+/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */
+/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */
+/* */
+/* Permission is hereby granted, free of charge, to any person obtaining */
+/* a copy of this software and associated documentation files (the */
+/* "Software"), to deal in the Software without restriction, including */
+/* without limitation the rights to use, copy, modify, merge, publish, */
+/* distribute, sublicense, and/or sell copies of the Software, and to */
+/* permit persons to whom the Software is furnished to do so, subject to */
+/* the following conditions: */
+/* */
+/* The above copyright notice and this permission notice shall be */
+/* included in all copies or substantial portions of the Software. */
+/* */
+/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
+/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
+/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
+/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
+/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
+/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
+/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
+/*************************************************************************/
+
+#include "codesign.h"
+
+#include "lipo.h"
+#include "macho.h"
+#include "plist.h"
+
+#include "core/os/os.h"
+#include "editor/editor_paths.h"
+#include "editor/editor_settings.h"
+
+#include "modules/modules_enabled.gen.h" // For regex.
+
+#include <ctime>
+
+#ifdef MODULE_REGEX_ENABLED
+
+/*************************************************************************/
+/* CodeSignCodeResources */
+/*************************************************************************/
+
+String CodeSignCodeResources::hash_sha1_base64(const String &p_path) {
+ Ref<FileAccess> fa = FileAccess::open(p_path, FileAccess::READ);
+ ERR_FAIL_COND_V_MSG(fa.is_null(), String(), vformat("CodeSign/CodeResources: Can't open file: \"%s\".", p_path));
+
+ CryptoCore::SHA1Context ctx;
+ ctx.start();
+
+ unsigned char step[4096];
+ while (true) {
+ uint64_t br = fa->get_buffer(step, 4096);
+ if (br > 0) {
+ ctx.update(step, br);
+ }
+ if (br < 4096) {
+ break;
+ }
+ }
+
+ unsigned char hash[0x14];
+ ctx.finish(hash);
+
+ return CryptoCore::b64_encode_str(hash, 0x14);
+}
+
+String CodeSignCodeResources::hash_sha256_base64(const String &p_path) {
+ Ref<FileAccess> fa = FileAccess::open(p_path, FileAccess::READ);
+ ERR_FAIL_COND_V_MSG(fa.is_null(), String(), vformat("CodeSign/CodeResources: Can't open file: \"%s\".", p_path));
+
+ CryptoCore::SHA256Context ctx;
+ ctx.start();
+
+ unsigned char step[4096];
+ while (true) {
+ uint64_t br = fa->get_buffer(step, 4096);
+ if (br > 0) {
+ ctx.update(step, br);
+ }
+ if (br < 4096) {
+ break;
+ }
+ }
+
+ unsigned char hash[0x20];
+ ctx.finish(hash);
+
+ return CryptoCore::b64_encode_str(hash, 0x20);
+}
+
+void CodeSignCodeResources::add_rule1(const String &p_rule, const String &p_key, int p_weight, bool p_store) {
+ rules1.push_back(CRRule(p_rule, p_key, p_weight, p_store));
+}
+
+void CodeSignCodeResources::add_rule2(const String &p_rule, const String &p_key, int p_weight, bool p_store) {
+ rules2.push_back(CRRule(p_rule, p_key, p_weight, p_store));
+}
+
+CodeSignCodeResources::CRMatch CodeSignCodeResources::match_rules1(const String &p_path) const {
+ CRMatch found = CRMatch::CR_MATCH_NO;
+ int weight = 0;
+ for (int i = 0; i < rules1.size(); i++) {
+ RegEx regex = RegEx(rules1[i].file_pattern);
+ if (regex.search(p_path).is_valid()) {
+ if (rules1[i].key == "omit") {
+ return CRMatch::CR_MATCH_NO;
+ } else if (rules1[i].key == "nested") {
+ if (weight <= rules1[i].weight) {
+ found = CRMatch::CR_MATCH_NESTED;
+ weight = rules1[i].weight;
+ }
+ } else if (rules1[i].key == "optional") {
+ if (weight <= rules1[i].weight) {
+ found = CRMatch::CR_MATCH_OPTIONAL;
+ weight = rules1[i].weight;
+ }
+ } else {
+ if (weight <= rules1[i].weight) {
+ found = CRMatch::CR_MATCH_YES;
+ weight = rules1[i].weight;
+ }
+ }
+ }
+ }
+ return found;
+}
+
+CodeSignCodeResources::CRMatch CodeSignCodeResources::match_rules2(const String &p_path) const {
+ CRMatch found = CRMatch::CR_MATCH_NO;
+ int weight = 0;
+ for (int i = 0; i < rules2.size(); i++) {
+ RegEx regex = RegEx(rules2[i].file_pattern);
+ if (regex.search(p_path).is_valid()) {
+ if (rules2[i].key == "omit") {
+ return CRMatch::CR_MATCH_NO;
+ } else if (rules2[i].key == "nested") {
+ if (weight <= rules2[i].weight) {
+ found = CRMatch::CR_MATCH_NESTED;
+ weight = rules2[i].weight;
+ }
+ } else if (rules2[i].key == "optional") {
+ if (weight <= rules2[i].weight) {
+ found = CRMatch::CR_MATCH_OPTIONAL;
+ weight = rules2[i].weight;
+ }
+ } else {
+ if (weight <= rules2[i].weight) {
+ found = CRMatch::CR_MATCH_YES;
+ weight = rules2[i].weight;
+ }
+ }
+ }
+ }
+ return found;
+}
+
+bool CodeSignCodeResources::add_file1(const String &p_root, const String &p_path) {
+ CRMatch found = match_rules1(p_path);
+ if (found != CRMatch::CR_MATCH_YES && found != CRMatch::CR_MATCH_OPTIONAL) {
+ return true; // No match.
+ }
+
+ CRFile f;
+ f.name = p_path;
+ f.optional = (found == CRMatch::CR_MATCH_OPTIONAL);
+ f.nested = false;
+ f.hash = hash_sha1_base64(p_root.plus_file(p_path));
+ print_verbose(vformat("CodeSign/CodeResources: File(V1) %s hash1:%s", f.name, f.hash));
+
+ files1.push_back(f);
+ return true;
+}
+
+bool CodeSignCodeResources::add_file2(const String &p_root, const String &p_path) {
+ CRMatch found = match_rules2(p_path);
+ if (found == CRMatch::CR_MATCH_NESTED) {
+ return add_nested_file(p_root, p_path, p_root.plus_file(p_path));
+ }
+ if (found != CRMatch::CR_MATCH_YES && found != CRMatch::CR_MATCH_OPTIONAL) {
+ return true; // No match.
+ }
+
+ CRFile f;
+ f.name = p_path;
+ f.optional = (found == CRMatch::CR_MATCH_OPTIONAL);
+ f.nested = false;
+ f.hash = hash_sha1_base64(p_root.plus_file(p_path));
+ f.hash2 = hash_sha256_base64(p_root.plus_file(p_path));
+
+ print_verbose(vformat("CodeSign/CodeResources: File(V2) %s hash1:%s hash2:%s", f.name, f.hash, f.hash2));
+
+ files2.push_back(f);
+ return true;
+}
+
+bool CodeSignCodeResources::add_nested_file(const String &p_root, const String &p_path, const String &p_exepath) {
+#define CLEANUP() \
+ if (files_to_add.size() > 1) { \
+ for (int j = 0; j < files_to_add.size(); j++) { \
+ da->remove(files_to_add[j]); \
+ } \
+ }
+
+ Ref<DirAccess> da = DirAccess::create(DirAccess::ACCESS_FILESYSTEM);
+ ERR_FAIL_COND_V(da.is_null(), false);
+
+ Vector<String> files_to_add;
+ if (LipO::is_lipo(p_exepath)) {
+ String tmp_path_name = EditorPaths::get_singleton()->get_cache_dir().plus_file("_lipo");
+ Error err = da->make_dir_recursive(tmp_path_name);
+ ERR_FAIL_COND_V_MSG(err != OK, false, vformat("CodeSign/CodeResources: Failed to create \"%s\" subfolder.", tmp_path_name));
+ LipO lip;
+ if (lip.open_file(p_exepath)) {
+ for (int i = 0; i < lip.get_arch_count(); i++) {
+ if (!lip.extract_arch(i, tmp_path_name.plus_file("_rqexe_" + itos(i)))) {
+ CLEANUP();
+ ERR_FAIL_V_MSG(false, "CodeSign/CodeResources: Failed to extract thin binary.");
+ }
+ files_to_add.push_back(tmp_path_name.plus_file("_rqexe_" + itos(i)));
+ }
+ }
+ } else if (MachO::is_macho(p_exepath)) {
+ files_to_add.push_back(p_exepath);
+ }
+
+ CRFile f;
+ f.name = p_path;
+ f.optional = false;
+ f.nested = true;
+ for (int i = 0; i < files_to_add.size(); i++) {
+ MachO mh;
+ if (!mh.open_file(files_to_add[i])) {
+ CLEANUP();
+ ERR_FAIL_V_MSG(false, "CodeSign/CodeResources: Invalid executable file.");
+ }
+ PackedByteArray hash = mh.get_cdhash_sha256(); // Use SHA-256 variant, if available.
+ if (hash.size() != 0x20) {
+ hash = mh.get_cdhash_sha1(); // Use SHA-1 instead.
+ if (hash.size() != 0x14) {
+ CLEANUP();
+ ERR_FAIL_V_MSG(false, "CodeSign/CodeResources: Unsigned nested executable file.");
+ }
+ }
+ hash.resize(0x14); // Always clamp to 0x14 size.
+ f.hash = CryptoCore::b64_encode_str(hash.ptr(), hash.size());
+
+ PackedByteArray rq_blob = mh.get_requirements();
+ String req_string;
+ if (rq_blob.size() > 8) {
+ CodeSignRequirements rq = CodeSignRequirements(rq_blob);
+ Vector<String> rqs = rq.parse_requirements();
+ for (int j = 0; j < rqs.size(); j++) {
+ if (rqs[j].begins_with("designated => ")) {
+ req_string = rqs[j].replace("designated => ", "");
+ }
+ }
+ }
+ if (req_string.is_empty()) {
+ req_string = "cdhash H\"" + String::hex_encode_buffer(hash.ptr(), hash.size()) + "\"";
+ }
+ print_verbose(vformat("CodeSign/CodeResources: Nested object %s (cputype: %d) cdhash:%s designated rq:%s", f.name, mh.get_cputype(), f.hash, req_string));
+ if (f.requirements != req_string) {
+ if (i != 0) {
+ f.requirements += " or ";
+ }
+ f.requirements += req_string;
+ }
+ }
+ files2.push_back(f);
+
+ CLEANUP();
+ return true;
+
+#undef CLEANUP
+}
+
+bool CodeSignCodeResources::add_folder_recursive(const String &p_root, const String &p_path, const String &p_main_exe_path) {
+ Ref<DirAccess> da = DirAccess::create(DirAccess::ACCESS_FILESYSTEM);
+ ERR_FAIL_COND_V(da.is_null(), false);
+ Error err = da->change_dir(p_root.plus_file(p_path));
+ ERR_FAIL_COND_V(err != OK, false);
+
+ bool ret = true;
+ da->list_dir_begin();
+ String n = da->get_next();
+ while (n != String()) {
+ if (n != "." && n != "..") {
+ String path = p_root.plus_file(p_path).plus_file(n);
+ if (path == p_main_exe_path) {
+ n = da->get_next();
+ continue; // Skip main executable.
+ }
+ if (da->current_is_dir()) {
+ CRMatch found = match_rules2(p_path.plus_file(n));
+ String fmw_ver = "Current"; // Framework version (default).
+ String info_path;
+ String main_exe;
+ bool bundle = false;
+ if (da->file_exists(path.plus_file("Contents/Info.plist"))) {
+ info_path = path.plus_file("Contents/Info.plist");
+ main_exe = path.plus_file("Contents/MacOS");
+ bundle = true;
+ } else if (da->file_exists(path.plus_file(vformat("Versions/%s/Resources/Info.plist", fmw_ver)))) {
+ info_path = path.plus_file(vformat("Versions/%s/Resources/Info.plist", fmw_ver));
+ main_exe = path.plus_file(vformat("Versions/%s", fmw_ver));
+ bundle = true;
+ } else if (da->file_exists(path.plus_file("Info.plist"))) {
+ info_path = path.plus_file("Info.plist");
+ main_exe = path;
+ bundle = true;
+ }
+ if (bundle && found == CRMatch::CR_MATCH_NESTED && !info_path.is_empty()) {
+ // Read Info.plist.
+ PList info_plist;
+ if (info_plist.load_file(info_path)) {
+ if (info_plist.get_root()->data_type == PList::PLNodeType::PL_NODE_TYPE_DICT && info_plist.get_root()->data_dict.has("CFBundleExecutable")) {
+ main_exe = main_exe.plus_file(String::utf8(info_plist.get_root()->data_dict["CFBundleExecutable"]->data_string.get_data()));
+ } else {
+ ERR_FAIL_V_MSG(false, "CodeSign/CodeResources: Invalid Info.plist, no exe name.");
+ }
+ } else {
+ ERR_FAIL_V_MSG(false, "CodeSign/CodeResources: Invalid Info.plist, can't load.");
+ }
+ ret = ret && add_nested_file(p_root, p_path.plus_file(n), main_exe);
+ } else {
+ ret = ret && add_folder_recursive(p_root, p_path.plus_file(n), p_main_exe_path);
+ }
+ } else {
+ ret = ret && add_file1(p_root, p_path.plus_file(n));
+ ret = ret && add_file2(p_root, p_path.plus_file(n));
+ }
+ }
+
+ n = da->get_next();
+ }
+
+ da->list_dir_end();
+ return ret;
+}
+
+bool CodeSignCodeResources::save_to_file(const String &p_path) {
+ PList pl;
+
+ print_verbose(vformat("CodeSign/CodeResources: Writing to file: %s", p_path));
+
+ // Write version 1 hashes.
+ Ref<PListNode> files1_dict = PListNode::new_dict();
+ pl.get_root()->push_subnode(files1_dict, "files");
+ for (int i = 0; i < files1.size(); i++) {
+ if (files1[i].optional) {
+ Ref<PListNode> file_dict = PListNode::new_dict();
+ files1_dict->push_subnode(file_dict, files1[i].name);
+
+ file_dict->push_subnode(PListNode::new_data(files1[i].hash), "hash");
+ file_dict->push_subnode(PListNode::new_bool(true), "optional");
+ } else {
+ files1_dict->push_subnode(PListNode::new_data(files1[i].hash), files1[i].name);
+ }
+ }
+
+ // Write version 2 hashes.
+ Ref<PListNode> files2_dict = PListNode::new_dict();
+ pl.get_root()->push_subnode(files2_dict, "files2");
+ for (int i = 0; i < files2.size(); i++) {
+ Ref<PListNode> file_dict = PListNode::new_dict();
+ files2_dict->push_subnode(file_dict, files2[i].name);
+
+ if (files2[i].nested) {
+ file_dict->push_subnode(PListNode::new_data(files2[i].hash), "cdhash");
+ file_dict->push_subnode(PListNode::new_string(files2[i].requirements), "requirement");
+ } else {
+ file_dict->push_subnode(PListNode::new_data(files2[i].hash), "hash");
+ file_dict->push_subnode(PListNode::new_data(files2[i].hash2), "hash2");
+ if (files2[i].optional) {
+ file_dict->push_subnode(PListNode::new_bool(true), "optional");
+ }
+ }
+ }
+
+ // Write version 1 rules.
+ Ref<PListNode> rules1_dict = PListNode::new_dict();
+ pl.get_root()->push_subnode(rules1_dict, "rules");
+ for (int i = 0; i < rules1.size(); i++) {
+ if (rules1[i].store) {
+ if (rules1[i].key.is_empty() && rules1[i].weight <= 0) {
+ rules1_dict->push_subnode(PListNode::new_bool(true), rules1[i].file_pattern);
+ } else {
+ Ref<PListNode> rule_dict = PListNode::new_dict();
+ rules1_dict->push_subnode(rule_dict, rules1[i].file_pattern);
+ if (!rules1[i].key.is_empty()) {
+ rule_dict->push_subnode(PListNode::new_bool(true), rules1[i].key);
+ }
+ if (rules1[i].weight != 1) {
+ rule_dict->push_subnode(PListNode::new_real(rules1[i].weight), "weight");
+ }
+ }
+ }
+ }
+
+ // Write version 2 rules.
+ Ref<PListNode> rules2_dict = PListNode::new_dict();
+ pl.get_root()->push_subnode(rules2_dict, "rules2");
+ for (int i = 0; i < rules2.size(); i++) {
+ if (rules2[i].store) {
+ if (rules2[i].key.is_empty() && rules2[i].weight <= 0) {
+ rules2_dict->push_subnode(PListNode::new_bool(true), rules2[i].file_pattern);
+ } else {
+ Ref<PListNode> rule_dict = PListNode::new_dict();
+ rules2_dict->push_subnode(rule_dict, rules2[i].file_pattern);
+ if (!rules2[i].key.is_empty()) {
+ rule_dict->push_subnode(PListNode::new_bool(true), rules2[i].key);
+ }
+ if (rules2[i].weight != 1) {
+ rule_dict->push_subnode(PListNode::new_real(rules2[i].weight), "weight");
+ }
+ }
+ }
+ }
+ String text = pl.save_text();
+ ERR_FAIL_COND_V_MSG(text.is_empty(), false, "CodeSign/CodeResources: Generating resources PList failed.");
+
+ Ref<FileAccess> fa = FileAccess::open(p_path, FileAccess::WRITE);
+ ERR_FAIL_COND_V_MSG(fa.is_null(), false, vformat("CodeSign/CodeResources: Can't open file: \"%s\".", p_path));
+
+ CharString cs = text.utf8();
+ fa->store_buffer((const uint8_t *)cs.ptr(), cs.length());
+ return true;
+}
+
+/*************************************************************************/
+/* CodeSignRequirements */
+/*************************************************************************/
+
+CodeSignRequirements::CodeSignRequirements() {
+ blob.append_array({ 0xFA, 0xDE, 0x0C, 0x01 }); // Requirement set magic.
+ blob.append_array({ 0x00, 0x00, 0x00, 0x0C }); // Length of requirements set (12 bytes).
+ blob.append_array({ 0x00, 0x00, 0x00, 0x00 }); // Empty.
+}
+
+CodeSignRequirements::CodeSignRequirements(const PackedByteArray &p_data) {
+ blob = p_data;
+}
+
+_FORCE_INLINE_ void CodeSignRequirements::_parse_certificate_slot(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const {
+#define _R(x) BSWAP32(*(uint32_t *)(blob.ptr() + x))
+ ERR_FAIL_COND_MSG(r_pos >= p_rq_size, "CodeSign/Requirements: Out of bounds.");
+ r_out += "certificate ";
+ uint32_t tag_slot = _R(r_pos);
+ if (tag_slot == 0x00000000) {
+ r_out += "leaf";
+ } else if (tag_slot == 0xffffffff) {
+ r_out += "root";
+ } else {
+ r_out += itos((int32_t)tag_slot);
+ }
+ r_pos += 4;
+#undef _R
+}
+
+_FORCE_INLINE_ void CodeSignRequirements::_parse_key(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const {
+#define _R(x) BSWAP32(*(uint32_t *)(blob.ptr() + x))
+ ERR_FAIL_COND_MSG(r_pos >= p_rq_size, "CodeSign/Requirements: Out of bounds.");
+ uint32_t key_size = _R(r_pos);
+ ERR_FAIL_COND_MSG(r_pos + key_size > p_rq_size, "CodeSign/Requirements: Out of bounds.");
+ CharString key;
+ key.resize(key_size);
+ memcpy(key.ptrw(), blob.ptr() + r_pos + 4, key_size);
+ r_pos += 4 + key_size + PAD(key_size, 4);
+ r_out += "[" + String::utf8(key, key_size) + "]";
+#undef _R
+}
+
+_FORCE_INLINE_ void CodeSignRequirements::_parse_oid_key(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const {
+#define _R(x) BSWAP32(*(uint32_t *)(blob.ptr() + x))
+ ERR_FAIL_COND_MSG(r_pos >= p_rq_size, "CodeSign/Requirements: Out of bounds.");
+ uint32_t key_size = _R(r_pos);
+ ERR_FAIL_COND_MSG(r_pos + key_size > p_rq_size, "CodeSign/Requirements: Out of bounds.");
+ r_out += "[field.";
+ r_out += itos(blob[r_pos + 4] / 40) + ".";
+ r_out += itos(blob[r_pos + 4] % 40);
+ uint32_t spos = r_pos + 5;
+ while (spos < r_pos + 4 + key_size) {
+ r_out += ".";
+ if (blob[spos] <= 127) {
+ r_out += itos(blob[spos]);
+ spos += 1;
+ } else {
+ uint32_t x = (0x7F & blob[spos]) << 7;
+ spos += 1;
+ while (blob[spos] > 127) {
+ x = (x + (0x7F & blob[spos])) << 7;
+ spos += 1;
+ }
+ x = (x + (0x7F & blob[spos]));
+ r_out += itos(x);
+ spos += 1;
+ }
+ }
+ r_out += "]";
+ r_pos += 4 + key_size + PAD(key_size, 4);
+#undef _R
+}
+
+_FORCE_INLINE_ void CodeSignRequirements::_parse_hash_string(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const {
+#define _R(x) BSWAP32(*(uint32_t *)(blob.ptr() + x))
+ ERR_FAIL_COND_MSG(r_pos >= p_rq_size, "CodeSign/Requirements: Out of bounds.");
+ uint32_t tag_size = _R(r_pos);
+ ERR_FAIL_COND_MSG(r_pos + tag_size > p_rq_size, "CodeSign/Requirements: Out of bounds.");
+ PackedByteArray data;
+ data.resize(tag_size);
+ memcpy(data.ptrw(), blob.ptr() + r_pos + 4, tag_size);
+ r_out += "H\"" + String::hex_encode_buffer(data.ptr(), data.size()) + "\"";
+ r_pos += 4 + tag_size + PAD(tag_size, 4);
+#undef _R
+}
+
+_FORCE_INLINE_ void CodeSignRequirements::_parse_value(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const {
+#define _R(x) BSWAP32(*(uint32_t *)(blob.ptr() + x))
+ ERR_FAIL_COND_MSG(r_pos >= p_rq_size, "CodeSign/Requirements: Out of bounds.");
+ uint32_t key_size = _R(r_pos);
+ ERR_FAIL_COND_MSG(r_pos + key_size > p_rq_size, "CodeSign/Requirements: Out of bounds.");
+ CharString key;
+ key.resize(key_size);
+ memcpy(key.ptrw(), blob.ptr() + r_pos + 4, key_size);
+ r_pos += 4 + key_size + PAD(key_size, 4);
+ r_out += "\"" + String::utf8(key, key_size) + "\"";
+#undef _R
+}
+
+_FORCE_INLINE_ void CodeSignRequirements::_parse_date(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const {
+#define _R(x) BSWAP32(*(uint32_t *)(blob.ptr() + x))
+ ERR_FAIL_COND_MSG(r_pos >= p_rq_size, "CodeSign/Requirements: Out of bounds.");
+ uint32_t date = _R(r_pos);
+ time_t t = 978307200 + date;
+ struct tm lt;
+#ifdef WINDOWS_ENABLED
+ gmtime_s(&lt, &t);
+#else
+ gmtime_r(&t, &lt);
+#endif
+ r_out += vformat("<%04d-%02d-%02d ", (int)(1900 + lt.tm_year), (int)(lt.tm_mon + 1), (int)(lt.tm_mday)) + vformat("%02d:%02d:%02d +0000>", (int)(lt.tm_hour), (int)(lt.tm_min), (int)(lt.tm_sec));
+#undef _R
+}
+
+_FORCE_INLINE_ bool CodeSignRequirements::_parse_match(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const {
+#define _R(x) BSWAP32(*(uint32_t *)(blob.ptr() + x))
+ ERR_FAIL_COND_V_MSG(r_pos >= p_rq_size, false, "CodeSign/Requirements: Out of bounds.");
+ uint32_t match = _R(r_pos);
+ r_pos += 4;
+ switch (match) {
+ case 0x00000000: {
+ r_out += "exists";
+ } break;
+ case 0x00000001: {
+ r_out += "= ";
+ _parse_value(r_pos, r_out, p_rq_size);
+ } break;
+ case 0x00000002: {
+ r_out += "~ ";
+ _parse_value(r_pos, r_out, p_rq_size);
+ } break;
+ case 0x00000003: {
+ r_out += "= *";
+ _parse_value(r_pos, r_out, p_rq_size);
+ } break;
+ case 0x00000004: {
+ r_out += "= ";
+ _parse_value(r_pos, r_out, p_rq_size);
+ r_out += "*";
+ } break;
+ case 0x00000005: {
+ r_out += "< ";
+ _parse_value(r_pos, r_out, p_rq_size);
+ } break;
+ case 0x00000006: {
+ r_out += "> ";
+ _parse_value(r_pos, r_out, p_rq_size);
+ } break;
+ case 0x00000007: {
+ r_out += "<= ";
+ _parse_value(r_pos, r_out, p_rq_size);
+ } break;
+ case 0x00000008: {
+ r_out += ">= ";
+ _parse_value(r_pos, r_out, p_rq_size);
+ } break;
+ case 0x00000009: {
+ r_out += "= ";
+ _parse_date(r_pos, r_out, p_rq_size);
+ } break;
+ case 0x0000000A: {
+ r_out += "< ";
+ _parse_date(r_pos, r_out, p_rq_size);
+ } break;
+ case 0x0000000B: {
+ r_out += "> ";
+ _parse_date(r_pos, r_out, p_rq_size);
+ } break;
+ case 0x0000000C: {
+ r_out += "<= ";
+ _parse_date(r_pos, r_out, p_rq_size);
+ } break;
+ case 0x0000000D: {
+ r_out += ">= ";
+ _parse_date(r_pos, r_out, p_rq_size);
+ } break;
+ case 0x0000000E: {
+ r_out += "absent";
+ } break;
+ default: {
+ return false;
+ }
+ }
+ return true;
+#undef _R
+}
+
+Vector<String> CodeSignRequirements::parse_requirements() const {
+#define _R(x) BSWAP32(*(uint32_t *)(blob.ptr() + x))
+ Vector<String> list;
+
+ // Read requirements set header.
+ ERR_FAIL_COND_V_MSG(blob.size() < 12, list, "CodeSign/Requirements: Blob is too small.");
+ uint32_t magic = _R(0);
+ ERR_FAIL_COND_V_MSG(magic != 0xfade0c01, list, "CodeSign/Requirements: Invalid set magic.");
+ uint32_t size = _R(4);
+ ERR_FAIL_COND_V_MSG(size != (uint32_t)blob.size(), list, "CodeSign/Requirements: Invalid set size.");
+ uint32_t count = _R(8);
+
+ for (uint32_t i = 0; i < count; i++) {
+ String out;
+
+ // Read requirement header.
+ uint32_t rq_type = _R(12 + i * 8);
+ uint32_t rq_offset = _R(12 + i * 8 + 4);
+ ERR_FAIL_COND_V_MSG(rq_offset + 12 >= (uint32_t)blob.size(), list, "CodeSign/Requirements: Invalid requirement offset.");
+ switch (rq_type) {
+ case 0x00000001: {
+ out += "host => ";
+ } break;
+ case 0x00000002: {
+ out += "guest => ";
+ } break;
+ case 0x00000003: {
+ out += "designated => ";
+ } break;
+ case 0x00000004: {
+ out += "library => ";
+ } break;
+ case 0x00000005: {
+ out += "plugin => ";
+ } break;
+ default: {
+ ERR_FAIL_V_MSG(list, "CodeSign/Requirements: Invalid requirement type.");
+ }
+ }
+ uint32_t rq_magic = _R(rq_offset);
+ uint32_t rq_size = _R(rq_offset + 4);
+ uint32_t rq_ver = _R(rq_offset + 8);
+ uint32_t pos = rq_offset + 12;
+ ERR_FAIL_COND_V_MSG(rq_magic != 0xfade0c00, list, "CodeSign/Requirements: Invalid requirement magic.");
+ ERR_FAIL_COND_V_MSG(rq_ver != 0x00000001, list, "CodeSign/Requirements: Invalid requirement version.");
+
+ // Read requirement tokens.
+ List<String> tokens;
+ while (pos < rq_offset + rq_size) {
+ uint32_t rq_tag = _R(pos);
+ pos += 4;
+ String token;
+ switch (rq_tag) {
+ case 0x00000000: {
+ token = "false";
+ } break;
+ case 0x00000001: {
+ token = "true";
+ } break;
+ case 0x00000002: {
+ token = "identifier ";
+ _parse_value(pos, token, rq_offset + rq_size);
+ } break;
+ case 0x00000003: {
+ token = "anchor apple";
+ } break;
+ case 0x00000004: {
+ _parse_certificate_slot(pos, token, rq_offset + rq_size);
+ token += " ";
+ _parse_hash_string(pos, token, rq_offset + rq_size);
+ } break;
+ case 0x00000005: {
+ token = "info";
+ _parse_key(pos, token, rq_offset + rq_size);
+ token += " = ";
+ _parse_value(pos, token, rq_offset + rq_size);
+ } break;
+ case 0x00000006: {
+ token = "and";
+ } break;
+ case 0x00000007: {
+ token = "or";
+ } break;
+ case 0x00000008: {
+ token = "cdhash ";
+ _parse_hash_string(pos, token, rq_offset + rq_size);
+ } break;
+ case 0x00000009: {
+ token = "!";
+ } break;
+ case 0x0000000A: {
+ token = "info";
+ _parse_key(pos, token, rq_offset + rq_size);
+ token += " ";
+ ERR_FAIL_COND_V_MSG(!_parse_match(pos, token, rq_offset + rq_size), list, "CodeSign/Requirements: Unsupported match suffix.");
+ } break;
+ case 0x0000000B: {
+ _parse_certificate_slot(pos, token, rq_offset + rq_size);
+ _parse_key(pos, token, rq_offset + rq_size);
+ token += " ";
+ ERR_FAIL_COND_V_MSG(!_parse_match(pos, token, rq_offset + rq_size), list, "CodeSign/Requirements: Unsupported match suffix.");
+ } break;
+ case 0x0000000C: {
+ _parse_certificate_slot(pos, token, rq_offset + rq_size);
+ token += " trusted";
+ } break;
+ case 0x0000000D: {
+ token = "anchor trusted";
+ } break;
+ case 0x0000000E: {
+ _parse_certificate_slot(pos, token, rq_offset + rq_size);
+ _parse_oid_key(pos, token, rq_offset + rq_size);
+ token += " ";
+ ERR_FAIL_COND_V_MSG(!_parse_match(pos, token, rq_offset + rq_size), list, "CodeSign/Requirements: Unsupported match suffix.");
+ } break;
+ case 0x0000000F: {
+ token = "anchor apple generic";
+ } break;
+ default: {
+ ERR_FAIL_V_MSG(list, "CodeSign/Requirements: Invalid requirement token.");
+ } break;
+ }
+ tokens.push_back(token);
+ }
+
+ // Polish to infix notation (w/o bracket optimization).
+ for (List<String>::Element *E = tokens.back(); E; E = E->prev()) {
+ if (E->get() == "and") {
+ ERR_FAIL_COND_V_MSG(!E->next() || !E->next()->next(), list, "CodeSign/Requirements: Invalid token sequence.");
+ String token = "(" + E->next()->get() + " and " + E->next()->next()->get() + ")";
+ tokens.erase(E->next()->next());
+ tokens.erase(E->next());
+ E->get() = token;
+ } else if (E->get() == "or") {
+ ERR_FAIL_COND_V_MSG(!E->next() || !E->next()->next(), list, "CodeSign/Requirements: Invalid token sequence.");
+ String token = "(" + E->next()->get() + " or " + E->next()->next()->get() + ")";
+ tokens.erase(E->next()->next());
+ tokens.erase(E->next());
+ E->get() = token;
+ }
+ }
+
+ if (tokens.size() == 1) {
+ list.push_back(out + tokens.front()->get());
+ } else {
+ ERR_FAIL_V_MSG(list, "CodeSign/Requirements: Invalid token sequence.");
+ }
+ }
+
+ return list;
+#undef _R
+}
+
+PackedByteArray CodeSignRequirements::get_hash_sha1() const {
+ PackedByteArray hash;
+ hash.resize(0x14);
+
+ CryptoCore::SHA1Context ctx;
+ ctx.start();
+ ctx.update(blob.ptr(), blob.size());
+ ctx.finish(hash.ptrw());
+
+ return hash;
+}
+
+PackedByteArray CodeSignRequirements::get_hash_sha256() const {
+ PackedByteArray hash;
+ hash.resize(0x20);
+
+ CryptoCore::SHA256Context ctx;
+ ctx.start();
+ ctx.update(blob.ptr(), blob.size());
+ ctx.finish(hash.ptrw());
+
+ return hash;
+}
+
+int CodeSignRequirements::get_size() const {
+ return blob.size();
+}
+
+void CodeSignRequirements::write_to_file(Ref<FileAccess> p_file) const {
+ ERR_FAIL_COND_MSG(p_file.is_null(), "CodeSign/Requirements: Invalid file handle.");
+ p_file->store_buffer(blob.ptr(), blob.size());
+}
+
+/*************************************************************************/
+/* CodeSignEntitlementsText */
+/*************************************************************************/
+
+CodeSignEntitlementsText::CodeSignEntitlementsText() {
+ blob.append_array({ 0xFA, 0xDE, 0x71, 0x71 }); // Text Entitlements set magic.
+ blob.append_array({ 0x00, 0x00, 0x00, 0x08 }); // Length (8 bytes).
+}
+
+CodeSignEntitlementsText::CodeSignEntitlementsText(const String &p_string) {
+ CharString utf8 = p_string.utf8();
+ blob.append_array({ 0xFA, 0xDE, 0x71, 0x71 }); // Text Entitlements set magic.
+ for (int i = 3; i >= 0; i--) {
+ uint8_t x = ((utf8.length() + 8) >> i * 8) & 0xFF; // Size.
+ blob.push_back(x);
+ }
+ for (int i = 0; i < utf8.length(); i++) { // Write data.
+ blob.push_back(utf8[i]);
+ }
+}
+
+PackedByteArray CodeSignEntitlementsText::get_hash_sha1() const {
+ PackedByteArray hash;
+ hash.resize(0x14);
+
+ CryptoCore::SHA1Context ctx;
+ ctx.start();
+ ctx.update(blob.ptr(), blob.size());
+ ctx.finish(hash.ptrw());
+
+ return hash;
+}
+
+PackedByteArray CodeSignEntitlementsText::get_hash_sha256() const {
+ PackedByteArray hash;
+ hash.resize(0x20);
+
+ CryptoCore::SHA256Context ctx;
+ ctx.start();
+ ctx.update(blob.ptr(), blob.size());
+ ctx.finish(hash.ptrw());
+
+ return hash;
+}
+
+int CodeSignEntitlementsText::get_size() const {
+ return blob.size();
+}
+
+void CodeSignEntitlementsText::write_to_file(Ref<FileAccess> p_file) const {
+ ERR_FAIL_COND_MSG(p_file.is_null(), "CodeSign/EntitlementsText: Invalid file handle.");
+ p_file->store_buffer(blob.ptr(), blob.size());
+}
+
+/*************************************************************************/
+/* CodeSignEntitlementsBinary */
+/*************************************************************************/
+
+CodeSignEntitlementsBinary::CodeSignEntitlementsBinary() {
+ blob.append_array({ 0xFA, 0xDE, 0x71, 0x72 }); // Binary Entitlements magic.
+ blob.append_array({ 0x00, 0x00, 0x00, 0x08 }); // Length (8 bytes).
+}
+
+CodeSignEntitlementsBinary::CodeSignEntitlementsBinary(const String &p_string) {
+ PList pl = PList(p_string);
+
+ PackedByteArray asn1 = pl.save_asn1();
+ blob.append_array({ 0xFA, 0xDE, 0x71, 0x72 }); // Binary Entitlements magic.
+ uint32_t size = asn1.size() + 8;
+ for (int i = 3; i >= 0; i--) {
+ uint8_t x = (size >> i * 8) & 0xFF; // Size.
+ blob.push_back(x);
+ }
+ blob.append_array(asn1); // Write data.
+}
+
+PackedByteArray CodeSignEntitlementsBinary::get_hash_sha1() const {
+ PackedByteArray hash;
+ hash.resize(0x14);
+
+ CryptoCore::SHA1Context ctx;
+ ctx.start();
+ ctx.update(blob.ptr(), blob.size());
+ ctx.finish(hash.ptrw());
+
+ return hash;
+}
+
+PackedByteArray CodeSignEntitlementsBinary::get_hash_sha256() const {
+ PackedByteArray hash;
+ hash.resize(0x20);
+
+ CryptoCore::SHA256Context ctx;
+ ctx.start();
+ ctx.update(blob.ptr(), blob.size());
+ ctx.finish(hash.ptrw());
+
+ return hash;
+}
+
+int CodeSignEntitlementsBinary::get_size() const {
+ return blob.size();
+}
+
+void CodeSignEntitlementsBinary::write_to_file(Ref<FileAccess> p_file) const {
+ ERR_FAIL_COND_MSG(p_file.is_null(), "CodeSign/EntitlementsBinary: Invalid file handle.");
+ p_file->store_buffer(blob.ptr(), blob.size());
+}
+
+/*************************************************************************/
+/* CodeSignCodeDirectory */
+/*************************************************************************/
+
+CodeSignCodeDirectory::CodeSignCodeDirectory() {
+ blob.append_array({ 0xFA, 0xDE, 0x0C, 0x02 }); // Code Directory magic.
+ blob.append_array({ 0x00, 0x00, 0x00, 0x00 }); // Size (8 bytes).
+}
+
+CodeSignCodeDirectory::CodeSignCodeDirectory(uint8_t p_hash_size, uint8_t p_hash_type, bool p_main, const CharString &p_id, const CharString &p_team_id, uint32_t p_page_size, uint64_t p_exe_limit, uint64_t p_code_limit) {
+ pages = p_code_limit / (uint64_t(1) << p_page_size);
+ remain = p_code_limit % (uint64_t(1) << p_page_size);
+ code_slots = pages + (remain > 0 ? 1 : 0);
+ special_slots = 7;
+
+ int cd_size = 8 + sizeof(CodeDirectoryHeader) + (code_slots + special_slots) * p_hash_size + p_id.size() + p_team_id.size();
+ int cd_off = 8 + sizeof(CodeDirectoryHeader);
+ blob.append_array({ 0xFA, 0xDE, 0x0C, 0x02 }); // Code Directory magic.
+ for (int i = 3; i >= 0; i--) {
+ uint8_t x = (cd_size >> i * 8) & 0xFF; // Size.
+ blob.push_back(x);
+ }
+ blob.resize(cd_size);
+ memset(blob.ptrw() + 8, 0x00, cd_size - 8);
+ CodeDirectoryHeader *cd = reinterpret_cast<CodeDirectoryHeader *>(blob.ptrw() + 8);
+
+ bool is_64_cl = (p_code_limit >= std::numeric_limits<uint32_t>::max());
+
+ // Version and options.
+ cd->version = BSWAP32(0x20500);
+ cd->flags = BSWAP32(SIGNATURE_ADHOC | SIGNATURE_RUNTIME);
+ cd->special_slots = BSWAP32(special_slots);
+ cd->code_slots = BSWAP32(code_slots);
+ if (is_64_cl) {
+ cd->code_limit_64 = BSWAP64(p_code_limit);
+ } else {
+ cd->code_limit = BSWAP32(p_code_limit);
+ }
+ cd->hash_size = p_hash_size;
+ cd->hash_type = p_hash_type;
+ cd->page_size = p_page_size;
+ cd->exec_seg_base = 0x00;
+ cd->exec_seg_limit = BSWAP64(p_exe_limit);
+ cd->exec_seg_flags = 0;
+ if (p_main) {
+ cd->exec_seg_flags |= EXECSEG_MAIN_BINARY;
+ }
+ cd->exec_seg_flags = BSWAP64(cd->exec_seg_flags);
+ uint32_t version = (11 << 16) + (3 << 8) + 0; // Version 11.3.0
+ cd->runtime = BSWAP32(version);
+
+ // Copy ID.
+ cd->ident_offset = BSWAP32(cd_off);
+ memcpy(blob.ptrw() + cd_off, p_id.get_data(), p_id.size());
+ cd_off += p_id.size();
+
+ // Copy Team ID.
+ if (p_team_id.length() > 0) {
+ cd->team_offset = BSWAP32(cd_off);
+ memcpy(blob.ptrw() + cd_off, p_team_id.get_data(), p_team_id.size());
+ cd_off += p_team_id.size();
+ } else {
+ cd->team_offset = 0;
+ }
+
+ // Scatter vector.
+ cd->scatter_vector_offset = 0; // Not used.
+
+ // Executable hashes offset.
+ cd->hash_offset = BSWAP32(cd_off + special_slots * cd->hash_size);
+}
+
+bool CodeSignCodeDirectory::set_hash_in_slot(const PackedByteArray &p_hash, int p_slot) {
+ ERR_FAIL_COND_V_MSG((p_slot < -special_slots) || (p_slot >= code_slots), false, vformat("CodeSign/CodeDirectory: Invalid hash slot index: %d.", p_slot));
+ CodeDirectoryHeader *cd = reinterpret_cast<CodeDirectoryHeader *>(blob.ptrw() + 8);
+ for (int i = 0; i < cd->hash_size; i++) {
+ blob.write[BSWAP32(cd->hash_offset) + p_slot * cd->hash_size + i] = p_hash[i];
+ }
+ return true;
+}
+
+int32_t CodeSignCodeDirectory::get_page_count() {
+ return pages;
+}
+
+int32_t CodeSignCodeDirectory::get_page_remainder() {
+ return remain;
+}
+
+PackedByteArray CodeSignCodeDirectory::get_hash_sha1() const {
+ PackedByteArray hash;
+ hash.resize(0x14);
+
+ CryptoCore::SHA1Context ctx;
+ ctx.start();
+ ctx.update(blob.ptr(), blob.size());
+ ctx.finish(hash.ptrw());
+
+ return hash;
+}
+
+PackedByteArray CodeSignCodeDirectory::get_hash_sha256() const {
+ PackedByteArray hash;
+ hash.resize(0x20);
+
+ CryptoCore::SHA256Context ctx;
+ ctx.start();
+ ctx.update(blob.ptr(), blob.size());
+ ctx.finish(hash.ptrw());
+
+ return hash;
+}
+
+int CodeSignCodeDirectory::get_size() const {
+ return blob.size();
+}
+
+void CodeSignCodeDirectory::write_to_file(Ref<FileAccess> p_file) const {
+ ERR_FAIL_COND_MSG(p_file.is_null(), "CodeSign/CodeDirectory: Invalid file handle.");
+ p_file->store_buffer(blob.ptr(), blob.size());
+}
+
+/*************************************************************************/
+/* CodeSignSignature */
+/*************************************************************************/
+
+CodeSignSignature::CodeSignSignature() {
+ blob.append_array({ 0xFA, 0xDE, 0x0B, 0x01 }); // Signature magic.
+ uint32_t sign_size = 8; // Ad-hoc signature is empty.
+ for (int i = 3; i >= 0; i--) {
+ uint8_t x = (sign_size >> i * 8) & 0xFF; // Size.
+ blob.push_back(x);
+ }
+}
+
+PackedByteArray CodeSignSignature::get_hash_sha1() const {
+ PackedByteArray hash;
+ hash.resize(0x14);
+
+ CryptoCore::SHA1Context ctx;
+ ctx.start();
+ ctx.update(blob.ptr(), blob.size());
+ ctx.finish(hash.ptrw());
+
+ return hash;
+}
+
+PackedByteArray CodeSignSignature::get_hash_sha256() const {
+ PackedByteArray hash;
+ hash.resize(0x20);
+
+ CryptoCore::SHA256Context ctx;
+ ctx.start();
+ ctx.update(blob.ptr(), blob.size());
+ ctx.finish(hash.ptrw());
+
+ return hash;
+}
+
+int CodeSignSignature::get_size() const {
+ return blob.size();
+}
+
+void CodeSignSignature::write_to_file(Ref<FileAccess> p_file) const {
+ ERR_FAIL_COND_MSG(p_file.is_null(), "CodeSign/Signature: Invalid file handle.");
+ p_file->store_buffer(blob.ptr(), blob.size());
+}
+
+/*************************************************************************/
+/* CodeSignSuperBlob */
+/*************************************************************************/
+
+bool CodeSignSuperBlob::add_blob(const Ref<CodeSignBlob> &p_blob) {
+ if (p_blob.is_valid()) {
+ blobs.push_back(p_blob);
+ return true;
+ } else {
+ return false;
+ }
+}
+
+int CodeSignSuperBlob::get_size() const {
+ int size = 12 + blobs.size() * 8;
+ for (int i = 0; i < blobs.size(); i++) {
+ if (blobs[i].is_null()) {
+ return 0;
+ }
+ size += blobs[i]->get_size();
+ }
+ return size;
+}
+
+void CodeSignSuperBlob::write_to_file(Ref<FileAccess> p_file) const {
+ ERR_FAIL_COND_MSG(p_file.is_null(), "CodeSign/SuperBlob: Invalid file handle.");
+ uint32_t size = get_size();
+ uint32_t data_offset = 12 + blobs.size() * 8;
+
+ // Write header.
+ p_file->store_32(BSWAP32(0xfade0cc0));
+ p_file->store_32(BSWAP32(size));
+ p_file->store_32(BSWAP32(blobs.size()));
+
+ // Write index.
+ for (int i = 0; i < blobs.size(); i++) {
+ if (blobs[i].is_null()) {
+ return;
+ }
+ p_file->store_32(BSWAP32(blobs[i]->get_index_type()));
+ p_file->store_32(BSWAP32(data_offset));
+ data_offset += blobs[i]->get_size();
+ }
+
+ // Write blobs.
+ for (int i = 0; i < blobs.size(); i++) {
+ blobs[i]->write_to_file(p_file);
+ }
+}
+
+/*************************************************************************/
+/* CodeSign */
+/*************************************************************************/
+
+PackedByteArray CodeSign::file_hash_sha1(const String &p_path) {
+ PackedByteArray file_hash;
+ Ref<FileAccess> f = FileAccess::open(p_path, FileAccess::READ);
+ ERR_FAIL_COND_V_MSG(f.is_null(), PackedByteArray(), vformat("CodeSign: Can't open file: \"%s\".", p_path));
+
+ CryptoCore::SHA1Context ctx;
+ ctx.start();
+
+ unsigned char step[4096];
+ while (true) {
+ uint64_t br = f->get_buffer(step, 4096);
+ if (br > 0) {
+ ctx.update(step, br);
+ }
+ if (br < 4096) {
+ break;
+ }
+ }
+
+ file_hash.resize(0x14);
+ ctx.finish(file_hash.ptrw());
+ return file_hash;
+}
+
+PackedByteArray CodeSign::file_hash_sha256(const String &p_path) {
+ PackedByteArray file_hash;
+ Ref<FileAccess> f = FileAccess::open(p_path, FileAccess::READ);
+ ERR_FAIL_COND_V_MSG(f.is_null(), PackedByteArray(), vformat("CodeSign: Can't open file: \"%s\".", p_path));
+
+ CryptoCore::SHA256Context ctx;
+ ctx.start();
+
+ unsigned char step[4096];
+ while (true) {
+ uint64_t br = f->get_buffer(step, 4096);
+ if (br > 0) {
+ ctx.update(step, br);
+ }
+ if (br < 4096) {
+ break;
+ }
+ }
+
+ file_hash.resize(0x20);
+ ctx.finish(file_hash.ptrw());
+ return file_hash;
+}
+
+Error CodeSign::_codesign_file(bool p_use_hardened_runtime, bool p_force, const String &p_info, const String &p_exe_path, const String &p_bundle_path, const String &p_ent_path, bool p_ios_bundle, String &r_error_msg) {
+#define CLEANUP() \
+ if (files_to_sign.size() > 1) { \
+ for (int j = 0; j < files_to_sign.size(); j++) { \
+ da->remove(files_to_sign[j]); \
+ } \
+ }
+
+ print_verbose(vformat("CodeSign: Signing executable: %s, bundle: %s with entitlements %s", p_exe_path, p_bundle_path, p_ent_path));
+
+ PackedByteArray info_hash1, info_hash2;
+ PackedByteArray res_hash1, res_hash2;
+ String id;
+ String main_exe = p_exe_path;
+
+ Ref<DirAccess> da = DirAccess::create(DirAccess::ACCESS_FILESYSTEM);
+ if (da.is_null()) {
+ r_error_msg = TTR("Can't get filesystem access.");
+ ERR_FAIL_V_MSG(ERR_CANT_CREATE, "CodeSign: Can't get filesystem access.");
+ }
+
+ // Read Info.plist.
+ if (!p_info.is_empty()) {
+ print_verbose(vformat("CodeSign: Reading bundle info..."));
+ PList info_plist;
+ if (info_plist.load_file(p_info)) {
+ info_hash1 = file_hash_sha1(p_info);
+ info_hash2 = file_hash_sha256(p_info);
+ if (info_hash1.is_empty() || info_hash2.is_empty()) {
+ r_error_msg = TTR("Failed to get Info.plist hash.");
+ ERR_FAIL_V_MSG(FAILED, "CodeSign: Failed to get Info.plist hash.");
+ }
+
+ if (info_plist.get_root()->data_type == PList::PLNodeType::PL_NODE_TYPE_DICT && info_plist.get_root()->data_dict.has("CFBundleExecutable")) {
+ main_exe = p_exe_path.plus_file(String::utf8(info_plist.get_root()->data_dict["CFBundleExecutable"]->data_string.get_data()));
+ } else {
+ r_error_msg = TTR("Invalid Info.plist, no exe name.");
+ ERR_FAIL_V_MSG(FAILED, "CodeSign: Invalid Info.plist, no exe name.");
+ }
+
+ if (info_plist.get_root()->data_type == PList::PLNodeType::PL_NODE_TYPE_DICT && info_plist.get_root()->data_dict.has("CFBundleIdentifier")) {
+ id = info_plist.get_root()->data_dict["CFBundleIdentifier"]->data_string.get_data();
+ } else {
+ r_error_msg = TTR("Invalid Info.plist, no bundle id.");
+ ERR_FAIL_V_MSG(FAILED, "CodeSign: Invalid Info.plist, no bundle id.");
+ }
+ } else {
+ r_error_msg = TTR("Invalid Info.plist, can't load.");
+ ERR_FAIL_V_MSG(FAILED, "CodeSign: Invalid Info.plist, can't load.");
+ }
+ }
+
+ // Extract fat binary.
+ Vector<String> files_to_sign;
+ if (LipO::is_lipo(main_exe)) {
+ print_verbose(vformat("CodeSign: Executable is fat, extracting..."));
+ String tmp_path_name = EditorPaths::get_singleton()->get_cache_dir().plus_file("_lipo");
+ Error err = da->make_dir_recursive(tmp_path_name);
+ if (err != OK) {
+ r_error_msg = vformat(TTR("Failed to create \"%s\" subfolder."), tmp_path_name);
+ ERR_FAIL_V_MSG(FAILED, vformat("CodeSign: Failed to create \"%s\" subfolder.", tmp_path_name));
+ }
+ LipO lip;
+ if (lip.open_file(main_exe)) {
+ for (int i = 0; i < lip.get_arch_count(); i++) {
+ if (!lip.extract_arch(i, tmp_path_name.plus_file("_exe_" + itos(i)))) {
+ CLEANUP();
+ r_error_msg = TTR("Failed to extract thin binary.");
+ ERR_FAIL_V_MSG(FAILED, "CodeSign: Failed to extract thin binary.");
+ }
+ files_to_sign.push_back(tmp_path_name.plus_file("_exe_" + itos(i)));
+ }
+ }
+ } else if (MachO::is_macho(main_exe)) {
+ print_verbose(vformat("CodeSign: Executable is thin..."));
+ files_to_sign.push_back(main_exe);
+ } else {
+ r_error_msg = TTR("Invalid binary format.");
+ ERR_FAIL_V_MSG(FAILED, "CodeSign: Invalid binary format.");
+ }
+
+ // Check if it's already signed.
+ if (!p_force) {
+ for (int i = 0; i < files_to_sign.size(); i++) {
+ MachO mh;
+ mh.open_file(files_to_sign[i]);
+ if (mh.is_signed()) {
+ CLEANUP();
+ r_error_msg = TTR("Already signed!");
+ ERR_FAIL_V_MSG(FAILED, "CodeSign: Already signed!");
+ }
+ }
+ }
+
+ // Generate core resources.
+ if (!p_bundle_path.is_empty()) {
+ print_verbose(vformat("CodeSign: Generating bundle CodeResources..."));
+ CodeSignCodeResources cr;
+
+ if (p_ios_bundle) {
+ cr.add_rule1("^.*");
+ cr.add_rule1("^.*\\.lproj/", "optional", 100);
+ cr.add_rule1("^.*\\.lproj/locversion.plist$", "omit", 1100);
+ cr.add_rule1("^Base\\.lproj/", "", 1010);
+ cr.add_rule1("^version.plist$");
+
+ cr.add_rule2(".*\\.dSYM($|/)", "", 11);
+ cr.add_rule2("^(.*/)?\\.DS_Store$", "omit", 2000);
+ cr.add_rule2("^.*");
+ cr.add_rule2("^.*\\.lproj/", "optional", 1000);
+ cr.add_rule2("^.*\\.lproj/locversion.plist$", "omit", 1100);
+ cr.add_rule2("^Base\\.lproj/", "", 1010);
+ cr.add_rule2("^Info\\.plist$", "omit", 20);
+ cr.add_rule2("^PkgInfo$", "omit", 20);
+ cr.add_rule2("^embedded\\.provisionprofile$", "", 10);
+ cr.add_rule2("^version\\.plist$", "", 20);
+
+ cr.add_rule2("^_MASReceipt", "omit", 2000, false);
+ cr.add_rule2("^_CodeSignature", "omit", 2000, false);
+ cr.add_rule2("^CodeResources", "omit", 2000, false);
+ } else {
+ cr.add_rule1("^Resources/");
+ cr.add_rule1("^Resources/.*\\.lproj/", "optional", 1000);
+ cr.add_rule1("^Resources/.*\\.lproj/locversion.plist$", "omit", 1100);
+ cr.add_rule1("^Resources/Base\\.lproj/", "", 1010);
+ cr.add_rule1("^version.plist$");
+
+ cr.add_rule2(".*\\.dSYM($|/)", "", 11);
+ cr.add_rule2("^(.*/)?\\.DS_Store$", "omit", 2000);
+ cr.add_rule2("^(Frameworks|SharedFrameworks|PlugIns|Plug-ins|XPCServices|Helpers|MacOS|Library/(Automator|Spotlight|LoginItems))/", "nested", 10);
+ cr.add_rule2("^.*");
+ cr.add_rule2("^Info\\.plist$", "omit", 20);
+ cr.add_rule2("^PkgInfo$", "omit", 20);
+ cr.add_rule2("^Resources/", "", 20);
+ cr.add_rule2("^Resources/.*\\.lproj/", "optional", 1000);
+ cr.add_rule2("^Resources/.*\\.lproj/locversion.plist$", "omit", 1100);
+ cr.add_rule2("^Resources/Base\\.lproj/", "", 1010);
+ cr.add_rule2("^[^/]+$", "nested", 10);
+ cr.add_rule2("^embedded\\.provisionprofile$", "", 10);
+ cr.add_rule2("^version\\.plist$", "", 20);
+ cr.add_rule2("^_MASReceipt", "omit", 2000, false);
+ cr.add_rule2("^_CodeSignature", "omit", 2000, false);
+ cr.add_rule2("^CodeResources", "omit", 2000, false);
+ }
+
+ if (!cr.add_folder_recursive(p_bundle_path, "", main_exe)) {
+ CLEANUP();
+ r_error_msg = TTR("Failed to process nested resources.");
+ ERR_FAIL_V_MSG(FAILED, "CodeSign: Failed to process nested resources.");
+ }
+ Error err = da->make_dir_recursive(p_bundle_path.plus_file("_CodeSignature"));
+ if (err != OK) {
+ CLEANUP();
+ r_error_msg = TTR("Failed to create _CodeSignature subfolder.");
+ ERR_FAIL_V_MSG(FAILED, "CodeSign: Failed to create _CodeSignature subfolder.");
+ }
+ cr.save_to_file(p_bundle_path.plus_file("_CodeSignature").plus_file("CodeResources"));
+ res_hash1 = file_hash_sha1(p_bundle_path.plus_file("_CodeSignature").plus_file("CodeResources"));
+ res_hash2 = file_hash_sha256(p_bundle_path.plus_file("_CodeSignature").plus_file("CodeResources"));
+ if (res_hash1.is_empty() || res_hash2.is_empty()) {
+ CLEANUP();
+ r_error_msg = TTR("Failed to get CodeResources hash.");
+ ERR_FAIL_V_MSG(FAILED, "CodeSign: Failed to get CodeResources hash.");
+ }
+ }
+
+ // Generate common signature structures.
+ if (id.is_empty()) {
+ CryptoCore::RandomGenerator rng;
+ ERR_FAIL_COND_V_MSG(rng.init(), FAILED, "Failed to initialize random number generator.");
+ uint8_t uuid[16];
+ Error err = rng.get_random_bytes(uuid, 16);
+ ERR_FAIL_COND_V_MSG(err, err, "Failed to generate UUID.");
+ id = (String("a-55554944") /*a-UUID*/ + String::hex_encode_buffer(uuid, 16));
+ }
+ CharString uuid_str = id.utf8();
+ print_verbose(vformat("CodeSign: Used bundle ID: %s", id));
+
+ print_verbose(vformat("CodeSign: Processing entitlements..."));
+
+ Ref<CodeSignEntitlementsText> cet;
+ Ref<CodeSignEntitlementsBinary> ceb;
+ if (!p_ent_path.is_empty()) {
+ String entitlements = FileAccess::get_file_as_string(p_ent_path);
+ if (entitlements.is_empty()) {
+ CLEANUP();
+ r_error_msg = TTR("Invalid entitlements file.");
+ ERR_FAIL_V_MSG(FAILED, "CodeSign: Invalid entitlements file.");
+ }
+ cet = Ref<CodeSignEntitlementsText>(memnew(CodeSignEntitlementsText(entitlements)));
+ ceb = Ref<CodeSignEntitlementsBinary>(memnew(CodeSignEntitlementsBinary(entitlements)));
+ }
+
+ print_verbose(vformat("CodeSign: Generating requirements..."));
+ Ref<CodeSignRequirements> rq;
+ String team_id = "";
+ rq = Ref<CodeSignRequirements>(memnew(CodeSignRequirements()));
+
+ // Sign executables.
+ for (int i = 0; i < files_to_sign.size(); i++) {
+ MachO mh;
+ if (!mh.open_file(files_to_sign[i])) {
+ CLEANUP();
+ r_error_msg = TTR("Invalid executable file.");
+ ERR_FAIL_V_MSG(FAILED, "CodeSign: Invalid executable file.");
+ }
+ print_verbose(vformat("CodeSign: Signing executable for cputype: %d ...", mh.get_cputype()));
+
+ print_verbose(vformat("CodeSign: Generating CodeDirectory..."));
+ Ref<CodeSignCodeDirectory> cd1 = memnew(CodeSignCodeDirectory(0x14, 0x01, true, uuid_str, team_id.utf8(), 12, mh.get_exe_limit(), mh.get_code_limit()));
+ Ref<CodeSignCodeDirectory> cd2 = memnew(CodeSignCodeDirectory(0x20, 0x02, true, uuid_str, team_id.utf8(), 12, mh.get_exe_limit(), mh.get_code_limit()));
+ print_verbose(vformat("CodeSign: Calculating special slot hashes..."));
+ if (info_hash2.size() == 0x20) {
+ cd2->set_hash_in_slot(info_hash2, CodeSignCodeDirectory::SLOT_INFO_PLIST);
+ }
+ if (info_hash1.size() == 0x14) {
+ cd1->set_hash_in_slot(info_hash1, CodeSignCodeDirectory::SLOT_INFO_PLIST);
+ }
+ cd1->set_hash_in_slot(rq->get_hash_sha1(), CodeSignCodeDirectory::Slot::SLOT_REQUIREMENTS);
+ cd2->set_hash_in_slot(rq->get_hash_sha256(), CodeSignCodeDirectory::Slot::SLOT_REQUIREMENTS);
+ if (res_hash2.size() == 0x20) {
+ cd2->set_hash_in_slot(res_hash2, CodeSignCodeDirectory::SLOT_RESOURCES);
+ }
+ if (res_hash1.size() == 0x14) {
+ cd1->set_hash_in_slot(res_hash1, CodeSignCodeDirectory::SLOT_RESOURCES);
+ }
+ if (cet.is_valid()) {
+ cd1->set_hash_in_slot(cet->get_hash_sha1(), CodeSignCodeDirectory::Slot::SLOT_ENTITLEMENTS); //Text variant.
+ cd2->set_hash_in_slot(cet->get_hash_sha256(), CodeSignCodeDirectory::Slot::SLOT_ENTITLEMENTS);
+ }
+ if (ceb.is_valid()) {
+ cd1->set_hash_in_slot(ceb->get_hash_sha1(), CodeSignCodeDirectory::Slot::SLOT_DER_ENTITLEMENTS); //ASN.1 variant.
+ cd2->set_hash_in_slot(ceb->get_hash_sha256(), CodeSignCodeDirectory::Slot::SLOT_DER_ENTITLEMENTS);
+ }
+
+ // Calculate signature size.
+ int sign_size = 12; // SuperBlob header.
+ sign_size += cd1->get_size() + 8;
+ sign_size += cd2->get_size() + 8;
+ sign_size += rq->get_size() + 8;
+ if (cet.is_valid()) {
+ sign_size += cet->get_size() + 8;
+ }
+ if (ceb.is_valid()) {
+ sign_size += ceb->get_size() + 8;
+ }
+ sign_size += 16; // Empty signature size.
+
+ // Alloc/resize signature load command.
+ print_verbose(vformat("CodeSign: Reallocating space for the signature superblob (%d)...", sign_size));
+ if (!mh.set_signature_size(sign_size)) {
+ CLEANUP();
+ r_error_msg = TTR("Can't resize signature load command.");
+ ERR_FAIL_V_MSG(FAILED, "CodeSign: Can't resize signature load command.");
+ }
+
+ print_verbose(vformat("CodeSign: Calculating executable code hashes..."));
+ // Calculate executable code hashes.
+ PackedByteArray buffer;
+ PackedByteArray hash1, hash2;
+ hash1.resize(0x14);
+ hash2.resize(0x20);
+ buffer.resize(1 << 12);
+ mh.get_file()->seek(0);
+ for (int32_t j = 0; j < cd2->get_page_count(); j++) {
+ mh.get_file()->get_buffer(buffer.ptrw(), (1 << 12));
+ CryptoCore::SHA256Context ctx2;
+ ctx2.start();
+ ctx2.update(buffer.ptr(), (1 << 12));
+ ctx2.finish(hash2.ptrw());
+ cd2->set_hash_in_slot(hash2, j);
+
+ CryptoCore::SHA1Context ctx1;
+ ctx1.start();
+ ctx1.update(buffer.ptr(), (1 << 12));
+ ctx1.finish(hash1.ptrw());
+ cd1->set_hash_in_slot(hash1, j);
+ }
+ if (cd2->get_page_remainder() > 0) {
+ mh.get_file()->get_buffer(buffer.ptrw(), cd2->get_page_remainder());
+ CryptoCore::SHA256Context ctx2;
+ ctx2.start();
+ ctx2.update(buffer.ptr(), cd2->get_page_remainder());
+ ctx2.finish(hash2.ptrw());
+ cd2->set_hash_in_slot(hash2, cd2->get_page_count());
+
+ CryptoCore::SHA1Context ctx1;
+ ctx1.start();
+ ctx1.update(buffer.ptr(), cd1->get_page_remainder());
+ ctx1.finish(hash1.ptrw());
+ cd1->set_hash_in_slot(hash1, cd1->get_page_count());
+ }
+
+ print_verbose(vformat("CodeSign: Generating signature..."));
+ Ref<CodeSignSignature> cs;
+ cs = Ref<CodeSignSignature>(memnew(CodeSignSignature()));
+
+ print_verbose(vformat("CodeSign: Writing signature superblob..."));
+ // Write signature data to the executable.
+ CodeSignSuperBlob sb = CodeSignSuperBlob();
+ sb.add_blob(cd2);
+ sb.add_blob(cd1);
+ sb.add_blob(rq);
+ if (cet.is_valid()) {
+ sb.add_blob(cet);
+ }
+ if (ceb.is_valid()) {
+ sb.add_blob(ceb);
+ }
+ sb.add_blob(cs);
+ mh.get_file()->seek(mh.get_signature_offset());
+ sb.write_to_file(mh.get_file());
+ }
+ if (files_to_sign.size() > 1) {
+ print_verbose(vformat("CodeSign: Rebuilding fat executable..."));
+ LipO lip;
+ if (!lip.create_file(main_exe, files_to_sign)) {
+ CLEANUP();
+ r_error_msg = TTR("Failed to create fat binary.");
+ ERR_FAIL_V_MSG(FAILED, "CodeSign: Failed to create fat binary.");
+ }
+ CLEANUP();
+ }
+ FileAccess::set_unix_permissions(main_exe, 0755); // Restore unix permissions.
+ return OK;
+#undef CLEANUP
+}
+
+Error CodeSign::codesign(bool p_use_hardened_runtime, bool p_force, const String &p_path, const String &p_ent_path, String &r_error_msg) {
+ Ref<DirAccess> da = DirAccess::create(DirAccess::ACCESS_FILESYSTEM);
+ if (da.is_null()) {
+ r_error_msg = TTR("Can't get filesystem access.");
+ ERR_FAIL_V_MSG(ERR_CANT_CREATE, "CodeSign: Can't get filesystem access.");
+ }
+
+ if (da->dir_exists(p_path)) {
+ String fmw_ver = "Current"; // Framework version (default).
+ String info_path;
+ String main_exe;
+ String bundle_path;
+ bool bundle = false;
+ bool ios_bundle = false;
+ if (da->file_exists(p_path.plus_file("Contents/Info.plist"))) {
+ info_path = p_path.plus_file("Contents/Info.plist");
+ main_exe = p_path.plus_file("Contents/MacOS");
+ bundle_path = p_path.plus_file("Contents");
+ bundle = true;
+ } else if (da->file_exists(p_path.plus_file(vformat("Versions/%s/Resources/Info.plist", fmw_ver)))) {
+ info_path = p_path.plus_file(vformat("Versions/%s/Resources/Info.plist", fmw_ver));
+ main_exe = p_path.plus_file(vformat("Versions/%s", fmw_ver));
+ bundle_path = p_path.plus_file(vformat("Versions/%s", fmw_ver));
+ bundle = true;
+ } else if (da->file_exists(p_path.plus_file("Info.plist"))) {
+ info_path = p_path.plus_file("Info.plist");
+ main_exe = p_path;
+ bundle_path = p_path;
+ bundle = true;
+ ios_bundle = true;
+ }
+ if (bundle) {
+ return _codesign_file(p_use_hardened_runtime, p_force, info_path, main_exe, bundle_path, p_ent_path, ios_bundle, r_error_msg);
+ } else {
+ r_error_msg = TTR("Unknown bundle type.");
+ ERR_FAIL_V_MSG(FAILED, "CodeSign: Unknown bundle type.");
+ }
+ } else if (da->file_exists(p_path)) {
+ return _codesign_file(p_use_hardened_runtime, p_force, "", p_path, "", p_ent_path, false, r_error_msg);
+ } else {
+ r_error_msg = TTR("Unknown object type.");
+ ERR_FAIL_V_MSG(FAILED, "CodeSign: Unknown object type.");
+ }
+}
+
+#endif // MODULE_REGEX_ENABLED
diff --git a/platform/macos/export/codesign.h b/platform/macos/export/codesign.h
new file mode 100644
index 0000000000..3a08c0ea86
--- /dev/null
+++ b/platform/macos/export/codesign.h
@@ -0,0 +1,368 @@
+/*************************************************************************/
+/* codesign.h */
+/*************************************************************************/
+/* This file is part of: */
+/* GODOT ENGINE */
+/* https://godotengine.org */
+/*************************************************************************/
+/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */
+/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */
+/* */
+/* Permission is hereby granted, free of charge, to any person obtaining */
+/* a copy of this software and associated documentation files (the */
+/* "Software"), to deal in the Software without restriction, including */
+/* without limitation the rights to use, copy, modify, merge, publish, */
+/* distribute, sublicense, and/or sell copies of the Software, and to */
+/* permit persons to whom the Software is furnished to do so, subject to */
+/* the following conditions: */
+/* */
+/* The above copyright notice and this permission notice shall be */
+/* included in all copies or substantial portions of the Software. */
+/* */
+/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
+/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
+/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
+/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
+/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
+/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
+/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
+/*************************************************************************/
+
+// macOS code signature creation utility.
+//
+// Current implementation has the following limitation:
+// - Only version 11.3.0 signatures are supported.
+// - Only "framework" and "app" bundle types are supported.
+// - Page hash array scattering is not supported.
+// - Reading and writing binary property lists i snot supported (third-party frameworks with binary Info.plist will not work unless .plist is converted to text format).
+// - Requirements code generator is not implemented (only hard-coded requirements for the ad-hoc signing is supported).
+// - RFC5652/CMS blob generation is not implemented, supports ad-hoc signing only.
+
+#ifndef CODESIGN_H
+#define CODESIGN_H
+
+#include "core/crypto/crypto_core.h"
+#include "core/io/dir_access.h"
+#include "core/io/file_access.h"
+#include "core/object/ref_counted.h"
+
+#include "modules/modules_enabled.gen.h" // For regex.
+#ifdef MODULE_REGEX_ENABLED
+#include "modules/regex/regex.h"
+#endif
+
+#include "plist.h"
+
+#ifdef MODULE_REGEX_ENABLED
+
+/*************************************************************************/
+/* CodeSignCodeResources */
+/*************************************************************************/
+
+class CodeSignCodeResources {
+public:
+ enum class CRMatch {
+ CR_MATCH_NO,
+ CR_MATCH_YES,
+ CR_MATCH_NESTED,
+ CR_MATCH_OPTIONAL,
+ };
+
+private:
+ struct CRFile {
+ String name;
+ String hash;
+ String hash2;
+ bool optional;
+ bool nested;
+ String requirements;
+ };
+
+ struct CRRule {
+ String file_pattern;
+ String key;
+ int weight;
+ bool store;
+ CRRule() {
+ weight = 1;
+ store = true;
+ }
+ CRRule(const String &p_file_pattern, const String &p_key, int p_weight, bool p_store) {
+ file_pattern = p_file_pattern;
+ key = p_key;
+ weight = p_weight;
+ store = p_store;
+ }
+ };
+
+ Vector<CRRule> rules1;
+ Vector<CRRule> rules2;
+
+ Vector<CRFile> files1;
+ Vector<CRFile> files2;
+
+ String hash_sha1_base64(const String &p_path);
+ String hash_sha256_base64(const String &p_path);
+
+public:
+ void add_rule1(const String &p_rule, const String &p_key = "", int p_weight = 0, bool p_store = true);
+ void add_rule2(const String &p_rule, const String &p_key = "", int p_weight = 0, bool p_store = true);
+
+ CRMatch match_rules1(const String &p_path) const;
+ CRMatch match_rules2(const String &p_path) const;
+
+ bool add_file1(const String &p_root, const String &p_path);
+ bool add_file2(const String &p_root, const String &p_path);
+ bool add_nested_file(const String &p_root, const String &p_path, const String &p_exepath);
+
+ bool add_folder_recursive(const String &p_root, const String &p_path = "", const String &p_main_exe_path = "");
+
+ bool save_to_file(const String &p_path);
+};
+
+/*************************************************************************/
+/* CodeSignBlob */
+/*************************************************************************/
+
+class CodeSignBlob : public RefCounted {
+public:
+ virtual PackedByteArray get_hash_sha1() const = 0;
+ virtual PackedByteArray get_hash_sha256() const = 0;
+
+ virtual int get_size() const = 0;
+ virtual uint32_t get_index_type() const = 0;
+
+ virtual void write_to_file(Ref<FileAccess> p_file) const = 0;
+};
+
+/*************************************************************************/
+/* CodeSignRequirements */
+/*************************************************************************/
+
+// Note: Proper code generator is not implemented (any we probably won't ever need it), just a hardcoded bytecode for the limited set of cases.
+
+class CodeSignRequirements : public CodeSignBlob {
+ PackedByteArray blob;
+
+ static inline size_t PAD(size_t s, size_t a) {
+ return (s % a == 0) ? 0 : (a - s % a);
+ }
+
+ _FORCE_INLINE_ void _parse_certificate_slot(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const;
+ _FORCE_INLINE_ void _parse_key(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const;
+ _FORCE_INLINE_ void _parse_oid_key(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const;
+ _FORCE_INLINE_ void _parse_hash_string(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const;
+ _FORCE_INLINE_ void _parse_value(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const;
+ _FORCE_INLINE_ void _parse_date(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const;
+ _FORCE_INLINE_ bool _parse_match(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const;
+
+public:
+ CodeSignRequirements();
+ CodeSignRequirements(const PackedByteArray &p_data);
+
+ Vector<String> parse_requirements() const;
+
+ virtual PackedByteArray get_hash_sha1() const override;
+ virtual PackedByteArray get_hash_sha256() const override;
+
+ virtual int get_size() const override;
+
+ virtual uint32_t get_index_type() const override { return 0x00000002; };
+ virtual void write_to_file(Ref<FileAccess> p_file) const override;
+};
+
+/*************************************************************************/
+/* CodeSignEntitlementsText */
+/*************************************************************************/
+
+// PList formatted entitlements.
+
+class CodeSignEntitlementsText : public CodeSignBlob {
+ PackedByteArray blob;
+
+public:
+ CodeSignEntitlementsText();
+ CodeSignEntitlementsText(const String &p_string);
+
+ virtual PackedByteArray get_hash_sha1() const override;
+ virtual PackedByteArray get_hash_sha256() const override;
+
+ virtual int get_size() const override;
+
+ virtual uint32_t get_index_type() const override { return 0x00000005; };
+ virtual void write_to_file(Ref<FileAccess> p_file) const override;
+};
+
+/*************************************************************************/
+/* CodeSignEntitlementsBinary */
+/*************************************************************************/
+
+// ASN.1 serialized entitlements.
+
+class CodeSignEntitlementsBinary : public CodeSignBlob {
+ PackedByteArray blob;
+
+public:
+ CodeSignEntitlementsBinary();
+ CodeSignEntitlementsBinary(const String &p_string);
+
+ virtual PackedByteArray get_hash_sha1() const override;
+ virtual PackedByteArray get_hash_sha256() const override;
+
+ virtual int get_size() const override;
+
+ virtual uint32_t get_index_type() const override { return 0x00000007; };
+ virtual void write_to_file(Ref<FileAccess> p_file) const override;
+};
+
+/*************************************************************************/
+/* CodeSignCodeDirectory */
+/*************************************************************************/
+
+// Code Directory, runtime options, code segment and special structure hashes.
+
+class CodeSignCodeDirectory : public CodeSignBlob {
+public:
+ enum Slot {
+ SLOT_INFO_PLIST = -1,
+ SLOT_REQUIREMENTS = -2,
+ SLOT_RESOURCES = -3,
+ SLOT_APP_SPECIFIC = -4, // Unused.
+ SLOT_ENTITLEMENTS = -5,
+ SLOT_RESERVER1 = -6, // Unused.
+ SLOT_DER_ENTITLEMENTS = -7,
+ };
+
+ enum CodeSignExecSegFlags {
+ EXECSEG_MAIN_BINARY = 0x1,
+ EXECSEG_ALLOW_UNSIGNED = 0x10,
+ EXECSEG_DEBUGGER = 0x20,
+ EXECSEG_JIT = 0x40,
+ EXECSEG_SKIP_LV = 0x80,
+ EXECSEG_CAN_LOAD_CDHASH = 0x100,
+ EXECSEG_CAN_EXEC_CDHASH = 0x200,
+ };
+
+ enum CodeSignatureFlags {
+ SIGNATURE_HOST = 0x0001,
+ SIGNATURE_ADHOC = 0x0002,
+ SIGNATURE_TASK_ALLOW = 0x0004,
+ SIGNATURE_INSTALLER = 0x0008,
+ SIGNATURE_FORCED_LV = 0x0010,
+ SIGNATURE_INVALID_ALLOWED = 0x0020,
+ SIGNATURE_FORCE_HARD = 0x0100,
+ SIGNATURE_FORCE_KILL = 0x0200,
+ SIGNATURE_FORCE_EXPIRATION = 0x0400,
+ SIGNATURE_RESTRICT = 0x0800,
+ SIGNATURE_ENFORCEMENT = 0x1000,
+ SIGNATURE_LIBRARY_VALIDATION = 0x2000,
+ SIGNATURE_ENTITLEMENTS_VALIDATED = 0x4000,
+ SIGNATURE_NVRAM_UNRESTRICTED = 0x8000,
+ SIGNATURE_RUNTIME = 0x10000,
+ SIGNATURE_LINKER_SIGNED = 0x20000,
+ };
+
+private:
+ PackedByteArray blob;
+
+ struct CodeDirectoryHeader {
+ uint32_t version; // Using version 0x0020500.
+ uint32_t flags; // // Option flags.
+ uint32_t hash_offset; // Slot zero offset.
+ uint32_t ident_offset; // Identifier string offset.
+ uint32_t special_slots; // Nr. of slots with negative index.
+ uint32_t code_slots; // Nr. of slots with index >= 0, (code_limit / page_size).
+ uint32_t code_limit; // Everything before code signature load command offset.
+ uint8_t hash_size; // 20 (SHA-1) or 32 (SHA-256).
+ uint8_t hash_type; // 1 (SHA-1) or 2 (SHA-256).
+ uint8_t platform; // Not used.
+ uint8_t page_size; // Page size, power of two, 2^12 (4096).
+ uint32_t spare2; // Not used.
+ // Version 0x20100
+ uint32_t scatter_vector_offset; // Set to 0 and ignore.
+ // Version 0x20200
+ uint32_t team_offset; // Team id string offset.
+ // Version 0x20300
+ uint32_t spare3; // Not used.
+ uint64_t code_limit_64; // Set to 0 and ignore.
+ // Version 0x20400
+ uint64_t exec_seg_base; // Start of the signed code segmet.
+ uint64_t exec_seg_limit; // Code segment (__TEXT) vmsize.
+ uint64_t exec_seg_flags; // Executable segment flags.
+ // Version 0x20500
+ uint32_t runtime; // Runtime version.
+ uint32_t pre_encrypt_offset; // Set to 0 and ignore.
+ };
+
+ int32_t pages = 0;
+ int32_t remain = 0;
+ int32_t code_slots = 0;
+ int32_t special_slots = 0;
+
+public:
+ CodeSignCodeDirectory();
+ CodeSignCodeDirectory(uint8_t p_hash_size, uint8_t p_hash_type, bool p_main, const CharString &p_id, const CharString &p_team_id, uint32_t p_page_size, uint64_t p_exe_limit, uint64_t p_code_limit);
+
+ int32_t get_page_count();
+ int32_t get_page_remainder();
+
+ bool set_hash_in_slot(const PackedByteArray &p_hash, int p_slot);
+
+ virtual PackedByteArray get_hash_sha1() const override;
+ virtual PackedByteArray get_hash_sha256() const override;
+
+ virtual int get_size() const override;
+ virtual uint32_t get_index_type() const override { return 0x00000000; };
+
+ virtual void write_to_file(Ref<FileAccess> p_file) const override;
+};
+
+/*************************************************************************/
+/* CodeSignSignature */
+/*************************************************************************/
+
+class CodeSignSignature : public CodeSignBlob {
+ PackedByteArray blob;
+
+public:
+ CodeSignSignature();
+
+ virtual PackedByteArray get_hash_sha1() const override;
+ virtual PackedByteArray get_hash_sha256() const override;
+
+ virtual int get_size() const override;
+ virtual uint32_t get_index_type() const override { return 0x00010000; };
+
+ virtual void write_to_file(Ref<FileAccess> p_file) const override;
+};
+
+/*************************************************************************/
+/* CodeSignSuperBlob */
+/*************************************************************************/
+
+class CodeSignSuperBlob {
+ Vector<Ref<CodeSignBlob>> blobs;
+
+public:
+ bool add_blob(const Ref<CodeSignBlob> &p_blob);
+
+ int get_size() const;
+ void write_to_file(Ref<FileAccess> p_file) const;
+};
+
+/*************************************************************************/
+/* CodeSign */
+/*************************************************************************/
+
+class CodeSign {
+ static PackedByteArray file_hash_sha1(const String &p_path);
+ static PackedByteArray file_hash_sha256(const String &p_path);
+ static Error _codesign_file(bool p_use_hardened_runtime, bool p_force, const String &p_info, const String &p_exe_path, const String &p_bundle_path, const String &p_ent_path, bool p_ios_bundle, String &r_error_msg);
+
+public:
+ static Error codesign(bool p_use_hardened_runtime, bool p_force, const String &p_path, const String &p_ent_path, String &r_error_msg);
+};
+
+#endif // MODULE_REGEX_ENABLED
+
+#endif // CODESIGN_H
diff --git a/platform/macos/export/export.cpp b/platform/macos/export/export.cpp
new file mode 100644
index 0000000000..ff7457081f
--- /dev/null
+++ b/platform/macos/export/export.cpp
@@ -0,0 +1,43 @@
+/*************************************************************************/
+/* export.cpp */
+/*************************************************************************/
+/* This file is part of: */
+/* GODOT ENGINE */
+/* https://godotengine.org */
+/*************************************************************************/
+/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */
+/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */
+/* */
+/* Permission is hereby granted, free of charge, to any person obtaining */
+/* a copy of this software and associated documentation files (the */
+/* "Software"), to deal in the Software without restriction, including */
+/* without limitation the rights to use, copy, modify, merge, publish, */
+/* distribute, sublicense, and/or sell copies of the Software, and to */
+/* permit persons to whom the Software is furnished to do so, subject to */
+/* the following conditions: */
+/* */
+/* The above copyright notice and this permission notice shall be */
+/* included in all copies or substantial portions of the Software. */
+/* */
+/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
+/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
+/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
+/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
+/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
+/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
+/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
+/*************************************************************************/
+
+#include "export.h"
+
+#include "export_plugin.h"
+
+void register_macos_exporter() {
+ EDITOR_DEF("export/macos/force_builtin_codesign", false);
+ EditorSettings::get_singleton()->add_property_hint(PropertyInfo(Variant::BOOL, "export/macos/force_builtin_codesign", PROPERTY_HINT_NONE));
+
+ Ref<EditorExportPlatformMacOS> platform;
+ platform.instantiate();
+
+ EditorExport::get_singleton()->add_export_platform(platform);
+}
diff --git a/platform/macos/export/export.h b/platform/macos/export/export.h
new file mode 100644
index 0000000000..260c691209
--- /dev/null
+++ b/platform/macos/export/export.h
@@ -0,0 +1,36 @@
+/*************************************************************************/
+/* export.h */
+/*************************************************************************/
+/* This file is part of: */
+/* GODOT ENGINE */
+/* https://godotengine.org */
+/*************************************************************************/
+/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */
+/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */
+/* */
+/* Permission is hereby granted, free of charge, to any person obtaining */
+/* a copy of this software and associated documentation files (the */
+/* "Software"), to deal in the Software without restriction, including */
+/* without limitation the rights to use, copy, modify, merge, publish, */
+/* distribute, sublicense, and/or sell copies of the Software, and to */
+/* permit persons to whom the Software is furnished to do so, subject to */
+/* the following conditions: */
+/* */
+/* The above copyright notice and this permission notice shall be */
+/* included in all copies or substantial portions of the Software. */
+/* */
+/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
+/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
+/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
+/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
+/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
+/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
+/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
+/*************************************************************************/
+
+#ifndef MACOS_EXPORT_H
+#define MACOS_EXPORT_H
+
+void register_macos_exporter();
+
+#endif // MACOS_EXPORT_H
diff --git a/platform/macos/export/export_plugin.cpp b/platform/macos/export/export_plugin.cpp
new file mode 100644
index 0000000000..8cb69997d9
--- /dev/null
+++ b/platform/macos/export/export_plugin.cpp
@@ -0,0 +1,1684 @@
+/*************************************************************************/
+/* export_plugin.cpp */
+/*************************************************************************/
+/* This file is part of: */
+/* GODOT ENGINE */
+/* https://godotengine.org */
+/*************************************************************************/
+/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */
+/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */
+/* */
+/* Permission is hereby granted, free of charge, to any person obtaining */
+/* a copy of this software and associated documentation files (the */
+/* "Software"), to deal in the Software without restriction, including */
+/* without limitation the rights to use, copy, modify, merge, publish, */
+/* distribute, sublicense, and/or sell copies of the Software, and to */
+/* permit persons to whom the Software is furnished to do so, subject to */
+/* the following conditions: */
+/* */
+/* The above copyright notice and this permission notice shall be */
+/* included in all copies or substantial portions of the Software. */
+/* */
+/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
+/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
+/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
+/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
+/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
+/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
+/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
+/*************************************************************************/
+
+#include "export_plugin.h"
+
+#include "codesign.h"
+
+#include "editor/editor_node.h"
+#include "editor/editor_paths.h"
+
+#include "modules/modules_enabled.gen.h" // For regex.
+
+void EditorExportPlatformMacOS::get_preset_features(const Ref<EditorExportPreset> &p_preset, List<String> *r_features) {
+ if (p_preset->get("texture_format/s3tc")) {
+ r_features->push_back("s3tc");
+ }
+ if (p_preset->get("texture_format/etc")) {
+ r_features->push_back("etc");
+ }
+ if (p_preset->get("texture_format/etc2")) {
+ r_features->push_back("etc2");
+ }
+
+ r_features->push_back("64");
+}
+
+bool EditorExportPlatformMacOS::get_export_option_visibility(const String &p_option, const HashMap<StringName, Variant> &p_options) const {
+ // These options are not supported by built-in codesign, used on non macOS host.
+ if (!OS::get_singleton()->has_feature("macos")) {
+ if (p_option == "codesign/identity" || p_option == "codesign/timestamp" || p_option == "codesign/hardened_runtime" || p_option == "codesign/custom_options" || p_option.begins_with("notarization/")) {
+ return false;
+ }
+ }
+
+ // These entitlements are required to run managed code, and are always enabled in Mono builds.
+ if (Engine::get_singleton()->has_singleton("GodotSharp")) {
+ if (p_option == "codesign/entitlements/allow_jit_code_execution" || p_option == "codesign/entitlements/allow_unsigned_executable_memory" || p_option == "codesign/entitlements/allow_dyld_environment_variables") {
+ return false;
+ }
+ }
+ return true;
+}
+
+void EditorExportPlatformMacOS::get_export_options(List<ExportOption> *r_options) {
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "custom_template/debug", PROPERTY_HINT_GLOBAL_FILE, "*.zip"), ""));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "custom_template/release", PROPERTY_HINT_GLOBAL_FILE, "*.zip"), ""));
+
+ r_options->push_back(ExportOption(PropertyInfo(Variant::INT, "debug/export_console_script", PROPERTY_HINT_ENUM, "No,Debug Only,Debug and Release"), 1));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "application/icon", PROPERTY_HINT_FILE, "*.png,*.icns"), ""));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "application/bundle_identifier", PROPERTY_HINT_PLACEHOLDER_TEXT, "com.example.game"), ""));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "application/signature"), ""));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "application/app_category", PROPERTY_HINT_ENUM, "Business,Developer-tools,Education,Entertainment,Finance,Games,Action-games,Adventure-games,Arcade-games,Board-games,Card-games,Casino-games,Dice-games,Educational-games,Family-games,Kids-games,Music-games,Puzzle-games,Racing-games,Role-playing-games,Simulation-games,Sports-games,Strategy-games,Trivia-games,Word-games,Graphics-design,Healthcare-fitness,Lifestyle,Medical,Music,News,Photography,Productivity,Reference,Social-networking,Sports,Travel,Utilities,Video,Weather"), "Games"));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "application/short_version"), "1.0"));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "application/version"), "1.0"));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "application/copyright"), ""));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "application/copyright_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary()));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "display/high_res"), false));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/microphone_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use the microphone"), ""));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/microphone_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary()));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/camera_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use the camera"), ""));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/camera_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary()));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/location_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use the location information"), ""));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/location_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary()));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/address_book_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use the address book"), ""));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/address_book_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary()));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/calendar_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use the calendar"), ""));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/calendar_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary()));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/photos_library_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use the photo library"), ""));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/photos_library_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary()));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/desktop_folder_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use Desktop folder"), ""));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/desktop_folder_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary()));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/documents_folder_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use Documents folder"), ""));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/documents_folder_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary()));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/downloads_folder_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use Downloads folder"), ""));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/downloads_folder_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary()));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/network_volumes_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use network volumes"), ""));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/network_volumes_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary()));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/removable_volumes_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use removable volumes"), ""));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/removable_volumes_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary()));
+
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/enable"), true));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "codesign/identity", PROPERTY_HINT_PLACEHOLDER_TEXT, "Type: Name (ID)"), ""));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/timestamp"), true));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/replace_existing_signature"), true));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/hardened_runtime"), true));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "codesign/entitlements/custom_file", PROPERTY_HINT_GLOBAL_FILE, "*.plist"), ""));
+
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/allow_jit_code_execution"), false));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/allow_unsigned_executable_memory"), false));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/allow_dyld_environment_variables"), false));
+
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/disable_library_validation"), false));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/audio_input"), false));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/camera"), false));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/location"), false));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/address_book"), false));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/calendars"), false));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/photos_library"), false));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/apple_events"), false));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/debugging"), false));
+
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/app_sandbox/enabled"), false));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/app_sandbox/network_server"), false));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/app_sandbox/network_client"), false));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/app_sandbox/device_usb"), false));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/app_sandbox/device_bluetooth"), false));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::INT, "codesign/entitlements/app_sandbox/files_downloads", PROPERTY_HINT_ENUM, "No,Read-only,Read-write"), 0));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::INT, "codesign/entitlements/app_sandbox/files_pictures", PROPERTY_HINT_ENUM, "No,Read-only,Read-write"), 0));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::INT, "codesign/entitlements/app_sandbox/files_music", PROPERTY_HINT_ENUM, "No,Read-only,Read-write"), 0));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::INT, "codesign/entitlements/app_sandbox/files_movies", PROPERTY_HINT_ENUM, "No,Read-only,Read-write"), 0));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::ARRAY, "codesign/entitlements/app_sandbox/helper_executables", PROPERTY_HINT_ARRAY_TYPE, itos(Variant::STRING) + "/" + itos(PROPERTY_HINT_GLOBAL_FILE) + ":"), Array()));
+
+ r_options->push_back(ExportOption(PropertyInfo(Variant::PACKED_STRING_ARRAY, "codesign/custom_options"), PackedStringArray()));
+
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "notarization/enable"), false));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "notarization/apple_id_name", PROPERTY_HINT_PLACEHOLDER_TEXT, "Apple ID email"), ""));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "notarization/apple_id_password", PROPERTY_HINT_PLACEHOLDER_TEXT, "Enable two-factor authentication and provide app-specific password"), ""));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "notarization/apple_team_id", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide team ID if your Apple ID belongs to multiple teams"), ""));
+
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "texture_format/s3tc"), true));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "texture_format/etc"), false));
+ r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "texture_format/etc2"), false));
+}
+
+void _rgba8_to_packbits_encode(int p_ch, int p_size, Vector<uint8_t> &p_source, Vector<uint8_t> &p_dest) {
+ int src_len = p_size * p_size;
+
+ Vector<uint8_t> result;
+ result.resize(src_len * 1.25); //temp vector for rle encoded data, make it 25% larger for worst case scenario
+ int res_size = 0;
+
+ uint8_t buf[128];
+ int buf_size = 0;
+
+ int i = 0;
+ while (i < src_len) {
+ uint8_t cur = p_source.ptr()[i * 4 + p_ch];
+
+ if (i < src_len - 2) {
+ if ((p_source.ptr()[(i + 1) * 4 + p_ch] == cur) && (p_source.ptr()[(i + 2) * 4 + p_ch] == cur)) {
+ if (buf_size > 0) {
+ result.write[res_size++] = (uint8_t)(buf_size - 1);
+ memcpy(&result.write[res_size], &buf, buf_size);
+ res_size += buf_size;
+ buf_size = 0;
+ }
+
+ uint8_t lim = i + 130 >= src_len ? src_len - i - 1 : 130;
+ bool hit_lim = true;
+
+ for (int j = 3; j <= lim; j++) {
+ if (p_source.ptr()[(i + j) * 4 + p_ch] != cur) {
+ hit_lim = false;
+ i = i + j - 1;
+ result.write[res_size++] = (uint8_t)(j - 3 + 0x80);
+ result.write[res_size++] = cur;
+ break;
+ }
+ }
+ if (hit_lim) {
+ result.write[res_size++] = (uint8_t)(lim - 3 + 0x80);
+ result.write[res_size++] = cur;
+ i = i + lim;
+ }
+ } else {
+ buf[buf_size++] = cur;
+ if (buf_size == 128) {
+ result.write[res_size++] = (uint8_t)(buf_size - 1);
+ memcpy(&result.write[res_size], &buf, buf_size);
+ res_size += buf_size;
+ buf_size = 0;
+ }
+ }
+ } else {
+ buf[buf_size++] = cur;
+ result.write[res_size++] = (uint8_t)(buf_size - 1);
+ memcpy(&result.write[res_size], &buf, buf_size);
+ res_size += buf_size;
+ buf_size = 0;
+ }
+
+ i++;
+ }
+
+ int ofs = p_dest.size();
+ p_dest.resize(p_dest.size() + res_size);
+ memcpy(&p_dest.write[ofs], result.ptr(), res_size);
+}
+
+void EditorExportPlatformMacOS::_make_icon(const Ref<Image> &p_icon, Vector<uint8_t> &p_data) {
+ Ref<ImageTexture> it = memnew(ImageTexture);
+
+ Vector<uint8_t> data;
+
+ data.resize(8);
+ data.write[0] = 'i';
+ data.write[1] = 'c';
+ data.write[2] = 'n';
+ data.write[3] = 's';
+
+ struct MacOSIconInfo {
+ const char *name;
+ const char *mask_name;
+ bool is_png;
+ int size;
+ };
+
+ static const MacOSIconInfo icon_infos[] = {
+ { "ic10", "", true, 1024 }, //1024×1024 32-bit PNG and 512×512@2x 32-bit "retina" PNG
+ { "ic09", "", true, 512 }, //512×512 32-bit PNG
+ { "ic14", "", true, 512 }, //256×256@2x 32-bit "retina" PNG
+ { "ic08", "", true, 256 }, //256×256 32-bit PNG
+ { "ic13", "", true, 256 }, //128×128@2x 32-bit "retina" PNG
+ { "ic07", "", true, 128 }, //128×128 32-bit PNG
+ { "ic12", "", true, 64 }, //32×32@2× 32-bit "retina" PNG
+ { "ic11", "", true, 32 }, //16×16@2× 32-bit "retina" PNG
+ { "il32", "l8mk", false, 32 }, //32×32 24-bit RLE + 8-bit uncompressed mask
+ { "is32", "s8mk", false, 16 } //16×16 24-bit RLE + 8-bit uncompressed mask
+ };
+
+ for (uint64_t i = 0; i < (sizeof(icon_infos) / sizeof(icon_infos[0])); ++i) {
+ Ref<Image> copy = p_icon; // does this make sense? doesn't this just increase the reference count instead of making a copy? Do we even need a copy?
+ copy->convert(Image::FORMAT_RGBA8);
+ copy->resize(icon_infos[i].size, icon_infos[i].size);
+
+ if (icon_infos[i].is_png) {
+ // Encode PNG icon.
+ it->set_image(copy);
+ String path = EditorPaths::get_singleton()->get_cache_dir().plus_file("icon.png");
+ ResourceSaver::save(path, it);
+
+ {
+ Ref<FileAccess> f = FileAccess::open(path, FileAccess::READ);
+ if (f.is_null()) {
+ // Clean up generated file.
+ DirAccess::remove_file_or_error(path);
+ add_message(EXPORT_MESSAGE_ERROR, TTR("Icon Creation"), vformat(TTR("Could not open icon file \"%s\"."), path));
+ return;
+ }
+
+ int ofs = data.size();
+ uint64_t len = f->get_length();
+ data.resize(data.size() + len + 8);
+ f->get_buffer(&data.write[ofs + 8], len);
+ len += 8;
+ len = BSWAP32(len);
+ memcpy(&data.write[ofs], icon_infos[i].name, 4);
+ encode_uint32(len, &data.write[ofs + 4]);
+ }
+
+ // Clean up generated file.
+ DirAccess::remove_file_or_error(path);
+
+ } else {
+ Vector<uint8_t> src_data = copy->get_data();
+
+ //encode 24bit RGB RLE icon
+ {
+ int ofs = data.size();
+ data.resize(data.size() + 8);
+
+ _rgba8_to_packbits_encode(0, icon_infos[i].size, src_data, data); // encode R
+ _rgba8_to_packbits_encode(1, icon_infos[i].size, src_data, data); // encode G
+ _rgba8_to_packbits_encode(2, icon_infos[i].size, src_data, data); // encode B
+
+ int len = data.size() - ofs;
+ len = BSWAP32(len);
+ memcpy(&data.write[ofs], icon_infos[i].name, 4);
+ encode_uint32(len, &data.write[ofs + 4]);
+ }
+
+ //encode 8bit mask uncompressed icon
+ {
+ int ofs = data.size();
+ int len = copy->get_width() * copy->get_height();
+ data.resize(data.size() + len + 8);
+
+ for (int j = 0; j < len; j++) {
+ data.write[ofs + 8 + j] = src_data.ptr()[j * 4 + 3];
+ }
+ len += 8;
+ len = BSWAP32(len);
+ memcpy(&data.write[ofs], icon_infos[i].mask_name, 4);
+ encode_uint32(len, &data.write[ofs + 4]);
+ }
+ }
+ }
+
+ uint32_t total_len = data.size();
+ total_len = BSWAP32(total_len);
+ encode_uint32(total_len, &data.write[4]);
+
+ p_data = data;
+}
+
+void EditorExportPlatformMacOS::_fix_plist(const Ref<EditorExportPreset> &p_preset, Vector<uint8_t> &plist, const String &p_binary) {
+ String str;
+ String strnew;
+ str.parse_utf8((const char *)plist.ptr(), plist.size());
+ Vector<String> lines = str.split("\n");
+ for (int i = 0; i < lines.size(); i++) {
+ if (lines[i].find("$binary") != -1) {
+ strnew += lines[i].replace("$binary", p_binary) + "\n";
+ } else if (lines[i].find("$name") != -1) {
+ strnew += lines[i].replace("$name", ProjectSettings::get_singleton()->get("application/config/name")) + "\n";
+ } else if (lines[i].find("$bundle_identifier") != -1) {
+ strnew += lines[i].replace("$bundle_identifier", p_preset->get("application/bundle_identifier")) + "\n";
+ } else if (lines[i].find("$short_version") != -1) {
+ strnew += lines[i].replace("$short_version", p_preset->get("application/short_version")) + "\n";
+ } else if (lines[i].find("$version") != -1) {
+ strnew += lines[i].replace("$version", p_preset->get("application/version")) + "\n";
+ } else if (lines[i].find("$signature") != -1) {
+ strnew += lines[i].replace("$signature", p_preset->get("application/signature")) + "\n";
+ } else if (lines[i].find("$app_category") != -1) {
+ String cat = p_preset->get("application/app_category");
+ strnew += lines[i].replace("$app_category", cat.to_lower()) + "\n";
+ } else if (lines[i].find("$copyright") != -1) {
+ strnew += lines[i].replace("$copyright", p_preset->get("application/copyright")) + "\n";
+ } else if (lines[i].find("$highres") != -1) {
+ strnew += lines[i].replace("$highres", p_preset->get("display/high_res") ? "\t<true/>" : "\t<false/>") + "\n";
+ } else if (lines[i].find("$usage_descriptions") != -1) {
+ String descriptions;
+ if (!((String)p_preset->get("privacy/microphone_usage_description")).is_empty()) {
+ descriptions += "\t<key>NSMicrophoneUsageDescription</key>\n";
+ descriptions += "\t<string>" + (String)p_preset->get("privacy/microphone_usage_description") + "</string>\n";
+ }
+ if (!((String)p_preset->get("privacy/camera_usage_description")).is_empty()) {
+ descriptions += "\t<key>NSCameraUsageDescription</key>\n";
+ descriptions += "\t<string>" + (String)p_preset->get("privacy/camera_usage_description") + "</string>\n";
+ }
+ if (!((String)p_preset->get("privacy/location_usage_description")).is_empty()) {
+ descriptions += "\t<key>NSLocationUsageDescription</key>\n";
+ descriptions += "\t<string>" + (String)p_preset->get("privacy/location_usage_description") + "</string>\n";
+ }
+ if (!((String)p_preset->get("privacy/address_book_usage_description")).is_empty()) {
+ descriptions += "\t<key>NSContactsUsageDescription</key>\n";
+ descriptions += "\t<string>" + (String)p_preset->get("privacy/address_book_usage_description") + "</string>\n";
+ }
+ if (!((String)p_preset->get("privacy/calendar_usage_description")).is_empty()) {
+ descriptions += "\t<key>NSCalendarsUsageDescription</key>\n";
+ descriptions += "\t<string>" + (String)p_preset->get("privacy/calendar_usage_description") + "</string>\n";
+ }
+ if (!((String)p_preset->get("privacy/photos_library_usage_description")).is_empty()) {
+ descriptions += "\t<key>NSPhotoLibraryUsageDescription</key>\n";
+ descriptions += "\t<string>" + (String)p_preset->get("privacy/photos_library_usage_description") + "</string>\n";
+ }
+ if (!((String)p_preset->get("privacy/desktop_folder_usage_description")).is_empty()) {
+ descriptions += "\t<key>NSDesktopFolderUsageDescription</key>\n";
+ descriptions += "\t<string>" + (String)p_preset->get("privacy/desktop_folder_usage_description") + "</string>\n";
+ }
+ if (!((String)p_preset->get("privacy/documents_folder_usage_description")).is_empty()) {
+ descriptions += "\t<key>NSDocumentsFolderUsageDescription</key>\n";
+ descriptions += "\t<string>" + (String)p_preset->get("privacy/documents_folder_usage_description") + "</string>\n";
+ }
+ if (!((String)p_preset->get("privacy/downloads_folder_usage_description")).is_empty()) {
+ descriptions += "\t<key>NSDownloadsFolderUsageDescription</key>\n";
+ descriptions += "\t<string>" + (String)p_preset->get("privacy/downloads_folder_usage_description") + "</string>\n";
+ }
+ if (!((String)p_preset->get("privacy/network_volumes_usage_description")).is_empty()) {
+ descriptions += "\t<key>NSNetworkVolumesUsageDescription</key>\n";
+ descriptions += "\t<string>" + (String)p_preset->get("privacy/network_volumes_usage_description") + "</string>\n";
+ }
+ if (!((String)p_preset->get("privacy/removable_volumes_usage_description")).is_empty()) {
+ descriptions += "\t<key>NSRemovableVolumesUsageDescription</key>\n";
+ descriptions += "\t<string>" + (String)p_preset->get("privacy/removable_volumes_usage_description") + "</string>\n";
+ }
+ if (!descriptions.is_empty()) {
+ strnew += lines[i].replace("$usage_descriptions", descriptions);
+ }
+ } else {
+ strnew += lines[i] + "\n";
+ }
+ }
+
+ CharString cs = strnew.utf8();
+ plist.resize(cs.size() - 1);
+ for (int i = 0; i < cs.size() - 1; i++) {
+ plist.write[i] = cs[i];
+ }
+}
+
+/**
+ * If we're running the macOS version of the Godot editor we'll:
+ * - export our application bundle to a temporary folder
+ * - attempt to code sign it
+ * - and then wrap it up in a DMG
+ */
+
+Error EditorExportPlatformMacOS::_notarize(const Ref<EditorExportPreset> &p_preset, const String &p_path) {
+#ifdef MACOS_ENABLED
+ List<String> args;
+
+ args.push_back("altool");
+ args.push_back("--notarize-app");
+
+ args.push_back("--primary-bundle-id");
+ args.push_back(p_preset->get("application/bundle_identifier"));
+
+ args.push_back("--username");
+ args.push_back(p_preset->get("notarization/apple_id_name"));
+
+ args.push_back("--password");
+ args.push_back(p_preset->get("notarization/apple_id_password"));
+
+ args.push_back("--type");
+ args.push_back("osx");
+
+ if (p_preset->get("notarization/apple_team_id")) {
+ args.push_back("--asc-provider");
+ args.push_back(p_preset->get("notarization/apple_team_id"));
+ }
+
+ args.push_back("--file");
+ args.push_back(p_path);
+
+ String str;
+ Error err = OS::get_singleton()->execute("xcrun", args, &str, nullptr, true);
+ if (err != OK || (str.find("not found") != -1) || (str.find("not recognized") != -1)) {
+ add_message(EXPORT_MESSAGE_WARNING, TTR("Notarization"), TTR("Could not start xcrun executable."));
+ return err;
+ }
+
+ print_verbose("altool (" + p_path + "):\n" + str);
+ int rq_offset = str.find("RequestUUID");
+ if (rq_offset == -1) {
+ add_message(EXPORT_MESSAGE_WARNING, TTR("Notarization"), TTR("Notarization failed."));
+ return FAILED;
+ } else {
+ int next_nl = str.find("\n", rq_offset);
+ String request_uuid = (next_nl == -1) ? str.substr(rq_offset + 14, -1) : str.substr(rq_offset + 14, next_nl - rq_offset - 14);
+ add_message(EXPORT_MESSAGE_INFO, TTR("Notarization"), vformat(TTR("Notarization request UUID: \"%s\""), request_uuid));
+ add_message(EXPORT_MESSAGE_INFO, TTR("Notarization"), TTR("The notarization process generally takes less than an hour. When the process is completed, you'll receive an email."));
+ add_message(EXPORT_MESSAGE_INFO, TTR("Notarization"), "\t" + TTR("You can check progress manually by opening a Terminal and running the following command:"));
+ add_message(EXPORT_MESSAGE_INFO, TTR("Notarization"), "\t\t\"xcrun altool --notarization-history 0 -u <your email> -p <app-specific pwd>\"");
+ add_message(EXPORT_MESSAGE_INFO, TTR("Notarization"), "\t" + TTR("Run the following command to staple the notarization ticket to the exported application (optional):"));
+ add_message(EXPORT_MESSAGE_INFO, TTR("Notarization"), "\t\t\"xcrun stapler staple <app path>\"");
+ }
+
+#endif
+
+ return OK;
+}
+
+Error EditorExportPlatformMacOS::_code_sign(const Ref<EditorExportPreset> &p_preset, const String &p_path, const String &p_ent_path, bool p_warn) {
+ bool force_builtin_codesign = EditorSettings::get_singleton()->get("export/macos/force_builtin_codesign");
+ bool ad_hoc = (p_preset->get("codesign/identity") == "" || p_preset->get("codesign/identity") == "-");
+
+ if ((!FileAccess::exists("/usr/bin/codesign") && !FileAccess::exists("/bin/codesign")) || force_builtin_codesign) {
+ print_verbose("using built-in codesign...");
+#ifdef MODULE_REGEX_ENABLED
+
+#ifdef MACOS_ENABLED
+ if (p_preset->get("codesign/timestamp") && p_warn) {
+ add_message(EXPORT_MESSAGE_INFO, TTR("Code Signing"), TTR("Timestamping is not compatible with ad-hoc signature, and was disabled!"));
+ }
+ if (p_preset->get("codesign/hardened_runtime") && p_warn) {
+ add_message(EXPORT_MESSAGE_INFO, TTR("Code Signing"), TTR("Hardened Runtime is not compatible with ad-hoc signature, and was disabled!"));
+ }
+#endif
+
+ String error_msg;
+ Error err = CodeSign::codesign(false, p_preset->get("codesign/replace_existing_signature"), p_path, p_ent_path, error_msg);
+ if (err != OK) {
+ add_message(EXPORT_MESSAGE_WARNING, TTR("Code Signing"), vformat(TTR("Built-in CodeSign failed with error \"%s\"."), error_msg));
+ return FAILED;
+ }
+#else
+ add_message(EXPORT_MESSAGE_WARNING, TTR("Code Signing"), TTR("Built-in CodeSign require regex module."));
+#endif
+ return OK;
+ } else {
+ print_verbose("using external codesign...");
+ List<String> args;
+ if (p_preset->get("codesign/timestamp")) {
+ if (ad_hoc) {
+ if (p_warn) {
+ add_message(EXPORT_MESSAGE_INFO, TTR("Code Signing"), TTR("Timestamping is not compatible with ad-hoc signature, and was disabled!"));
+ }
+ } else {
+ args.push_back("--timestamp");
+ }
+ }
+ if (p_preset->get("codesign/hardened_runtime")) {
+ if (ad_hoc) {
+ if (p_warn) {
+ add_message(EXPORT_MESSAGE_INFO, TTR("Code Signing"), TTR("Hardened Runtime is not compatible with ad-hoc signature, and was disabled!"));
+ }
+ } else {
+ args.push_back("--options");
+ args.push_back("runtime");
+ }
+ }
+
+ if (p_path.get_extension() != "dmg") {
+ args.push_back("--entitlements");
+ args.push_back(p_ent_path);
+ }
+
+ PackedStringArray user_args = p_preset->get("codesign/custom_options");
+ for (int i = 0; i < user_args.size(); i++) {
+ String user_arg = user_args[i].strip_edges();
+ if (!user_arg.is_empty()) {
+ args.push_back(user_arg);
+ }
+ }
+
+ args.push_back("-s");
+ if (ad_hoc) {
+ args.push_back("-");
+ } else {
+ args.push_back(p_preset->get("codesign/identity"));
+ }
+
+ args.push_back("-v"); /* provide some more feedback */
+
+ if (p_preset->get("codesign/replace_existing_signature")) {
+ args.push_back("-f");
+ }
+
+ args.push_back(p_path);
+
+ String str;
+ Error err = OS::get_singleton()->execute("codesign", args, &str, nullptr, true);
+ if (err != OK || (str.find("not found") != -1) || (str.find("not recognized") != -1)) {
+ add_message(EXPORT_MESSAGE_WARNING, TTR("Code Signing"), TTR("Could not start codesign executable, make sure Xcode command line tools are installed."));
+ return err;
+ }
+
+ print_verbose("codesign (" + p_path + "):\n" + str);
+ if (str.find("no identity found") != -1) {
+ add_message(EXPORT_MESSAGE_WARNING, TTR("Code Signing"), TTR("No identity found."));
+ return FAILED;
+ }
+ if ((str.find("unrecognized blob type") != -1) || (str.find("cannot read entitlement data") != -1)) {
+ add_message(EXPORT_MESSAGE_WARNING, TTR("Code Signing"), TTR("Invalid entitlements file."));
+ return FAILED;
+ }
+ return OK;
+ }
+}
+
+Error EditorExportPlatformMacOS::_code_sign_directory(const Ref<EditorExportPreset> &p_preset, const String &p_path,
+ const String &p_ent_path, bool p_should_error_on_non_code) {
+#ifdef MACOS_ENABLED
+ static Vector<String> extensions_to_sign;
+
+ if (extensions_to_sign.is_empty()) {
+ extensions_to_sign.push_back("dylib");
+ extensions_to_sign.push_back("framework");
+ }
+
+ Error dir_access_error;
+ Ref<DirAccess> dir_access{ DirAccess::open(p_path, &dir_access_error) };
+
+ if (dir_access_error != OK) {
+ return dir_access_error;
+ }
+
+ dir_access->list_dir_begin();
+ String current_file{ dir_access->get_next() };
+ while (!current_file.is_empty()) {
+ String current_file_path{ p_path.plus_file(current_file) };
+
+ if (current_file == ".." || current_file == ".") {
+ current_file = dir_access->get_next();
+ continue;
+ }
+
+ if (extensions_to_sign.find(current_file.get_extension()) > -1) {
+ Error code_sign_error{ _code_sign(p_preset, current_file_path, p_ent_path, false) };
+ if (code_sign_error != OK) {
+ return code_sign_error;
+ }
+ } else if (dir_access->current_is_dir()) {
+ Error code_sign_error{ _code_sign_directory(p_preset, current_file_path, p_ent_path, p_should_error_on_non_code) };
+ if (code_sign_error != OK) {
+ return code_sign_error;
+ }
+ } else if (p_should_error_on_non_code) {
+ add_message(EXPORT_MESSAGE_WARNING, TTR("Code Signing"), vformat(TTR("Cannot sign file %s."), current_file));
+ return Error::FAILED;
+ }
+
+ current_file = dir_access->get_next();
+ }
+#endif
+
+ return OK;
+}
+
+Error EditorExportPlatformMacOS::_copy_and_sign_files(Ref<DirAccess> &dir_access, const String &p_src_path,
+ const String &p_in_app_path, bool p_sign_enabled,
+ const Ref<EditorExportPreset> &p_preset, const String &p_ent_path,
+ bool p_should_error_on_non_code_sign) {
+ Error err{ OK };
+ if (dir_access->dir_exists(p_src_path)) {
+#ifndef UNIX_ENABLED
+ add_message(EXPORT_MESSAGE_INFO, TTR("Export"), vformat(TTR("Relative symlinks are not supported, exported \"%s\" might be broken!"), p_src_path.get_file()));
+#endif
+ print_verbose("export framework: " + p_src_path + " -> " + p_in_app_path);
+ err = dir_access->make_dir_recursive(p_in_app_path);
+ if (err == OK) {
+ err = dir_access->copy_dir(p_src_path, p_in_app_path, -1, true);
+ }
+ } else {
+ print_verbose("export dylib: " + p_src_path + " -> " + p_in_app_path);
+ err = dir_access->copy(p_src_path, p_in_app_path);
+ }
+ if (err == OK && p_sign_enabled) {
+ if (dir_access->dir_exists(p_src_path) && p_src_path.get_extension().is_empty()) {
+ // If it is a directory, find and sign all dynamic libraries.
+ err = _code_sign_directory(p_preset, p_in_app_path, p_ent_path, p_should_error_on_non_code_sign);
+ } else {
+ err = _code_sign(p_preset, p_in_app_path, p_ent_path, false);
+ }
+ }
+ return err;
+}
+
+Error EditorExportPlatformMacOS::_export_macos_plugins_for(Ref<EditorExportPlugin> p_editor_export_plugin,
+ const String &p_app_path_name, Ref<DirAccess> &dir_access,
+ bool p_sign_enabled, const Ref<EditorExportPreset> &p_preset,
+ const String &p_ent_path) {
+ Error error{ OK };
+ const Vector<String> &macos_plugins{ p_editor_export_plugin->get_macos_plugin_files() };
+ for (int i = 0; i < macos_plugins.size(); ++i) {
+ String src_path{ ProjectSettings::get_singleton()->globalize_path(macos_plugins[i]) };
+ String path_in_app{ p_app_path_name + "/Contents/PlugIns/" + src_path.get_file() };
+ error = _copy_and_sign_files(dir_access, src_path, path_in_app, p_sign_enabled, p_preset, p_ent_path, false);
+ if (error != OK) {
+ break;
+ }
+ }
+ return error;
+}
+
+Error EditorExportPlatformMacOS::_create_dmg(const String &p_dmg_path, const String &p_pkg_name, const String &p_app_path_name) {
+ List<String> args;
+
+ if (FileAccess::exists(p_dmg_path)) {
+ OS::get_singleton()->move_to_trash(p_dmg_path);
+ }
+
+ args.push_back("create");
+ args.push_back(p_dmg_path);
+ args.push_back("-volname");
+ args.push_back(p_pkg_name);
+ args.push_back("-fs");
+ args.push_back("HFS+");
+ args.push_back("-srcfolder");
+ args.push_back(p_app_path_name);
+
+ String str;
+ Error err = OS::get_singleton()->execute("hdiutil", args, &str, nullptr, true);
+ if (err != OK) {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("DMG Creation"), TTR("Could not start hdiutil executable."));
+ return err;
+ }
+
+ print_verbose("hdiutil returned: " + str);
+ if (str.find("create failed") != -1) {
+ if (str.find("File exists") != -1) {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("DMG Creation"), TTR("`hdiutil create` failed - file exists."));
+ } else {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("DMG Creation"), TTR("`hdiutil create` failed."));
+ }
+ return FAILED;
+ }
+
+ return OK;
+}
+
+Error EditorExportPlatformMacOS::_export_debug_script(const Ref<EditorExportPreset> &p_preset, const String &p_app_name, const String &p_pkg_name, const String &p_path) {
+ Ref<FileAccess> f = FileAccess::open(p_path, FileAccess::WRITE);
+ if (f.is_null()) {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("Debug Script Export"), vformat(TTR("Could not open file \"%s\"."), p_path));
+ return ERR_CANT_CREATE;
+ }
+
+ f->store_line("#!/bin/sh");
+ f->store_line("echo -ne '\\033c\\033]0;" + p_app_name + "\\a'");
+ f->store_line("");
+ f->store_line("function app_realpath() {");
+ f->store_line(" SOURCE=$1");
+ f->store_line(" while [ -h \"$SOURCE\" ]; do");
+ f->store_line(" DIR=$(dirname \"$SOURCE\")");
+ f->store_line(" SOURCE=$(readlink \"$SOURCE\")");
+ f->store_line(" [[ $SOURCE != /* ]] && SOURCE=$DIR/$SOURCE");
+ f->store_line(" done");
+ f->store_line(" echo \"$( cd -P \"$( dirname \"$SOURCE\" )\" >/dev/null 2>&1 && pwd )\"");
+ f->store_line("}");
+ f->store_line("");
+ f->store_line("BASE_PATH=\"$(app_realpath \"${BASH_SOURCE[0]}\")\"");
+ f->store_line("\"$BASE_PATH/" + p_pkg_name + "\" \"$@\"");
+ f->store_line("");
+
+ return OK;
+}
+
+Error EditorExportPlatformMacOS::export_project(const Ref<EditorExportPreset> &p_preset, bool p_debug, const String &p_path, int p_flags) {
+ ExportNotifier notifier(*this, p_preset, p_debug, p_path, p_flags);
+
+ String src_pkg_name;
+
+ EditorProgress ep("export", "Exporting for macOS", 3, true);
+
+ if (p_debug) {
+ src_pkg_name = p_preset->get("custom_template/debug");
+ } else {
+ src_pkg_name = p_preset->get("custom_template/release");
+ }
+
+ if (src_pkg_name.is_empty()) {
+ String err;
+ src_pkg_name = find_export_template("macos.zip", &err);
+ if (src_pkg_name.is_empty()) {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("Prepare Templates"), TTR("Export template not found."));
+ return ERR_FILE_NOT_FOUND;
+ }
+ }
+
+ if (!DirAccess::exists(p_path.get_base_dir())) {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("Prepare Templates"), TTR("The given export path doesn't exist."));
+ return ERR_FILE_BAD_PATH;
+ }
+
+ Ref<FileAccess> io_fa;
+ zlib_filefunc_def io = zipio_create_io(&io_fa);
+
+ if (ep.step(TTR("Creating app bundle"), 0)) {
+ return ERR_SKIP;
+ }
+
+ unzFile src_pkg_zip = unzOpen2(src_pkg_name.utf8().get_data(), &io);
+ if (!src_pkg_zip) {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("Prepare Templates"), vformat(TTR("Could not find template app to export: \"%s\"."), src_pkg_name));
+ return ERR_FILE_NOT_FOUND;
+ }
+
+ int ret = unzGoToFirstFile(src_pkg_zip);
+
+ String binary_to_use = "godot_macos_" + String(p_debug ? "debug" : "release") + ".64";
+
+ String pkg_name;
+ if (String(ProjectSettings::get_singleton()->get("application/config/name")) != "") {
+ pkg_name = String(ProjectSettings::get_singleton()->get("application/config/name"));
+ } else {
+ pkg_name = "Unnamed";
+ }
+
+ pkg_name = OS::get_singleton()->get_safe_dir_name(pkg_name);
+
+ String export_format;
+ if (use_dmg() && p_path.ends_with("dmg")) {
+ export_format = "dmg";
+ } else if (p_path.ends_with("zip")) {
+ export_format = "zip";
+ } else if (p_path.ends_with("app")) {
+ export_format = "app";
+ } else {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), TTR("Invalid export format."));
+ return ERR_CANT_CREATE;
+ }
+
+ // Create our application bundle.
+ String tmp_app_dir_name = pkg_name + ".app";
+ String tmp_base_path_name;
+ String tmp_app_path_name;
+ String scr_path;
+ if (export_format == "app") {
+ tmp_base_path_name = p_path.get_base_dir();
+ tmp_app_path_name = p_path;
+ scr_path = p_path.get_basename() + ".command";
+ } else {
+ tmp_base_path_name = EditorPaths::get_singleton()->get_cache_dir().plus_file(pkg_name);
+ tmp_app_path_name = tmp_base_path_name.plus_file(tmp_app_dir_name);
+ scr_path = tmp_base_path_name.plus_file(pkg_name + ".command");
+ }
+
+ print_verbose("Exporting to " + tmp_app_path_name);
+
+ Error err = OK;
+
+ Ref<DirAccess> tmp_app_dir = DirAccess::create_for_path(tmp_base_path_name);
+ if (tmp_app_dir.is_null()) {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), vformat(TTR("Could not create directory: \"%s\"."), tmp_base_path_name));
+ err = ERR_CANT_CREATE;
+ }
+
+ DirAccess::remove_file_or_error(scr_path);
+ if (DirAccess::exists(tmp_app_path_name)) {
+ String old_dir = tmp_app_dir->get_current_dir();
+ if (tmp_app_dir->change_dir(tmp_app_path_name) == OK) {
+ tmp_app_dir->erase_contents_recursive();
+ tmp_app_dir->change_dir(old_dir);
+ }
+ }
+
+ Array helpers = p_preset->get("codesign/entitlements/app_sandbox/helper_executables");
+
+ // Create our folder structure.
+ if (err == OK) {
+ print_verbose("Creating " + tmp_app_path_name + "/Contents/MacOS");
+ err = tmp_app_dir->make_dir_recursive(tmp_app_path_name + "/Contents/MacOS");
+ if (err != OK) {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), vformat(TTR("Could not create directory \"%s\"."), tmp_app_path_name + "/Contents/MacOS"));
+ }
+ }
+
+ if (err == OK) {
+ print_verbose("Creating " + tmp_app_path_name + "/Contents/Frameworks");
+ err = tmp_app_dir->make_dir_recursive(tmp_app_path_name + "/Contents/Frameworks");
+ if (err != OK) {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), vformat(TTR("Could not create directory \"%s\"."), tmp_app_path_name + "/Contents/Frameworks"));
+ }
+ }
+
+ if ((err == OK) && helpers.size() > 0) {
+ print_line("Creating " + tmp_app_path_name + "/Contents/Helpers");
+ err = tmp_app_dir->make_dir_recursive(tmp_app_path_name + "/Contents/Helpers");
+ if (err != OK) {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), vformat(TTR("Could not create directory \"%s\"."), tmp_app_path_name + "/Contents/Helpers"));
+ }
+ }
+
+ if (err == OK) {
+ print_verbose("Creating " + tmp_app_path_name + "/Contents/Resources");
+ err = tmp_app_dir->make_dir_recursive(tmp_app_path_name + "/Contents/Resources");
+ if (err != OK) {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), vformat(TTR("Could not create directory \"%s\"."), tmp_app_path_name + "/Contents/Resources"));
+ }
+ }
+
+ Dictionary appnames = ProjectSettings::get_singleton()->get("application/config/name_localized");
+ Dictionary microphone_usage_descriptions = p_preset->get("privacy/microphone_usage_description_localized");
+ Dictionary camera_usage_descriptions = p_preset->get("privacy/camera_usage_description_localized");
+ Dictionary location_usage_descriptions = p_preset->get("privacy/location_usage_description_localized");
+ Dictionary address_book_usage_descriptions = p_preset->get("privacy/address_book_usage_description_localized");
+ Dictionary calendar_usage_descriptions = p_preset->get("privacy/calendar_usage_description_localized");
+ Dictionary photos_library_usage_descriptions = p_preset->get("privacy/photos_library_usage_description_localized");
+ Dictionary desktop_folder_usage_descriptions = p_preset->get("privacy/desktop_folder_usage_description_localized");
+ Dictionary documents_folder_usage_descriptions = p_preset->get("privacy/documents_folder_usage_description_localized");
+ Dictionary downloads_folder_usage_descriptions = p_preset->get("privacy/downloads_folder_usage_description_localized");
+ Dictionary network_volumes_usage_descriptions = p_preset->get("privacy/network_volumes_usage_description_localized");
+ Dictionary removable_volumes_usage_descriptions = p_preset->get("privacy/removable_volumes_usage_description_localized");
+ Dictionary copyrights = p_preset->get("application/copyright_localized");
+
+ Vector<String> translations = ProjectSettings::get_singleton()->get("internationalization/locale/translations");
+ if (translations.size() > 0) {
+ {
+ String fname = tmp_app_path_name + "/Contents/Resources/en.lproj";
+ tmp_app_dir->make_dir_recursive(fname);
+ Ref<FileAccess> f = FileAccess::open(fname + "/InfoPlist.strings", FileAccess::WRITE);
+ f->store_line("/* Localized versions of Info.plist keys */");
+ f->store_line("");
+ f->store_line("CFBundleDisplayName = \"" + ProjectSettings::get_singleton()->get("application/config/name").operator String() + "\";");
+ if (!((String)p_preset->get("privacy/microphone_usage_description")).is_empty()) {
+ f->store_line("NSMicrophoneUsageDescription = \"" + p_preset->get("privacy/microphone_usage_description").operator String() + "\";");
+ }
+ if (!((String)p_preset->get("privacy/camera_usage_description")).is_empty()) {
+ f->store_line("NSCameraUsageDescription = \"" + p_preset->get("privacy/camera_usage_description").operator String() + "\";");
+ }
+ if (!((String)p_preset->get("privacy/location_usage_description")).is_empty()) {
+ f->store_line("NSLocationUsageDescription = \"" + p_preset->get("privacy/location_usage_description").operator String() + "\";");
+ }
+ if (!((String)p_preset->get("privacy/address_book_usage_description")).is_empty()) {
+ f->store_line("NSContactsUsageDescription = \"" + p_preset->get("privacy/address_book_usage_description").operator String() + "\";");
+ }
+ if (!((String)p_preset->get("privacy/calendar_usage_description")).is_empty()) {
+ f->store_line("NSCalendarsUsageDescription = \"" + p_preset->get("privacy/calendar_usage_description").operator String() + "\";");
+ }
+ if (!((String)p_preset->get("privacy/photos_library_usage_description")).is_empty()) {
+ f->store_line("NSPhotoLibraryUsageDescription = \"" + p_preset->get("privacy/photos_library_usage_description").operator String() + "\";");
+ }
+ if (!((String)p_preset->get("privacy/desktop_folder_usage_description")).is_empty()) {
+ f->store_line("NSDesktopFolderUsageDescription = \"" + p_preset->get("privacy/desktop_folder_usage_description").operator String() + "\";");
+ }
+ if (!((String)p_preset->get("privacy/documents_folder_usage_description")).is_empty()) {
+ f->store_line("NSDocumentsFolderUsageDescription = \"" + p_preset->get("privacy/documents_folder_usage_description").operator String() + "\";");
+ }
+ if (!((String)p_preset->get("privacy/downloads_folder_usage_description")).is_empty()) {
+ f->store_line("NSDownloadsFolderUsageDescription = \"" + p_preset->get("privacy/downloads_folder_usage_description").operator String() + "\";");
+ }
+ if (!((String)p_preset->get("privacy/network_volumes_usage_description")).is_empty()) {
+ f->store_line("NSNetworkVolumesUsageDescription = \"" + p_preset->get("privacy/network_volumes_usage_description").operator String() + "\";");
+ }
+ if (!((String)p_preset->get("privacy/removable_volumes_usage_description")).is_empty()) {
+ f->store_line("NSRemovableVolumesUsageDescription = \"" + p_preset->get("privacy/removable_volumes_usage_description").operator String() + "\";");
+ }
+ f->store_line("NSHumanReadableCopyright = \"" + p_preset->get("application/copyright").operator String() + "\";");
+ }
+
+ for (const String &E : translations) {
+ Ref<Translation> tr = ResourceLoader::load(E);
+ if (tr.is_valid()) {
+ String lang = tr->get_locale();
+ String fname = tmp_app_path_name + "/Contents/Resources/" + lang + ".lproj";
+ tmp_app_dir->make_dir_recursive(fname);
+ Ref<FileAccess> f = FileAccess::open(fname + "/InfoPlist.strings", FileAccess::WRITE);
+ f->store_line("/* Localized versions of Info.plist keys */");
+ f->store_line("");
+ if (appnames.has(lang)) {
+ f->store_line("CFBundleDisplayName = \"" + appnames[lang].operator String() + "\";");
+ }
+ if (microphone_usage_descriptions.has(lang)) {
+ f->store_line("NSMicrophoneUsageDescription = \"" + microphone_usage_descriptions[lang].operator String() + "\";");
+ }
+ if (camera_usage_descriptions.has(lang)) {
+ f->store_line("NSCameraUsageDescription = \"" + camera_usage_descriptions[lang].operator String() + "\";");
+ }
+ if (location_usage_descriptions.has(lang)) {
+ f->store_line("NSLocationUsageDescription = \"" + location_usage_descriptions[lang].operator String() + "\";");
+ }
+ if (address_book_usage_descriptions.has(lang)) {
+ f->store_line("NSContactsUsageDescription = \"" + address_book_usage_descriptions[lang].operator String() + "\";");
+ }
+ if (calendar_usage_descriptions.has(lang)) {
+ f->store_line("NSCalendarsUsageDescription = \"" + calendar_usage_descriptions[lang].operator String() + "\";");
+ }
+ if (photos_library_usage_descriptions.has(lang)) {
+ f->store_line("NSPhotoLibraryUsageDescription = \"" + photos_library_usage_descriptions[lang].operator String() + "\";");
+ }
+ if (desktop_folder_usage_descriptions.has(lang)) {
+ f->store_line("NSDesktopFolderUsageDescription = \"" + desktop_folder_usage_descriptions[lang].operator String() + "\";");
+ }
+ if (documents_folder_usage_descriptions.has(lang)) {
+ f->store_line("NSDocumentsFolderUsageDescription = \"" + documents_folder_usage_descriptions[lang].operator String() + "\";");
+ }
+ if (downloads_folder_usage_descriptions.has(lang)) {
+ f->store_line("NSDownloadsFolderUsageDescription = \"" + downloads_folder_usage_descriptions[lang].operator String() + "\";");
+ }
+ if (network_volumes_usage_descriptions.has(lang)) {
+ f->store_line("NSNetworkVolumesUsageDescription = \"" + network_volumes_usage_descriptions[lang].operator String() + "\";");
+ }
+ if (removable_volumes_usage_descriptions.has(lang)) {
+ f->store_line("NSRemovableVolumesUsageDescription = \"" + removable_volumes_usage_descriptions[lang].operator String() + "\";");
+ }
+ if (copyrights.has(lang)) {
+ f->store_line("NSHumanReadableCopyright = \"" + copyrights[lang].operator String() + "\";");
+ }
+ }
+ }
+ }
+
+ // Now process our template.
+ bool found_binary = false;
+ Vector<String> dylibs_found;
+
+ while (ret == UNZ_OK && err == OK) {
+ bool is_execute = false;
+
+ // Get filename.
+ unz_file_info info;
+ char fname[16384];
+ ret = unzGetCurrentFileInfo(src_pkg_zip, &info, fname, 16384, nullptr, 0, nullptr, 0);
+ if (ret != UNZ_OK) {
+ break;
+ }
+
+ String file = String::utf8(fname);
+
+ Vector<uint8_t> data;
+ data.resize(info.uncompressed_size);
+
+ // Read.
+ unzOpenCurrentFile(src_pkg_zip);
+ unzReadCurrentFile(src_pkg_zip, data.ptrw(), data.size());
+ unzCloseCurrentFile(src_pkg_zip);
+
+ // Write.
+ file = file.replace_first("macos_template.app/", "");
+
+ if (((info.external_fa >> 16L) & 0120000) == 0120000) {
+#ifndef UNIX_ENABLED
+ add_message(EXPORT_MESSAGE_INFO, TTR("Export"), TTR("Relative symlinks are not supported on this OS, the exported project might be broken!"));
+#endif
+ // Handle symlinks in the archive.
+ file = tmp_app_path_name.plus_file(file);
+ if (err == OK) {
+ err = tmp_app_dir->make_dir_recursive(file.get_base_dir());
+ if (err != OK) {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), vformat(TTR("Could not create directory \"%s\"."), file.get_base_dir()));
+ }
+ }
+ if (err == OK) {
+ String lnk_data = String::utf8((const char *)data.ptr(), data.size());
+ err = tmp_app_dir->create_link(lnk_data, file);
+ if (err != OK) {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), vformat(TTR("Could not created symlink \"%s\" -> \"%s\"."), lnk_data, file));
+ }
+ print_verbose(vformat("ADDING SYMLINK %s => %s\n", file, lnk_data));
+ }
+
+ ret = unzGoToNextFile(src_pkg_zip);
+ continue; // next
+ }
+
+ if (file == "Contents/Info.plist") {
+ _fix_plist(p_preset, data, pkg_name);
+ }
+
+ if (file.begins_with("Contents/MacOS/godot_")) {
+ if (file != "Contents/MacOS/" + binary_to_use) {
+ ret = unzGoToNextFile(src_pkg_zip);
+ continue; // skip
+ }
+ found_binary = true;
+ is_execute = true;
+ file = "Contents/MacOS/" + pkg_name;
+ }
+
+ if (file == "Contents/Resources/icon.icns") {
+ // See if there is an icon.
+ String iconpath;
+ if (p_preset->get("application/icon") != "") {
+ iconpath = p_preset->get("application/icon");
+ } else {
+ iconpath = ProjectSettings::get_singleton()->get("application/config/icon");
+ }
+
+ if (!iconpath.is_empty()) {
+ if (iconpath.get_extension() == "icns") {
+ Ref<FileAccess> icon = FileAccess::open(iconpath, FileAccess::READ);
+ if (icon.is_valid()) {
+ data.resize(icon->get_length());
+ icon->get_buffer(&data.write[0], icon->get_length());
+ }
+ } else {
+ Ref<Image> icon;
+ icon.instantiate();
+ icon->load(iconpath);
+ if (!icon->is_empty()) {
+ _make_icon(icon, data);
+ }
+ }
+ }
+ }
+
+ if (data.size() > 0) {
+ if (file.find("/data.mono.macos.64.release_debug/") != -1) {
+ if (!p_debug) {
+ ret = unzGoToNextFile(src_pkg_zip);
+ continue; // skip
+ }
+ file = file.replace("/data.mono.macos.64.release_debug/", "/GodotSharp/");
+ }
+ if (file.find("/data.mono.macos.64.release/") != -1) {
+ if (p_debug) {
+ ret = unzGoToNextFile(src_pkg_zip);
+ continue; // skip
+ }
+ file = file.replace("/data.mono.macos.64.release/", "/GodotSharp/");
+ }
+
+ if (file.ends_with(".dylib")) {
+ dylibs_found.push_back(file);
+ }
+
+ print_verbose("ADDING: " + file + " size: " + itos(data.size()));
+
+ // Write it into our application bundle.
+ file = tmp_app_path_name.plus_file(file);
+ if (err == OK) {
+ err = tmp_app_dir->make_dir_recursive(file.get_base_dir());
+ if (err != OK) {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), vformat(TTR("Could not create directory \"%s\"."), file.get_base_dir()));
+ }
+ }
+ if (err == OK) {
+ Ref<FileAccess> f = FileAccess::open(file, FileAccess::WRITE);
+ if (f.is_valid()) {
+ f->store_buffer(data.ptr(), data.size());
+ f.unref();
+ if (is_execute) {
+ // chmod with 0755 if the file is executable.
+ FileAccess::set_unix_permissions(file, 0755);
+ }
+ } else {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), vformat(TTR("Could not open \"%s\"."), file));
+ err = ERR_CANT_CREATE;
+ }
+ }
+ }
+
+ ret = unzGoToNextFile(src_pkg_zip);
+ }
+
+ // We're done with our source zip.
+ unzClose(src_pkg_zip);
+
+ if (!found_binary) {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), vformat(TTR("Requested template binary \"%s\" not found. It might be missing from your template archive."), binary_to_use));
+ err = ERR_FILE_NOT_FOUND;
+ }
+
+ // Save console script.
+ if (err == OK) {
+ int con_scr = p_preset->get("debug/export_console_script");
+ if ((con_scr == 1 && p_debug) || (con_scr == 2)) {
+ err = _export_debug_script(p_preset, pkg_name, tmp_app_path_name.get_file() + "/Contents/MacOS/" + pkg_name, scr_path);
+ FileAccess::set_unix_permissions(scr_path, 0755);
+ if (err != OK) {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), TTR("Could not create console script."));
+ }
+ }
+ }
+
+ if (err == OK) {
+ if (ep.step(TTR("Making PKG"), 1)) {
+ return ERR_SKIP;
+ }
+
+ String pack_path = tmp_app_path_name + "/Contents/Resources/" + pkg_name + ".pck";
+ Vector<SharedObject> shared_objects;
+ err = save_pack(p_preset, p_debug, pack_path, &shared_objects);
+
+ // See if we can code sign our new package.
+ bool sign_enabled = p_preset->get("codesign/enable");
+
+ String ent_path = p_preset->get("codesign/entitlements/custom_file");
+ String hlp_ent_path = EditorPaths::get_singleton()->get_cache_dir().plus_file(pkg_name + "_helper.entitlements");
+ if (sign_enabled && (ent_path.is_empty())) {
+ ent_path = EditorPaths::get_singleton()->get_cache_dir().plus_file(pkg_name + ".entitlements");
+
+ Ref<FileAccess> ent_f = FileAccess::open(ent_path, FileAccess::WRITE);
+ if (ent_f.is_valid()) {
+ ent_f->store_line("<?xml version=\"1.0\" encoding=\"UTF-8\"?>");
+ ent_f->store_line("<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">");
+ ent_f->store_line("<plist version=\"1.0\">");
+ ent_f->store_line("<dict>");
+ if (Engine::get_singleton()->has_singleton("GodotSharp")) {
+ // These entitlements are required to run managed code, and are always enabled in Mono builds.
+ ent_f->store_line("<key>com.apple.security.cs.allow-jit</key>");
+ ent_f->store_line("<true/>");
+ ent_f->store_line("<key>com.apple.security.cs.allow-unsigned-executable-memory</key>");
+ ent_f->store_line("<true/>");
+ ent_f->store_line("<key>com.apple.security.cs.allow-dyld-environment-variables</key>");
+ ent_f->store_line("<true/>");
+ } else {
+ if ((bool)p_preset->get("codesign/entitlements/allow_jit_code_execution")) {
+ ent_f->store_line("<key>com.apple.security.cs.allow-jit</key>");
+ ent_f->store_line("<true/>");
+ }
+ if ((bool)p_preset->get("codesign/entitlements/allow_unsigned_executable_memory")) {
+ ent_f->store_line("<key>com.apple.security.cs.allow-unsigned-executable-memory</key>");
+ ent_f->store_line("<true/>");
+ }
+ if ((bool)p_preset->get("codesign/entitlements/allow_dyld_environment_variables")) {
+ ent_f->store_line("<key>com.apple.security.cs.allow-dyld-environment-variables</key>");
+ ent_f->store_line("<true/>");
+ }
+ }
+
+ if ((bool)p_preset->get("codesign/entitlements/disable_library_validation")) {
+ ent_f->store_line("<key>com.apple.security.cs.disable-library-validation</key>");
+ ent_f->store_line("<true/>");
+ }
+ if ((bool)p_preset->get("codesign/entitlements/audio_input")) {
+ ent_f->store_line("<key>com.apple.security.device.audio-input</key>");
+ ent_f->store_line("<true/>");
+ }
+ if ((bool)p_preset->get("codesign/entitlements/camera")) {
+ ent_f->store_line("<key>com.apple.security.device.camera</key>");
+ ent_f->store_line("<true/>");
+ }
+ if ((bool)p_preset->get("codesign/entitlements/location")) {
+ ent_f->store_line("<key>com.apple.security.personal-information.location</key>");
+ ent_f->store_line("<true/>");
+ }
+ if ((bool)p_preset->get("codesign/entitlements/address_book")) {
+ ent_f->store_line("<key>com.apple.security.personal-information.addressbook</key>");
+ ent_f->store_line("<true/>");
+ }
+ if ((bool)p_preset->get("codesign/entitlements/calendars")) {
+ ent_f->store_line("<key>com.apple.security.personal-information.calendars</key>");
+ ent_f->store_line("<true/>");
+ }
+ if ((bool)p_preset->get("codesign/entitlements/photos_library")) {
+ ent_f->store_line("<key>com.apple.security.personal-information.photos-library</key>");
+ ent_f->store_line("<true/>");
+ }
+ if ((bool)p_preset->get("codesign/entitlements/apple_events")) {
+ ent_f->store_line("<key>com.apple.security.automation.apple-events</key>");
+ ent_f->store_line("<true/>");
+ }
+ if ((bool)p_preset->get("codesign/entitlements/debugging")) {
+ ent_f->store_line("<key>com.apple.security.get-task-allow</key>");
+ ent_f->store_line("<true/>");
+ }
+
+ if ((bool)p_preset->get("codesign/entitlements/app_sandbox/enabled")) {
+ ent_f->store_line("<key>com.apple.security.app-sandbox</key>");
+ ent_f->store_line("<true/>");
+
+ if ((bool)p_preset->get("codesign/entitlements/app_sandbox/network_server")) {
+ ent_f->store_line("<key>com.apple.security.network.server</key>");
+ ent_f->store_line("<true/>");
+ }
+ if ((bool)p_preset->get("codesign/entitlements/app_sandbox/network_client")) {
+ ent_f->store_line("<key>com.apple.security.network.client</key>");
+ ent_f->store_line("<true/>");
+ }
+ if ((bool)p_preset->get("codesign/entitlements/app_sandbox/device_usb")) {
+ ent_f->store_line("<key>com.apple.security.device.usb</key>");
+ ent_f->store_line("<true/>");
+ }
+ if ((bool)p_preset->get("codesign/entitlements/app_sandbox/device_bluetooth")) {
+ ent_f->store_line("<key>com.apple.security.device.bluetooth</key>");
+ ent_f->store_line("<true/>");
+ }
+ if ((int)p_preset->get("codesign/entitlements/app_sandbox/files_downloads") == 1) {
+ ent_f->store_line("<key>com.apple.security.files.downloads.read-only</key>");
+ ent_f->store_line("<true/>");
+ }
+ if ((int)p_preset->get("codesign/entitlements/app_sandbox/files_downloads") == 2) {
+ ent_f->store_line("<key>com.apple.security.files.downloads.read-write</key>");
+ ent_f->store_line("<true/>");
+ }
+ if ((int)p_preset->get("codesign/entitlements/app_sandbox/files_pictures") == 1) {
+ ent_f->store_line("<key>com.apple.security.files.pictures.read-only</key>");
+ ent_f->store_line("<true/>");
+ }
+ if ((int)p_preset->get("codesign/entitlements/app_sandbox/files_pictures") == 2) {
+ ent_f->store_line("<key>com.apple.security.files.pictures.read-write</key>");
+ ent_f->store_line("<true/>");
+ }
+ if ((int)p_preset->get("codesign/entitlements/app_sandbox/files_music") == 1) {
+ ent_f->store_line("<key>com.apple.security.files.music.read-only</key>");
+ ent_f->store_line("<true/>");
+ }
+ if ((int)p_preset->get("codesign/entitlements/app_sandbox/files_music") == 2) {
+ ent_f->store_line("<key>com.apple.security.files.music.read-write</key>");
+ ent_f->store_line("<true/>");
+ }
+ if ((int)p_preset->get("codesign/entitlements/app_sandbox/files_movies") == 1) {
+ ent_f->store_line("<key>com.apple.security.files.movies.read-only</key>");
+ ent_f->store_line("<true/>");
+ }
+ if ((int)p_preset->get("codesign/entitlements/app_sandbox/files_movies") == 2) {
+ ent_f->store_line("<key>com.apple.security.files.movies.read-write</key>");
+ ent_f->store_line("<true/>");
+ }
+ }
+
+ ent_f->store_line("</dict>");
+ ent_f->store_line("</plist>");
+ } else {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("Code Signing"), TTR("Could not create entitlements file."));
+ err = ERR_CANT_CREATE;
+ }
+
+ if ((err == OK) && helpers.size() > 0) {
+ ent_f = FileAccess::open(hlp_ent_path, FileAccess::WRITE);
+ if (ent_f.is_valid()) {
+ ent_f->store_line("<?xml version=\"1.0\" encoding=\"UTF-8\"?>");
+ ent_f->store_line("<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">");
+ ent_f->store_line("<plist version=\"1.0\">");
+ ent_f->store_line("<dict>");
+ ent_f->store_line("<key>com.apple.security.app-sandbox</key>");
+ ent_f->store_line("<true/>");
+ ent_f->store_line("<key>com.apple.security.inherit</key>");
+ ent_f->store_line("<true/>");
+ ent_f->store_line("</dict>");
+ ent_f->store_line("</plist>");
+ } else {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("Code Signing"), TTR("Could not create helper entitlements file."));
+ err = ERR_CANT_CREATE;
+ }
+ }
+ }
+
+ if ((err == OK) && helpers.size() > 0) {
+ Ref<DirAccess> da = DirAccess::create(DirAccess::ACCESS_FILESYSTEM);
+ for (int i = 0; i < helpers.size(); i++) {
+ String hlp_path = helpers[i];
+ err = da->copy(hlp_path, tmp_app_path_name + "/Contents/Helpers/" + hlp_path.get_file());
+ if (err == OK && sign_enabled) {
+ err = _code_sign(p_preset, tmp_app_path_name + "/Contents/Helpers/" + hlp_path.get_file(), hlp_ent_path, false);
+ }
+ FileAccess::set_unix_permissions(tmp_app_path_name + "/Contents/Helpers/" + hlp_path.get_file(), 0755);
+ }
+ }
+
+ bool ad_hoc = true;
+ if (err == OK) {
+#ifdef MACOS_ENABLED
+ String sign_identity = p_preset->get("codesign/identity");
+#else
+ String sign_identity = "-";
+#endif
+ ad_hoc = (sign_identity == "" || sign_identity == "-");
+ bool lib_validation = p_preset->get("codesign/entitlements/disable_library_validation");
+ if ((!dylibs_found.is_empty() || !shared_objects.is_empty()) && sign_enabled && ad_hoc && !lib_validation) {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("Code Signing"), TTR("Ad-hoc signed applications require the 'Disable Library Validation' entitlement to load dynamic libraries."));
+ err = ERR_CANT_CREATE;
+ }
+ }
+
+ if (err == OK) {
+ Ref<DirAccess> da = DirAccess::create(DirAccess::ACCESS_FILESYSTEM);
+ for (int i = 0; i < shared_objects.size(); i++) {
+ String src_path = ProjectSettings::get_singleton()->globalize_path(shared_objects[i].path);
+ if (shared_objects[i].target.is_empty()) {
+ String path_in_app = tmp_app_path_name + "/Contents/Frameworks/" + src_path.get_file();
+ err = _copy_and_sign_files(da, src_path, path_in_app, sign_enabled, p_preset, ent_path, true);
+ } else {
+ String path_in_app = tmp_app_path_name.plus_file(shared_objects[i].target).plus_file(src_path.get_file());
+ err = _copy_and_sign_files(da, src_path, path_in_app, sign_enabled, p_preset, ent_path, false);
+ }
+ if (err != OK) {
+ break;
+ }
+ }
+
+ Vector<Ref<EditorExportPlugin>> export_plugins{ EditorExport::get_singleton()->get_export_plugins() };
+ for (int i = 0; i < export_plugins.size(); ++i) {
+ err = _export_macos_plugins_for(export_plugins[i], tmp_app_path_name, da, sign_enabled, p_preset, ent_path);
+ if (err != OK) {
+ break;
+ }
+ }
+ }
+
+ if (sign_enabled) {
+ for (int i = 0; i < dylibs_found.size(); i++) {
+ if (err == OK) {
+ err = _code_sign(p_preset, tmp_app_path_name + "/" + dylibs_found[i], ent_path, false);
+ }
+ }
+ }
+
+ if (err == OK && sign_enabled) {
+ if (ep.step(TTR("Code signing bundle"), 2)) {
+ return ERR_SKIP;
+ }
+ err = _code_sign(p_preset, tmp_app_path_name, ent_path);
+ }
+
+ if (export_format == "dmg") {
+ // Create a DMG.
+ if (err == OK) {
+ if (ep.step(TTR("Making DMG"), 3)) {
+ return ERR_SKIP;
+ }
+ err = _create_dmg(p_path, pkg_name, tmp_base_path_name);
+ }
+ // Sign DMG.
+ if (err == OK && sign_enabled && !ad_hoc) {
+ if (ep.step(TTR("Code signing DMG"), 3)) {
+ return ERR_SKIP;
+ }
+ err = _code_sign(p_preset, p_path, ent_path, false);
+ }
+ } else if (export_format == "zip") {
+ // Create ZIP.
+ if (err == OK) {
+ if (ep.step(TTR("Making ZIP"), 3)) {
+ return ERR_SKIP;
+ }
+ if (FileAccess::exists(p_path)) {
+ OS::get_singleton()->move_to_trash(p_path);
+ }
+
+ Ref<FileAccess> io_fa_dst;
+ zlib_filefunc_def io_dst = zipio_create_io(&io_fa_dst);
+ zipFile zip = zipOpen2(p_path.utf8().get_data(), APPEND_STATUS_CREATE, nullptr, &io_dst);
+
+ _zip_folder_recursive(zip, tmp_base_path_name, "", pkg_name);
+
+ zipClose(zip, nullptr);
+ }
+ }
+
+#ifdef MACOS_ENABLED
+ bool noto_enabled = p_preset->get("notarization/enable");
+ if (err == OK && noto_enabled) {
+ if (export_format == "app") {
+ add_message(EXPORT_MESSAGE_INFO, TTR("Notarization"), TTR("Notarization requires the app to be archived first, select the DMG or ZIP export format instead."));
+ } else {
+ if (ep.step(TTR("Sending archive for notarization"), 4)) {
+ return ERR_SKIP;
+ }
+ err = _notarize(p_preset, p_path);
+ }
+ }
+#endif
+
+ // Clean up temporary entitlements files.
+ DirAccess::remove_file_or_error(hlp_ent_path);
+
+ // Clean up temporary .app dir and generated entitlements.
+ if ((String)(p_preset->get("codesign/entitlements/custom_file")) == "") {
+ tmp_app_dir->remove(ent_path);
+ }
+ if (export_format != "app") {
+ if (tmp_app_dir->change_dir(tmp_base_path_name) == OK) {
+ tmp_app_dir->erase_contents_recursive();
+ tmp_app_dir->change_dir("..");
+ tmp_app_dir->remove(pkg_name);
+ }
+ }
+ }
+
+ return err;
+}
+
+void EditorExportPlatformMacOS::_zip_folder_recursive(zipFile &p_zip, const String &p_root_path, const String &p_folder, const String &p_pkg_name) {
+ String dir = p_folder.is_empty() ? p_root_path : p_root_path.plus_file(p_folder);
+
+ Ref<DirAccess> da = DirAccess::open(dir);
+ da->list_dir_begin();
+ String f = da->get_next();
+ while (!f.is_empty()) {
+ if (f == "." || f == "..") {
+ f = da->get_next();
+ continue;
+ }
+ if (da->is_link(f)) {
+ OS::Time time = OS::get_singleton()->get_time();
+ OS::Date date = OS::get_singleton()->get_date();
+
+ zip_fileinfo zipfi;
+ zipfi.tmz_date.tm_hour = time.hour;
+ zipfi.tmz_date.tm_mday = date.day;
+ zipfi.tmz_date.tm_min = time.minute;
+ zipfi.tmz_date.tm_mon = date.month - 1; // Note: "tm" month range - 0..11, Godot month range - 1..12, https://www.cplusplus.com/reference/ctime/tm/
+ zipfi.tmz_date.tm_sec = time.second;
+ zipfi.tmz_date.tm_year = date.year;
+ zipfi.dosDate = 0;
+ // 0120000: symbolic link type
+ // 0000755: permissions rwxr-xr-x
+ // 0000644: permissions rw-r--r--
+ uint32_t _mode = 0120644;
+ zipfi.external_fa = (_mode << 16L) | !(_mode & 0200);
+ zipfi.internal_fa = 0;
+
+ zipOpenNewFileInZip4(p_zip,
+ p_folder.plus_file(f).utf8().get_data(),
+ &zipfi,
+ nullptr,
+ 0,
+ nullptr,
+ 0,
+ nullptr,
+ Z_DEFLATED,
+ Z_DEFAULT_COMPRESSION,
+ 0,
+ -MAX_WBITS,
+ DEF_MEM_LEVEL,
+ Z_DEFAULT_STRATEGY,
+ nullptr,
+ 0,
+ 0x0314, // "version made by", 0x03 - Unix, 0x14 - ZIP specification version 2.0, required to store Unix file permissions
+ 0);
+
+ String target = da->read_link(f);
+ zipWriteInFileInZip(p_zip, target.utf8().get_data(), target.utf8().size());
+ zipCloseFileInZip(p_zip);
+ } else if (da->current_is_dir()) {
+ _zip_folder_recursive(p_zip, p_root_path, p_folder.plus_file(f), p_pkg_name);
+ } else {
+ bool is_executable = (p_folder.ends_with("MacOS") && (f == p_pkg_name)) || p_folder.ends_with("Helpers") || f.ends_with(".command");
+
+ OS::Time time = OS::get_singleton()->get_time();
+ OS::Date date = OS::get_singleton()->get_date();
+
+ zip_fileinfo zipfi;
+ zipfi.tmz_date.tm_hour = time.hour;
+ zipfi.tmz_date.tm_mday = date.day;
+ zipfi.tmz_date.tm_min = time.minute;
+ zipfi.tmz_date.tm_mon = date.month - 1; // Note: "tm" month range - 0..11, Godot month range - 1..12, https://www.cplusplus.com/reference/ctime/tm/
+ zipfi.tmz_date.tm_sec = time.second;
+ zipfi.tmz_date.tm_year = date.year;
+ zipfi.dosDate = 0;
+ // 0100000: regular file type
+ // 0000755: permissions rwxr-xr-x
+ // 0000644: permissions rw-r--r--
+ uint32_t _mode = (is_executable ? 0100755 : 0100644);
+ zipfi.external_fa = (_mode << 16L) | !(_mode & 0200);
+ zipfi.internal_fa = 0;
+
+ zipOpenNewFileInZip4(p_zip,
+ p_folder.plus_file(f).utf8().get_data(),
+ &zipfi,
+ nullptr,
+ 0,
+ nullptr,
+ 0,
+ nullptr,
+ Z_DEFLATED,
+ Z_DEFAULT_COMPRESSION,
+ 0,
+ -MAX_WBITS,
+ DEF_MEM_LEVEL,
+ Z_DEFAULT_STRATEGY,
+ nullptr,
+ 0,
+ 0x0314, // "version made by", 0x03 - Unix, 0x14 - ZIP specification version 2.0, required to store Unix file permissions
+ 0);
+
+ Ref<FileAccess> fa = FileAccess::open(dir.plus_file(f), FileAccess::READ);
+ if (fa.is_null()) {
+ add_message(EXPORT_MESSAGE_ERROR, TTR("ZIP Creation"), vformat(TTR("Could not open file to read from path \"%s\"."), dir.plus_file(f)));
+ return;
+ }
+ const int bufsize = 16384;
+ uint8_t buf[bufsize];
+
+ while (true) {
+ uint64_t got = fa->get_buffer(buf, bufsize);
+ if (got == 0) {
+ break;
+ }
+ zipWriteInFileInZip(p_zip, buf, got);
+ }
+
+ zipCloseFileInZip(p_zip);
+ }
+ f = da->get_next();
+ }
+ da->list_dir_end();
+}
+
+bool EditorExportPlatformMacOS::can_export(const Ref<EditorExportPreset> &p_preset, String &r_error, bool &r_missing_templates) const {
+ String err;
+ bool valid = false;
+
+ // Look for export templates (custom templates).
+ bool dvalid = false;
+ bool rvalid = false;
+
+ if (p_preset->get("custom_template/debug") != "") {
+ dvalid = FileAccess::exists(p_preset->get("custom_template/debug"));
+ if (!dvalid) {
+ err += TTR("Custom debug template not found.") + "\n";
+ }
+ }
+ if (p_preset->get("custom_template/release") != "") {
+ rvalid = FileAccess::exists(p_preset->get("custom_template/release"));
+ if (!rvalid) {
+ err += TTR("Custom release template not found.") + "\n";
+ }
+ }
+
+ // Look for export templates (official templates, check only is custom templates are not set).
+ if (!dvalid || !rvalid) {
+ dvalid = exists_export_template("macos.zip", &err);
+ rvalid = dvalid; // Both in the same ZIP.
+ }
+
+ valid = dvalid || rvalid;
+ r_missing_templates = !valid;
+
+ String identifier = p_preset->get("application/bundle_identifier");
+ String pn_err;
+ if (!is_package_name_valid(identifier, &pn_err)) {
+ err += TTR("Invalid bundle identifier:") + " " + pn_err + "\n";
+ valid = false;
+ }
+
+ bool sign_enabled = p_preset->get("codesign/enable");
+
+#ifdef MACOS_ENABLED
+ bool noto_enabled = p_preset->get("notarization/enable");
+ bool ad_hoc = ((p_preset->get("codesign/identity") == "") || (p_preset->get("codesign/identity") == "-"));
+
+ if (!ad_hoc && (bool)EditorSettings::get_singleton()->get("export/macos/force_builtin_codesign")) {
+ err += TTR("Warning: Built-in \"codesign\" is selected in the Editor Settings. Code signing is limited to ad-hoc signature only.") + "\n";
+ }
+ if (!ad_hoc && !FileAccess::exists("/usr/bin/codesign") && !FileAccess::exists("/bin/codesign")) {
+ err += TTR("Warning: Xcode command line tools are not installed, using built-in \"codesign\". Code signing is limited to ad-hoc signature only.") + "\n";
+ }
+
+ if (noto_enabled) {
+ if (ad_hoc) {
+ err += TTR("Notarization: Notarization with an ad-hoc signature is not supported.") + "\n";
+ valid = false;
+ }
+ if (!sign_enabled) {
+ err += TTR("Notarization: Code signing is required for notarization.") + "\n";
+ valid = false;
+ }
+ if (!(bool)p_preset->get("codesign/hardened_runtime")) {
+ err += TTR("Notarization: Hardened runtime is required for notarization.") + "\n";
+ valid = false;
+ }
+ if (!(bool)p_preset->get("codesign/timestamp")) {
+ err += TTR("Notarization: Timestamping is required for notarization.") + "\n";
+ valid = false;
+ }
+ if (p_preset->get("notarization/apple_id_name") == "") {
+ err += TTR("Notarization: Apple ID name not specified.") + "\n";
+ valid = false;
+ }
+ if (p_preset->get("notarization/apple_id_password") == "") {
+ err += TTR("Notarization: Apple ID password not specified.") + "\n";
+ valid = false;
+ }
+ } else {
+ err += TTR("Warning: Notarization is disabled. The exported project will be blocked by Gatekeeper if it's downloaded from an unknown source.") + "\n";
+ if (!sign_enabled) {
+ err += TTR("Code signing is disabled. The exported project will not run on Macs with enabled Gatekeeper and Apple Silicon powered Macs.") + "\n";
+ } else {
+ if ((bool)p_preset->get("codesign/hardened_runtime") && ad_hoc) {
+ err += TTR("Hardened Runtime is not compatible with ad-hoc signature, and will be disabled!") + "\n";
+ }
+ if ((bool)p_preset->get("codesign/timestamp") && ad_hoc) {
+ err += TTR("Timestamping is not compatible with ad-hoc signature, and will be disabled!") + "\n";
+ }
+ }
+ }
+#else
+ err += TTR("Warning: Notarization is not supported from this OS. The exported project will be blocked by Gatekeeper if it's downloaded from an unknown source.") + "\n";
+ if (!sign_enabled) {
+ err += TTR("Code signing is disabled. The exported project will not run on Macs with enabled Gatekeeper and Apple Silicon powered Macs.") + "\n";
+ }
+#endif
+
+ if (sign_enabled) {
+ if ((bool)p_preset->get("codesign/entitlements/audio_input") && ((String)p_preset->get("privacy/microphone_usage_description")).is_empty()) {
+ err += TTR("Privacy: Microphone access is enabled, but usage description is not specified.") + "\n";
+ valid = false;
+ }
+ if ((bool)p_preset->get("codesign/entitlements/camera") && ((String)p_preset->get("privacy/camera_usage_description")).is_empty()) {
+ err += TTR("Privacy: Camera access is enabled, but usage description is not specified.") + "\n";
+ valid = false;
+ }
+ if ((bool)p_preset->get("codesign/entitlements/location") && ((String)p_preset->get("privacy/location_usage_description")).is_empty()) {
+ err += TTR("Privacy: Location information access is enabled, but usage description is not specified.") + "\n";
+ valid = false;
+ }
+ if ((bool)p_preset->get("codesign/entitlements/address_book") && ((String)p_preset->get("privacy/address_book_usage_description")).is_empty()) {
+ err += TTR("Privacy: Address book access is enabled, but usage description is not specified.") + "\n";
+ valid = false;
+ }
+ if ((bool)p_preset->get("codesign/entitlements/calendars") && ((String)p_preset->get("privacy/calendar_usage_description")).is_empty()) {
+ err += TTR("Privacy: Calendar access is enabled, but usage description is not specified.") + "\n";
+ valid = false;
+ }
+ if ((bool)p_preset->get("codesign/entitlements/photos_library") && ((String)p_preset->get("privacy/photos_library_usage_description")).is_empty()) {
+ err += TTR("Privacy: Photo library access is enabled, but usage description is not specified.") + "\n";
+ valid = false;
+ }
+ }
+
+ if (!err.is_empty()) {
+ r_error = err;
+ }
+ return valid;
+}
+
+EditorExportPlatformMacOS::EditorExportPlatformMacOS() {
+ logo = ImageTexture::create_from_image(memnew(Image(_macos_logo)));
+}
+
+EditorExportPlatformMacOS::~EditorExportPlatformMacOS() {
+}
diff --git a/platform/macos/export/export_plugin.h b/platform/macos/export/export_plugin.h
new file mode 100644
index 0000000000..410ec22545
--- /dev/null
+++ b/platform/macos/export/export_plugin.h
@@ -0,0 +1,137 @@
+/*************************************************************************/
+/* export_plugin.h */
+/*************************************************************************/
+/* This file is part of: */
+/* GODOT ENGINE */
+/* https://godotengine.org */
+/*************************************************************************/
+/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */
+/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */
+/* */
+/* Permission is hereby granted, free of charge, to any person obtaining */
+/* a copy of this software and associated documentation files (the */
+/* "Software"), to deal in the Software without restriction, including */
+/* without limitation the rights to use, copy, modify, merge, publish, */
+/* distribute, sublicense, and/or sell copies of the Software, and to */
+/* permit persons to whom the Software is furnished to do so, subject to */
+/* the following conditions: */
+/* */
+/* The above copyright notice and this permission notice shall be */
+/* included in all copies or substantial portions of the Software. */
+/* */
+/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
+/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
+/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
+/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
+/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
+/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
+/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
+/*************************************************************************/
+
+#ifndef MACOS_EXPORT_PLUGIN_H
+#define MACOS_EXPORT_PLUGIN_H
+
+#include "core/config/project_settings.h"
+#include "core/io/dir_access.h"
+#include "core/io/file_access.h"
+#include "core/io/marshalls.h"
+#include "core/io/resource_saver.h"
+#include "core/io/zip_io.h"
+#include "core/os/os.h"
+#include "core/version.h"
+#include "editor/editor_export.h"
+#include "editor/editor_settings.h"
+#include "platform/macos/logo.gen.h"
+
+#include <sys/stat.h>
+
+class EditorExportPlatformMacOS : public EditorExportPlatform {
+ GDCLASS(EditorExportPlatformMacOS, EditorExportPlatform);
+
+ int version_code = 0;
+
+ Ref<ImageTexture> logo;
+
+ void _fix_plist(const Ref<EditorExportPreset> &p_preset, Vector<uint8_t> &plist, const String &p_binary);
+ void _make_icon(const Ref<Image> &p_icon, Vector<uint8_t> &p_data);
+
+ Error _notarize(const Ref<EditorExportPreset> &p_preset, const String &p_path);
+ Error _code_sign(const Ref<EditorExportPreset> &p_preset, const String &p_path, const String &p_ent_path, bool p_warn = true);
+ Error _code_sign_directory(const Ref<EditorExportPreset> &p_preset, const String &p_path, const String &p_ent_path, bool p_should_error_on_non_code = true);
+ Error _copy_and_sign_files(Ref<DirAccess> &dir_access, const String &p_src_path, const String &p_in_app_path,
+ bool p_sign_enabled, const Ref<EditorExportPreset> &p_preset, const String &p_ent_path,
+ bool p_should_error_on_non_code_sign);
+ Error _export_macos_plugins_for(Ref<EditorExportPlugin> p_editor_export_plugin, const String &p_app_path_name,
+ Ref<DirAccess> &dir_access, bool p_sign_enabled, const Ref<EditorExportPreset> &p_preset,
+ const String &p_ent_path);
+ Error _create_dmg(const String &p_dmg_path, const String &p_pkg_name, const String &p_app_path_name);
+ void _zip_folder_recursive(zipFile &p_zip, const String &p_root_path, const String &p_folder, const String &p_pkg_name);
+ Error _export_debug_script(const Ref<EditorExportPreset> &p_preset, const String &p_app_name, const String &p_pkg_name, const String &p_path);
+
+ bool use_codesign() const { return true; }
+#ifdef MACOS_ENABLED
+ bool use_dmg() const { return true; }
+#else
+ bool use_dmg() const { return false; }
+#endif
+
+ bool is_package_name_valid(const String &p_package, String *r_error = nullptr) const {
+ String pname = p_package;
+
+ if (pname.length() == 0) {
+ if (r_error) {
+ *r_error = TTR("Identifier is missing.");
+ }
+ return false;
+ }
+
+ for (int i = 0; i < pname.length(); i++) {
+ char32_t c = pname[i];
+ if (!(is_ascii_alphanumeric_char(c) || c == '-' || c == '.')) {
+ if (r_error) {
+ *r_error = vformat(TTR("The character '%s' is not allowed in Identifier."), String::chr(c));
+ }
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+protected:
+ virtual void get_preset_features(const Ref<EditorExportPreset> &p_preset, List<String> *r_features) override;
+ virtual void get_export_options(List<ExportOption> *r_options) override;
+ virtual bool get_export_option_visibility(const String &p_option, const HashMap<StringName, Variant> &p_options) const override;
+
+public:
+ virtual String get_name() const override { return "macOS"; }
+ virtual String get_os_name() const override { return "macOS"; }
+ virtual Ref<Texture2D> get_logo() const override { return logo; }
+
+ virtual List<String> get_binary_extensions(const Ref<EditorExportPreset> &p_preset) const override {
+ List<String> list;
+ if (use_dmg()) {
+ list.push_back("dmg");
+ }
+ list.push_back("zip");
+ list.push_back("app");
+ return list;
+ }
+ virtual Error export_project(const Ref<EditorExportPreset> &p_preset, bool p_debug, const String &p_path, int p_flags = 0) override;
+
+ virtual bool can_export(const Ref<EditorExportPreset> &p_preset, String &r_error, bool &r_missing_templates) const override;
+
+ virtual void get_platform_features(List<String> *r_features) override {
+ r_features->push_back("pc");
+ r_features->push_back("s3tc");
+ r_features->push_back("macos");
+ }
+
+ virtual void resolve_platform_feature_priorities(const Ref<EditorExportPreset> &p_preset, HashSet<String> &p_features) override {
+ }
+
+ EditorExportPlatformMacOS();
+ ~EditorExportPlatformMacOS();
+};
+
+#endif
diff --git a/platform/macos/export/lipo.cpp b/platform/macos/export/lipo.cpp
new file mode 100644
index 0000000000..82baf18c52
--- /dev/null
+++ b/platform/macos/export/lipo.cpp
@@ -0,0 +1,236 @@
+/*************************************************************************/
+/* lipo.cpp */
+/*************************************************************************/
+/* This file is part of: */
+/* GODOT ENGINE */
+/* https://godotengine.org */
+/*************************************************************************/
+/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */
+/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */
+/* */
+/* Permission is hereby granted, free of charge, to any person obtaining */
+/* a copy of this software and associated documentation files (the */
+/* "Software"), to deal in the Software without restriction, including */
+/* without limitation the rights to use, copy, modify, merge, publish, */
+/* distribute, sublicense, and/or sell copies of the Software, and to */
+/* permit persons to whom the Software is furnished to do so, subject to */
+/* the following conditions: */
+/* */
+/* The above copyright notice and this permission notice shall be */
+/* included in all copies or substantial portions of the Software. */
+/* */
+/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
+/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
+/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
+/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
+/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
+/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
+/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
+/*************************************************************************/
+
+#include "modules/modules_enabled.gen.h" // For regex.
+
+#include "lipo.h"
+
+#ifdef MODULE_REGEX_ENABLED
+
+bool LipO::is_lipo(const String &p_path) {
+ Ref<FileAccess> fb = FileAccess::open(p_path, FileAccess::READ);
+ ERR_FAIL_COND_V_MSG(fb.is_null(), false, vformat("LipO: Can't open file: \"%s\".", p_path));
+ uint32_t magic = fb->get_32();
+ return (magic == 0xbebafeca || magic == 0xcafebabe || magic == 0xbfbafeca || magic == 0xcafebabf);
+}
+
+bool LipO::create_file(const String &p_output_path, const PackedStringArray &p_files) {
+ close();
+
+ fa = FileAccess::open(p_output_path, FileAccess::WRITE);
+ ERR_FAIL_COND_V_MSG(fa.is_null(), false, vformat("LipO: Can't open file: \"%s\".", p_output_path));
+
+ uint64_t max_size = 0;
+ for (int i = 0; i < p_files.size(); i++) {
+ MachO mh;
+ if (!mh.open_file(p_files[i])) {
+ ERR_FAIL_V_MSG(false, vformat("LipO: Invalid MachO file: \"%s.\"", p_files[i]));
+ }
+
+ FatArch arch;
+ arch.cputype = mh.get_cputype();
+ arch.cpusubtype = mh.get_cpusubtype();
+ arch.offset = 0;
+ arch.size = mh.get_size();
+ arch.align = mh.get_align();
+ max_size += arch.size;
+
+ archs.push_back(arch);
+
+ Ref<FileAccess> fb = FileAccess::open(p_files[i], FileAccess::READ);
+ if (fb.is_null()) {
+ close();
+ ERR_FAIL_V_MSG(false, vformat("LipO: Can't open file: \"%s.\"", p_files[i]));
+ }
+ }
+
+ // Write header.
+ bool is_64 = (max_size >= std::numeric_limits<uint32_t>::max());
+ if (is_64) {
+ fa->store_32(0xbfbafeca);
+ } else {
+ fa->store_32(0xbebafeca);
+ }
+ fa->store_32(BSWAP32(archs.size()));
+ uint64_t offset = archs.size() * (is_64 ? 32 : 20) + 8;
+ for (int i = 0; i < archs.size(); i++) {
+ archs.write[i].offset = offset + PAD(offset, uint64_t(1) << archs[i].align);
+ if (is_64) {
+ fa->store_32(BSWAP32(archs[i].cputype));
+ fa->store_32(BSWAP32(archs[i].cpusubtype));
+ fa->store_64(BSWAP64(archs[i].offset));
+ fa->store_64(BSWAP64(archs[i].size));
+ fa->store_32(BSWAP32(archs[i].align));
+ fa->store_32(0);
+ } else {
+ fa->store_32(BSWAP32(archs[i].cputype));
+ fa->store_32(BSWAP32(archs[i].cpusubtype));
+ fa->store_32(BSWAP32(archs[i].offset));
+ fa->store_32(BSWAP32(archs[i].size));
+ fa->store_32(BSWAP32(archs[i].align));
+ }
+ offset = archs[i].offset + archs[i].size;
+ }
+
+ // Write files and padding.
+ for (int i = 0; i < archs.size(); i++) {
+ Ref<FileAccess> fb = FileAccess::open(p_files[i], FileAccess::READ);
+ if (fb.is_null()) {
+ close();
+ ERR_FAIL_V_MSG(false, vformat("LipO: Can't open file: \"%s.\"", p_files[i]));
+ }
+ uint64_t cur = fa->get_position();
+ for (uint64_t j = cur; j < archs[i].offset; j++) {
+ fa->store_8(0);
+ }
+ int pages = archs[i].size / 4096;
+ int remain = archs[i].size % 4096;
+ unsigned char step[4096];
+ for (int j = 0; j < pages; j++) {
+ uint64_t br = fb->get_buffer(step, 4096);
+ if (br > 0) {
+ fa->store_buffer(step, br);
+ }
+ }
+ uint64_t br = fb->get_buffer(step, remain);
+ if (br > 0) {
+ fa->store_buffer(step, br);
+ }
+ }
+ return true;
+}
+
+bool LipO::open_file(const String &p_path) {
+ close();
+
+ fa = FileAccess::open(p_path, FileAccess::READ);
+ ERR_FAIL_COND_V_MSG(fa.is_null(), false, vformat("LipO: Can't open file: \"%s\".", p_path));
+
+ uint32_t magic = fa->get_32();
+ if (magic == 0xbebafeca) {
+ // 32-bit fat binary, bswap.
+ uint32_t nfat_arch = BSWAP32(fa->get_32());
+ for (uint32_t i = 0; i < nfat_arch; i++) {
+ FatArch arch;
+ arch.cputype = BSWAP32(fa->get_32());
+ arch.cpusubtype = BSWAP32(fa->get_32());
+ arch.offset = BSWAP32(fa->get_32());
+ arch.size = BSWAP32(fa->get_32());
+ arch.align = BSWAP32(fa->get_32());
+
+ archs.push_back(arch);
+ }
+ } else if (magic == 0xcafebabe) {
+ // 32-bit fat binary.
+ uint32_t nfat_arch = fa->get_32();
+ for (uint32_t i = 0; i < nfat_arch; i++) {
+ FatArch arch;
+ arch.cputype = fa->get_32();
+ arch.cpusubtype = fa->get_32();
+ arch.offset = fa->get_32();
+ arch.size = fa->get_32();
+ arch.align = fa->get_32();
+
+ archs.push_back(arch);
+ }
+ } else if (magic == 0xbfbafeca) {
+ // 64-bit fat binary, bswap.
+ uint32_t nfat_arch = BSWAP32(fa->get_32());
+ for (uint32_t i = 0; i < nfat_arch; i++) {
+ FatArch arch;
+ arch.cputype = BSWAP32(fa->get_32());
+ arch.cpusubtype = BSWAP32(fa->get_32());
+ arch.offset = BSWAP64(fa->get_64());
+ arch.size = BSWAP64(fa->get_64());
+ arch.align = BSWAP32(fa->get_32());
+ fa->get_32(); // Skip, reserved.
+
+ archs.push_back(arch);
+ }
+ } else if (magic == 0xcafebabf) {
+ // 64-bit fat binary.
+ uint32_t nfat_arch = fa->get_32();
+ for (uint32_t i = 0; i < nfat_arch; i++) {
+ FatArch arch;
+ arch.cputype = fa->get_32();
+ arch.cpusubtype = fa->get_32();
+ arch.offset = fa->get_64();
+ arch.size = fa->get_64();
+ arch.align = fa->get_32();
+ fa->get_32(); // Skip, reserved.
+
+ archs.push_back(arch);
+ }
+ } else {
+ close();
+ ERR_FAIL_V_MSG(false, vformat("LipO: Invalid fat binary: \"%s\".", p_path));
+ }
+ return true;
+}
+
+int LipO::get_arch_count() const {
+ ERR_FAIL_COND_V_MSG(fa.is_null(), 0, "LipO: File not opened.");
+ return archs.size();
+}
+
+bool LipO::extract_arch(int p_index, const String &p_path) {
+ ERR_FAIL_COND_V_MSG(fa.is_null(), false, "LipO: File not opened.");
+ ERR_FAIL_INDEX_V(p_index, archs.size(), false);
+
+ Ref<FileAccess> fb = FileAccess::open(p_path, FileAccess::WRITE);
+ ERR_FAIL_COND_V_MSG(fb.is_null(), false, vformat("LipO: Can't open file: \"%s\".", p_path));
+
+ fa->seek(archs[p_index].offset);
+
+ int pages = archs[p_index].size / 4096;
+ int remain = archs[p_index].size % 4096;
+ unsigned char step[4096];
+ for (int i = 0; i < pages; i++) {
+ uint64_t br = fa->get_buffer(step, 4096);
+ if (br > 0) {
+ fb->store_buffer(step, br);
+ }
+ }
+ uint64_t br = fa->get_buffer(step, remain);
+ if (br > 0) {
+ fb->store_buffer(step, br);
+ }
+ return true;
+}
+
+void LipO::close() {
+ archs.clear();
+}
+
+LipO::~LipO() {
+ close();
+}
+
+#endif // MODULE_REGEX_ENABLED
diff --git a/platform/macos/export/lipo.h b/platform/macos/export/lipo.h
new file mode 100644
index 0000000000..0e419be17e
--- /dev/null
+++ b/platform/macos/export/lipo.h
@@ -0,0 +1,76 @@
+/*************************************************************************/
+/* lipo.h */
+/*************************************************************************/
+/* This file is part of: */
+/* GODOT ENGINE */
+/* https://godotengine.org */
+/*************************************************************************/
+/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */
+/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */
+/* */
+/* Permission is hereby granted, free of charge, to any person obtaining */
+/* a copy of this software and associated documentation files (the */
+/* "Software"), to deal in the Software without restriction, including */
+/* without limitation the rights to use, copy, modify, merge, publish, */
+/* distribute, sublicense, and/or sell copies of the Software, and to */
+/* permit persons to whom the Software is furnished to do so, subject to */
+/* the following conditions: */
+/* */
+/* The above copyright notice and this permission notice shall be */
+/* included in all copies or substantial portions of the Software. */
+/* */
+/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
+/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
+/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
+/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
+/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
+/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
+/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
+/*************************************************************************/
+
+// Universal / Universal 2 fat binary file creator and extractor.
+
+#ifndef LIPO_H
+#define LIPO_H
+
+#include "core/io/file_access.h"
+#include "core/object/ref_counted.h"
+#include "modules/modules_enabled.gen.h" // For regex.
+
+#include "macho.h"
+
+#ifdef MODULE_REGEX_ENABLED
+
+class LipO : public RefCounted {
+ struct FatArch {
+ uint32_t cputype;
+ uint32_t cpusubtype;
+ uint64_t offset;
+ uint64_t size;
+ uint32_t align;
+ };
+
+ Ref<FileAccess> fa;
+ Vector<FatArch> archs;
+
+ static inline size_t PAD(size_t s, size_t a) {
+ return (a - s % a);
+ }
+
+public:
+ static bool is_lipo(const String &p_path);
+
+ bool create_file(const String &p_output_path, const PackedStringArray &p_files);
+
+ bool open_file(const String &p_path);
+ int get_arch_count() const;
+ bool extract_arch(int p_index, const String &p_path);
+
+ void close();
+
+ ~LipO();
+};
+
+#endif // MODULE_REGEX_ENABLED
+
+#endif // LIPO_H
diff --git a/platform/macos/export/macho.cpp b/platform/macos/export/macho.cpp
new file mode 100644
index 0000000000..e6e67eff06
--- /dev/null
+++ b/platform/macos/export/macho.cpp
@@ -0,0 +1,548 @@
+/*************************************************************************/
+/* macho.cpp */
+/*************************************************************************/
+/* This file is part of: */
+/* GODOT ENGINE */
+/* https://godotengine.org */
+/*************************************************************************/
+/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */
+/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */
+/* */
+/* Permission is hereby granted, free of charge, to any person obtaining */
+/* a copy of this software and associated documentation files (the */
+/* "Software"), to deal in the Software without restriction, including */
+/* without limitation the rights to use, copy, modify, merge, publish, */
+/* distribute, sublicense, and/or sell copies of the Software, and to */
+/* permit persons to whom the Software is furnished to do so, subject to */
+/* the following conditions: */
+/* */
+/* The above copyright notice and this permission notice shall be */
+/* included in all copies or substantial portions of the Software. */
+/* */
+/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
+/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
+/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
+/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
+/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
+/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
+/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
+/*************************************************************************/
+
+#include "modules/modules_enabled.gen.h" // For regex.
+
+#include "macho.h"
+
+#ifdef MODULE_REGEX_ENABLED
+
+uint32_t MachO::seg_align(uint64_t p_vmaddr, uint32_t p_min, uint32_t p_max) {
+ uint32_t align = p_max;
+ if (p_vmaddr != 0) {
+ uint64_t seg_align = 1;
+ align = 0;
+ while ((seg_align & p_vmaddr) == 0) {
+ seg_align = seg_align << 1;
+ align++;
+ }
+ align = CLAMP(align, p_min, p_max);
+ }
+ return align;
+}
+
+bool MachO::alloc_signature(uint64_t p_size) {
+ ERR_FAIL_COND_V_MSG(fa.is_null(), false, "MachO: File not opened.");
+ if (signature_offset != 0) {
+ // Nothing to do, already have signature load command.
+ return true;
+ }
+ if (lc_limit == 0 || lc_limit + 16 > exe_base) {
+ ERR_FAIL_V_MSG(false, "MachO: Can't allocate signature load command, please use \"codesign_allocate\" utility first.");
+ } else {
+ // Add signature load command.
+ signature_offset = lc_limit;
+
+ fa->seek(lc_limit);
+ LoadCommandHeader lc;
+ lc.cmd = LC_CODE_SIGNATURE;
+ lc.cmdsize = 16;
+ if (swap) {
+ lc.cmdsize = BSWAP32(lc.cmdsize);
+ }
+ fa->store_buffer((const uint8_t *)&lc, sizeof(LoadCommandHeader));
+
+ uint32_t lc_offset = fa->get_length() + PAD(fa->get_length(), 16);
+ uint32_t lc_size = 0;
+ if (swap) {
+ lc_offset = BSWAP32(lc_offset);
+ lc_size = BSWAP32(lc_size);
+ }
+ fa->store_32(lc_offset);
+ fa->store_32(lc_size);
+
+ // Write new command number.
+ fa->seek(0x10);
+ uint32_t ncmds = fa->get_32();
+ uint32_t cmdssize = fa->get_32();
+ if (swap) {
+ ncmds = BSWAP32(ncmds);
+ cmdssize = BSWAP32(cmdssize);
+ }
+ ncmds += 1;
+ cmdssize += 16;
+ if (swap) {
+ ncmds = BSWAP32(ncmds);
+ cmdssize = BSWAP32(cmdssize);
+ }
+ fa->seek(0x10);
+ fa->store_32(ncmds);
+ fa->store_32(cmdssize);
+
+ lc_limit = lc_limit + sizeof(LoadCommandHeader) + 8;
+
+ return true;
+ }
+}
+
+bool MachO::is_macho(const String &p_path) {
+ Ref<FileAccess> fb = FileAccess::open(p_path, FileAccess::READ);
+ ERR_FAIL_COND_V_MSG(fb.is_null(), false, vformat("MachO: Can't open file: \"%s\".", p_path));
+ uint32_t magic = fb->get_32();
+ return (magic == 0xcefaedfe || magic == 0xfeedface || magic == 0xcffaedfe || magic == 0xfeedfacf);
+}
+
+bool MachO::open_file(const String &p_path) {
+ fa = FileAccess::open(p_path, FileAccess::READ_WRITE);
+ ERR_FAIL_COND_V_MSG(fa.is_null(), false, vformat("MachO: Can't open file: \"%s\".", p_path));
+ uint32_t magic = fa->get_32();
+ MachHeader mach_header;
+
+ // Read MachO header.
+ swap = (magic == 0xcffaedfe || magic == 0xcefaedfe);
+ if (magic == 0xcefaedfe || magic == 0xfeedface) {
+ // Thin 32-bit binary.
+ fa->get_buffer((uint8_t *)&mach_header, sizeof(MachHeader));
+ } else if (magic == 0xcffaedfe || magic == 0xfeedfacf) {
+ // Thin 64-bit binary.
+ fa->get_buffer((uint8_t *)&mach_header, sizeof(MachHeader));
+ fa->get_32(); // Skip extra reserved field.
+ } else {
+ ERR_FAIL_V_MSG(false, vformat("MachO: File is not a valid MachO binary: \"%s\".", p_path));
+ }
+
+ if (swap) {
+ mach_header.ncmds = BSWAP32(mach_header.ncmds);
+ mach_header.cpusubtype = BSWAP32(mach_header.cpusubtype);
+ mach_header.cputype = BSWAP32(mach_header.cputype);
+ }
+ cpusubtype = mach_header.cpusubtype;
+ cputype = mach_header.cputype;
+ align = 0;
+ exe_base = std::numeric_limits<uint64_t>::max();
+ exe_limit = 0;
+ lc_limit = 0;
+ link_edit_offset = 0;
+ signature_offset = 0;
+
+ // Read load commands.
+ for (uint32_t i = 0; i < mach_header.ncmds; i++) {
+ LoadCommandHeader lc;
+ fa->get_buffer((uint8_t *)&lc, sizeof(LoadCommandHeader));
+ if (swap) {
+ lc.cmd = BSWAP32(lc.cmd);
+ lc.cmdsize = BSWAP32(lc.cmdsize);
+ }
+ uint64_t ps = fa->get_position();
+ switch (lc.cmd) {
+ case LC_SEGMENT: {
+ LoadCommandSegment lc_seg;
+ fa->get_buffer((uint8_t *)&lc_seg, sizeof(LoadCommandSegment));
+ if (swap) {
+ lc_seg.nsects = BSWAP32(lc_seg.nsects);
+ lc_seg.vmaddr = BSWAP32(lc_seg.vmaddr);
+ lc_seg.vmsize = BSWAP32(lc_seg.vmsize);
+ }
+ align = MAX(align, seg_align(lc_seg.vmaddr, 2, 15));
+ if (String(lc_seg.segname) == "__TEXT") {
+ exe_limit = MAX(exe_limit, lc_seg.vmsize);
+ for (uint32_t j = 0; j < lc_seg.nsects; j++) {
+ Section lc_sect;
+ fa->get_buffer((uint8_t *)&lc_sect, sizeof(Section));
+ if (String(lc_sect.sectname) == "__text") {
+ if (swap) {
+ exe_base = MIN(exe_base, BSWAP32(lc_sect.offset));
+ } else {
+ exe_base = MIN(exe_base, lc_sect.offset);
+ }
+ }
+ if (swap) {
+ align = MAX(align, BSWAP32(lc_sect.align));
+ } else {
+ align = MAX(align, lc_sect.align);
+ }
+ }
+ } else if (String(lc_seg.segname) == "__LINKEDIT") {
+ link_edit_offset = ps - 8;
+ }
+ } break;
+ case LC_SEGMENT_64: {
+ LoadCommandSegment64 lc_seg;
+ fa->get_buffer((uint8_t *)&lc_seg, sizeof(LoadCommandSegment64));
+ if (swap) {
+ lc_seg.nsects = BSWAP32(lc_seg.nsects);
+ lc_seg.vmaddr = BSWAP64(lc_seg.vmaddr);
+ lc_seg.vmsize = BSWAP64(lc_seg.vmsize);
+ }
+ align = MAX(align, seg_align(lc_seg.vmaddr, 3, 15));
+ if (String(lc_seg.segname) == "__TEXT") {
+ exe_limit = MAX(exe_limit, lc_seg.vmsize);
+ for (uint32_t j = 0; j < lc_seg.nsects; j++) {
+ Section64 lc_sect;
+ fa->get_buffer((uint8_t *)&lc_sect, sizeof(Section64));
+ if (String(lc_sect.sectname) == "__text") {
+ if (swap) {
+ exe_base = MIN(exe_base, BSWAP32(lc_sect.offset));
+ } else {
+ exe_base = MIN(exe_base, lc_sect.offset);
+ }
+ if (swap) {
+ align = MAX(align, BSWAP32(lc_sect.align));
+ } else {
+ align = MAX(align, lc_sect.align);
+ }
+ }
+ }
+ } else if (String(lc_seg.segname) == "__LINKEDIT") {
+ link_edit_offset = ps - 8;
+ }
+ } break;
+ case LC_CODE_SIGNATURE: {
+ signature_offset = ps - 8;
+ } break;
+ default: {
+ } break;
+ }
+ fa->seek(ps + lc.cmdsize - 8);
+ lc_limit = ps + lc.cmdsize - 8;
+ }
+
+ if (exe_limit == 0 || lc_limit == 0) {
+ ERR_FAIL_V_MSG(false, vformat("MachO: No load commands or executable code found: \"%s\".", p_path));
+ }
+
+ return true;
+}
+
+uint64_t MachO::get_exe_base() {
+ ERR_FAIL_COND_V_MSG(fa.is_null(), 0, "MachO: File not opened.");
+ return exe_base;
+}
+
+uint64_t MachO::get_exe_limit() {
+ ERR_FAIL_COND_V_MSG(fa.is_null(), 0, "MachO: File not opened.");
+ return exe_limit;
+}
+
+int32_t MachO::get_align() {
+ ERR_FAIL_COND_V_MSG(fa.is_null(), 0, "MachO: File not opened.");
+ return align;
+}
+
+uint32_t MachO::get_cputype() {
+ ERR_FAIL_COND_V_MSG(fa.is_null(), 0, "MachO: File not opened.");
+ return cputype;
+}
+
+uint32_t MachO::get_cpusubtype() {
+ ERR_FAIL_COND_V_MSG(fa.is_null(), 0, "MachO: File not opened.");
+ return cpusubtype;
+}
+
+uint64_t MachO::get_size() {
+ ERR_FAIL_COND_V_MSG(fa.is_null(), 0, "MachO: File not opened.");
+ return fa->get_length();
+}
+
+uint64_t MachO::get_signature_offset() {
+ ERR_FAIL_COND_V_MSG(fa.is_null(), 0, "MachO: File not opened.");
+ ERR_FAIL_COND_V_MSG(signature_offset == 0, 0, "MachO: No signature load command.");
+
+ fa->seek(signature_offset + 8);
+ if (swap) {
+ return BSWAP32(fa->get_32());
+ } else {
+ return fa->get_32();
+ }
+}
+
+uint64_t MachO::get_code_limit() {
+ ERR_FAIL_COND_V_MSG(fa.is_null(), 0, "MachO: File not opened.");
+
+ if (signature_offset == 0) {
+ return fa->get_length() + PAD(fa->get_length(), 16);
+ } else {
+ return get_signature_offset();
+ }
+}
+
+uint64_t MachO::get_signature_size() {
+ ERR_FAIL_COND_V_MSG(fa.is_null(), 0, "MachO: File not opened.");
+ ERR_FAIL_COND_V_MSG(signature_offset == 0, 0, "MachO: No signature load command.");
+
+ fa->seek(signature_offset + 12);
+ if (swap) {
+ return BSWAP32(fa->get_32());
+ } else {
+ return fa->get_32();
+ }
+}
+
+bool MachO::is_signed() {
+ ERR_FAIL_COND_V_MSG(fa.is_null(), false, "MachO: File not opened.");
+ if (signature_offset == 0) {
+ return false;
+ }
+
+ fa->seek(get_signature_offset());
+ uint32_t magic = BSWAP32(fa->get_32());
+ if (magic != 0xfade0cc0) {
+ return false; // No SuperBlob found.
+ }
+ fa->get_32(); // Skip size field, unused.
+ uint32_t count = BSWAP32(fa->get_32());
+ for (uint32_t i = 0; i < count; i++) {
+ uint32_t index_type = BSWAP32(fa->get_32());
+ uint32_t offset = BSWAP32(fa->get_32());
+ if (index_type == 0x00000000) { // CodeDirectory index type.
+ fa->seek(get_signature_offset() + offset + 12);
+ uint32_t flags = BSWAP32(fa->get_32());
+ if (flags & 0x20000) {
+ return false; // Found CD, linker-signed.
+ } else {
+ return true; // Found CD, not linker-signed.
+ }
+ }
+ }
+ return false; // No CD found.
+}
+
+PackedByteArray MachO::get_cdhash_sha1() {
+ ERR_FAIL_COND_V_MSG(fa.is_null(), PackedByteArray(), "MachO: File not opened.");
+ if (signature_offset == 0) {
+ return PackedByteArray();
+ }
+
+ fa->seek(get_signature_offset());
+ uint32_t magic = BSWAP32(fa->get_32());
+ if (magic != 0xfade0cc0) {
+ return PackedByteArray(); // No SuperBlob found.
+ }
+ fa->get_32(); // Skip size field, unused.
+ uint32_t count = BSWAP32(fa->get_32());
+ for (uint32_t i = 0; i < count; i++) {
+ fa->get_32(); // Index type, skip.
+ uint32_t offset = BSWAP32(fa->get_32());
+ uint64_t pos = fa->get_position();
+
+ fa->seek(get_signature_offset() + offset);
+ uint32_t cdmagic = BSWAP32(fa->get_32());
+ uint32_t cdsize = BSWAP32(fa->get_32());
+ if (cdmagic == 0xfade0c02) { // CodeDirectory.
+ fa->seek(get_signature_offset() + offset + 36);
+ uint8_t hash_size = fa->get_8();
+ uint8_t hash_type = fa->get_8();
+ if (hash_size == 0x14 && hash_type == 0x01) { /* SHA-1 */
+ PackedByteArray hash;
+ hash.resize(0x14);
+
+ fa->seek(get_signature_offset() + offset);
+ PackedByteArray blob;
+ blob.resize(cdsize);
+ fa->get_buffer(blob.ptrw(), cdsize);
+
+ CryptoCore::SHA1Context ctx;
+ ctx.start();
+ ctx.update(blob.ptr(), blob.size());
+ ctx.finish(hash.ptrw());
+
+ return hash;
+ }
+ }
+ fa->seek(pos);
+ }
+ return PackedByteArray();
+}
+
+PackedByteArray MachO::get_cdhash_sha256() {
+ ERR_FAIL_COND_V_MSG(fa.is_null(), PackedByteArray(), "MachO: File not opened.");
+ if (signature_offset == 0) {
+ return PackedByteArray();
+ }
+
+ fa->seek(get_signature_offset());
+ uint32_t magic = BSWAP32(fa->get_32());
+ if (magic != 0xfade0cc0) {
+ return PackedByteArray(); // No SuperBlob found.
+ }
+ fa->get_32(); // Skip size field, unused.
+ uint32_t count = BSWAP32(fa->get_32());
+ for (uint32_t i = 0; i < count; i++) {
+ fa->get_32(); // Index type, skip.
+ uint32_t offset = BSWAP32(fa->get_32());
+ uint64_t pos = fa->get_position();
+
+ fa->seek(get_signature_offset() + offset);
+ uint32_t cdmagic = BSWAP32(fa->get_32());
+ uint32_t cdsize = BSWAP32(fa->get_32());
+ if (cdmagic == 0xfade0c02) { // CodeDirectory.
+ fa->seek(get_signature_offset() + offset + 36);
+ uint8_t hash_size = fa->get_8();
+ uint8_t hash_type = fa->get_8();
+ if (hash_size == 0x20 && hash_type == 0x02) { /* SHA-256 */
+ PackedByteArray hash;
+ hash.resize(0x20);
+
+ fa->seek(get_signature_offset() + offset);
+ PackedByteArray blob;
+ blob.resize(cdsize);
+ fa->get_buffer(blob.ptrw(), cdsize);
+
+ CryptoCore::SHA256Context ctx;
+ ctx.start();
+ ctx.update(blob.ptr(), blob.size());
+ ctx.finish(hash.ptrw());
+
+ return hash;
+ }
+ }
+ fa->seek(pos);
+ }
+ return PackedByteArray();
+}
+
+PackedByteArray MachO::get_requirements() {
+ ERR_FAIL_COND_V_MSG(fa.is_null(), PackedByteArray(), "MachO: File not opened.");
+ if (signature_offset == 0) {
+ return PackedByteArray();
+ }
+
+ fa->seek(get_signature_offset());
+ uint32_t magic = BSWAP32(fa->get_32());
+ if (magic != 0xfade0cc0) {
+ return PackedByteArray(); // No SuperBlob found.
+ }
+ fa->get_32(); // Skip size field, unused.
+ uint32_t count = BSWAP32(fa->get_32());
+ for (uint32_t i = 0; i < count; i++) {
+ fa->get_32(); // Index type, skip.
+ uint32_t offset = BSWAP32(fa->get_32());
+ uint64_t pos = fa->get_position();
+
+ fa->seek(get_signature_offset() + offset);
+ uint32_t rqmagic = BSWAP32(fa->get_32());
+ uint32_t rqsize = BSWAP32(fa->get_32());
+ if (rqmagic == 0xfade0c01) { // Requirements.
+ PackedByteArray blob;
+ fa->seek(get_signature_offset() + offset);
+ blob.resize(rqsize);
+ fa->get_buffer(blob.ptrw(), rqsize);
+ return blob;
+ }
+ fa->seek(pos);
+ }
+ return PackedByteArray();
+}
+
+const Ref<FileAccess> MachO::get_file() const {
+ return fa;
+}
+
+Ref<FileAccess> MachO::get_file() {
+ return fa;
+}
+
+bool MachO::set_signature_size(uint64_t p_size) {
+ ERR_FAIL_COND_V_MSG(fa.is_null(), false, "MachO: File not opened.");
+
+ // Ensure signature load command exists.
+ ERR_FAIL_COND_V_MSG(link_edit_offset == 0, false, "MachO: No __LINKEDIT segment found.");
+ ERR_FAIL_COND_V_MSG(!alloc_signature(p_size), false, "MachO: Can't allocate signature load command.");
+
+ // Update signature load command.
+ uint64_t old_size = get_signature_size();
+ uint64_t new_size = p_size + PAD(p_size, 16384);
+
+ if (new_size <= old_size) {
+ fa->seek(get_signature_offset());
+ for (uint64_t i = 0; i < old_size; i++) {
+ fa->store_8(0x00);
+ }
+ return true;
+ }
+
+ fa->seek(signature_offset + 12);
+ if (swap) {
+ fa->store_32(BSWAP32(new_size));
+ } else {
+ fa->store_32(new_size);
+ }
+
+ uint64_t end = get_signature_offset() + new_size;
+
+ // Update "__LINKEDIT" segment.
+ LoadCommandHeader lc;
+ fa->seek(link_edit_offset);
+ fa->get_buffer((uint8_t *)&lc, sizeof(LoadCommandHeader));
+ if (swap) {
+ lc.cmd = BSWAP32(lc.cmd);
+ lc.cmdsize = BSWAP32(lc.cmdsize);
+ }
+ switch (lc.cmd) {
+ case LC_SEGMENT: {
+ LoadCommandSegment lc_seg;
+ fa->get_buffer((uint8_t *)&lc_seg, sizeof(LoadCommandSegment));
+ if (swap) {
+ lc_seg.vmsize = BSWAP32(lc_seg.vmsize);
+ lc_seg.filesize = BSWAP32(lc_seg.filesize);
+ lc_seg.fileoff = BSWAP32(lc_seg.fileoff);
+ }
+
+ lc_seg.vmsize = end - lc_seg.fileoff;
+ lc_seg.vmsize += PAD(lc_seg.vmsize, 4096);
+ lc_seg.filesize = end - lc_seg.fileoff;
+
+ if (swap) {
+ lc_seg.vmsize = BSWAP32(lc_seg.vmsize);
+ lc_seg.filesize = BSWAP32(lc_seg.filesize);
+ }
+ fa->seek(link_edit_offset + 8);
+ fa->store_buffer((const uint8_t *)&lc_seg, sizeof(LoadCommandSegment));
+ } break;
+ case LC_SEGMENT_64: {
+ LoadCommandSegment64 lc_seg;
+ fa->get_buffer((uint8_t *)&lc_seg, sizeof(LoadCommandSegment64));
+ if (swap) {
+ lc_seg.vmsize = BSWAP64(lc_seg.vmsize);
+ lc_seg.filesize = BSWAP64(lc_seg.filesize);
+ lc_seg.fileoff = BSWAP64(lc_seg.fileoff);
+ }
+ lc_seg.vmsize = end - lc_seg.fileoff;
+ lc_seg.vmsize += PAD(lc_seg.vmsize, 4096);
+ lc_seg.filesize = end - lc_seg.fileoff;
+ if (swap) {
+ lc_seg.vmsize = BSWAP64(lc_seg.vmsize);
+ lc_seg.filesize = BSWAP64(lc_seg.filesize);
+ }
+ fa->seek(link_edit_offset + 8);
+ fa->store_buffer((const uint8_t *)&lc_seg, sizeof(LoadCommandSegment64));
+ } break;
+ default: {
+ ERR_FAIL_V_MSG(false, "MachO: Invalid __LINKEDIT segment type.");
+ } break;
+ }
+ fa->seek(get_signature_offset());
+ for (uint64_t i = 0; i < new_size; i++) {
+ fa->store_8(0x00);
+ }
+ return true;
+}
+
+#endif // MODULE_REGEX_ENABLED
diff --git a/platform/macos/export/macho.h b/platform/macos/export/macho.h
new file mode 100644
index 0000000000..6cfc3c44f5
--- /dev/null
+++ b/platform/macos/export/macho.h
@@ -0,0 +1,215 @@
+/*************************************************************************/
+/* macho.h */
+/*************************************************************************/
+/* This file is part of: */
+/* GODOT ENGINE */
+/* https://godotengine.org */
+/*************************************************************************/
+/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */
+/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */
+/* */
+/* Permission is hereby granted, free of charge, to any person obtaining */
+/* a copy of this software and associated documentation files (the */
+/* "Software"), to deal in the Software without restriction, including */
+/* without limitation the rights to use, copy, modify, merge, publish, */
+/* distribute, sublicense, and/or sell copies of the Software, and to */
+/* permit persons to whom the Software is furnished to do so, subject to */
+/* the following conditions: */
+/* */
+/* The above copyright notice and this permission notice shall be */
+/* included in all copies or substantial portions of the Software. */
+/* */
+/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
+/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
+/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
+/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
+/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
+/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
+/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
+/*************************************************************************/
+
+// Mach-O binary object file format parser and editor.
+
+#ifndef MACHO_H
+#define MACHO_H
+
+#include "core/crypto/crypto.h"
+#include "core/crypto/crypto_core.h"
+#include "core/io/file_access.h"
+#include "core/object/ref_counted.h"
+#include "modules/modules_enabled.gen.h" // For regex.
+
+#ifdef MODULE_REGEX_ENABLED
+
+class MachO : public RefCounted {
+ struct MachHeader {
+ uint32_t cputype;
+ uint32_t cpusubtype;
+ uint32_t filetype;
+ uint32_t ncmds;
+ uint32_t sizeofcmds;
+ uint32_t flags;
+ };
+
+ enum LoadCommandID {
+ LC_SEGMENT = 0x00000001,
+ LC_SYMTAB = 0x00000002,
+ LC_SYMSEG = 0x00000003,
+ LC_THREAD = 0x00000004,
+ LC_UNIXTHREAD = 0x00000005,
+ LC_LOADFVMLIB = 0x00000006,
+ LC_IDFVMLIB = 0x00000007,
+ LC_IDENT = 0x00000008,
+ LC_FVMFILE = 0x00000009,
+ LC_PREPAGE = 0x0000000a,
+ LC_DYSYMTAB = 0x0000000b,
+ LC_LOAD_DYLIB = 0x0000000c,
+ LC_ID_DYLIB = 0x0000000d,
+ LC_LOAD_DYLINKER = 0x0000000e,
+ LC_ID_DYLINKER = 0x0000000f,
+ LC_PREBOUND_DYLIB = 0x00000010,
+ LC_ROUTINES = 0x00000011,
+ LC_SUB_FRAMEWORK = 0x00000012,
+ LC_SUB_UMBRELLA = 0x00000013,
+ LC_SUB_CLIENT = 0x00000014,
+ LC_SUB_LIBRARY = 0x00000015,
+ LC_TWOLEVEL_HINTS = 0x00000016,
+ LC_PREBIND_CKSUM = 0x00000017,
+ LC_LOAD_WEAK_DYLIB = 0x80000018,
+ LC_SEGMENT_64 = 0x00000019,
+ LC_ROUTINES_64 = 0x0000001a,
+ LC_UUID = 0x0000001b,
+ LC_RPATH = 0x8000001c,
+ LC_CODE_SIGNATURE = 0x0000001d,
+ LC_SEGMENT_SPLIT_INFO = 0x0000001e,
+ LC_REEXPORT_DYLIB = 0x8000001f,
+ LC_LAZY_LOAD_DYLIB = 0x00000020,
+ LC_ENCRYPTION_INFO = 0x00000021,
+ LC_DYLD_INFO = 0x00000022,
+ LC_DYLD_INFO_ONLY = 0x80000022,
+ LC_LOAD_UPWARD_DYLIB = 0x80000023,
+ LC_VERSION_MIN_MACOSX = 0x00000024,
+ LC_VERSION_MIN_IPHONEOS = 0x00000025,
+ LC_FUNCTION_STARTS = 0x00000026,
+ LC_DYLD_ENVIRONMENT = 0x00000027,
+ LC_MAIN = 0x80000028,
+ LC_DATA_IN_CODE = 0x00000029,
+ LC_SOURCE_VERSION = 0x0000002a,
+ LC_DYLIB_CODE_SIGN_DRS = 0x0000002b,
+ LC_ENCRYPTION_INFO_64 = 0x0000002c,
+ LC_LINKER_OPTION = 0x0000002d,
+ LC_LINKER_OPTIMIZATION_HINT = 0x0000002e,
+ LC_VERSION_MIN_TVOS = 0x0000002f,
+ LC_VERSION_MIN_WATCHOS = 0x00000030,
+ };
+
+ struct LoadCommandHeader {
+ uint32_t cmd;
+ uint32_t cmdsize;
+ };
+
+ struct LoadCommandSegment {
+ char segname[16];
+ uint32_t vmaddr;
+ uint32_t vmsize;
+ uint32_t fileoff;
+ uint32_t filesize;
+ uint32_t maxprot;
+ uint32_t initprot;
+ uint32_t nsects;
+ uint32_t flags;
+ };
+
+ struct LoadCommandSegment64 {
+ char segname[16];
+ uint64_t vmaddr;
+ uint64_t vmsize;
+ uint64_t fileoff;
+ uint64_t filesize;
+ uint32_t maxprot;
+ uint32_t initprot;
+ uint32_t nsects;
+ uint32_t flags;
+ };
+
+ struct Section {
+ char sectname[16];
+ char segname[16];
+ uint32_t addr;
+ uint32_t size;
+ uint32_t offset;
+ uint32_t align;
+ uint32_t reloff;
+ uint32_t nreloc;
+ uint32_t flags;
+ uint32_t reserved1;
+ uint32_t reserved2;
+ };
+
+ struct Section64 {
+ char sectname[16];
+ char segname[16];
+ uint64_t addr;
+ uint64_t size;
+ uint32_t offset;
+ uint32_t align;
+ uint32_t reloff;
+ uint32_t nreloc;
+ uint32_t flags;
+ uint32_t reserved1;
+ uint32_t reserved2;
+ uint32_t reserved3;
+ };
+
+ Ref<FileAccess> fa;
+ bool swap = false;
+
+ uint64_t lc_limit = 0;
+
+ uint64_t exe_limit = 0;
+ uint64_t exe_base = std::numeric_limits<uint64_t>::max(); // Start of first __text section.
+ uint32_t align = 0;
+ uint32_t cputype = 0;
+ uint32_t cpusubtype = 0;
+
+ uint64_t link_edit_offset = 0; // __LINKEDIT segment offset.
+ uint64_t signature_offset = 0; // Load command offset.
+
+ uint32_t seg_align(uint64_t p_vmaddr, uint32_t p_min, uint32_t p_max);
+ bool alloc_signature(uint64_t p_size);
+
+ static inline size_t PAD(size_t s, size_t a) {
+ return (a - s % a);
+ }
+
+public:
+ static bool is_macho(const String &p_path);
+
+ bool open_file(const String &p_path);
+
+ uint64_t get_exe_base();
+ uint64_t get_exe_limit();
+ int32_t get_align();
+ uint32_t get_cputype();
+ uint32_t get_cpusubtype();
+ uint64_t get_size();
+ uint64_t get_code_limit();
+
+ uint64_t get_signature_offset();
+ bool is_signed();
+
+ PackedByteArray get_cdhash_sha1();
+ PackedByteArray get_cdhash_sha256();
+
+ PackedByteArray get_requirements();
+
+ const Ref<FileAccess> get_file() const;
+ Ref<FileAccess> get_file();
+
+ uint64_t get_signature_size();
+ bool set_signature_size(uint64_t p_size);
+};
+
+#endif // MODULE_REGEX_ENABLED
+
+#endif // MACHO_H
diff --git a/platform/macos/export/plist.cpp b/platform/macos/export/plist.cpp
new file mode 100644
index 0000000000..36de9dd34b
--- /dev/null
+++ b/platform/macos/export/plist.cpp
@@ -0,0 +1,570 @@
+/*************************************************************************/
+/* plist.cpp */
+/*************************************************************************/
+/* This file is part of: */
+/* GODOT ENGINE */
+/* https://godotengine.org */
+/*************************************************************************/
+/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */
+/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */
+/* */
+/* Permission is hereby granted, free of charge, to any person obtaining */
+/* a copy of this software and associated documentation files (the */
+/* "Software"), to deal in the Software without restriction, including */
+/* without limitation the rights to use, copy, modify, merge, publish, */
+/* distribute, sublicense, and/or sell copies of the Software, and to */
+/* permit persons to whom the Software is furnished to do so, subject to */
+/* the following conditions: */
+/* */
+/* The above copyright notice and this permission notice shall be */
+/* included in all copies or substantial portions of the Software. */
+/* */
+/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
+/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
+/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
+/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
+/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
+/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
+/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
+/*************************************************************************/
+
+#include "modules/modules_enabled.gen.h" // For regex.
+
+#include "plist.h"
+
+#ifdef MODULE_REGEX_ENABLED
+
+Ref<PListNode> PListNode::new_array() {
+ Ref<PListNode> node = memnew(PListNode());
+ ERR_FAIL_COND_V(node.is_null(), Ref<PListNode>());
+ node->data_type = PList::PLNodeType::PL_NODE_TYPE_ARRAY;
+ return node;
+}
+
+Ref<PListNode> PListNode::new_dict() {
+ Ref<PListNode> node = memnew(PListNode());
+ ERR_FAIL_COND_V(node.is_null(), Ref<PListNode>());
+ node->data_type = PList::PLNodeType::PL_NODE_TYPE_DICT;
+ return node;
+}
+
+Ref<PListNode> PListNode::new_string(const String &p_string) {
+ Ref<PListNode> node = memnew(PListNode());
+ ERR_FAIL_COND_V(node.is_null(), Ref<PListNode>());
+ node->data_type = PList::PLNodeType::PL_NODE_TYPE_STRING;
+ node->data_string = p_string.utf8();
+ return node;
+}
+
+Ref<PListNode> PListNode::new_data(const String &p_string) {
+ Ref<PListNode> node = memnew(PListNode());
+ ERR_FAIL_COND_V(node.is_null(), Ref<PListNode>());
+ node->data_type = PList::PLNodeType::PL_NODE_TYPE_DATA;
+ node->data_string = p_string.utf8();
+ return node;
+}
+
+Ref<PListNode> PListNode::new_date(const String &p_string) {
+ Ref<PListNode> node = memnew(PListNode());
+ ERR_FAIL_COND_V(node.is_null(), Ref<PListNode>());
+ node->data_type = PList::PLNodeType::PL_NODE_TYPE_DATE;
+ node->data_string = p_string.utf8();
+ return node;
+}
+
+Ref<PListNode> PListNode::new_bool(bool p_bool) {
+ Ref<PListNode> node = memnew(PListNode());
+ ERR_FAIL_COND_V(node.is_null(), Ref<PListNode>());
+ node->data_type = PList::PLNodeType::PL_NODE_TYPE_BOOLEAN;
+ node->data_bool = p_bool;
+ return node;
+}
+
+Ref<PListNode> PListNode::new_int(int32_t p_int) {
+ Ref<PListNode> node = memnew(PListNode());
+ ERR_FAIL_COND_V(node.is_null(), Ref<PListNode>());
+ node->data_type = PList::PLNodeType::PL_NODE_TYPE_INTEGER;
+ node->data_int = p_int;
+ return node;
+}
+
+Ref<PListNode> PListNode::new_real(float p_real) {
+ Ref<PListNode> node = memnew(PListNode());
+ ERR_FAIL_COND_V(node.is_null(), Ref<PListNode>());
+ node->data_type = PList::PLNodeType::PL_NODE_TYPE_REAL;
+ node->data_real = p_real;
+ return node;
+}
+
+bool PListNode::push_subnode(const Ref<PListNode> &p_node, const String &p_key) {
+ ERR_FAIL_COND_V(p_node.is_null(), false);
+ if (data_type == PList::PLNodeType::PL_NODE_TYPE_DICT) {
+ ERR_FAIL_COND_V(p_key.is_empty(), false);
+ ERR_FAIL_COND_V(data_dict.has(p_key), false);
+ data_dict[p_key] = p_node;
+ return true;
+ } else if (data_type == PList::PLNodeType::PL_NODE_TYPE_ARRAY) {
+ data_array.push_back(p_node);
+ return true;
+ } else {
+ ERR_FAIL_V_MSG(false, "PList: Invalid parent node type, should be DICT or ARRAY.");
+ }
+}
+
+size_t PListNode::get_asn1_size(uint8_t p_len_octets) const {
+ // Get size of all data, excluding type and size information.
+ switch (data_type) {
+ case PList::PLNodeType::PL_NODE_TYPE_NIL: {
+ return 0;
+ } break;
+ case PList::PLNodeType::PL_NODE_TYPE_DATA:
+ case PList::PLNodeType::PL_NODE_TYPE_DATE: {
+ ERR_FAIL_V_MSG(0, "PList: DATE and DATA nodes are not supported by ASN.1 serialization.");
+ } break;
+ case PList::PLNodeType::PL_NODE_TYPE_STRING: {
+ return data_string.length();
+ } break;
+ case PList::PLNodeType::PL_NODE_TYPE_BOOLEAN: {
+ return 1;
+ } break;
+ case PList::PLNodeType::PL_NODE_TYPE_INTEGER:
+ case PList::PLNodeType::PL_NODE_TYPE_REAL: {
+ return 4;
+ } break;
+ case PList::PLNodeType::PL_NODE_TYPE_ARRAY: {
+ size_t size = 0;
+ for (int i = 0; i < data_array.size(); i++) {
+ size += 1 + _asn1_size_len(p_len_octets) + data_array[i]->get_asn1_size(p_len_octets);
+ }
+ return size;
+ } break;
+ case PList::PLNodeType::PL_NODE_TYPE_DICT: {
+ size_t size = 0;
+
+ for (const KeyValue<String, Ref<PListNode>> &E : data_dict) {
+ size += 1 + _asn1_size_len(p_len_octets); // Sequence.
+ size += 1 + _asn1_size_len(p_len_octets) + E.key.utf8().length(); //Key.
+ size += 1 + _asn1_size_len(p_len_octets) + E.value->get_asn1_size(p_len_octets); // Value.
+ }
+ return size;
+ } break;
+ default: {
+ return 0;
+ } break;
+ }
+}
+
+int PListNode::_asn1_size_len(uint8_t p_len_octets) {
+ if (p_len_octets > 1) {
+ return p_len_octets + 1;
+ } else {
+ return 1;
+ }
+}
+
+void PListNode::store_asn1_size(PackedByteArray &p_stream, uint8_t p_len_octets) const {
+ uint32_t size = get_asn1_size(p_len_octets);
+ if (p_len_octets > 1) {
+ p_stream.push_back(0x80 + p_len_octets);
+ }
+ for (int i = p_len_octets - 1; i >= 0; i--) {
+ uint8_t x = (size >> i * 8) & 0xFF;
+ p_stream.push_back(x);
+ }
+}
+
+bool PListNode::store_asn1(PackedByteArray &p_stream, uint8_t p_len_octets) const {
+ // Convert to binary ASN1 stream.
+ bool valid = true;
+ switch (data_type) {
+ case PList::PLNodeType::PL_NODE_TYPE_NIL: {
+ // Nothing to store.
+ } break;
+ case PList::PLNodeType::PL_NODE_TYPE_DATE:
+ case PList::PLNodeType::PL_NODE_TYPE_DATA: {
+ ERR_FAIL_V_MSG(false, "PList: DATE and DATA nodes are not supported by ASN.1 serialization.");
+ } break;
+ case PList::PLNodeType::PL_NODE_TYPE_STRING: {
+ p_stream.push_back(0x0C);
+ store_asn1_size(p_stream, p_len_octets);
+ for (int i = 0; i < data_string.size(); i++) {
+ p_stream.push_back(data_string[i]);
+ }
+ } break;
+ case PList::PLNodeType::PL_NODE_TYPE_BOOLEAN: {
+ p_stream.push_back(0x01);
+ store_asn1_size(p_stream, p_len_octets);
+ if (data_bool) {
+ p_stream.push_back(0x01);
+ } else {
+ p_stream.push_back(0x00);
+ }
+ } break;
+ case PList::PLNodeType::PL_NODE_TYPE_INTEGER: {
+ p_stream.push_back(0x02);
+ store_asn1_size(p_stream, p_len_octets);
+ for (int i = 4; i >= 0; i--) {
+ uint8_t x = (data_int >> i * 8) & 0xFF;
+ p_stream.push_back(x);
+ }
+ } break;
+ case PList::PLNodeType::PL_NODE_TYPE_REAL: {
+ p_stream.push_back(0x03);
+ store_asn1_size(p_stream, p_len_octets);
+ for (int i = 4; i >= 0; i--) {
+ uint8_t x = (data_int >> i * 8) & 0xFF;
+ p_stream.push_back(x);
+ }
+ } break;
+ case PList::PLNodeType::PL_NODE_TYPE_ARRAY: {
+ p_stream.push_back(0x30); // Sequence.
+ store_asn1_size(p_stream, p_len_octets);
+ for (int i = 0; i < data_array.size(); i++) {
+ valid = valid && data_array[i]->store_asn1(p_stream, p_len_octets);
+ }
+ } break;
+ case PList::PLNodeType::PL_NODE_TYPE_DICT: {
+ p_stream.push_back(0x31); // Set.
+ store_asn1_size(p_stream, p_len_octets);
+ for (const KeyValue<String, Ref<PListNode>> &E : data_dict) {
+ CharString cs = E.key.utf8();
+ uint32_t size = cs.length();
+
+ // Sequence.
+ p_stream.push_back(0x30);
+ uint32_t seq_size = 2 * (1 + _asn1_size_len(p_len_octets)) + size + E.value->get_asn1_size(p_len_octets);
+ if (p_len_octets > 1) {
+ p_stream.push_back(0x80 + p_len_octets);
+ }
+ for (int i = p_len_octets - 1; i >= 0; i--) {
+ uint8_t x = (seq_size >> i * 8) & 0xFF;
+ p_stream.push_back(x);
+ }
+ // Key.
+ p_stream.push_back(0x0C);
+ if (p_len_octets > 1) {
+ p_stream.push_back(0x80 + p_len_octets);
+ }
+ for (int i = p_len_octets - 1; i >= 0; i--) {
+ uint8_t x = (size >> i * 8) & 0xFF;
+ p_stream.push_back(x);
+ }
+ for (uint32_t i = 0; i < size; i++) {
+ p_stream.push_back(cs[i]);
+ }
+ // Value.
+ valid = valid && E.value->store_asn1(p_stream, p_len_octets);
+ }
+ } break;
+ }
+ return valid;
+}
+
+void PListNode::store_text(String &p_stream, uint8_t p_indent) const {
+ // Convert to text XML stream.
+ switch (data_type) {
+ case PList::PLNodeType::PL_NODE_TYPE_NIL: {
+ // Nothing to store.
+ } break;
+ case PList::PLNodeType::PL_NODE_TYPE_DATA: {
+ p_stream += String("\t").repeat(p_indent);
+ p_stream += "<data>\n";
+ p_stream += String("\t").repeat(p_indent);
+ p_stream += data_string + "\n";
+ p_stream += String("\t").repeat(p_indent);
+ p_stream += "</data>\n";
+ } break;
+ case PList::PLNodeType::PL_NODE_TYPE_DATE: {
+ p_stream += String("\t").repeat(p_indent);
+ p_stream += "<date>";
+ p_stream += data_string;
+ p_stream += "</date>\n";
+ } break;
+ case PList::PLNodeType::PL_NODE_TYPE_STRING: {
+ p_stream += String("\t").repeat(p_indent);
+ p_stream += "<string>";
+ p_stream += String::utf8(data_string);
+ p_stream += "</string>\n";
+ } break;
+ case PList::PLNodeType::PL_NODE_TYPE_BOOLEAN: {
+ p_stream += String("\t").repeat(p_indent);
+ if (data_bool) {
+ p_stream += "<true/>\n";
+ } else {
+ p_stream += "<false/>\n";
+ }
+ } break;
+ case PList::PLNodeType::PL_NODE_TYPE_INTEGER: {
+ p_stream += String("\t").repeat(p_indent);
+ p_stream += "<integer>";
+ p_stream += itos(data_int);
+ p_stream += "</integer>\n";
+ } break;
+ case PList::PLNodeType::PL_NODE_TYPE_REAL: {
+ p_stream += String("\t").repeat(p_indent);
+ p_stream += "<real>";
+ p_stream += rtos(data_real);
+ p_stream += "</real>\n";
+ } break;
+ case PList::PLNodeType::PL_NODE_TYPE_ARRAY: {
+ p_stream += String("\t").repeat(p_indent);
+ p_stream += "<array>\n";
+ for (int i = 0; i < data_array.size(); i++) {
+ data_array[i]->store_text(p_stream, p_indent + 1);
+ }
+ p_stream += String("\t").repeat(p_indent);
+ p_stream += "</array>\n";
+ } break;
+ case PList::PLNodeType::PL_NODE_TYPE_DICT: {
+ p_stream += String("\t").repeat(p_indent);
+ p_stream += "<dict>\n";
+ for (const KeyValue<String, Ref<PListNode>> &E : data_dict) {
+ p_stream += String("\t").repeat(p_indent + 1);
+ p_stream += "<key>";
+ p_stream += E.key;
+ p_stream += "</key>\n";
+ E.value->store_text(p_stream, p_indent + 1);
+ }
+ p_stream += String("\t").repeat(p_indent);
+ p_stream += "</dict>\n";
+ } break;
+ }
+}
+
+/*************************************************************************/
+
+PList::PList() {
+ root = PListNode::new_dict();
+}
+
+PList::PList(const String &p_string) {
+ load_string(p_string);
+}
+
+bool PList::load_file(const String &p_filename) {
+ root = Ref<PListNode>();
+
+ Ref<FileAccess> fb = FileAccess::open(p_filename, FileAccess::READ);
+ if (fb.is_null()) {
+ return false;
+ }
+
+ unsigned char magic[8];
+ fb->get_buffer(magic, 8);
+
+ if (String((const char *)magic, 8) == "bplist00") {
+ ERR_FAIL_V_MSG(false, "PList: Binary property lists are not supported.");
+ } else {
+ // Load text plist.
+ Error err;
+ Vector<uint8_t> array = FileAccess::get_file_as_array(p_filename, &err);
+ ERR_FAIL_COND_V(err != OK, false);
+
+ String ret;
+ ret.parse_utf8((const char *)array.ptr(), array.size());
+ return load_string(ret);
+ }
+}
+
+bool PList::load_string(const String &p_string) {
+ root = Ref<PListNode>();
+
+ int pos = 0;
+ bool in_plist = false;
+ bool done_plist = false;
+ List<Ref<PListNode>> stack;
+ String key;
+ while (pos >= 0) {
+ int open_token_s = p_string.find("<", pos);
+ if (open_token_s == -1) {
+ ERR_FAIL_V_MSG(false, "PList: Unexpected end of data. No tags found.");
+ }
+ int open_token_e = p_string.find(">", open_token_s);
+ pos = open_token_e;
+
+ String token = p_string.substr(open_token_s + 1, open_token_e - open_token_s - 1);
+ if (token.is_empty()) {
+ ERR_FAIL_V_MSG(false, "PList: Invalid token name.");
+ }
+ String value;
+ if (token[0] == '?' || token[0] == '!') { // Skip <?xml ... ?> and <!DOCTYPE ... >
+ int end_token_e = p_string.find(">", open_token_s);
+ pos = end_token_e;
+ continue;
+ }
+
+ if (token.find("plist", 0) == 0) {
+ in_plist = true;
+ continue;
+ }
+
+ if (token == "/plist") {
+ done_plist = true;
+ break;
+ }
+
+ if (!in_plist) {
+ ERR_FAIL_V_MSG(false, "PList: Node outside of <plist> tag.");
+ }
+
+ if (token == "dict") {
+ if (!stack.is_empty()) {
+ // Add subnode end enter it.
+ Ref<PListNode> dict = PListNode::new_dict();
+ dict->data_type = PList::PLNodeType::PL_NODE_TYPE_DICT;
+ if (!stack.back()->get()->push_subnode(dict, key)) {
+ ERR_FAIL_V_MSG(false, "PList: Can't push subnode, invalid parent type.");
+ }
+ stack.push_back(dict);
+ } else {
+ // Add root node.
+ if (!root.is_null()) {
+ ERR_FAIL_V_MSG(false, "PList: Root node already set.");
+ }
+ Ref<PListNode> dict = PListNode::new_dict();
+ stack.push_back(dict);
+ root = dict;
+ }
+ continue;
+ }
+
+ if (token == "/dict") {
+ // Exit current dict.
+ if (stack.is_empty() || stack.back()->get()->data_type != PList::PLNodeType::PL_NODE_TYPE_DICT) {
+ ERR_FAIL_V_MSG(false, "PList: Mismatched </dict> tag.");
+ }
+ stack.pop_back();
+ continue;
+ }
+
+ if (token == "array") {
+ if (!stack.is_empty()) {
+ // Add subnode end enter it.
+ Ref<PListNode> arr = PListNode::new_array();
+ if (!stack.back()->get()->push_subnode(arr, key)) {
+ ERR_FAIL_V_MSG(false, "PList: Can't push subnode, invalid parent type.");
+ }
+ stack.push_back(arr);
+ } else {
+ // Add root node.
+ if (!root.is_null()) {
+ ERR_FAIL_V_MSG(false, "PList: Root node already set.");
+ }
+ Ref<PListNode> arr = PListNode::new_array();
+ stack.push_back(arr);
+ root = arr;
+ }
+ continue;
+ }
+
+ if (token == "/array") {
+ // Exit current array.
+ if (stack.is_empty() || stack.back()->get()->data_type != PList::PLNodeType::PL_NODE_TYPE_ARRAY) {
+ ERR_FAIL_V_MSG(false, "PList: Mismatched </array> tag.");
+ }
+ stack.pop_back();
+ continue;
+ }
+
+ if (token[token.length() - 1] == '/') {
+ token = token.substr(0, token.length() - 1);
+ } else {
+ int end_token_s = p_string.find("</", pos);
+ if (end_token_s == -1) {
+ ERR_FAIL_V_MSG(false, vformat("PList: Mismatched <%s> tag.", token));
+ }
+ int end_token_e = p_string.find(">", end_token_s);
+ pos = end_token_e;
+ String end_token = p_string.substr(end_token_s + 2, end_token_e - end_token_s - 2);
+ if (end_token != token) {
+ ERR_FAIL_V_MSG(false, vformat("PList: Mismatched <%s> and <%s> token pair.", token, end_token));
+ }
+ value = p_string.substr(open_token_e + 1, end_token_s - open_token_e - 1);
+ }
+ if (token == "key") {
+ key = value;
+ } else {
+ Ref<PListNode> var = nullptr;
+ if (token == "true") {
+ var = PListNode::new_bool(true);
+ } else if (token == "false") {
+ var = PListNode::new_bool(false);
+ } else if (token == "integer") {
+ var = PListNode::new_int(value.to_int());
+ } else if (token == "real") {
+ var = PListNode::new_real(value.to_float());
+ } else if (token == "string") {
+ var = PListNode::new_string(value);
+ } else if (token == "data") {
+ var = PListNode::new_data(value);
+ } else if (token == "date") {
+ var = PListNode::new_date(value);
+ } else {
+ ERR_FAIL_V_MSG(false, "PList: Invalid value type.");
+ }
+ if (stack.is_empty() || !stack.back()->get()->push_subnode(var, key)) {
+ ERR_FAIL_V_MSG(false, "PList: Can't push subnode, invalid parent type.");
+ }
+ }
+ }
+ if (!stack.is_empty() || !done_plist) {
+ ERR_FAIL_V_MSG(false, "PList: Unexpected end of data. Root node is not closed.");
+ }
+ return true;
+}
+
+PackedByteArray PList::save_asn1() const {
+ if (root == nullptr) {
+ ERR_FAIL_V_MSG(PackedByteArray(), "PList: Invalid PList, no root node.");
+ }
+ size_t size = root->get_asn1_size(1);
+ uint8_t len_octets = 0;
+ if (size < 0x80) {
+ len_octets = 1;
+ } else {
+ size = root->get_asn1_size(2);
+ if (size < 0xFFFF) {
+ len_octets = 2;
+ } else {
+ size = root->get_asn1_size(3);
+ if (size < 0xFFFFFF) {
+ len_octets = 3;
+ } else {
+ size = root->get_asn1_size(4);
+ if (size < 0xFFFFFFFF) {
+ len_octets = 4;
+ } else {
+ ERR_FAIL_V_MSG(PackedByteArray(), "PList: Data is too big for ASN.1 serializer, should be < 4 GiB.");
+ }
+ }
+ }
+ }
+
+ PackedByteArray ret;
+ if (!root->store_asn1(ret, len_octets)) {
+ ERR_FAIL_V_MSG(PackedByteArray(), "PList: ASN.1 serializer error.");
+ }
+ return ret;
+}
+
+String PList::save_text() const {
+ if (root == nullptr) {
+ ERR_FAIL_V_MSG(String(), "PList: Invalid PList, no root node.");
+ }
+
+ String ret;
+ ret += "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
+ ret += "<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n";
+ ret += "<plist version=\"1.0\">\n";
+
+ root->store_text(ret, 0);
+
+ ret += "</plist>\n\n";
+ return ret;
+}
+
+Ref<PListNode> PList::get_root() {
+ return root;
+}
+
+#endif // MODULE_REGEX_ENABLED
diff --git a/platform/macos/export/plist.h b/platform/macos/export/plist.h
new file mode 100644
index 0000000000..ba9eaec196
--- /dev/null
+++ b/platform/macos/export/plist.h
@@ -0,0 +1,116 @@
+/*************************************************************************/
+/* plist.h */
+/*************************************************************************/
+/* This file is part of: */
+/* GODOT ENGINE */
+/* https://godotengine.org */
+/*************************************************************************/
+/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */
+/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */
+/* */
+/* Permission is hereby granted, free of charge, to any person obtaining */
+/* a copy of this software and associated documentation files (the */
+/* "Software"), to deal in the Software without restriction, including */
+/* without limitation the rights to use, copy, modify, merge, publish, */
+/* distribute, sublicense, and/or sell copies of the Software, and to */
+/* permit persons to whom the Software is furnished to do so, subject to */
+/* the following conditions: */
+/* */
+/* The above copyright notice and this permission notice shall be */
+/* included in all copies or substantial portions of the Software. */
+/* */
+/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
+/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
+/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
+/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
+/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
+/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
+/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
+/*************************************************************************/
+
+// Property list file format (application/x-plist) parser, property list ASN-1 serialization.
+
+#ifndef PLIST_H
+#define PLIST_H
+
+#include "core/crypto/crypto_core.h"
+#include "core/io/file_access.h"
+#include "modules/modules_enabled.gen.h" // For regex.
+
+#ifdef MODULE_REGEX_ENABLED
+
+class PListNode;
+
+class PList : public RefCounted {
+ friend class PListNode;
+
+public:
+ enum PLNodeType {
+ PL_NODE_TYPE_NIL,
+ PL_NODE_TYPE_STRING,
+ PL_NODE_TYPE_ARRAY,
+ PL_NODE_TYPE_DICT,
+ PL_NODE_TYPE_BOOLEAN,
+ PL_NODE_TYPE_INTEGER,
+ PL_NODE_TYPE_REAL,
+ PL_NODE_TYPE_DATA,
+ PL_NODE_TYPE_DATE,
+ };
+
+private:
+ Ref<PListNode> root;
+
+public:
+ PList();
+ PList(const String &p_string);
+
+ bool load_file(const String &p_filename);
+ bool load_string(const String &p_string);
+
+ PackedByteArray save_asn1() const;
+ String save_text() const;
+
+ Ref<PListNode> get_root();
+};
+
+/*************************************************************************/
+
+class PListNode : public RefCounted {
+ static int _asn1_size_len(uint8_t p_len_octets);
+
+public:
+ PList::PLNodeType data_type = PList::PLNodeType::PL_NODE_TYPE_NIL;
+
+ CharString data_string;
+ Vector<Ref<PListNode>> data_array;
+ HashMap<String, Ref<PListNode>> data_dict;
+ union {
+ int32_t data_int;
+ bool data_bool;
+ float data_real;
+ };
+
+ static Ref<PListNode> new_array();
+ static Ref<PListNode> new_dict();
+ static Ref<PListNode> new_string(const String &p_string);
+ static Ref<PListNode> new_data(const String &p_string);
+ static Ref<PListNode> new_date(const String &p_string);
+ static Ref<PListNode> new_bool(bool p_bool);
+ static Ref<PListNode> new_int(int32_t p_int);
+ static Ref<PListNode> new_real(float p_real);
+
+ bool push_subnode(const Ref<PListNode> &p_node, const String &p_key = "");
+
+ size_t get_asn1_size(uint8_t p_len_octets) const;
+
+ void store_asn1_size(PackedByteArray &p_stream, uint8_t p_len_octets) const;
+ bool store_asn1(PackedByteArray &p_stream, uint8_t p_len_octets) const;
+ void store_text(String &p_stream, uint8_t p_indent) const;
+
+ PListNode() {}
+ ~PListNode() {}
+};
+
+#endif // MODULE_REGEX_ENABLED
+
+#endif // PLIST_H