diff options
Diffstat (limited to 'platform/macos/export')
-rw-r--r-- | platform/macos/export/codesign.cpp | 1564 | ||||
-rw-r--r-- | platform/macos/export/codesign.h | 368 | ||||
-rw-r--r-- | platform/macos/export/export.cpp | 43 | ||||
-rw-r--r-- | platform/macos/export/export.h | 36 | ||||
-rw-r--r-- | platform/macos/export/export_plugin.cpp | 1684 | ||||
-rw-r--r-- | platform/macos/export/export_plugin.h | 137 | ||||
-rw-r--r-- | platform/macos/export/lipo.cpp | 236 | ||||
-rw-r--r-- | platform/macos/export/lipo.h | 76 | ||||
-rw-r--r-- | platform/macos/export/macho.cpp | 548 | ||||
-rw-r--r-- | platform/macos/export/macho.h | 215 | ||||
-rw-r--r-- | platform/macos/export/plist.cpp | 570 | ||||
-rw-r--r-- | platform/macos/export/plist.h | 116 |
12 files changed, 5593 insertions, 0 deletions
diff --git a/platform/macos/export/codesign.cpp b/platform/macos/export/codesign.cpp new file mode 100644 index 0000000000..fd044c00cc --- /dev/null +++ b/platform/macos/export/codesign.cpp @@ -0,0 +1,1564 @@ +/*************************************************************************/ +/* codesign.cpp */ +/*************************************************************************/ +/* This file is part of: */ +/* GODOT ENGINE */ +/* https://godotengine.org */ +/*************************************************************************/ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ +/* */ +/* Permission is hereby granted, free of charge, to any person obtaining */ +/* a copy of this software and associated documentation files (the */ +/* "Software"), to deal in the Software without restriction, including */ +/* without limitation the rights to use, copy, modify, merge, publish, */ +/* distribute, sublicense, and/or sell copies of the Software, and to */ +/* permit persons to whom the Software is furnished to do so, subject to */ +/* the following conditions: */ +/* */ +/* The above copyright notice and this permission notice shall be */ +/* included in all copies or substantial portions of the Software. */ +/* */ +/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ +/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ +/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ +/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ +/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ +/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ +/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ +/*************************************************************************/ + +#include "codesign.h" + +#include "lipo.h" +#include "macho.h" +#include "plist.h" + +#include "core/os/os.h" +#include "editor/editor_paths.h" +#include "editor/editor_settings.h" + +#include "modules/modules_enabled.gen.h" // For regex. + +#include <ctime> + +#ifdef MODULE_REGEX_ENABLED + +/*************************************************************************/ +/* CodeSignCodeResources */ +/*************************************************************************/ + +String CodeSignCodeResources::hash_sha1_base64(const String &p_path) { + Ref<FileAccess> fa = FileAccess::open(p_path, FileAccess::READ); + ERR_FAIL_COND_V_MSG(fa.is_null(), String(), vformat("CodeSign/CodeResources: Can't open file: \"%s\".", p_path)); + + CryptoCore::SHA1Context ctx; + ctx.start(); + + unsigned char step[4096]; + while (true) { + uint64_t br = fa->get_buffer(step, 4096); + if (br > 0) { + ctx.update(step, br); + } + if (br < 4096) { + break; + } + } + + unsigned char hash[0x14]; + ctx.finish(hash); + + return CryptoCore::b64_encode_str(hash, 0x14); +} + +String CodeSignCodeResources::hash_sha256_base64(const String &p_path) { + Ref<FileAccess> fa = FileAccess::open(p_path, FileAccess::READ); + ERR_FAIL_COND_V_MSG(fa.is_null(), String(), vformat("CodeSign/CodeResources: Can't open file: \"%s\".", p_path)); + + CryptoCore::SHA256Context ctx; + ctx.start(); + + unsigned char step[4096]; + while (true) { + uint64_t br = fa->get_buffer(step, 4096); + if (br > 0) { + ctx.update(step, br); + } + if (br < 4096) { + break; + } + } + + unsigned char hash[0x20]; + ctx.finish(hash); + + return CryptoCore::b64_encode_str(hash, 0x20); +} + +void CodeSignCodeResources::add_rule1(const String &p_rule, const String &p_key, int p_weight, bool p_store) { + rules1.push_back(CRRule(p_rule, p_key, p_weight, p_store)); +} + +void CodeSignCodeResources::add_rule2(const String &p_rule, const String &p_key, int p_weight, bool p_store) { + rules2.push_back(CRRule(p_rule, p_key, p_weight, p_store)); +} + +CodeSignCodeResources::CRMatch CodeSignCodeResources::match_rules1(const String &p_path) const { + CRMatch found = CRMatch::CR_MATCH_NO; + int weight = 0; + for (int i = 0; i < rules1.size(); i++) { + RegEx regex = RegEx(rules1[i].file_pattern); + if (regex.search(p_path).is_valid()) { + if (rules1[i].key == "omit") { + return CRMatch::CR_MATCH_NO; + } else if (rules1[i].key == "nested") { + if (weight <= rules1[i].weight) { + found = CRMatch::CR_MATCH_NESTED; + weight = rules1[i].weight; + } + } else if (rules1[i].key == "optional") { + if (weight <= rules1[i].weight) { + found = CRMatch::CR_MATCH_OPTIONAL; + weight = rules1[i].weight; + } + } else { + if (weight <= rules1[i].weight) { + found = CRMatch::CR_MATCH_YES; + weight = rules1[i].weight; + } + } + } + } + return found; +} + +CodeSignCodeResources::CRMatch CodeSignCodeResources::match_rules2(const String &p_path) const { + CRMatch found = CRMatch::CR_MATCH_NO; + int weight = 0; + for (int i = 0; i < rules2.size(); i++) { + RegEx regex = RegEx(rules2[i].file_pattern); + if (regex.search(p_path).is_valid()) { + if (rules2[i].key == "omit") { + return CRMatch::CR_MATCH_NO; + } else if (rules2[i].key == "nested") { + if (weight <= rules2[i].weight) { + found = CRMatch::CR_MATCH_NESTED; + weight = rules2[i].weight; + } + } else if (rules2[i].key == "optional") { + if (weight <= rules2[i].weight) { + found = CRMatch::CR_MATCH_OPTIONAL; + weight = rules2[i].weight; + } + } else { + if (weight <= rules2[i].weight) { + found = CRMatch::CR_MATCH_YES; + weight = rules2[i].weight; + } + } + } + } + return found; +} + +bool CodeSignCodeResources::add_file1(const String &p_root, const String &p_path) { + CRMatch found = match_rules1(p_path); + if (found != CRMatch::CR_MATCH_YES && found != CRMatch::CR_MATCH_OPTIONAL) { + return true; // No match. + } + + CRFile f; + f.name = p_path; + f.optional = (found == CRMatch::CR_MATCH_OPTIONAL); + f.nested = false; + f.hash = hash_sha1_base64(p_root.plus_file(p_path)); + print_verbose(vformat("CodeSign/CodeResources: File(V1) %s hash1:%s", f.name, f.hash)); + + files1.push_back(f); + return true; +} + +bool CodeSignCodeResources::add_file2(const String &p_root, const String &p_path) { + CRMatch found = match_rules2(p_path); + if (found == CRMatch::CR_MATCH_NESTED) { + return add_nested_file(p_root, p_path, p_root.plus_file(p_path)); + } + if (found != CRMatch::CR_MATCH_YES && found != CRMatch::CR_MATCH_OPTIONAL) { + return true; // No match. + } + + CRFile f; + f.name = p_path; + f.optional = (found == CRMatch::CR_MATCH_OPTIONAL); + f.nested = false; + f.hash = hash_sha1_base64(p_root.plus_file(p_path)); + f.hash2 = hash_sha256_base64(p_root.plus_file(p_path)); + + print_verbose(vformat("CodeSign/CodeResources: File(V2) %s hash1:%s hash2:%s", f.name, f.hash, f.hash2)); + + files2.push_back(f); + return true; +} + +bool CodeSignCodeResources::add_nested_file(const String &p_root, const String &p_path, const String &p_exepath) { +#define CLEANUP() \ + if (files_to_add.size() > 1) { \ + for (int j = 0; j < files_to_add.size(); j++) { \ + da->remove(files_to_add[j]); \ + } \ + } + + Ref<DirAccess> da = DirAccess::create(DirAccess::ACCESS_FILESYSTEM); + ERR_FAIL_COND_V(da.is_null(), false); + + Vector<String> files_to_add; + if (LipO::is_lipo(p_exepath)) { + String tmp_path_name = EditorPaths::get_singleton()->get_cache_dir().plus_file("_lipo"); + Error err = da->make_dir_recursive(tmp_path_name); + ERR_FAIL_COND_V_MSG(err != OK, false, vformat("CodeSign/CodeResources: Failed to create \"%s\" subfolder.", tmp_path_name)); + LipO lip; + if (lip.open_file(p_exepath)) { + for (int i = 0; i < lip.get_arch_count(); i++) { + if (!lip.extract_arch(i, tmp_path_name.plus_file("_rqexe_" + itos(i)))) { + CLEANUP(); + ERR_FAIL_V_MSG(false, "CodeSign/CodeResources: Failed to extract thin binary."); + } + files_to_add.push_back(tmp_path_name.plus_file("_rqexe_" + itos(i))); + } + } + } else if (MachO::is_macho(p_exepath)) { + files_to_add.push_back(p_exepath); + } + + CRFile f; + f.name = p_path; + f.optional = false; + f.nested = true; + for (int i = 0; i < files_to_add.size(); i++) { + MachO mh; + if (!mh.open_file(files_to_add[i])) { + CLEANUP(); + ERR_FAIL_V_MSG(false, "CodeSign/CodeResources: Invalid executable file."); + } + PackedByteArray hash = mh.get_cdhash_sha256(); // Use SHA-256 variant, if available. + if (hash.size() != 0x20) { + hash = mh.get_cdhash_sha1(); // Use SHA-1 instead. + if (hash.size() != 0x14) { + CLEANUP(); + ERR_FAIL_V_MSG(false, "CodeSign/CodeResources: Unsigned nested executable file."); + } + } + hash.resize(0x14); // Always clamp to 0x14 size. + f.hash = CryptoCore::b64_encode_str(hash.ptr(), hash.size()); + + PackedByteArray rq_blob = mh.get_requirements(); + String req_string; + if (rq_blob.size() > 8) { + CodeSignRequirements rq = CodeSignRequirements(rq_blob); + Vector<String> rqs = rq.parse_requirements(); + for (int j = 0; j < rqs.size(); j++) { + if (rqs[j].begins_with("designated => ")) { + req_string = rqs[j].replace("designated => ", ""); + } + } + } + if (req_string.is_empty()) { + req_string = "cdhash H\"" + String::hex_encode_buffer(hash.ptr(), hash.size()) + "\""; + } + print_verbose(vformat("CodeSign/CodeResources: Nested object %s (cputype: %d) cdhash:%s designated rq:%s", f.name, mh.get_cputype(), f.hash, req_string)); + if (f.requirements != req_string) { + if (i != 0) { + f.requirements += " or "; + } + f.requirements += req_string; + } + } + files2.push_back(f); + + CLEANUP(); + return true; + +#undef CLEANUP +} + +bool CodeSignCodeResources::add_folder_recursive(const String &p_root, const String &p_path, const String &p_main_exe_path) { + Ref<DirAccess> da = DirAccess::create(DirAccess::ACCESS_FILESYSTEM); + ERR_FAIL_COND_V(da.is_null(), false); + Error err = da->change_dir(p_root.plus_file(p_path)); + ERR_FAIL_COND_V(err != OK, false); + + bool ret = true; + da->list_dir_begin(); + String n = da->get_next(); + while (n != String()) { + if (n != "." && n != "..") { + String path = p_root.plus_file(p_path).plus_file(n); + if (path == p_main_exe_path) { + n = da->get_next(); + continue; // Skip main executable. + } + if (da->current_is_dir()) { + CRMatch found = match_rules2(p_path.plus_file(n)); + String fmw_ver = "Current"; // Framework version (default). + String info_path; + String main_exe; + bool bundle = false; + if (da->file_exists(path.plus_file("Contents/Info.plist"))) { + info_path = path.plus_file("Contents/Info.plist"); + main_exe = path.plus_file("Contents/MacOS"); + bundle = true; + } else if (da->file_exists(path.plus_file(vformat("Versions/%s/Resources/Info.plist", fmw_ver)))) { + info_path = path.plus_file(vformat("Versions/%s/Resources/Info.plist", fmw_ver)); + main_exe = path.plus_file(vformat("Versions/%s", fmw_ver)); + bundle = true; + } else if (da->file_exists(path.plus_file("Info.plist"))) { + info_path = path.plus_file("Info.plist"); + main_exe = path; + bundle = true; + } + if (bundle && found == CRMatch::CR_MATCH_NESTED && !info_path.is_empty()) { + // Read Info.plist. + PList info_plist; + if (info_plist.load_file(info_path)) { + if (info_plist.get_root()->data_type == PList::PLNodeType::PL_NODE_TYPE_DICT && info_plist.get_root()->data_dict.has("CFBundleExecutable")) { + main_exe = main_exe.plus_file(String::utf8(info_plist.get_root()->data_dict["CFBundleExecutable"]->data_string.get_data())); + } else { + ERR_FAIL_V_MSG(false, "CodeSign/CodeResources: Invalid Info.plist, no exe name."); + } + } else { + ERR_FAIL_V_MSG(false, "CodeSign/CodeResources: Invalid Info.plist, can't load."); + } + ret = ret && add_nested_file(p_root, p_path.plus_file(n), main_exe); + } else { + ret = ret && add_folder_recursive(p_root, p_path.plus_file(n), p_main_exe_path); + } + } else { + ret = ret && add_file1(p_root, p_path.plus_file(n)); + ret = ret && add_file2(p_root, p_path.plus_file(n)); + } + } + + n = da->get_next(); + } + + da->list_dir_end(); + return ret; +} + +bool CodeSignCodeResources::save_to_file(const String &p_path) { + PList pl; + + print_verbose(vformat("CodeSign/CodeResources: Writing to file: %s", p_path)); + + // Write version 1 hashes. + Ref<PListNode> files1_dict = PListNode::new_dict(); + pl.get_root()->push_subnode(files1_dict, "files"); + for (int i = 0; i < files1.size(); i++) { + if (files1[i].optional) { + Ref<PListNode> file_dict = PListNode::new_dict(); + files1_dict->push_subnode(file_dict, files1[i].name); + + file_dict->push_subnode(PListNode::new_data(files1[i].hash), "hash"); + file_dict->push_subnode(PListNode::new_bool(true), "optional"); + } else { + files1_dict->push_subnode(PListNode::new_data(files1[i].hash), files1[i].name); + } + } + + // Write version 2 hashes. + Ref<PListNode> files2_dict = PListNode::new_dict(); + pl.get_root()->push_subnode(files2_dict, "files2"); + for (int i = 0; i < files2.size(); i++) { + Ref<PListNode> file_dict = PListNode::new_dict(); + files2_dict->push_subnode(file_dict, files2[i].name); + + if (files2[i].nested) { + file_dict->push_subnode(PListNode::new_data(files2[i].hash), "cdhash"); + file_dict->push_subnode(PListNode::new_string(files2[i].requirements), "requirement"); + } else { + file_dict->push_subnode(PListNode::new_data(files2[i].hash), "hash"); + file_dict->push_subnode(PListNode::new_data(files2[i].hash2), "hash2"); + if (files2[i].optional) { + file_dict->push_subnode(PListNode::new_bool(true), "optional"); + } + } + } + + // Write version 1 rules. + Ref<PListNode> rules1_dict = PListNode::new_dict(); + pl.get_root()->push_subnode(rules1_dict, "rules"); + for (int i = 0; i < rules1.size(); i++) { + if (rules1[i].store) { + if (rules1[i].key.is_empty() && rules1[i].weight <= 0) { + rules1_dict->push_subnode(PListNode::new_bool(true), rules1[i].file_pattern); + } else { + Ref<PListNode> rule_dict = PListNode::new_dict(); + rules1_dict->push_subnode(rule_dict, rules1[i].file_pattern); + if (!rules1[i].key.is_empty()) { + rule_dict->push_subnode(PListNode::new_bool(true), rules1[i].key); + } + if (rules1[i].weight != 1) { + rule_dict->push_subnode(PListNode::new_real(rules1[i].weight), "weight"); + } + } + } + } + + // Write version 2 rules. + Ref<PListNode> rules2_dict = PListNode::new_dict(); + pl.get_root()->push_subnode(rules2_dict, "rules2"); + for (int i = 0; i < rules2.size(); i++) { + if (rules2[i].store) { + if (rules2[i].key.is_empty() && rules2[i].weight <= 0) { + rules2_dict->push_subnode(PListNode::new_bool(true), rules2[i].file_pattern); + } else { + Ref<PListNode> rule_dict = PListNode::new_dict(); + rules2_dict->push_subnode(rule_dict, rules2[i].file_pattern); + if (!rules2[i].key.is_empty()) { + rule_dict->push_subnode(PListNode::new_bool(true), rules2[i].key); + } + if (rules2[i].weight != 1) { + rule_dict->push_subnode(PListNode::new_real(rules2[i].weight), "weight"); + } + } + } + } + String text = pl.save_text(); + ERR_FAIL_COND_V_MSG(text.is_empty(), false, "CodeSign/CodeResources: Generating resources PList failed."); + + Ref<FileAccess> fa = FileAccess::open(p_path, FileAccess::WRITE); + ERR_FAIL_COND_V_MSG(fa.is_null(), false, vformat("CodeSign/CodeResources: Can't open file: \"%s\".", p_path)); + + CharString cs = text.utf8(); + fa->store_buffer((const uint8_t *)cs.ptr(), cs.length()); + return true; +} + +/*************************************************************************/ +/* CodeSignRequirements */ +/*************************************************************************/ + +CodeSignRequirements::CodeSignRequirements() { + blob.append_array({ 0xFA, 0xDE, 0x0C, 0x01 }); // Requirement set magic. + blob.append_array({ 0x00, 0x00, 0x00, 0x0C }); // Length of requirements set (12 bytes). + blob.append_array({ 0x00, 0x00, 0x00, 0x00 }); // Empty. +} + +CodeSignRequirements::CodeSignRequirements(const PackedByteArray &p_data) { + blob = p_data; +} + +_FORCE_INLINE_ void CodeSignRequirements::_parse_certificate_slot(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const { +#define _R(x) BSWAP32(*(uint32_t *)(blob.ptr() + x)) + ERR_FAIL_COND_MSG(r_pos >= p_rq_size, "CodeSign/Requirements: Out of bounds."); + r_out += "certificate "; + uint32_t tag_slot = _R(r_pos); + if (tag_slot == 0x00000000) { + r_out += "leaf"; + } else if (tag_slot == 0xffffffff) { + r_out += "root"; + } else { + r_out += itos((int32_t)tag_slot); + } + r_pos += 4; +#undef _R +} + +_FORCE_INLINE_ void CodeSignRequirements::_parse_key(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const { +#define _R(x) BSWAP32(*(uint32_t *)(blob.ptr() + x)) + ERR_FAIL_COND_MSG(r_pos >= p_rq_size, "CodeSign/Requirements: Out of bounds."); + uint32_t key_size = _R(r_pos); + ERR_FAIL_COND_MSG(r_pos + key_size > p_rq_size, "CodeSign/Requirements: Out of bounds."); + CharString key; + key.resize(key_size); + memcpy(key.ptrw(), blob.ptr() + r_pos + 4, key_size); + r_pos += 4 + key_size + PAD(key_size, 4); + r_out += "[" + String::utf8(key, key_size) + "]"; +#undef _R +} + +_FORCE_INLINE_ void CodeSignRequirements::_parse_oid_key(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const { +#define _R(x) BSWAP32(*(uint32_t *)(blob.ptr() + x)) + ERR_FAIL_COND_MSG(r_pos >= p_rq_size, "CodeSign/Requirements: Out of bounds."); + uint32_t key_size = _R(r_pos); + ERR_FAIL_COND_MSG(r_pos + key_size > p_rq_size, "CodeSign/Requirements: Out of bounds."); + r_out += "[field."; + r_out += itos(blob[r_pos + 4] / 40) + "."; + r_out += itos(blob[r_pos + 4] % 40); + uint32_t spos = r_pos + 5; + while (spos < r_pos + 4 + key_size) { + r_out += "."; + if (blob[spos] <= 127) { + r_out += itos(blob[spos]); + spos += 1; + } else { + uint32_t x = (0x7F & blob[spos]) << 7; + spos += 1; + while (blob[spos] > 127) { + x = (x + (0x7F & blob[spos])) << 7; + spos += 1; + } + x = (x + (0x7F & blob[spos])); + r_out += itos(x); + spos += 1; + } + } + r_out += "]"; + r_pos += 4 + key_size + PAD(key_size, 4); +#undef _R +} + +_FORCE_INLINE_ void CodeSignRequirements::_parse_hash_string(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const { +#define _R(x) BSWAP32(*(uint32_t *)(blob.ptr() + x)) + ERR_FAIL_COND_MSG(r_pos >= p_rq_size, "CodeSign/Requirements: Out of bounds."); + uint32_t tag_size = _R(r_pos); + ERR_FAIL_COND_MSG(r_pos + tag_size > p_rq_size, "CodeSign/Requirements: Out of bounds."); + PackedByteArray data; + data.resize(tag_size); + memcpy(data.ptrw(), blob.ptr() + r_pos + 4, tag_size); + r_out += "H\"" + String::hex_encode_buffer(data.ptr(), data.size()) + "\""; + r_pos += 4 + tag_size + PAD(tag_size, 4); +#undef _R +} + +_FORCE_INLINE_ void CodeSignRequirements::_parse_value(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const { +#define _R(x) BSWAP32(*(uint32_t *)(blob.ptr() + x)) + ERR_FAIL_COND_MSG(r_pos >= p_rq_size, "CodeSign/Requirements: Out of bounds."); + uint32_t key_size = _R(r_pos); + ERR_FAIL_COND_MSG(r_pos + key_size > p_rq_size, "CodeSign/Requirements: Out of bounds."); + CharString key; + key.resize(key_size); + memcpy(key.ptrw(), blob.ptr() + r_pos + 4, key_size); + r_pos += 4 + key_size + PAD(key_size, 4); + r_out += "\"" + String::utf8(key, key_size) + "\""; +#undef _R +} + +_FORCE_INLINE_ void CodeSignRequirements::_parse_date(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const { +#define _R(x) BSWAP32(*(uint32_t *)(blob.ptr() + x)) + ERR_FAIL_COND_MSG(r_pos >= p_rq_size, "CodeSign/Requirements: Out of bounds."); + uint32_t date = _R(r_pos); + time_t t = 978307200 + date; + struct tm lt; +#ifdef WINDOWS_ENABLED + gmtime_s(<, &t); +#else + gmtime_r(&t, <); +#endif + r_out += vformat("<%04d-%02d-%02d ", (int)(1900 + lt.tm_year), (int)(lt.tm_mon + 1), (int)(lt.tm_mday)) + vformat("%02d:%02d:%02d +0000>", (int)(lt.tm_hour), (int)(lt.tm_min), (int)(lt.tm_sec)); +#undef _R +} + +_FORCE_INLINE_ bool CodeSignRequirements::_parse_match(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const { +#define _R(x) BSWAP32(*(uint32_t *)(blob.ptr() + x)) + ERR_FAIL_COND_V_MSG(r_pos >= p_rq_size, false, "CodeSign/Requirements: Out of bounds."); + uint32_t match = _R(r_pos); + r_pos += 4; + switch (match) { + case 0x00000000: { + r_out += "exists"; + } break; + case 0x00000001: { + r_out += "= "; + _parse_value(r_pos, r_out, p_rq_size); + } break; + case 0x00000002: { + r_out += "~ "; + _parse_value(r_pos, r_out, p_rq_size); + } break; + case 0x00000003: { + r_out += "= *"; + _parse_value(r_pos, r_out, p_rq_size); + } break; + case 0x00000004: { + r_out += "= "; + _parse_value(r_pos, r_out, p_rq_size); + r_out += "*"; + } break; + case 0x00000005: { + r_out += "< "; + _parse_value(r_pos, r_out, p_rq_size); + } break; + case 0x00000006: { + r_out += "> "; + _parse_value(r_pos, r_out, p_rq_size); + } break; + case 0x00000007: { + r_out += "<= "; + _parse_value(r_pos, r_out, p_rq_size); + } break; + case 0x00000008: { + r_out += ">= "; + _parse_value(r_pos, r_out, p_rq_size); + } break; + case 0x00000009: { + r_out += "= "; + _parse_date(r_pos, r_out, p_rq_size); + } break; + case 0x0000000A: { + r_out += "< "; + _parse_date(r_pos, r_out, p_rq_size); + } break; + case 0x0000000B: { + r_out += "> "; + _parse_date(r_pos, r_out, p_rq_size); + } break; + case 0x0000000C: { + r_out += "<= "; + _parse_date(r_pos, r_out, p_rq_size); + } break; + case 0x0000000D: { + r_out += ">= "; + _parse_date(r_pos, r_out, p_rq_size); + } break; + case 0x0000000E: { + r_out += "absent"; + } break; + default: { + return false; + } + } + return true; +#undef _R +} + +Vector<String> CodeSignRequirements::parse_requirements() const { +#define _R(x) BSWAP32(*(uint32_t *)(blob.ptr() + x)) + Vector<String> list; + + // Read requirements set header. + ERR_FAIL_COND_V_MSG(blob.size() < 12, list, "CodeSign/Requirements: Blob is too small."); + uint32_t magic = _R(0); + ERR_FAIL_COND_V_MSG(magic != 0xfade0c01, list, "CodeSign/Requirements: Invalid set magic."); + uint32_t size = _R(4); + ERR_FAIL_COND_V_MSG(size != (uint32_t)blob.size(), list, "CodeSign/Requirements: Invalid set size."); + uint32_t count = _R(8); + + for (uint32_t i = 0; i < count; i++) { + String out; + + // Read requirement header. + uint32_t rq_type = _R(12 + i * 8); + uint32_t rq_offset = _R(12 + i * 8 + 4); + ERR_FAIL_COND_V_MSG(rq_offset + 12 >= (uint32_t)blob.size(), list, "CodeSign/Requirements: Invalid requirement offset."); + switch (rq_type) { + case 0x00000001: { + out += "host => "; + } break; + case 0x00000002: { + out += "guest => "; + } break; + case 0x00000003: { + out += "designated => "; + } break; + case 0x00000004: { + out += "library => "; + } break; + case 0x00000005: { + out += "plugin => "; + } break; + default: { + ERR_FAIL_V_MSG(list, "CodeSign/Requirements: Invalid requirement type."); + } + } + uint32_t rq_magic = _R(rq_offset); + uint32_t rq_size = _R(rq_offset + 4); + uint32_t rq_ver = _R(rq_offset + 8); + uint32_t pos = rq_offset + 12; + ERR_FAIL_COND_V_MSG(rq_magic != 0xfade0c00, list, "CodeSign/Requirements: Invalid requirement magic."); + ERR_FAIL_COND_V_MSG(rq_ver != 0x00000001, list, "CodeSign/Requirements: Invalid requirement version."); + + // Read requirement tokens. + List<String> tokens; + while (pos < rq_offset + rq_size) { + uint32_t rq_tag = _R(pos); + pos += 4; + String token; + switch (rq_tag) { + case 0x00000000: { + token = "false"; + } break; + case 0x00000001: { + token = "true"; + } break; + case 0x00000002: { + token = "identifier "; + _parse_value(pos, token, rq_offset + rq_size); + } break; + case 0x00000003: { + token = "anchor apple"; + } break; + case 0x00000004: { + _parse_certificate_slot(pos, token, rq_offset + rq_size); + token += " "; + _parse_hash_string(pos, token, rq_offset + rq_size); + } break; + case 0x00000005: { + token = "info"; + _parse_key(pos, token, rq_offset + rq_size); + token += " = "; + _parse_value(pos, token, rq_offset + rq_size); + } break; + case 0x00000006: { + token = "and"; + } break; + case 0x00000007: { + token = "or"; + } break; + case 0x00000008: { + token = "cdhash "; + _parse_hash_string(pos, token, rq_offset + rq_size); + } break; + case 0x00000009: { + token = "!"; + } break; + case 0x0000000A: { + token = "info"; + _parse_key(pos, token, rq_offset + rq_size); + token += " "; + ERR_FAIL_COND_V_MSG(!_parse_match(pos, token, rq_offset + rq_size), list, "CodeSign/Requirements: Unsupported match suffix."); + } break; + case 0x0000000B: { + _parse_certificate_slot(pos, token, rq_offset + rq_size); + _parse_key(pos, token, rq_offset + rq_size); + token += " "; + ERR_FAIL_COND_V_MSG(!_parse_match(pos, token, rq_offset + rq_size), list, "CodeSign/Requirements: Unsupported match suffix."); + } break; + case 0x0000000C: { + _parse_certificate_slot(pos, token, rq_offset + rq_size); + token += " trusted"; + } break; + case 0x0000000D: { + token = "anchor trusted"; + } break; + case 0x0000000E: { + _parse_certificate_slot(pos, token, rq_offset + rq_size); + _parse_oid_key(pos, token, rq_offset + rq_size); + token += " "; + ERR_FAIL_COND_V_MSG(!_parse_match(pos, token, rq_offset + rq_size), list, "CodeSign/Requirements: Unsupported match suffix."); + } break; + case 0x0000000F: { + token = "anchor apple generic"; + } break; + default: { + ERR_FAIL_V_MSG(list, "CodeSign/Requirements: Invalid requirement token."); + } break; + } + tokens.push_back(token); + } + + // Polish to infix notation (w/o bracket optimization). + for (List<String>::Element *E = tokens.back(); E; E = E->prev()) { + if (E->get() == "and") { + ERR_FAIL_COND_V_MSG(!E->next() || !E->next()->next(), list, "CodeSign/Requirements: Invalid token sequence."); + String token = "(" + E->next()->get() + " and " + E->next()->next()->get() + ")"; + tokens.erase(E->next()->next()); + tokens.erase(E->next()); + E->get() = token; + } else if (E->get() == "or") { + ERR_FAIL_COND_V_MSG(!E->next() || !E->next()->next(), list, "CodeSign/Requirements: Invalid token sequence."); + String token = "(" + E->next()->get() + " or " + E->next()->next()->get() + ")"; + tokens.erase(E->next()->next()); + tokens.erase(E->next()); + E->get() = token; + } + } + + if (tokens.size() == 1) { + list.push_back(out + tokens.front()->get()); + } else { + ERR_FAIL_V_MSG(list, "CodeSign/Requirements: Invalid token sequence."); + } + } + + return list; +#undef _R +} + +PackedByteArray CodeSignRequirements::get_hash_sha1() const { + PackedByteArray hash; + hash.resize(0x14); + + CryptoCore::SHA1Context ctx; + ctx.start(); + ctx.update(blob.ptr(), blob.size()); + ctx.finish(hash.ptrw()); + + return hash; +} + +PackedByteArray CodeSignRequirements::get_hash_sha256() const { + PackedByteArray hash; + hash.resize(0x20); + + CryptoCore::SHA256Context ctx; + ctx.start(); + ctx.update(blob.ptr(), blob.size()); + ctx.finish(hash.ptrw()); + + return hash; +} + +int CodeSignRequirements::get_size() const { + return blob.size(); +} + +void CodeSignRequirements::write_to_file(Ref<FileAccess> p_file) const { + ERR_FAIL_COND_MSG(p_file.is_null(), "CodeSign/Requirements: Invalid file handle."); + p_file->store_buffer(blob.ptr(), blob.size()); +} + +/*************************************************************************/ +/* CodeSignEntitlementsText */ +/*************************************************************************/ + +CodeSignEntitlementsText::CodeSignEntitlementsText() { + blob.append_array({ 0xFA, 0xDE, 0x71, 0x71 }); // Text Entitlements set magic. + blob.append_array({ 0x00, 0x00, 0x00, 0x08 }); // Length (8 bytes). +} + +CodeSignEntitlementsText::CodeSignEntitlementsText(const String &p_string) { + CharString utf8 = p_string.utf8(); + blob.append_array({ 0xFA, 0xDE, 0x71, 0x71 }); // Text Entitlements set magic. + for (int i = 3; i >= 0; i--) { + uint8_t x = ((utf8.length() + 8) >> i * 8) & 0xFF; // Size. + blob.push_back(x); + } + for (int i = 0; i < utf8.length(); i++) { // Write data. + blob.push_back(utf8[i]); + } +} + +PackedByteArray CodeSignEntitlementsText::get_hash_sha1() const { + PackedByteArray hash; + hash.resize(0x14); + + CryptoCore::SHA1Context ctx; + ctx.start(); + ctx.update(blob.ptr(), blob.size()); + ctx.finish(hash.ptrw()); + + return hash; +} + +PackedByteArray CodeSignEntitlementsText::get_hash_sha256() const { + PackedByteArray hash; + hash.resize(0x20); + + CryptoCore::SHA256Context ctx; + ctx.start(); + ctx.update(blob.ptr(), blob.size()); + ctx.finish(hash.ptrw()); + + return hash; +} + +int CodeSignEntitlementsText::get_size() const { + return blob.size(); +} + +void CodeSignEntitlementsText::write_to_file(Ref<FileAccess> p_file) const { + ERR_FAIL_COND_MSG(p_file.is_null(), "CodeSign/EntitlementsText: Invalid file handle."); + p_file->store_buffer(blob.ptr(), blob.size()); +} + +/*************************************************************************/ +/* CodeSignEntitlementsBinary */ +/*************************************************************************/ + +CodeSignEntitlementsBinary::CodeSignEntitlementsBinary() { + blob.append_array({ 0xFA, 0xDE, 0x71, 0x72 }); // Binary Entitlements magic. + blob.append_array({ 0x00, 0x00, 0x00, 0x08 }); // Length (8 bytes). +} + +CodeSignEntitlementsBinary::CodeSignEntitlementsBinary(const String &p_string) { + PList pl = PList(p_string); + + PackedByteArray asn1 = pl.save_asn1(); + blob.append_array({ 0xFA, 0xDE, 0x71, 0x72 }); // Binary Entitlements magic. + uint32_t size = asn1.size() + 8; + for (int i = 3; i >= 0; i--) { + uint8_t x = (size >> i * 8) & 0xFF; // Size. + blob.push_back(x); + } + blob.append_array(asn1); // Write data. +} + +PackedByteArray CodeSignEntitlementsBinary::get_hash_sha1() const { + PackedByteArray hash; + hash.resize(0x14); + + CryptoCore::SHA1Context ctx; + ctx.start(); + ctx.update(blob.ptr(), blob.size()); + ctx.finish(hash.ptrw()); + + return hash; +} + +PackedByteArray CodeSignEntitlementsBinary::get_hash_sha256() const { + PackedByteArray hash; + hash.resize(0x20); + + CryptoCore::SHA256Context ctx; + ctx.start(); + ctx.update(blob.ptr(), blob.size()); + ctx.finish(hash.ptrw()); + + return hash; +} + +int CodeSignEntitlementsBinary::get_size() const { + return blob.size(); +} + +void CodeSignEntitlementsBinary::write_to_file(Ref<FileAccess> p_file) const { + ERR_FAIL_COND_MSG(p_file.is_null(), "CodeSign/EntitlementsBinary: Invalid file handle."); + p_file->store_buffer(blob.ptr(), blob.size()); +} + +/*************************************************************************/ +/* CodeSignCodeDirectory */ +/*************************************************************************/ + +CodeSignCodeDirectory::CodeSignCodeDirectory() { + blob.append_array({ 0xFA, 0xDE, 0x0C, 0x02 }); // Code Directory magic. + blob.append_array({ 0x00, 0x00, 0x00, 0x00 }); // Size (8 bytes). +} + +CodeSignCodeDirectory::CodeSignCodeDirectory(uint8_t p_hash_size, uint8_t p_hash_type, bool p_main, const CharString &p_id, const CharString &p_team_id, uint32_t p_page_size, uint64_t p_exe_limit, uint64_t p_code_limit) { + pages = p_code_limit / (uint64_t(1) << p_page_size); + remain = p_code_limit % (uint64_t(1) << p_page_size); + code_slots = pages + (remain > 0 ? 1 : 0); + special_slots = 7; + + int cd_size = 8 + sizeof(CodeDirectoryHeader) + (code_slots + special_slots) * p_hash_size + p_id.size() + p_team_id.size(); + int cd_off = 8 + sizeof(CodeDirectoryHeader); + blob.append_array({ 0xFA, 0xDE, 0x0C, 0x02 }); // Code Directory magic. + for (int i = 3; i >= 0; i--) { + uint8_t x = (cd_size >> i * 8) & 0xFF; // Size. + blob.push_back(x); + } + blob.resize(cd_size); + memset(blob.ptrw() + 8, 0x00, cd_size - 8); + CodeDirectoryHeader *cd = reinterpret_cast<CodeDirectoryHeader *>(blob.ptrw() + 8); + + bool is_64_cl = (p_code_limit >= std::numeric_limits<uint32_t>::max()); + + // Version and options. + cd->version = BSWAP32(0x20500); + cd->flags = BSWAP32(SIGNATURE_ADHOC | SIGNATURE_RUNTIME); + cd->special_slots = BSWAP32(special_slots); + cd->code_slots = BSWAP32(code_slots); + if (is_64_cl) { + cd->code_limit_64 = BSWAP64(p_code_limit); + } else { + cd->code_limit = BSWAP32(p_code_limit); + } + cd->hash_size = p_hash_size; + cd->hash_type = p_hash_type; + cd->page_size = p_page_size; + cd->exec_seg_base = 0x00; + cd->exec_seg_limit = BSWAP64(p_exe_limit); + cd->exec_seg_flags = 0; + if (p_main) { + cd->exec_seg_flags |= EXECSEG_MAIN_BINARY; + } + cd->exec_seg_flags = BSWAP64(cd->exec_seg_flags); + uint32_t version = (11 << 16) + (3 << 8) + 0; // Version 11.3.0 + cd->runtime = BSWAP32(version); + + // Copy ID. + cd->ident_offset = BSWAP32(cd_off); + memcpy(blob.ptrw() + cd_off, p_id.get_data(), p_id.size()); + cd_off += p_id.size(); + + // Copy Team ID. + if (p_team_id.length() > 0) { + cd->team_offset = BSWAP32(cd_off); + memcpy(blob.ptrw() + cd_off, p_team_id.get_data(), p_team_id.size()); + cd_off += p_team_id.size(); + } else { + cd->team_offset = 0; + } + + // Scatter vector. + cd->scatter_vector_offset = 0; // Not used. + + // Executable hashes offset. + cd->hash_offset = BSWAP32(cd_off + special_slots * cd->hash_size); +} + +bool CodeSignCodeDirectory::set_hash_in_slot(const PackedByteArray &p_hash, int p_slot) { + ERR_FAIL_COND_V_MSG((p_slot < -special_slots) || (p_slot >= code_slots), false, vformat("CodeSign/CodeDirectory: Invalid hash slot index: %d.", p_slot)); + CodeDirectoryHeader *cd = reinterpret_cast<CodeDirectoryHeader *>(blob.ptrw() + 8); + for (int i = 0; i < cd->hash_size; i++) { + blob.write[BSWAP32(cd->hash_offset) + p_slot * cd->hash_size + i] = p_hash[i]; + } + return true; +} + +int32_t CodeSignCodeDirectory::get_page_count() { + return pages; +} + +int32_t CodeSignCodeDirectory::get_page_remainder() { + return remain; +} + +PackedByteArray CodeSignCodeDirectory::get_hash_sha1() const { + PackedByteArray hash; + hash.resize(0x14); + + CryptoCore::SHA1Context ctx; + ctx.start(); + ctx.update(blob.ptr(), blob.size()); + ctx.finish(hash.ptrw()); + + return hash; +} + +PackedByteArray CodeSignCodeDirectory::get_hash_sha256() const { + PackedByteArray hash; + hash.resize(0x20); + + CryptoCore::SHA256Context ctx; + ctx.start(); + ctx.update(blob.ptr(), blob.size()); + ctx.finish(hash.ptrw()); + + return hash; +} + +int CodeSignCodeDirectory::get_size() const { + return blob.size(); +} + +void CodeSignCodeDirectory::write_to_file(Ref<FileAccess> p_file) const { + ERR_FAIL_COND_MSG(p_file.is_null(), "CodeSign/CodeDirectory: Invalid file handle."); + p_file->store_buffer(blob.ptr(), blob.size()); +} + +/*************************************************************************/ +/* CodeSignSignature */ +/*************************************************************************/ + +CodeSignSignature::CodeSignSignature() { + blob.append_array({ 0xFA, 0xDE, 0x0B, 0x01 }); // Signature magic. + uint32_t sign_size = 8; // Ad-hoc signature is empty. + for (int i = 3; i >= 0; i--) { + uint8_t x = (sign_size >> i * 8) & 0xFF; // Size. + blob.push_back(x); + } +} + +PackedByteArray CodeSignSignature::get_hash_sha1() const { + PackedByteArray hash; + hash.resize(0x14); + + CryptoCore::SHA1Context ctx; + ctx.start(); + ctx.update(blob.ptr(), blob.size()); + ctx.finish(hash.ptrw()); + + return hash; +} + +PackedByteArray CodeSignSignature::get_hash_sha256() const { + PackedByteArray hash; + hash.resize(0x20); + + CryptoCore::SHA256Context ctx; + ctx.start(); + ctx.update(blob.ptr(), blob.size()); + ctx.finish(hash.ptrw()); + + return hash; +} + +int CodeSignSignature::get_size() const { + return blob.size(); +} + +void CodeSignSignature::write_to_file(Ref<FileAccess> p_file) const { + ERR_FAIL_COND_MSG(p_file.is_null(), "CodeSign/Signature: Invalid file handle."); + p_file->store_buffer(blob.ptr(), blob.size()); +} + +/*************************************************************************/ +/* CodeSignSuperBlob */ +/*************************************************************************/ + +bool CodeSignSuperBlob::add_blob(const Ref<CodeSignBlob> &p_blob) { + if (p_blob.is_valid()) { + blobs.push_back(p_blob); + return true; + } else { + return false; + } +} + +int CodeSignSuperBlob::get_size() const { + int size = 12 + blobs.size() * 8; + for (int i = 0; i < blobs.size(); i++) { + if (blobs[i].is_null()) { + return 0; + } + size += blobs[i]->get_size(); + } + return size; +} + +void CodeSignSuperBlob::write_to_file(Ref<FileAccess> p_file) const { + ERR_FAIL_COND_MSG(p_file.is_null(), "CodeSign/SuperBlob: Invalid file handle."); + uint32_t size = get_size(); + uint32_t data_offset = 12 + blobs.size() * 8; + + // Write header. + p_file->store_32(BSWAP32(0xfade0cc0)); + p_file->store_32(BSWAP32(size)); + p_file->store_32(BSWAP32(blobs.size())); + + // Write index. + for (int i = 0; i < blobs.size(); i++) { + if (blobs[i].is_null()) { + return; + } + p_file->store_32(BSWAP32(blobs[i]->get_index_type())); + p_file->store_32(BSWAP32(data_offset)); + data_offset += blobs[i]->get_size(); + } + + // Write blobs. + for (int i = 0; i < blobs.size(); i++) { + blobs[i]->write_to_file(p_file); + } +} + +/*************************************************************************/ +/* CodeSign */ +/*************************************************************************/ + +PackedByteArray CodeSign::file_hash_sha1(const String &p_path) { + PackedByteArray file_hash; + Ref<FileAccess> f = FileAccess::open(p_path, FileAccess::READ); + ERR_FAIL_COND_V_MSG(f.is_null(), PackedByteArray(), vformat("CodeSign: Can't open file: \"%s\".", p_path)); + + CryptoCore::SHA1Context ctx; + ctx.start(); + + unsigned char step[4096]; + while (true) { + uint64_t br = f->get_buffer(step, 4096); + if (br > 0) { + ctx.update(step, br); + } + if (br < 4096) { + break; + } + } + + file_hash.resize(0x14); + ctx.finish(file_hash.ptrw()); + return file_hash; +} + +PackedByteArray CodeSign::file_hash_sha256(const String &p_path) { + PackedByteArray file_hash; + Ref<FileAccess> f = FileAccess::open(p_path, FileAccess::READ); + ERR_FAIL_COND_V_MSG(f.is_null(), PackedByteArray(), vformat("CodeSign: Can't open file: \"%s\".", p_path)); + + CryptoCore::SHA256Context ctx; + ctx.start(); + + unsigned char step[4096]; + while (true) { + uint64_t br = f->get_buffer(step, 4096); + if (br > 0) { + ctx.update(step, br); + } + if (br < 4096) { + break; + } + } + + file_hash.resize(0x20); + ctx.finish(file_hash.ptrw()); + return file_hash; +} + +Error CodeSign::_codesign_file(bool p_use_hardened_runtime, bool p_force, const String &p_info, const String &p_exe_path, const String &p_bundle_path, const String &p_ent_path, bool p_ios_bundle, String &r_error_msg) { +#define CLEANUP() \ + if (files_to_sign.size() > 1) { \ + for (int j = 0; j < files_to_sign.size(); j++) { \ + da->remove(files_to_sign[j]); \ + } \ + } + + print_verbose(vformat("CodeSign: Signing executable: %s, bundle: %s with entitlements %s", p_exe_path, p_bundle_path, p_ent_path)); + + PackedByteArray info_hash1, info_hash2; + PackedByteArray res_hash1, res_hash2; + String id; + String main_exe = p_exe_path; + + Ref<DirAccess> da = DirAccess::create(DirAccess::ACCESS_FILESYSTEM); + if (da.is_null()) { + r_error_msg = TTR("Can't get filesystem access."); + ERR_FAIL_V_MSG(ERR_CANT_CREATE, "CodeSign: Can't get filesystem access."); + } + + // Read Info.plist. + if (!p_info.is_empty()) { + print_verbose(vformat("CodeSign: Reading bundle info...")); + PList info_plist; + if (info_plist.load_file(p_info)) { + info_hash1 = file_hash_sha1(p_info); + info_hash2 = file_hash_sha256(p_info); + if (info_hash1.is_empty() || info_hash2.is_empty()) { + r_error_msg = TTR("Failed to get Info.plist hash."); + ERR_FAIL_V_MSG(FAILED, "CodeSign: Failed to get Info.plist hash."); + } + + if (info_plist.get_root()->data_type == PList::PLNodeType::PL_NODE_TYPE_DICT && info_plist.get_root()->data_dict.has("CFBundleExecutable")) { + main_exe = p_exe_path.plus_file(String::utf8(info_plist.get_root()->data_dict["CFBundleExecutable"]->data_string.get_data())); + } else { + r_error_msg = TTR("Invalid Info.plist, no exe name."); + ERR_FAIL_V_MSG(FAILED, "CodeSign: Invalid Info.plist, no exe name."); + } + + if (info_plist.get_root()->data_type == PList::PLNodeType::PL_NODE_TYPE_DICT && info_plist.get_root()->data_dict.has("CFBundleIdentifier")) { + id = info_plist.get_root()->data_dict["CFBundleIdentifier"]->data_string.get_data(); + } else { + r_error_msg = TTR("Invalid Info.plist, no bundle id."); + ERR_FAIL_V_MSG(FAILED, "CodeSign: Invalid Info.plist, no bundle id."); + } + } else { + r_error_msg = TTR("Invalid Info.plist, can't load."); + ERR_FAIL_V_MSG(FAILED, "CodeSign: Invalid Info.plist, can't load."); + } + } + + // Extract fat binary. + Vector<String> files_to_sign; + if (LipO::is_lipo(main_exe)) { + print_verbose(vformat("CodeSign: Executable is fat, extracting...")); + String tmp_path_name = EditorPaths::get_singleton()->get_cache_dir().plus_file("_lipo"); + Error err = da->make_dir_recursive(tmp_path_name); + if (err != OK) { + r_error_msg = vformat(TTR("Failed to create \"%s\" subfolder."), tmp_path_name); + ERR_FAIL_V_MSG(FAILED, vformat("CodeSign: Failed to create \"%s\" subfolder.", tmp_path_name)); + } + LipO lip; + if (lip.open_file(main_exe)) { + for (int i = 0; i < lip.get_arch_count(); i++) { + if (!lip.extract_arch(i, tmp_path_name.plus_file("_exe_" + itos(i)))) { + CLEANUP(); + r_error_msg = TTR("Failed to extract thin binary."); + ERR_FAIL_V_MSG(FAILED, "CodeSign: Failed to extract thin binary."); + } + files_to_sign.push_back(tmp_path_name.plus_file("_exe_" + itos(i))); + } + } + } else if (MachO::is_macho(main_exe)) { + print_verbose(vformat("CodeSign: Executable is thin...")); + files_to_sign.push_back(main_exe); + } else { + r_error_msg = TTR("Invalid binary format."); + ERR_FAIL_V_MSG(FAILED, "CodeSign: Invalid binary format."); + } + + // Check if it's already signed. + if (!p_force) { + for (int i = 0; i < files_to_sign.size(); i++) { + MachO mh; + mh.open_file(files_to_sign[i]); + if (mh.is_signed()) { + CLEANUP(); + r_error_msg = TTR("Already signed!"); + ERR_FAIL_V_MSG(FAILED, "CodeSign: Already signed!"); + } + } + } + + // Generate core resources. + if (!p_bundle_path.is_empty()) { + print_verbose(vformat("CodeSign: Generating bundle CodeResources...")); + CodeSignCodeResources cr; + + if (p_ios_bundle) { + cr.add_rule1("^.*"); + cr.add_rule1("^.*\\.lproj/", "optional", 100); + cr.add_rule1("^.*\\.lproj/locversion.plist$", "omit", 1100); + cr.add_rule1("^Base\\.lproj/", "", 1010); + cr.add_rule1("^version.plist$"); + + cr.add_rule2(".*\\.dSYM($|/)", "", 11); + cr.add_rule2("^(.*/)?\\.DS_Store$", "omit", 2000); + cr.add_rule2("^.*"); + cr.add_rule2("^.*\\.lproj/", "optional", 1000); + cr.add_rule2("^.*\\.lproj/locversion.plist$", "omit", 1100); + cr.add_rule2("^Base\\.lproj/", "", 1010); + cr.add_rule2("^Info\\.plist$", "omit", 20); + cr.add_rule2("^PkgInfo$", "omit", 20); + cr.add_rule2("^embedded\\.provisionprofile$", "", 10); + cr.add_rule2("^version\\.plist$", "", 20); + + cr.add_rule2("^_MASReceipt", "omit", 2000, false); + cr.add_rule2("^_CodeSignature", "omit", 2000, false); + cr.add_rule2("^CodeResources", "omit", 2000, false); + } else { + cr.add_rule1("^Resources/"); + cr.add_rule1("^Resources/.*\\.lproj/", "optional", 1000); + cr.add_rule1("^Resources/.*\\.lproj/locversion.plist$", "omit", 1100); + cr.add_rule1("^Resources/Base\\.lproj/", "", 1010); + cr.add_rule1("^version.plist$"); + + cr.add_rule2(".*\\.dSYM($|/)", "", 11); + cr.add_rule2("^(.*/)?\\.DS_Store$", "omit", 2000); + cr.add_rule2("^(Frameworks|SharedFrameworks|PlugIns|Plug-ins|XPCServices|Helpers|MacOS|Library/(Automator|Spotlight|LoginItems))/", "nested", 10); + cr.add_rule2("^.*"); + cr.add_rule2("^Info\\.plist$", "omit", 20); + cr.add_rule2("^PkgInfo$", "omit", 20); + cr.add_rule2("^Resources/", "", 20); + cr.add_rule2("^Resources/.*\\.lproj/", "optional", 1000); + cr.add_rule2("^Resources/.*\\.lproj/locversion.plist$", "omit", 1100); + cr.add_rule2("^Resources/Base\\.lproj/", "", 1010); + cr.add_rule2("^[^/]+$", "nested", 10); + cr.add_rule2("^embedded\\.provisionprofile$", "", 10); + cr.add_rule2("^version\\.plist$", "", 20); + cr.add_rule2("^_MASReceipt", "omit", 2000, false); + cr.add_rule2("^_CodeSignature", "omit", 2000, false); + cr.add_rule2("^CodeResources", "omit", 2000, false); + } + + if (!cr.add_folder_recursive(p_bundle_path, "", main_exe)) { + CLEANUP(); + r_error_msg = TTR("Failed to process nested resources."); + ERR_FAIL_V_MSG(FAILED, "CodeSign: Failed to process nested resources."); + } + Error err = da->make_dir_recursive(p_bundle_path.plus_file("_CodeSignature")); + if (err != OK) { + CLEANUP(); + r_error_msg = TTR("Failed to create _CodeSignature subfolder."); + ERR_FAIL_V_MSG(FAILED, "CodeSign: Failed to create _CodeSignature subfolder."); + } + cr.save_to_file(p_bundle_path.plus_file("_CodeSignature").plus_file("CodeResources")); + res_hash1 = file_hash_sha1(p_bundle_path.plus_file("_CodeSignature").plus_file("CodeResources")); + res_hash2 = file_hash_sha256(p_bundle_path.plus_file("_CodeSignature").plus_file("CodeResources")); + if (res_hash1.is_empty() || res_hash2.is_empty()) { + CLEANUP(); + r_error_msg = TTR("Failed to get CodeResources hash."); + ERR_FAIL_V_MSG(FAILED, "CodeSign: Failed to get CodeResources hash."); + } + } + + // Generate common signature structures. + if (id.is_empty()) { + CryptoCore::RandomGenerator rng; + ERR_FAIL_COND_V_MSG(rng.init(), FAILED, "Failed to initialize random number generator."); + uint8_t uuid[16]; + Error err = rng.get_random_bytes(uuid, 16); + ERR_FAIL_COND_V_MSG(err, err, "Failed to generate UUID."); + id = (String("a-55554944") /*a-UUID*/ + String::hex_encode_buffer(uuid, 16)); + } + CharString uuid_str = id.utf8(); + print_verbose(vformat("CodeSign: Used bundle ID: %s", id)); + + print_verbose(vformat("CodeSign: Processing entitlements...")); + + Ref<CodeSignEntitlementsText> cet; + Ref<CodeSignEntitlementsBinary> ceb; + if (!p_ent_path.is_empty()) { + String entitlements = FileAccess::get_file_as_string(p_ent_path); + if (entitlements.is_empty()) { + CLEANUP(); + r_error_msg = TTR("Invalid entitlements file."); + ERR_FAIL_V_MSG(FAILED, "CodeSign: Invalid entitlements file."); + } + cet = Ref<CodeSignEntitlementsText>(memnew(CodeSignEntitlementsText(entitlements))); + ceb = Ref<CodeSignEntitlementsBinary>(memnew(CodeSignEntitlementsBinary(entitlements))); + } + + print_verbose(vformat("CodeSign: Generating requirements...")); + Ref<CodeSignRequirements> rq; + String team_id = ""; + rq = Ref<CodeSignRequirements>(memnew(CodeSignRequirements())); + + // Sign executables. + for (int i = 0; i < files_to_sign.size(); i++) { + MachO mh; + if (!mh.open_file(files_to_sign[i])) { + CLEANUP(); + r_error_msg = TTR("Invalid executable file."); + ERR_FAIL_V_MSG(FAILED, "CodeSign: Invalid executable file."); + } + print_verbose(vformat("CodeSign: Signing executable for cputype: %d ...", mh.get_cputype())); + + print_verbose(vformat("CodeSign: Generating CodeDirectory...")); + Ref<CodeSignCodeDirectory> cd1 = memnew(CodeSignCodeDirectory(0x14, 0x01, true, uuid_str, team_id.utf8(), 12, mh.get_exe_limit(), mh.get_code_limit())); + Ref<CodeSignCodeDirectory> cd2 = memnew(CodeSignCodeDirectory(0x20, 0x02, true, uuid_str, team_id.utf8(), 12, mh.get_exe_limit(), mh.get_code_limit())); + print_verbose(vformat("CodeSign: Calculating special slot hashes...")); + if (info_hash2.size() == 0x20) { + cd2->set_hash_in_slot(info_hash2, CodeSignCodeDirectory::SLOT_INFO_PLIST); + } + if (info_hash1.size() == 0x14) { + cd1->set_hash_in_slot(info_hash1, CodeSignCodeDirectory::SLOT_INFO_PLIST); + } + cd1->set_hash_in_slot(rq->get_hash_sha1(), CodeSignCodeDirectory::Slot::SLOT_REQUIREMENTS); + cd2->set_hash_in_slot(rq->get_hash_sha256(), CodeSignCodeDirectory::Slot::SLOT_REQUIREMENTS); + if (res_hash2.size() == 0x20) { + cd2->set_hash_in_slot(res_hash2, CodeSignCodeDirectory::SLOT_RESOURCES); + } + if (res_hash1.size() == 0x14) { + cd1->set_hash_in_slot(res_hash1, CodeSignCodeDirectory::SLOT_RESOURCES); + } + if (cet.is_valid()) { + cd1->set_hash_in_slot(cet->get_hash_sha1(), CodeSignCodeDirectory::Slot::SLOT_ENTITLEMENTS); //Text variant. + cd2->set_hash_in_slot(cet->get_hash_sha256(), CodeSignCodeDirectory::Slot::SLOT_ENTITLEMENTS); + } + if (ceb.is_valid()) { + cd1->set_hash_in_slot(ceb->get_hash_sha1(), CodeSignCodeDirectory::Slot::SLOT_DER_ENTITLEMENTS); //ASN.1 variant. + cd2->set_hash_in_slot(ceb->get_hash_sha256(), CodeSignCodeDirectory::Slot::SLOT_DER_ENTITLEMENTS); + } + + // Calculate signature size. + int sign_size = 12; // SuperBlob header. + sign_size += cd1->get_size() + 8; + sign_size += cd2->get_size() + 8; + sign_size += rq->get_size() + 8; + if (cet.is_valid()) { + sign_size += cet->get_size() + 8; + } + if (ceb.is_valid()) { + sign_size += ceb->get_size() + 8; + } + sign_size += 16; // Empty signature size. + + // Alloc/resize signature load command. + print_verbose(vformat("CodeSign: Reallocating space for the signature superblob (%d)...", sign_size)); + if (!mh.set_signature_size(sign_size)) { + CLEANUP(); + r_error_msg = TTR("Can't resize signature load command."); + ERR_FAIL_V_MSG(FAILED, "CodeSign: Can't resize signature load command."); + } + + print_verbose(vformat("CodeSign: Calculating executable code hashes...")); + // Calculate executable code hashes. + PackedByteArray buffer; + PackedByteArray hash1, hash2; + hash1.resize(0x14); + hash2.resize(0x20); + buffer.resize(1 << 12); + mh.get_file()->seek(0); + for (int32_t j = 0; j < cd2->get_page_count(); j++) { + mh.get_file()->get_buffer(buffer.ptrw(), (1 << 12)); + CryptoCore::SHA256Context ctx2; + ctx2.start(); + ctx2.update(buffer.ptr(), (1 << 12)); + ctx2.finish(hash2.ptrw()); + cd2->set_hash_in_slot(hash2, j); + + CryptoCore::SHA1Context ctx1; + ctx1.start(); + ctx1.update(buffer.ptr(), (1 << 12)); + ctx1.finish(hash1.ptrw()); + cd1->set_hash_in_slot(hash1, j); + } + if (cd2->get_page_remainder() > 0) { + mh.get_file()->get_buffer(buffer.ptrw(), cd2->get_page_remainder()); + CryptoCore::SHA256Context ctx2; + ctx2.start(); + ctx2.update(buffer.ptr(), cd2->get_page_remainder()); + ctx2.finish(hash2.ptrw()); + cd2->set_hash_in_slot(hash2, cd2->get_page_count()); + + CryptoCore::SHA1Context ctx1; + ctx1.start(); + ctx1.update(buffer.ptr(), cd1->get_page_remainder()); + ctx1.finish(hash1.ptrw()); + cd1->set_hash_in_slot(hash1, cd1->get_page_count()); + } + + print_verbose(vformat("CodeSign: Generating signature...")); + Ref<CodeSignSignature> cs; + cs = Ref<CodeSignSignature>(memnew(CodeSignSignature())); + + print_verbose(vformat("CodeSign: Writing signature superblob...")); + // Write signature data to the executable. + CodeSignSuperBlob sb = CodeSignSuperBlob(); + sb.add_blob(cd2); + sb.add_blob(cd1); + sb.add_blob(rq); + if (cet.is_valid()) { + sb.add_blob(cet); + } + if (ceb.is_valid()) { + sb.add_blob(ceb); + } + sb.add_blob(cs); + mh.get_file()->seek(mh.get_signature_offset()); + sb.write_to_file(mh.get_file()); + } + if (files_to_sign.size() > 1) { + print_verbose(vformat("CodeSign: Rebuilding fat executable...")); + LipO lip; + if (!lip.create_file(main_exe, files_to_sign)) { + CLEANUP(); + r_error_msg = TTR("Failed to create fat binary."); + ERR_FAIL_V_MSG(FAILED, "CodeSign: Failed to create fat binary."); + } + CLEANUP(); + } + FileAccess::set_unix_permissions(main_exe, 0755); // Restore unix permissions. + return OK; +#undef CLEANUP +} + +Error CodeSign::codesign(bool p_use_hardened_runtime, bool p_force, const String &p_path, const String &p_ent_path, String &r_error_msg) { + Ref<DirAccess> da = DirAccess::create(DirAccess::ACCESS_FILESYSTEM); + if (da.is_null()) { + r_error_msg = TTR("Can't get filesystem access."); + ERR_FAIL_V_MSG(ERR_CANT_CREATE, "CodeSign: Can't get filesystem access."); + } + + if (da->dir_exists(p_path)) { + String fmw_ver = "Current"; // Framework version (default). + String info_path; + String main_exe; + String bundle_path; + bool bundle = false; + bool ios_bundle = false; + if (da->file_exists(p_path.plus_file("Contents/Info.plist"))) { + info_path = p_path.plus_file("Contents/Info.plist"); + main_exe = p_path.plus_file("Contents/MacOS"); + bundle_path = p_path.plus_file("Contents"); + bundle = true; + } else if (da->file_exists(p_path.plus_file(vformat("Versions/%s/Resources/Info.plist", fmw_ver)))) { + info_path = p_path.plus_file(vformat("Versions/%s/Resources/Info.plist", fmw_ver)); + main_exe = p_path.plus_file(vformat("Versions/%s", fmw_ver)); + bundle_path = p_path.plus_file(vformat("Versions/%s", fmw_ver)); + bundle = true; + } else if (da->file_exists(p_path.plus_file("Info.plist"))) { + info_path = p_path.plus_file("Info.plist"); + main_exe = p_path; + bundle_path = p_path; + bundle = true; + ios_bundle = true; + } + if (bundle) { + return _codesign_file(p_use_hardened_runtime, p_force, info_path, main_exe, bundle_path, p_ent_path, ios_bundle, r_error_msg); + } else { + r_error_msg = TTR("Unknown bundle type."); + ERR_FAIL_V_MSG(FAILED, "CodeSign: Unknown bundle type."); + } + } else if (da->file_exists(p_path)) { + return _codesign_file(p_use_hardened_runtime, p_force, "", p_path, "", p_ent_path, false, r_error_msg); + } else { + r_error_msg = TTR("Unknown object type."); + ERR_FAIL_V_MSG(FAILED, "CodeSign: Unknown object type."); + } +} + +#endif // MODULE_REGEX_ENABLED diff --git a/platform/macos/export/codesign.h b/platform/macos/export/codesign.h new file mode 100644 index 0000000000..3a08c0ea86 --- /dev/null +++ b/platform/macos/export/codesign.h @@ -0,0 +1,368 @@ +/*************************************************************************/ +/* codesign.h */ +/*************************************************************************/ +/* This file is part of: */ +/* GODOT ENGINE */ +/* https://godotengine.org */ +/*************************************************************************/ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ +/* */ +/* Permission is hereby granted, free of charge, to any person obtaining */ +/* a copy of this software and associated documentation files (the */ +/* "Software"), to deal in the Software without restriction, including */ +/* without limitation the rights to use, copy, modify, merge, publish, */ +/* distribute, sublicense, and/or sell copies of the Software, and to */ +/* permit persons to whom the Software is furnished to do so, subject to */ +/* the following conditions: */ +/* */ +/* The above copyright notice and this permission notice shall be */ +/* included in all copies or substantial portions of the Software. */ +/* */ +/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ +/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ +/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ +/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ +/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ +/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ +/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ +/*************************************************************************/ + +// macOS code signature creation utility. +// +// Current implementation has the following limitation: +// - Only version 11.3.0 signatures are supported. +// - Only "framework" and "app" bundle types are supported. +// - Page hash array scattering is not supported. +// - Reading and writing binary property lists i snot supported (third-party frameworks with binary Info.plist will not work unless .plist is converted to text format). +// - Requirements code generator is not implemented (only hard-coded requirements for the ad-hoc signing is supported). +// - RFC5652/CMS blob generation is not implemented, supports ad-hoc signing only. + +#ifndef CODESIGN_H +#define CODESIGN_H + +#include "core/crypto/crypto_core.h" +#include "core/io/dir_access.h" +#include "core/io/file_access.h" +#include "core/object/ref_counted.h" + +#include "modules/modules_enabled.gen.h" // For regex. +#ifdef MODULE_REGEX_ENABLED +#include "modules/regex/regex.h" +#endif + +#include "plist.h" + +#ifdef MODULE_REGEX_ENABLED + +/*************************************************************************/ +/* CodeSignCodeResources */ +/*************************************************************************/ + +class CodeSignCodeResources { +public: + enum class CRMatch { + CR_MATCH_NO, + CR_MATCH_YES, + CR_MATCH_NESTED, + CR_MATCH_OPTIONAL, + }; + +private: + struct CRFile { + String name; + String hash; + String hash2; + bool optional; + bool nested; + String requirements; + }; + + struct CRRule { + String file_pattern; + String key; + int weight; + bool store; + CRRule() { + weight = 1; + store = true; + } + CRRule(const String &p_file_pattern, const String &p_key, int p_weight, bool p_store) { + file_pattern = p_file_pattern; + key = p_key; + weight = p_weight; + store = p_store; + } + }; + + Vector<CRRule> rules1; + Vector<CRRule> rules2; + + Vector<CRFile> files1; + Vector<CRFile> files2; + + String hash_sha1_base64(const String &p_path); + String hash_sha256_base64(const String &p_path); + +public: + void add_rule1(const String &p_rule, const String &p_key = "", int p_weight = 0, bool p_store = true); + void add_rule2(const String &p_rule, const String &p_key = "", int p_weight = 0, bool p_store = true); + + CRMatch match_rules1(const String &p_path) const; + CRMatch match_rules2(const String &p_path) const; + + bool add_file1(const String &p_root, const String &p_path); + bool add_file2(const String &p_root, const String &p_path); + bool add_nested_file(const String &p_root, const String &p_path, const String &p_exepath); + + bool add_folder_recursive(const String &p_root, const String &p_path = "", const String &p_main_exe_path = ""); + + bool save_to_file(const String &p_path); +}; + +/*************************************************************************/ +/* CodeSignBlob */ +/*************************************************************************/ + +class CodeSignBlob : public RefCounted { +public: + virtual PackedByteArray get_hash_sha1() const = 0; + virtual PackedByteArray get_hash_sha256() const = 0; + + virtual int get_size() const = 0; + virtual uint32_t get_index_type() const = 0; + + virtual void write_to_file(Ref<FileAccess> p_file) const = 0; +}; + +/*************************************************************************/ +/* CodeSignRequirements */ +/*************************************************************************/ + +// Note: Proper code generator is not implemented (any we probably won't ever need it), just a hardcoded bytecode for the limited set of cases. + +class CodeSignRequirements : public CodeSignBlob { + PackedByteArray blob; + + static inline size_t PAD(size_t s, size_t a) { + return (s % a == 0) ? 0 : (a - s % a); + } + + _FORCE_INLINE_ void _parse_certificate_slot(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const; + _FORCE_INLINE_ void _parse_key(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const; + _FORCE_INLINE_ void _parse_oid_key(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const; + _FORCE_INLINE_ void _parse_hash_string(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const; + _FORCE_INLINE_ void _parse_value(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const; + _FORCE_INLINE_ void _parse_date(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const; + _FORCE_INLINE_ bool _parse_match(uint32_t &r_pos, String &r_out, uint32_t p_rq_size) const; + +public: + CodeSignRequirements(); + CodeSignRequirements(const PackedByteArray &p_data); + + Vector<String> parse_requirements() const; + + virtual PackedByteArray get_hash_sha1() const override; + virtual PackedByteArray get_hash_sha256() const override; + + virtual int get_size() const override; + + virtual uint32_t get_index_type() const override { return 0x00000002; }; + virtual void write_to_file(Ref<FileAccess> p_file) const override; +}; + +/*************************************************************************/ +/* CodeSignEntitlementsText */ +/*************************************************************************/ + +// PList formatted entitlements. + +class CodeSignEntitlementsText : public CodeSignBlob { + PackedByteArray blob; + +public: + CodeSignEntitlementsText(); + CodeSignEntitlementsText(const String &p_string); + + virtual PackedByteArray get_hash_sha1() const override; + virtual PackedByteArray get_hash_sha256() const override; + + virtual int get_size() const override; + + virtual uint32_t get_index_type() const override { return 0x00000005; }; + virtual void write_to_file(Ref<FileAccess> p_file) const override; +}; + +/*************************************************************************/ +/* CodeSignEntitlementsBinary */ +/*************************************************************************/ + +// ASN.1 serialized entitlements. + +class CodeSignEntitlementsBinary : public CodeSignBlob { + PackedByteArray blob; + +public: + CodeSignEntitlementsBinary(); + CodeSignEntitlementsBinary(const String &p_string); + + virtual PackedByteArray get_hash_sha1() const override; + virtual PackedByteArray get_hash_sha256() const override; + + virtual int get_size() const override; + + virtual uint32_t get_index_type() const override { return 0x00000007; }; + virtual void write_to_file(Ref<FileAccess> p_file) const override; +}; + +/*************************************************************************/ +/* CodeSignCodeDirectory */ +/*************************************************************************/ + +// Code Directory, runtime options, code segment and special structure hashes. + +class CodeSignCodeDirectory : public CodeSignBlob { +public: + enum Slot { + SLOT_INFO_PLIST = -1, + SLOT_REQUIREMENTS = -2, + SLOT_RESOURCES = -3, + SLOT_APP_SPECIFIC = -4, // Unused. + SLOT_ENTITLEMENTS = -5, + SLOT_RESERVER1 = -6, // Unused. + SLOT_DER_ENTITLEMENTS = -7, + }; + + enum CodeSignExecSegFlags { + EXECSEG_MAIN_BINARY = 0x1, + EXECSEG_ALLOW_UNSIGNED = 0x10, + EXECSEG_DEBUGGER = 0x20, + EXECSEG_JIT = 0x40, + EXECSEG_SKIP_LV = 0x80, + EXECSEG_CAN_LOAD_CDHASH = 0x100, + EXECSEG_CAN_EXEC_CDHASH = 0x200, + }; + + enum CodeSignatureFlags { + SIGNATURE_HOST = 0x0001, + SIGNATURE_ADHOC = 0x0002, + SIGNATURE_TASK_ALLOW = 0x0004, + SIGNATURE_INSTALLER = 0x0008, + SIGNATURE_FORCED_LV = 0x0010, + SIGNATURE_INVALID_ALLOWED = 0x0020, + SIGNATURE_FORCE_HARD = 0x0100, + SIGNATURE_FORCE_KILL = 0x0200, + SIGNATURE_FORCE_EXPIRATION = 0x0400, + SIGNATURE_RESTRICT = 0x0800, + SIGNATURE_ENFORCEMENT = 0x1000, + SIGNATURE_LIBRARY_VALIDATION = 0x2000, + SIGNATURE_ENTITLEMENTS_VALIDATED = 0x4000, + SIGNATURE_NVRAM_UNRESTRICTED = 0x8000, + SIGNATURE_RUNTIME = 0x10000, + SIGNATURE_LINKER_SIGNED = 0x20000, + }; + +private: + PackedByteArray blob; + + struct CodeDirectoryHeader { + uint32_t version; // Using version 0x0020500. + uint32_t flags; // // Option flags. + uint32_t hash_offset; // Slot zero offset. + uint32_t ident_offset; // Identifier string offset. + uint32_t special_slots; // Nr. of slots with negative index. + uint32_t code_slots; // Nr. of slots with index >= 0, (code_limit / page_size). + uint32_t code_limit; // Everything before code signature load command offset. + uint8_t hash_size; // 20 (SHA-1) or 32 (SHA-256). + uint8_t hash_type; // 1 (SHA-1) or 2 (SHA-256). + uint8_t platform; // Not used. + uint8_t page_size; // Page size, power of two, 2^12 (4096). + uint32_t spare2; // Not used. + // Version 0x20100 + uint32_t scatter_vector_offset; // Set to 0 and ignore. + // Version 0x20200 + uint32_t team_offset; // Team id string offset. + // Version 0x20300 + uint32_t spare3; // Not used. + uint64_t code_limit_64; // Set to 0 and ignore. + // Version 0x20400 + uint64_t exec_seg_base; // Start of the signed code segmet. + uint64_t exec_seg_limit; // Code segment (__TEXT) vmsize. + uint64_t exec_seg_flags; // Executable segment flags. + // Version 0x20500 + uint32_t runtime; // Runtime version. + uint32_t pre_encrypt_offset; // Set to 0 and ignore. + }; + + int32_t pages = 0; + int32_t remain = 0; + int32_t code_slots = 0; + int32_t special_slots = 0; + +public: + CodeSignCodeDirectory(); + CodeSignCodeDirectory(uint8_t p_hash_size, uint8_t p_hash_type, bool p_main, const CharString &p_id, const CharString &p_team_id, uint32_t p_page_size, uint64_t p_exe_limit, uint64_t p_code_limit); + + int32_t get_page_count(); + int32_t get_page_remainder(); + + bool set_hash_in_slot(const PackedByteArray &p_hash, int p_slot); + + virtual PackedByteArray get_hash_sha1() const override; + virtual PackedByteArray get_hash_sha256() const override; + + virtual int get_size() const override; + virtual uint32_t get_index_type() const override { return 0x00000000; }; + + virtual void write_to_file(Ref<FileAccess> p_file) const override; +}; + +/*************************************************************************/ +/* CodeSignSignature */ +/*************************************************************************/ + +class CodeSignSignature : public CodeSignBlob { + PackedByteArray blob; + +public: + CodeSignSignature(); + + virtual PackedByteArray get_hash_sha1() const override; + virtual PackedByteArray get_hash_sha256() const override; + + virtual int get_size() const override; + virtual uint32_t get_index_type() const override { return 0x00010000; }; + + virtual void write_to_file(Ref<FileAccess> p_file) const override; +}; + +/*************************************************************************/ +/* CodeSignSuperBlob */ +/*************************************************************************/ + +class CodeSignSuperBlob { + Vector<Ref<CodeSignBlob>> blobs; + +public: + bool add_blob(const Ref<CodeSignBlob> &p_blob); + + int get_size() const; + void write_to_file(Ref<FileAccess> p_file) const; +}; + +/*************************************************************************/ +/* CodeSign */ +/*************************************************************************/ + +class CodeSign { + static PackedByteArray file_hash_sha1(const String &p_path); + static PackedByteArray file_hash_sha256(const String &p_path); + static Error _codesign_file(bool p_use_hardened_runtime, bool p_force, const String &p_info, const String &p_exe_path, const String &p_bundle_path, const String &p_ent_path, bool p_ios_bundle, String &r_error_msg); + +public: + static Error codesign(bool p_use_hardened_runtime, bool p_force, const String &p_path, const String &p_ent_path, String &r_error_msg); +}; + +#endif // MODULE_REGEX_ENABLED + +#endif // CODESIGN_H diff --git a/platform/macos/export/export.cpp b/platform/macos/export/export.cpp new file mode 100644 index 0000000000..ff7457081f --- /dev/null +++ b/platform/macos/export/export.cpp @@ -0,0 +1,43 @@ +/*************************************************************************/ +/* export.cpp */ +/*************************************************************************/ +/* This file is part of: */ +/* GODOT ENGINE */ +/* https://godotengine.org */ +/*************************************************************************/ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ +/* */ +/* Permission is hereby granted, free of charge, to any person obtaining */ +/* a copy of this software and associated documentation files (the */ +/* "Software"), to deal in the Software without restriction, including */ +/* without limitation the rights to use, copy, modify, merge, publish, */ +/* distribute, sublicense, and/or sell copies of the Software, and to */ +/* permit persons to whom the Software is furnished to do so, subject to */ +/* the following conditions: */ +/* */ +/* The above copyright notice and this permission notice shall be */ +/* included in all copies or substantial portions of the Software. */ +/* */ +/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ +/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ +/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ +/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ +/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ +/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ +/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ +/*************************************************************************/ + +#include "export.h" + +#include "export_plugin.h" + +void register_macos_exporter() { + EDITOR_DEF("export/macos/force_builtin_codesign", false); + EditorSettings::get_singleton()->add_property_hint(PropertyInfo(Variant::BOOL, "export/macos/force_builtin_codesign", PROPERTY_HINT_NONE)); + + Ref<EditorExportPlatformMacOS> platform; + platform.instantiate(); + + EditorExport::get_singleton()->add_export_platform(platform); +} diff --git a/platform/macos/export/export.h b/platform/macos/export/export.h new file mode 100644 index 0000000000..260c691209 --- /dev/null +++ b/platform/macos/export/export.h @@ -0,0 +1,36 @@ +/*************************************************************************/ +/* export.h */ +/*************************************************************************/ +/* This file is part of: */ +/* GODOT ENGINE */ +/* https://godotengine.org */ +/*************************************************************************/ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ +/* */ +/* Permission is hereby granted, free of charge, to any person obtaining */ +/* a copy of this software and associated documentation files (the */ +/* "Software"), to deal in the Software without restriction, including */ +/* without limitation the rights to use, copy, modify, merge, publish, */ +/* distribute, sublicense, and/or sell copies of the Software, and to */ +/* permit persons to whom the Software is furnished to do so, subject to */ +/* the following conditions: */ +/* */ +/* The above copyright notice and this permission notice shall be */ +/* included in all copies or substantial portions of the Software. */ +/* */ +/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ +/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ +/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ +/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ +/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ +/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ +/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ +/*************************************************************************/ + +#ifndef MACOS_EXPORT_H +#define MACOS_EXPORT_H + +void register_macos_exporter(); + +#endif // MACOS_EXPORT_H diff --git a/platform/macos/export/export_plugin.cpp b/platform/macos/export/export_plugin.cpp new file mode 100644 index 0000000000..8cb69997d9 --- /dev/null +++ b/platform/macos/export/export_plugin.cpp @@ -0,0 +1,1684 @@ +/*************************************************************************/ +/* export_plugin.cpp */ +/*************************************************************************/ +/* This file is part of: */ +/* GODOT ENGINE */ +/* https://godotengine.org */ +/*************************************************************************/ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ +/* */ +/* Permission is hereby granted, free of charge, to any person obtaining */ +/* a copy of this software and associated documentation files (the */ +/* "Software"), to deal in the Software without restriction, including */ +/* without limitation the rights to use, copy, modify, merge, publish, */ +/* distribute, sublicense, and/or sell copies of the Software, and to */ +/* permit persons to whom the Software is furnished to do so, subject to */ +/* the following conditions: */ +/* */ +/* The above copyright notice and this permission notice shall be */ +/* included in all copies or substantial portions of the Software. */ +/* */ +/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ +/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ +/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ +/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ +/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ +/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ +/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ +/*************************************************************************/ + +#include "export_plugin.h" + +#include "codesign.h" + +#include "editor/editor_node.h" +#include "editor/editor_paths.h" + +#include "modules/modules_enabled.gen.h" // For regex. + +void EditorExportPlatformMacOS::get_preset_features(const Ref<EditorExportPreset> &p_preset, List<String> *r_features) { + if (p_preset->get("texture_format/s3tc")) { + r_features->push_back("s3tc"); + } + if (p_preset->get("texture_format/etc")) { + r_features->push_back("etc"); + } + if (p_preset->get("texture_format/etc2")) { + r_features->push_back("etc2"); + } + + r_features->push_back("64"); +} + +bool EditorExportPlatformMacOS::get_export_option_visibility(const String &p_option, const HashMap<StringName, Variant> &p_options) const { + // These options are not supported by built-in codesign, used on non macOS host. + if (!OS::get_singleton()->has_feature("macos")) { + if (p_option == "codesign/identity" || p_option == "codesign/timestamp" || p_option == "codesign/hardened_runtime" || p_option == "codesign/custom_options" || p_option.begins_with("notarization/")) { + return false; + } + } + + // These entitlements are required to run managed code, and are always enabled in Mono builds. + if (Engine::get_singleton()->has_singleton("GodotSharp")) { + if (p_option == "codesign/entitlements/allow_jit_code_execution" || p_option == "codesign/entitlements/allow_unsigned_executable_memory" || p_option == "codesign/entitlements/allow_dyld_environment_variables") { + return false; + } + } + return true; +} + +void EditorExportPlatformMacOS::get_export_options(List<ExportOption> *r_options) { + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "custom_template/debug", PROPERTY_HINT_GLOBAL_FILE, "*.zip"), "")); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "custom_template/release", PROPERTY_HINT_GLOBAL_FILE, "*.zip"), "")); + + r_options->push_back(ExportOption(PropertyInfo(Variant::INT, "debug/export_console_script", PROPERTY_HINT_ENUM, "No,Debug Only,Debug and Release"), 1)); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "application/icon", PROPERTY_HINT_FILE, "*.png,*.icns"), "")); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "application/bundle_identifier", PROPERTY_HINT_PLACEHOLDER_TEXT, "com.example.game"), "")); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "application/signature"), "")); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "application/app_category", PROPERTY_HINT_ENUM, "Business,Developer-tools,Education,Entertainment,Finance,Games,Action-games,Adventure-games,Arcade-games,Board-games,Card-games,Casino-games,Dice-games,Educational-games,Family-games,Kids-games,Music-games,Puzzle-games,Racing-games,Role-playing-games,Simulation-games,Sports-games,Strategy-games,Trivia-games,Word-games,Graphics-design,Healthcare-fitness,Lifestyle,Medical,Music,News,Photography,Productivity,Reference,Social-networking,Sports,Travel,Utilities,Video,Weather"), "Games")); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "application/short_version"), "1.0")); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "application/version"), "1.0")); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "application/copyright"), "")); + r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "application/copyright_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary())); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "display/high_res"), false)); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/microphone_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use the microphone"), "")); + r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/microphone_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary())); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/camera_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use the camera"), "")); + r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/camera_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary())); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/location_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use the location information"), "")); + r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/location_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary())); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/address_book_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use the address book"), "")); + r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/address_book_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary())); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/calendar_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use the calendar"), "")); + r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/calendar_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary())); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/photos_library_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use the photo library"), "")); + r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/photos_library_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary())); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/desktop_folder_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use Desktop folder"), "")); + r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/desktop_folder_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary())); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/documents_folder_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use Documents folder"), "")); + r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/documents_folder_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary())); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/downloads_folder_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use Downloads folder"), "")); + r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/downloads_folder_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary())); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/network_volumes_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use network volumes"), "")); + r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/network_volumes_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary())); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/removable_volumes_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use removable volumes"), "")); + r_options->push_back(ExportOption(PropertyInfo(Variant::DICTIONARY, "privacy/removable_volumes_usage_description_localized", PROPERTY_HINT_LOCALIZABLE_STRING), Dictionary())); + + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/enable"), true)); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "codesign/identity", PROPERTY_HINT_PLACEHOLDER_TEXT, "Type: Name (ID)"), "")); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/timestamp"), true)); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/replace_existing_signature"), true)); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/hardened_runtime"), true)); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "codesign/entitlements/custom_file", PROPERTY_HINT_GLOBAL_FILE, "*.plist"), "")); + + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/allow_jit_code_execution"), false)); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/allow_unsigned_executable_memory"), false)); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/allow_dyld_environment_variables"), false)); + + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/disable_library_validation"), false)); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/audio_input"), false)); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/camera"), false)); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/location"), false)); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/address_book"), false)); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/calendars"), false)); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/photos_library"), false)); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/apple_events"), false)); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/debugging"), false)); + + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/app_sandbox/enabled"), false)); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/app_sandbox/network_server"), false)); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/app_sandbox/network_client"), false)); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/app_sandbox/device_usb"), false)); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/app_sandbox/device_bluetooth"), false)); + r_options->push_back(ExportOption(PropertyInfo(Variant::INT, "codesign/entitlements/app_sandbox/files_downloads", PROPERTY_HINT_ENUM, "No,Read-only,Read-write"), 0)); + r_options->push_back(ExportOption(PropertyInfo(Variant::INT, "codesign/entitlements/app_sandbox/files_pictures", PROPERTY_HINT_ENUM, "No,Read-only,Read-write"), 0)); + r_options->push_back(ExportOption(PropertyInfo(Variant::INT, "codesign/entitlements/app_sandbox/files_music", PROPERTY_HINT_ENUM, "No,Read-only,Read-write"), 0)); + r_options->push_back(ExportOption(PropertyInfo(Variant::INT, "codesign/entitlements/app_sandbox/files_movies", PROPERTY_HINT_ENUM, "No,Read-only,Read-write"), 0)); + r_options->push_back(ExportOption(PropertyInfo(Variant::ARRAY, "codesign/entitlements/app_sandbox/helper_executables", PROPERTY_HINT_ARRAY_TYPE, itos(Variant::STRING) + "/" + itos(PROPERTY_HINT_GLOBAL_FILE) + ":"), Array())); + + r_options->push_back(ExportOption(PropertyInfo(Variant::PACKED_STRING_ARRAY, "codesign/custom_options"), PackedStringArray())); + + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "notarization/enable"), false)); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "notarization/apple_id_name", PROPERTY_HINT_PLACEHOLDER_TEXT, "Apple ID email"), "")); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "notarization/apple_id_password", PROPERTY_HINT_PLACEHOLDER_TEXT, "Enable two-factor authentication and provide app-specific password"), "")); + r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "notarization/apple_team_id", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide team ID if your Apple ID belongs to multiple teams"), "")); + + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "texture_format/s3tc"), true)); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "texture_format/etc"), false)); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "texture_format/etc2"), false)); +} + +void _rgba8_to_packbits_encode(int p_ch, int p_size, Vector<uint8_t> &p_source, Vector<uint8_t> &p_dest) { + int src_len = p_size * p_size; + + Vector<uint8_t> result; + result.resize(src_len * 1.25); //temp vector for rle encoded data, make it 25% larger for worst case scenario + int res_size = 0; + + uint8_t buf[128]; + int buf_size = 0; + + int i = 0; + while (i < src_len) { + uint8_t cur = p_source.ptr()[i * 4 + p_ch]; + + if (i < src_len - 2) { + if ((p_source.ptr()[(i + 1) * 4 + p_ch] == cur) && (p_source.ptr()[(i + 2) * 4 + p_ch] == cur)) { + if (buf_size > 0) { + result.write[res_size++] = (uint8_t)(buf_size - 1); + memcpy(&result.write[res_size], &buf, buf_size); + res_size += buf_size; + buf_size = 0; + } + + uint8_t lim = i + 130 >= src_len ? src_len - i - 1 : 130; + bool hit_lim = true; + + for (int j = 3; j <= lim; j++) { + if (p_source.ptr()[(i + j) * 4 + p_ch] != cur) { + hit_lim = false; + i = i + j - 1; + result.write[res_size++] = (uint8_t)(j - 3 + 0x80); + result.write[res_size++] = cur; + break; + } + } + if (hit_lim) { + result.write[res_size++] = (uint8_t)(lim - 3 + 0x80); + result.write[res_size++] = cur; + i = i + lim; + } + } else { + buf[buf_size++] = cur; + if (buf_size == 128) { + result.write[res_size++] = (uint8_t)(buf_size - 1); + memcpy(&result.write[res_size], &buf, buf_size); + res_size += buf_size; + buf_size = 0; + } + } + } else { + buf[buf_size++] = cur; + result.write[res_size++] = (uint8_t)(buf_size - 1); + memcpy(&result.write[res_size], &buf, buf_size); + res_size += buf_size; + buf_size = 0; + } + + i++; + } + + int ofs = p_dest.size(); + p_dest.resize(p_dest.size() + res_size); + memcpy(&p_dest.write[ofs], result.ptr(), res_size); +} + +void EditorExportPlatformMacOS::_make_icon(const Ref<Image> &p_icon, Vector<uint8_t> &p_data) { + Ref<ImageTexture> it = memnew(ImageTexture); + + Vector<uint8_t> data; + + data.resize(8); + data.write[0] = 'i'; + data.write[1] = 'c'; + data.write[2] = 'n'; + data.write[3] = 's'; + + struct MacOSIconInfo { + const char *name; + const char *mask_name; + bool is_png; + int size; + }; + + static const MacOSIconInfo icon_infos[] = { + { "ic10", "", true, 1024 }, //1024×1024 32-bit PNG and 512×512@2x 32-bit "retina" PNG + { "ic09", "", true, 512 }, //512×512 32-bit PNG + { "ic14", "", true, 512 }, //256×256@2x 32-bit "retina" PNG + { "ic08", "", true, 256 }, //256×256 32-bit PNG + { "ic13", "", true, 256 }, //128×128@2x 32-bit "retina" PNG + { "ic07", "", true, 128 }, //128×128 32-bit PNG + { "ic12", "", true, 64 }, //32×32@2× 32-bit "retina" PNG + { "ic11", "", true, 32 }, //16×16@2× 32-bit "retina" PNG + { "il32", "l8mk", false, 32 }, //32×32 24-bit RLE + 8-bit uncompressed mask + { "is32", "s8mk", false, 16 } //16×16 24-bit RLE + 8-bit uncompressed mask + }; + + for (uint64_t i = 0; i < (sizeof(icon_infos) / sizeof(icon_infos[0])); ++i) { + Ref<Image> copy = p_icon; // does this make sense? doesn't this just increase the reference count instead of making a copy? Do we even need a copy? + copy->convert(Image::FORMAT_RGBA8); + copy->resize(icon_infos[i].size, icon_infos[i].size); + + if (icon_infos[i].is_png) { + // Encode PNG icon. + it->set_image(copy); + String path = EditorPaths::get_singleton()->get_cache_dir().plus_file("icon.png"); + ResourceSaver::save(path, it); + + { + Ref<FileAccess> f = FileAccess::open(path, FileAccess::READ); + if (f.is_null()) { + // Clean up generated file. + DirAccess::remove_file_or_error(path); + add_message(EXPORT_MESSAGE_ERROR, TTR("Icon Creation"), vformat(TTR("Could not open icon file \"%s\"."), path)); + return; + } + + int ofs = data.size(); + uint64_t len = f->get_length(); + data.resize(data.size() + len + 8); + f->get_buffer(&data.write[ofs + 8], len); + len += 8; + len = BSWAP32(len); + memcpy(&data.write[ofs], icon_infos[i].name, 4); + encode_uint32(len, &data.write[ofs + 4]); + } + + // Clean up generated file. + DirAccess::remove_file_or_error(path); + + } else { + Vector<uint8_t> src_data = copy->get_data(); + + //encode 24bit RGB RLE icon + { + int ofs = data.size(); + data.resize(data.size() + 8); + + _rgba8_to_packbits_encode(0, icon_infos[i].size, src_data, data); // encode R + _rgba8_to_packbits_encode(1, icon_infos[i].size, src_data, data); // encode G + _rgba8_to_packbits_encode(2, icon_infos[i].size, src_data, data); // encode B + + int len = data.size() - ofs; + len = BSWAP32(len); + memcpy(&data.write[ofs], icon_infos[i].name, 4); + encode_uint32(len, &data.write[ofs + 4]); + } + + //encode 8bit mask uncompressed icon + { + int ofs = data.size(); + int len = copy->get_width() * copy->get_height(); + data.resize(data.size() + len + 8); + + for (int j = 0; j < len; j++) { + data.write[ofs + 8 + j] = src_data.ptr()[j * 4 + 3]; + } + len += 8; + len = BSWAP32(len); + memcpy(&data.write[ofs], icon_infos[i].mask_name, 4); + encode_uint32(len, &data.write[ofs + 4]); + } + } + } + + uint32_t total_len = data.size(); + total_len = BSWAP32(total_len); + encode_uint32(total_len, &data.write[4]); + + p_data = data; +} + +void EditorExportPlatformMacOS::_fix_plist(const Ref<EditorExportPreset> &p_preset, Vector<uint8_t> &plist, const String &p_binary) { + String str; + String strnew; + str.parse_utf8((const char *)plist.ptr(), plist.size()); + Vector<String> lines = str.split("\n"); + for (int i = 0; i < lines.size(); i++) { + if (lines[i].find("$binary") != -1) { + strnew += lines[i].replace("$binary", p_binary) + "\n"; + } else if (lines[i].find("$name") != -1) { + strnew += lines[i].replace("$name", ProjectSettings::get_singleton()->get("application/config/name")) + "\n"; + } else if (lines[i].find("$bundle_identifier") != -1) { + strnew += lines[i].replace("$bundle_identifier", p_preset->get("application/bundle_identifier")) + "\n"; + } else if (lines[i].find("$short_version") != -1) { + strnew += lines[i].replace("$short_version", p_preset->get("application/short_version")) + "\n"; + } else if (lines[i].find("$version") != -1) { + strnew += lines[i].replace("$version", p_preset->get("application/version")) + "\n"; + } else if (lines[i].find("$signature") != -1) { + strnew += lines[i].replace("$signature", p_preset->get("application/signature")) + "\n"; + } else if (lines[i].find("$app_category") != -1) { + String cat = p_preset->get("application/app_category"); + strnew += lines[i].replace("$app_category", cat.to_lower()) + "\n"; + } else if (lines[i].find("$copyright") != -1) { + strnew += lines[i].replace("$copyright", p_preset->get("application/copyright")) + "\n"; + } else if (lines[i].find("$highres") != -1) { + strnew += lines[i].replace("$highres", p_preset->get("display/high_res") ? "\t<true/>" : "\t<false/>") + "\n"; + } else if (lines[i].find("$usage_descriptions") != -1) { + String descriptions; + if (!((String)p_preset->get("privacy/microphone_usage_description")).is_empty()) { + descriptions += "\t<key>NSMicrophoneUsageDescription</key>\n"; + descriptions += "\t<string>" + (String)p_preset->get("privacy/microphone_usage_description") + "</string>\n"; + } + if (!((String)p_preset->get("privacy/camera_usage_description")).is_empty()) { + descriptions += "\t<key>NSCameraUsageDescription</key>\n"; + descriptions += "\t<string>" + (String)p_preset->get("privacy/camera_usage_description") + "</string>\n"; + } + if (!((String)p_preset->get("privacy/location_usage_description")).is_empty()) { + descriptions += "\t<key>NSLocationUsageDescription</key>\n"; + descriptions += "\t<string>" + (String)p_preset->get("privacy/location_usage_description") + "</string>\n"; + } + if (!((String)p_preset->get("privacy/address_book_usage_description")).is_empty()) { + descriptions += "\t<key>NSContactsUsageDescription</key>\n"; + descriptions += "\t<string>" + (String)p_preset->get("privacy/address_book_usage_description") + "</string>\n"; + } + if (!((String)p_preset->get("privacy/calendar_usage_description")).is_empty()) { + descriptions += "\t<key>NSCalendarsUsageDescription</key>\n"; + descriptions += "\t<string>" + (String)p_preset->get("privacy/calendar_usage_description") + "</string>\n"; + } + if (!((String)p_preset->get("privacy/photos_library_usage_description")).is_empty()) { + descriptions += "\t<key>NSPhotoLibraryUsageDescription</key>\n"; + descriptions += "\t<string>" + (String)p_preset->get("privacy/photos_library_usage_description") + "</string>\n"; + } + if (!((String)p_preset->get("privacy/desktop_folder_usage_description")).is_empty()) { + descriptions += "\t<key>NSDesktopFolderUsageDescription</key>\n"; + descriptions += "\t<string>" + (String)p_preset->get("privacy/desktop_folder_usage_description") + "</string>\n"; + } + if (!((String)p_preset->get("privacy/documents_folder_usage_description")).is_empty()) { + descriptions += "\t<key>NSDocumentsFolderUsageDescription</key>\n"; + descriptions += "\t<string>" + (String)p_preset->get("privacy/documents_folder_usage_description") + "</string>\n"; + } + if (!((String)p_preset->get("privacy/downloads_folder_usage_description")).is_empty()) { + descriptions += "\t<key>NSDownloadsFolderUsageDescription</key>\n"; + descriptions += "\t<string>" + (String)p_preset->get("privacy/downloads_folder_usage_description") + "</string>\n"; + } + if (!((String)p_preset->get("privacy/network_volumes_usage_description")).is_empty()) { + descriptions += "\t<key>NSNetworkVolumesUsageDescription</key>\n"; + descriptions += "\t<string>" + (String)p_preset->get("privacy/network_volumes_usage_description") + "</string>\n"; + } + if (!((String)p_preset->get("privacy/removable_volumes_usage_description")).is_empty()) { + descriptions += "\t<key>NSRemovableVolumesUsageDescription</key>\n"; + descriptions += "\t<string>" + (String)p_preset->get("privacy/removable_volumes_usage_description") + "</string>\n"; + } + if (!descriptions.is_empty()) { + strnew += lines[i].replace("$usage_descriptions", descriptions); + } + } else { + strnew += lines[i] + "\n"; + } + } + + CharString cs = strnew.utf8(); + plist.resize(cs.size() - 1); + for (int i = 0; i < cs.size() - 1; i++) { + plist.write[i] = cs[i]; + } +} + +/** + * If we're running the macOS version of the Godot editor we'll: + * - export our application bundle to a temporary folder + * - attempt to code sign it + * - and then wrap it up in a DMG + */ + +Error EditorExportPlatformMacOS::_notarize(const Ref<EditorExportPreset> &p_preset, const String &p_path) { +#ifdef MACOS_ENABLED + List<String> args; + + args.push_back("altool"); + args.push_back("--notarize-app"); + + args.push_back("--primary-bundle-id"); + args.push_back(p_preset->get("application/bundle_identifier")); + + args.push_back("--username"); + args.push_back(p_preset->get("notarization/apple_id_name")); + + args.push_back("--password"); + args.push_back(p_preset->get("notarization/apple_id_password")); + + args.push_back("--type"); + args.push_back("osx"); + + if (p_preset->get("notarization/apple_team_id")) { + args.push_back("--asc-provider"); + args.push_back(p_preset->get("notarization/apple_team_id")); + } + + args.push_back("--file"); + args.push_back(p_path); + + String str; + Error err = OS::get_singleton()->execute("xcrun", args, &str, nullptr, true); + if (err != OK || (str.find("not found") != -1) || (str.find("not recognized") != -1)) { + add_message(EXPORT_MESSAGE_WARNING, TTR("Notarization"), TTR("Could not start xcrun executable.")); + return err; + } + + print_verbose("altool (" + p_path + "):\n" + str); + int rq_offset = str.find("RequestUUID"); + if (rq_offset == -1) { + add_message(EXPORT_MESSAGE_WARNING, TTR("Notarization"), TTR("Notarization failed.")); + return FAILED; + } else { + int next_nl = str.find("\n", rq_offset); + String request_uuid = (next_nl == -1) ? str.substr(rq_offset + 14, -1) : str.substr(rq_offset + 14, next_nl - rq_offset - 14); + add_message(EXPORT_MESSAGE_INFO, TTR("Notarization"), vformat(TTR("Notarization request UUID: \"%s\""), request_uuid)); + add_message(EXPORT_MESSAGE_INFO, TTR("Notarization"), TTR("The notarization process generally takes less than an hour. When the process is completed, you'll receive an email.")); + add_message(EXPORT_MESSAGE_INFO, TTR("Notarization"), "\t" + TTR("You can check progress manually by opening a Terminal and running the following command:")); + add_message(EXPORT_MESSAGE_INFO, TTR("Notarization"), "\t\t\"xcrun altool --notarization-history 0 -u <your email> -p <app-specific pwd>\""); + add_message(EXPORT_MESSAGE_INFO, TTR("Notarization"), "\t" + TTR("Run the following command to staple the notarization ticket to the exported application (optional):")); + add_message(EXPORT_MESSAGE_INFO, TTR("Notarization"), "\t\t\"xcrun stapler staple <app path>\""); + } + +#endif + + return OK; +} + +Error EditorExportPlatformMacOS::_code_sign(const Ref<EditorExportPreset> &p_preset, const String &p_path, const String &p_ent_path, bool p_warn) { + bool force_builtin_codesign = EditorSettings::get_singleton()->get("export/macos/force_builtin_codesign"); + bool ad_hoc = (p_preset->get("codesign/identity") == "" || p_preset->get("codesign/identity") == "-"); + + if ((!FileAccess::exists("/usr/bin/codesign") && !FileAccess::exists("/bin/codesign")) || force_builtin_codesign) { + print_verbose("using built-in codesign..."); +#ifdef MODULE_REGEX_ENABLED + +#ifdef MACOS_ENABLED + if (p_preset->get("codesign/timestamp") && p_warn) { + add_message(EXPORT_MESSAGE_INFO, TTR("Code Signing"), TTR("Timestamping is not compatible with ad-hoc signature, and was disabled!")); + } + if (p_preset->get("codesign/hardened_runtime") && p_warn) { + add_message(EXPORT_MESSAGE_INFO, TTR("Code Signing"), TTR("Hardened Runtime is not compatible with ad-hoc signature, and was disabled!")); + } +#endif + + String error_msg; + Error err = CodeSign::codesign(false, p_preset->get("codesign/replace_existing_signature"), p_path, p_ent_path, error_msg); + if (err != OK) { + add_message(EXPORT_MESSAGE_WARNING, TTR("Code Signing"), vformat(TTR("Built-in CodeSign failed with error \"%s\"."), error_msg)); + return FAILED; + } +#else + add_message(EXPORT_MESSAGE_WARNING, TTR("Code Signing"), TTR("Built-in CodeSign require regex module.")); +#endif + return OK; + } else { + print_verbose("using external codesign..."); + List<String> args; + if (p_preset->get("codesign/timestamp")) { + if (ad_hoc) { + if (p_warn) { + add_message(EXPORT_MESSAGE_INFO, TTR("Code Signing"), TTR("Timestamping is not compatible with ad-hoc signature, and was disabled!")); + } + } else { + args.push_back("--timestamp"); + } + } + if (p_preset->get("codesign/hardened_runtime")) { + if (ad_hoc) { + if (p_warn) { + add_message(EXPORT_MESSAGE_INFO, TTR("Code Signing"), TTR("Hardened Runtime is not compatible with ad-hoc signature, and was disabled!")); + } + } else { + args.push_back("--options"); + args.push_back("runtime"); + } + } + + if (p_path.get_extension() != "dmg") { + args.push_back("--entitlements"); + args.push_back(p_ent_path); + } + + PackedStringArray user_args = p_preset->get("codesign/custom_options"); + for (int i = 0; i < user_args.size(); i++) { + String user_arg = user_args[i].strip_edges(); + if (!user_arg.is_empty()) { + args.push_back(user_arg); + } + } + + args.push_back("-s"); + if (ad_hoc) { + args.push_back("-"); + } else { + args.push_back(p_preset->get("codesign/identity")); + } + + args.push_back("-v"); /* provide some more feedback */ + + if (p_preset->get("codesign/replace_existing_signature")) { + args.push_back("-f"); + } + + args.push_back(p_path); + + String str; + Error err = OS::get_singleton()->execute("codesign", args, &str, nullptr, true); + if (err != OK || (str.find("not found") != -1) || (str.find("not recognized") != -1)) { + add_message(EXPORT_MESSAGE_WARNING, TTR("Code Signing"), TTR("Could not start codesign executable, make sure Xcode command line tools are installed.")); + return err; + } + + print_verbose("codesign (" + p_path + "):\n" + str); + if (str.find("no identity found") != -1) { + add_message(EXPORT_MESSAGE_WARNING, TTR("Code Signing"), TTR("No identity found.")); + return FAILED; + } + if ((str.find("unrecognized blob type") != -1) || (str.find("cannot read entitlement data") != -1)) { + add_message(EXPORT_MESSAGE_WARNING, TTR("Code Signing"), TTR("Invalid entitlements file.")); + return FAILED; + } + return OK; + } +} + +Error EditorExportPlatformMacOS::_code_sign_directory(const Ref<EditorExportPreset> &p_preset, const String &p_path, + const String &p_ent_path, bool p_should_error_on_non_code) { +#ifdef MACOS_ENABLED + static Vector<String> extensions_to_sign; + + if (extensions_to_sign.is_empty()) { + extensions_to_sign.push_back("dylib"); + extensions_to_sign.push_back("framework"); + } + + Error dir_access_error; + Ref<DirAccess> dir_access{ DirAccess::open(p_path, &dir_access_error) }; + + if (dir_access_error != OK) { + return dir_access_error; + } + + dir_access->list_dir_begin(); + String current_file{ dir_access->get_next() }; + while (!current_file.is_empty()) { + String current_file_path{ p_path.plus_file(current_file) }; + + if (current_file == ".." || current_file == ".") { + current_file = dir_access->get_next(); + continue; + } + + if (extensions_to_sign.find(current_file.get_extension()) > -1) { + Error code_sign_error{ _code_sign(p_preset, current_file_path, p_ent_path, false) }; + if (code_sign_error != OK) { + return code_sign_error; + } + } else if (dir_access->current_is_dir()) { + Error code_sign_error{ _code_sign_directory(p_preset, current_file_path, p_ent_path, p_should_error_on_non_code) }; + if (code_sign_error != OK) { + return code_sign_error; + } + } else if (p_should_error_on_non_code) { + add_message(EXPORT_MESSAGE_WARNING, TTR("Code Signing"), vformat(TTR("Cannot sign file %s."), current_file)); + return Error::FAILED; + } + + current_file = dir_access->get_next(); + } +#endif + + return OK; +} + +Error EditorExportPlatformMacOS::_copy_and_sign_files(Ref<DirAccess> &dir_access, const String &p_src_path, + const String &p_in_app_path, bool p_sign_enabled, + const Ref<EditorExportPreset> &p_preset, const String &p_ent_path, + bool p_should_error_on_non_code_sign) { + Error err{ OK }; + if (dir_access->dir_exists(p_src_path)) { +#ifndef UNIX_ENABLED + add_message(EXPORT_MESSAGE_INFO, TTR("Export"), vformat(TTR("Relative symlinks are not supported, exported \"%s\" might be broken!"), p_src_path.get_file())); +#endif + print_verbose("export framework: " + p_src_path + " -> " + p_in_app_path); + err = dir_access->make_dir_recursive(p_in_app_path); + if (err == OK) { + err = dir_access->copy_dir(p_src_path, p_in_app_path, -1, true); + } + } else { + print_verbose("export dylib: " + p_src_path + " -> " + p_in_app_path); + err = dir_access->copy(p_src_path, p_in_app_path); + } + if (err == OK && p_sign_enabled) { + if (dir_access->dir_exists(p_src_path) && p_src_path.get_extension().is_empty()) { + // If it is a directory, find and sign all dynamic libraries. + err = _code_sign_directory(p_preset, p_in_app_path, p_ent_path, p_should_error_on_non_code_sign); + } else { + err = _code_sign(p_preset, p_in_app_path, p_ent_path, false); + } + } + return err; +} + +Error EditorExportPlatformMacOS::_export_macos_plugins_for(Ref<EditorExportPlugin> p_editor_export_plugin, + const String &p_app_path_name, Ref<DirAccess> &dir_access, + bool p_sign_enabled, const Ref<EditorExportPreset> &p_preset, + const String &p_ent_path) { + Error error{ OK }; + const Vector<String> &macos_plugins{ p_editor_export_plugin->get_macos_plugin_files() }; + for (int i = 0; i < macos_plugins.size(); ++i) { + String src_path{ ProjectSettings::get_singleton()->globalize_path(macos_plugins[i]) }; + String path_in_app{ p_app_path_name + "/Contents/PlugIns/" + src_path.get_file() }; + error = _copy_and_sign_files(dir_access, src_path, path_in_app, p_sign_enabled, p_preset, p_ent_path, false); + if (error != OK) { + break; + } + } + return error; +} + +Error EditorExportPlatformMacOS::_create_dmg(const String &p_dmg_path, const String &p_pkg_name, const String &p_app_path_name) { + List<String> args; + + if (FileAccess::exists(p_dmg_path)) { + OS::get_singleton()->move_to_trash(p_dmg_path); + } + + args.push_back("create"); + args.push_back(p_dmg_path); + args.push_back("-volname"); + args.push_back(p_pkg_name); + args.push_back("-fs"); + args.push_back("HFS+"); + args.push_back("-srcfolder"); + args.push_back(p_app_path_name); + + String str; + Error err = OS::get_singleton()->execute("hdiutil", args, &str, nullptr, true); + if (err != OK) { + add_message(EXPORT_MESSAGE_ERROR, TTR("DMG Creation"), TTR("Could not start hdiutil executable.")); + return err; + } + + print_verbose("hdiutil returned: " + str); + if (str.find("create failed") != -1) { + if (str.find("File exists") != -1) { + add_message(EXPORT_MESSAGE_ERROR, TTR("DMG Creation"), TTR("`hdiutil create` failed - file exists.")); + } else { + add_message(EXPORT_MESSAGE_ERROR, TTR("DMG Creation"), TTR("`hdiutil create` failed.")); + } + return FAILED; + } + + return OK; +} + +Error EditorExportPlatformMacOS::_export_debug_script(const Ref<EditorExportPreset> &p_preset, const String &p_app_name, const String &p_pkg_name, const String &p_path) { + Ref<FileAccess> f = FileAccess::open(p_path, FileAccess::WRITE); + if (f.is_null()) { + add_message(EXPORT_MESSAGE_ERROR, TTR("Debug Script Export"), vformat(TTR("Could not open file \"%s\"."), p_path)); + return ERR_CANT_CREATE; + } + + f->store_line("#!/bin/sh"); + f->store_line("echo -ne '\\033c\\033]0;" + p_app_name + "\\a'"); + f->store_line(""); + f->store_line("function app_realpath() {"); + f->store_line(" SOURCE=$1"); + f->store_line(" while [ -h \"$SOURCE\" ]; do"); + f->store_line(" DIR=$(dirname \"$SOURCE\")"); + f->store_line(" SOURCE=$(readlink \"$SOURCE\")"); + f->store_line(" [[ $SOURCE != /* ]] && SOURCE=$DIR/$SOURCE"); + f->store_line(" done"); + f->store_line(" echo \"$( cd -P \"$( dirname \"$SOURCE\" )\" >/dev/null 2>&1 && pwd )\""); + f->store_line("}"); + f->store_line(""); + f->store_line("BASE_PATH=\"$(app_realpath \"${BASH_SOURCE[0]}\")\""); + f->store_line("\"$BASE_PATH/" + p_pkg_name + "\" \"$@\""); + f->store_line(""); + + return OK; +} + +Error EditorExportPlatformMacOS::export_project(const Ref<EditorExportPreset> &p_preset, bool p_debug, const String &p_path, int p_flags) { + ExportNotifier notifier(*this, p_preset, p_debug, p_path, p_flags); + + String src_pkg_name; + + EditorProgress ep("export", "Exporting for macOS", 3, true); + + if (p_debug) { + src_pkg_name = p_preset->get("custom_template/debug"); + } else { + src_pkg_name = p_preset->get("custom_template/release"); + } + + if (src_pkg_name.is_empty()) { + String err; + src_pkg_name = find_export_template("macos.zip", &err); + if (src_pkg_name.is_empty()) { + add_message(EXPORT_MESSAGE_ERROR, TTR("Prepare Templates"), TTR("Export template not found.")); + return ERR_FILE_NOT_FOUND; + } + } + + if (!DirAccess::exists(p_path.get_base_dir())) { + add_message(EXPORT_MESSAGE_ERROR, TTR("Prepare Templates"), TTR("The given export path doesn't exist.")); + return ERR_FILE_BAD_PATH; + } + + Ref<FileAccess> io_fa; + zlib_filefunc_def io = zipio_create_io(&io_fa); + + if (ep.step(TTR("Creating app bundle"), 0)) { + return ERR_SKIP; + } + + unzFile src_pkg_zip = unzOpen2(src_pkg_name.utf8().get_data(), &io); + if (!src_pkg_zip) { + add_message(EXPORT_MESSAGE_ERROR, TTR("Prepare Templates"), vformat(TTR("Could not find template app to export: \"%s\"."), src_pkg_name)); + return ERR_FILE_NOT_FOUND; + } + + int ret = unzGoToFirstFile(src_pkg_zip); + + String binary_to_use = "godot_macos_" + String(p_debug ? "debug" : "release") + ".64"; + + String pkg_name; + if (String(ProjectSettings::get_singleton()->get("application/config/name")) != "") { + pkg_name = String(ProjectSettings::get_singleton()->get("application/config/name")); + } else { + pkg_name = "Unnamed"; + } + + pkg_name = OS::get_singleton()->get_safe_dir_name(pkg_name); + + String export_format; + if (use_dmg() && p_path.ends_with("dmg")) { + export_format = "dmg"; + } else if (p_path.ends_with("zip")) { + export_format = "zip"; + } else if (p_path.ends_with("app")) { + export_format = "app"; + } else { + add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), TTR("Invalid export format.")); + return ERR_CANT_CREATE; + } + + // Create our application bundle. + String tmp_app_dir_name = pkg_name + ".app"; + String tmp_base_path_name; + String tmp_app_path_name; + String scr_path; + if (export_format == "app") { + tmp_base_path_name = p_path.get_base_dir(); + tmp_app_path_name = p_path; + scr_path = p_path.get_basename() + ".command"; + } else { + tmp_base_path_name = EditorPaths::get_singleton()->get_cache_dir().plus_file(pkg_name); + tmp_app_path_name = tmp_base_path_name.plus_file(tmp_app_dir_name); + scr_path = tmp_base_path_name.plus_file(pkg_name + ".command"); + } + + print_verbose("Exporting to " + tmp_app_path_name); + + Error err = OK; + + Ref<DirAccess> tmp_app_dir = DirAccess::create_for_path(tmp_base_path_name); + if (tmp_app_dir.is_null()) { + add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), vformat(TTR("Could not create directory: \"%s\"."), tmp_base_path_name)); + err = ERR_CANT_CREATE; + } + + DirAccess::remove_file_or_error(scr_path); + if (DirAccess::exists(tmp_app_path_name)) { + String old_dir = tmp_app_dir->get_current_dir(); + if (tmp_app_dir->change_dir(tmp_app_path_name) == OK) { + tmp_app_dir->erase_contents_recursive(); + tmp_app_dir->change_dir(old_dir); + } + } + + Array helpers = p_preset->get("codesign/entitlements/app_sandbox/helper_executables"); + + // Create our folder structure. + if (err == OK) { + print_verbose("Creating " + tmp_app_path_name + "/Contents/MacOS"); + err = tmp_app_dir->make_dir_recursive(tmp_app_path_name + "/Contents/MacOS"); + if (err != OK) { + add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), vformat(TTR("Could not create directory \"%s\"."), tmp_app_path_name + "/Contents/MacOS")); + } + } + + if (err == OK) { + print_verbose("Creating " + tmp_app_path_name + "/Contents/Frameworks"); + err = tmp_app_dir->make_dir_recursive(tmp_app_path_name + "/Contents/Frameworks"); + if (err != OK) { + add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), vformat(TTR("Could not create directory \"%s\"."), tmp_app_path_name + "/Contents/Frameworks")); + } + } + + if ((err == OK) && helpers.size() > 0) { + print_line("Creating " + tmp_app_path_name + "/Contents/Helpers"); + err = tmp_app_dir->make_dir_recursive(tmp_app_path_name + "/Contents/Helpers"); + if (err != OK) { + add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), vformat(TTR("Could not create directory \"%s\"."), tmp_app_path_name + "/Contents/Helpers")); + } + } + + if (err == OK) { + print_verbose("Creating " + tmp_app_path_name + "/Contents/Resources"); + err = tmp_app_dir->make_dir_recursive(tmp_app_path_name + "/Contents/Resources"); + if (err != OK) { + add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), vformat(TTR("Could not create directory \"%s\"."), tmp_app_path_name + "/Contents/Resources")); + } + } + + Dictionary appnames = ProjectSettings::get_singleton()->get("application/config/name_localized"); + Dictionary microphone_usage_descriptions = p_preset->get("privacy/microphone_usage_description_localized"); + Dictionary camera_usage_descriptions = p_preset->get("privacy/camera_usage_description_localized"); + Dictionary location_usage_descriptions = p_preset->get("privacy/location_usage_description_localized"); + Dictionary address_book_usage_descriptions = p_preset->get("privacy/address_book_usage_description_localized"); + Dictionary calendar_usage_descriptions = p_preset->get("privacy/calendar_usage_description_localized"); + Dictionary photos_library_usage_descriptions = p_preset->get("privacy/photos_library_usage_description_localized"); + Dictionary desktop_folder_usage_descriptions = p_preset->get("privacy/desktop_folder_usage_description_localized"); + Dictionary documents_folder_usage_descriptions = p_preset->get("privacy/documents_folder_usage_description_localized"); + Dictionary downloads_folder_usage_descriptions = p_preset->get("privacy/downloads_folder_usage_description_localized"); + Dictionary network_volumes_usage_descriptions = p_preset->get("privacy/network_volumes_usage_description_localized"); + Dictionary removable_volumes_usage_descriptions = p_preset->get("privacy/removable_volumes_usage_description_localized"); + Dictionary copyrights = p_preset->get("application/copyright_localized"); + + Vector<String> translations = ProjectSettings::get_singleton()->get("internationalization/locale/translations"); + if (translations.size() > 0) { + { + String fname = tmp_app_path_name + "/Contents/Resources/en.lproj"; + tmp_app_dir->make_dir_recursive(fname); + Ref<FileAccess> f = FileAccess::open(fname + "/InfoPlist.strings", FileAccess::WRITE); + f->store_line("/* Localized versions of Info.plist keys */"); + f->store_line(""); + f->store_line("CFBundleDisplayName = \"" + ProjectSettings::get_singleton()->get("application/config/name").operator String() + "\";"); + if (!((String)p_preset->get("privacy/microphone_usage_description")).is_empty()) { + f->store_line("NSMicrophoneUsageDescription = \"" + p_preset->get("privacy/microphone_usage_description").operator String() + "\";"); + } + if (!((String)p_preset->get("privacy/camera_usage_description")).is_empty()) { + f->store_line("NSCameraUsageDescription = \"" + p_preset->get("privacy/camera_usage_description").operator String() + "\";"); + } + if (!((String)p_preset->get("privacy/location_usage_description")).is_empty()) { + f->store_line("NSLocationUsageDescription = \"" + p_preset->get("privacy/location_usage_description").operator String() + "\";"); + } + if (!((String)p_preset->get("privacy/address_book_usage_description")).is_empty()) { + f->store_line("NSContactsUsageDescription = \"" + p_preset->get("privacy/address_book_usage_description").operator String() + "\";"); + } + if (!((String)p_preset->get("privacy/calendar_usage_description")).is_empty()) { + f->store_line("NSCalendarsUsageDescription = \"" + p_preset->get("privacy/calendar_usage_description").operator String() + "\";"); + } + if (!((String)p_preset->get("privacy/photos_library_usage_description")).is_empty()) { + f->store_line("NSPhotoLibraryUsageDescription = \"" + p_preset->get("privacy/photos_library_usage_description").operator String() + "\";"); + } + if (!((String)p_preset->get("privacy/desktop_folder_usage_description")).is_empty()) { + f->store_line("NSDesktopFolderUsageDescription = \"" + p_preset->get("privacy/desktop_folder_usage_description").operator String() + "\";"); + } + if (!((String)p_preset->get("privacy/documents_folder_usage_description")).is_empty()) { + f->store_line("NSDocumentsFolderUsageDescription = \"" + p_preset->get("privacy/documents_folder_usage_description").operator String() + "\";"); + } + if (!((String)p_preset->get("privacy/downloads_folder_usage_description")).is_empty()) { + f->store_line("NSDownloadsFolderUsageDescription = \"" + p_preset->get("privacy/downloads_folder_usage_description").operator String() + "\";"); + } + if (!((String)p_preset->get("privacy/network_volumes_usage_description")).is_empty()) { + f->store_line("NSNetworkVolumesUsageDescription = \"" + p_preset->get("privacy/network_volumes_usage_description").operator String() + "\";"); + } + if (!((String)p_preset->get("privacy/removable_volumes_usage_description")).is_empty()) { + f->store_line("NSRemovableVolumesUsageDescription = \"" + p_preset->get("privacy/removable_volumes_usage_description").operator String() + "\";"); + } + f->store_line("NSHumanReadableCopyright = \"" + p_preset->get("application/copyright").operator String() + "\";"); + } + + for (const String &E : translations) { + Ref<Translation> tr = ResourceLoader::load(E); + if (tr.is_valid()) { + String lang = tr->get_locale(); + String fname = tmp_app_path_name + "/Contents/Resources/" + lang + ".lproj"; + tmp_app_dir->make_dir_recursive(fname); + Ref<FileAccess> f = FileAccess::open(fname + "/InfoPlist.strings", FileAccess::WRITE); + f->store_line("/* Localized versions of Info.plist keys */"); + f->store_line(""); + if (appnames.has(lang)) { + f->store_line("CFBundleDisplayName = \"" + appnames[lang].operator String() + "\";"); + } + if (microphone_usage_descriptions.has(lang)) { + f->store_line("NSMicrophoneUsageDescription = \"" + microphone_usage_descriptions[lang].operator String() + "\";"); + } + if (camera_usage_descriptions.has(lang)) { + f->store_line("NSCameraUsageDescription = \"" + camera_usage_descriptions[lang].operator String() + "\";"); + } + if (location_usage_descriptions.has(lang)) { + f->store_line("NSLocationUsageDescription = \"" + location_usage_descriptions[lang].operator String() + "\";"); + } + if (address_book_usage_descriptions.has(lang)) { + f->store_line("NSContactsUsageDescription = \"" + address_book_usage_descriptions[lang].operator String() + "\";"); + } + if (calendar_usage_descriptions.has(lang)) { + f->store_line("NSCalendarsUsageDescription = \"" + calendar_usage_descriptions[lang].operator String() + "\";"); + } + if (photos_library_usage_descriptions.has(lang)) { + f->store_line("NSPhotoLibraryUsageDescription = \"" + photos_library_usage_descriptions[lang].operator String() + "\";"); + } + if (desktop_folder_usage_descriptions.has(lang)) { + f->store_line("NSDesktopFolderUsageDescription = \"" + desktop_folder_usage_descriptions[lang].operator String() + "\";"); + } + if (documents_folder_usage_descriptions.has(lang)) { + f->store_line("NSDocumentsFolderUsageDescription = \"" + documents_folder_usage_descriptions[lang].operator String() + "\";"); + } + if (downloads_folder_usage_descriptions.has(lang)) { + f->store_line("NSDownloadsFolderUsageDescription = \"" + downloads_folder_usage_descriptions[lang].operator String() + "\";"); + } + if (network_volumes_usage_descriptions.has(lang)) { + f->store_line("NSNetworkVolumesUsageDescription = \"" + network_volumes_usage_descriptions[lang].operator String() + "\";"); + } + if (removable_volumes_usage_descriptions.has(lang)) { + f->store_line("NSRemovableVolumesUsageDescription = \"" + removable_volumes_usage_descriptions[lang].operator String() + "\";"); + } + if (copyrights.has(lang)) { + f->store_line("NSHumanReadableCopyright = \"" + copyrights[lang].operator String() + "\";"); + } + } + } + } + + // Now process our template. + bool found_binary = false; + Vector<String> dylibs_found; + + while (ret == UNZ_OK && err == OK) { + bool is_execute = false; + + // Get filename. + unz_file_info info; + char fname[16384]; + ret = unzGetCurrentFileInfo(src_pkg_zip, &info, fname, 16384, nullptr, 0, nullptr, 0); + if (ret != UNZ_OK) { + break; + } + + String file = String::utf8(fname); + + Vector<uint8_t> data; + data.resize(info.uncompressed_size); + + // Read. + unzOpenCurrentFile(src_pkg_zip); + unzReadCurrentFile(src_pkg_zip, data.ptrw(), data.size()); + unzCloseCurrentFile(src_pkg_zip); + + // Write. + file = file.replace_first("macos_template.app/", ""); + + if (((info.external_fa >> 16L) & 0120000) == 0120000) { +#ifndef UNIX_ENABLED + add_message(EXPORT_MESSAGE_INFO, TTR("Export"), TTR("Relative symlinks are not supported on this OS, the exported project might be broken!")); +#endif + // Handle symlinks in the archive. + file = tmp_app_path_name.plus_file(file); + if (err == OK) { + err = tmp_app_dir->make_dir_recursive(file.get_base_dir()); + if (err != OK) { + add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), vformat(TTR("Could not create directory \"%s\"."), file.get_base_dir())); + } + } + if (err == OK) { + String lnk_data = String::utf8((const char *)data.ptr(), data.size()); + err = tmp_app_dir->create_link(lnk_data, file); + if (err != OK) { + add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), vformat(TTR("Could not created symlink \"%s\" -> \"%s\"."), lnk_data, file)); + } + print_verbose(vformat("ADDING SYMLINK %s => %s\n", file, lnk_data)); + } + + ret = unzGoToNextFile(src_pkg_zip); + continue; // next + } + + if (file == "Contents/Info.plist") { + _fix_plist(p_preset, data, pkg_name); + } + + if (file.begins_with("Contents/MacOS/godot_")) { + if (file != "Contents/MacOS/" + binary_to_use) { + ret = unzGoToNextFile(src_pkg_zip); + continue; // skip + } + found_binary = true; + is_execute = true; + file = "Contents/MacOS/" + pkg_name; + } + + if (file == "Contents/Resources/icon.icns") { + // See if there is an icon. + String iconpath; + if (p_preset->get("application/icon") != "") { + iconpath = p_preset->get("application/icon"); + } else { + iconpath = ProjectSettings::get_singleton()->get("application/config/icon"); + } + + if (!iconpath.is_empty()) { + if (iconpath.get_extension() == "icns") { + Ref<FileAccess> icon = FileAccess::open(iconpath, FileAccess::READ); + if (icon.is_valid()) { + data.resize(icon->get_length()); + icon->get_buffer(&data.write[0], icon->get_length()); + } + } else { + Ref<Image> icon; + icon.instantiate(); + icon->load(iconpath); + if (!icon->is_empty()) { + _make_icon(icon, data); + } + } + } + } + + if (data.size() > 0) { + if (file.find("/data.mono.macos.64.release_debug/") != -1) { + if (!p_debug) { + ret = unzGoToNextFile(src_pkg_zip); + continue; // skip + } + file = file.replace("/data.mono.macos.64.release_debug/", "/GodotSharp/"); + } + if (file.find("/data.mono.macos.64.release/") != -1) { + if (p_debug) { + ret = unzGoToNextFile(src_pkg_zip); + continue; // skip + } + file = file.replace("/data.mono.macos.64.release/", "/GodotSharp/"); + } + + if (file.ends_with(".dylib")) { + dylibs_found.push_back(file); + } + + print_verbose("ADDING: " + file + " size: " + itos(data.size())); + + // Write it into our application bundle. + file = tmp_app_path_name.plus_file(file); + if (err == OK) { + err = tmp_app_dir->make_dir_recursive(file.get_base_dir()); + if (err != OK) { + add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), vformat(TTR("Could not create directory \"%s\"."), file.get_base_dir())); + } + } + if (err == OK) { + Ref<FileAccess> f = FileAccess::open(file, FileAccess::WRITE); + if (f.is_valid()) { + f->store_buffer(data.ptr(), data.size()); + f.unref(); + if (is_execute) { + // chmod with 0755 if the file is executable. + FileAccess::set_unix_permissions(file, 0755); + } + } else { + add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), vformat(TTR("Could not open \"%s\"."), file)); + err = ERR_CANT_CREATE; + } + } + } + + ret = unzGoToNextFile(src_pkg_zip); + } + + // We're done with our source zip. + unzClose(src_pkg_zip); + + if (!found_binary) { + add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), vformat(TTR("Requested template binary \"%s\" not found. It might be missing from your template archive."), binary_to_use)); + err = ERR_FILE_NOT_FOUND; + } + + // Save console script. + if (err == OK) { + int con_scr = p_preset->get("debug/export_console_script"); + if ((con_scr == 1 && p_debug) || (con_scr == 2)) { + err = _export_debug_script(p_preset, pkg_name, tmp_app_path_name.get_file() + "/Contents/MacOS/" + pkg_name, scr_path); + FileAccess::set_unix_permissions(scr_path, 0755); + if (err != OK) { + add_message(EXPORT_MESSAGE_ERROR, TTR("Export"), TTR("Could not create console script.")); + } + } + } + + if (err == OK) { + if (ep.step(TTR("Making PKG"), 1)) { + return ERR_SKIP; + } + + String pack_path = tmp_app_path_name + "/Contents/Resources/" + pkg_name + ".pck"; + Vector<SharedObject> shared_objects; + err = save_pack(p_preset, p_debug, pack_path, &shared_objects); + + // See if we can code sign our new package. + bool sign_enabled = p_preset->get("codesign/enable"); + + String ent_path = p_preset->get("codesign/entitlements/custom_file"); + String hlp_ent_path = EditorPaths::get_singleton()->get_cache_dir().plus_file(pkg_name + "_helper.entitlements"); + if (sign_enabled && (ent_path.is_empty())) { + ent_path = EditorPaths::get_singleton()->get_cache_dir().plus_file(pkg_name + ".entitlements"); + + Ref<FileAccess> ent_f = FileAccess::open(ent_path, FileAccess::WRITE); + if (ent_f.is_valid()) { + ent_f->store_line("<?xml version=\"1.0\" encoding=\"UTF-8\"?>"); + ent_f->store_line("<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">"); + ent_f->store_line("<plist version=\"1.0\">"); + ent_f->store_line("<dict>"); + if (Engine::get_singleton()->has_singleton("GodotSharp")) { + // These entitlements are required to run managed code, and are always enabled in Mono builds. + ent_f->store_line("<key>com.apple.security.cs.allow-jit</key>"); + ent_f->store_line("<true/>"); + ent_f->store_line("<key>com.apple.security.cs.allow-unsigned-executable-memory</key>"); + ent_f->store_line("<true/>"); + ent_f->store_line("<key>com.apple.security.cs.allow-dyld-environment-variables</key>"); + ent_f->store_line("<true/>"); + } else { + if ((bool)p_preset->get("codesign/entitlements/allow_jit_code_execution")) { + ent_f->store_line("<key>com.apple.security.cs.allow-jit</key>"); + ent_f->store_line("<true/>"); + } + if ((bool)p_preset->get("codesign/entitlements/allow_unsigned_executable_memory")) { + ent_f->store_line("<key>com.apple.security.cs.allow-unsigned-executable-memory</key>"); + ent_f->store_line("<true/>"); + } + if ((bool)p_preset->get("codesign/entitlements/allow_dyld_environment_variables")) { + ent_f->store_line("<key>com.apple.security.cs.allow-dyld-environment-variables</key>"); + ent_f->store_line("<true/>"); + } + } + + if ((bool)p_preset->get("codesign/entitlements/disable_library_validation")) { + ent_f->store_line("<key>com.apple.security.cs.disable-library-validation</key>"); + ent_f->store_line("<true/>"); + } + if ((bool)p_preset->get("codesign/entitlements/audio_input")) { + ent_f->store_line("<key>com.apple.security.device.audio-input</key>"); + ent_f->store_line("<true/>"); + } + if ((bool)p_preset->get("codesign/entitlements/camera")) { + ent_f->store_line("<key>com.apple.security.device.camera</key>"); + ent_f->store_line("<true/>"); + } + if ((bool)p_preset->get("codesign/entitlements/location")) { + ent_f->store_line("<key>com.apple.security.personal-information.location</key>"); + ent_f->store_line("<true/>"); + } + if ((bool)p_preset->get("codesign/entitlements/address_book")) { + ent_f->store_line("<key>com.apple.security.personal-information.addressbook</key>"); + ent_f->store_line("<true/>"); + } + if ((bool)p_preset->get("codesign/entitlements/calendars")) { + ent_f->store_line("<key>com.apple.security.personal-information.calendars</key>"); + ent_f->store_line("<true/>"); + } + if ((bool)p_preset->get("codesign/entitlements/photos_library")) { + ent_f->store_line("<key>com.apple.security.personal-information.photos-library</key>"); + ent_f->store_line("<true/>"); + } + if ((bool)p_preset->get("codesign/entitlements/apple_events")) { + ent_f->store_line("<key>com.apple.security.automation.apple-events</key>"); + ent_f->store_line("<true/>"); + } + if ((bool)p_preset->get("codesign/entitlements/debugging")) { + ent_f->store_line("<key>com.apple.security.get-task-allow</key>"); + ent_f->store_line("<true/>"); + } + + if ((bool)p_preset->get("codesign/entitlements/app_sandbox/enabled")) { + ent_f->store_line("<key>com.apple.security.app-sandbox</key>"); + ent_f->store_line("<true/>"); + + if ((bool)p_preset->get("codesign/entitlements/app_sandbox/network_server")) { + ent_f->store_line("<key>com.apple.security.network.server</key>"); + ent_f->store_line("<true/>"); + } + if ((bool)p_preset->get("codesign/entitlements/app_sandbox/network_client")) { + ent_f->store_line("<key>com.apple.security.network.client</key>"); + ent_f->store_line("<true/>"); + } + if ((bool)p_preset->get("codesign/entitlements/app_sandbox/device_usb")) { + ent_f->store_line("<key>com.apple.security.device.usb</key>"); + ent_f->store_line("<true/>"); + } + if ((bool)p_preset->get("codesign/entitlements/app_sandbox/device_bluetooth")) { + ent_f->store_line("<key>com.apple.security.device.bluetooth</key>"); + ent_f->store_line("<true/>"); + } + if ((int)p_preset->get("codesign/entitlements/app_sandbox/files_downloads") == 1) { + ent_f->store_line("<key>com.apple.security.files.downloads.read-only</key>"); + ent_f->store_line("<true/>"); + } + if ((int)p_preset->get("codesign/entitlements/app_sandbox/files_downloads") == 2) { + ent_f->store_line("<key>com.apple.security.files.downloads.read-write</key>"); + ent_f->store_line("<true/>"); + } + if ((int)p_preset->get("codesign/entitlements/app_sandbox/files_pictures") == 1) { + ent_f->store_line("<key>com.apple.security.files.pictures.read-only</key>"); + ent_f->store_line("<true/>"); + } + if ((int)p_preset->get("codesign/entitlements/app_sandbox/files_pictures") == 2) { + ent_f->store_line("<key>com.apple.security.files.pictures.read-write</key>"); + ent_f->store_line("<true/>"); + } + if ((int)p_preset->get("codesign/entitlements/app_sandbox/files_music") == 1) { + ent_f->store_line("<key>com.apple.security.files.music.read-only</key>"); + ent_f->store_line("<true/>"); + } + if ((int)p_preset->get("codesign/entitlements/app_sandbox/files_music") == 2) { + ent_f->store_line("<key>com.apple.security.files.music.read-write</key>"); + ent_f->store_line("<true/>"); + } + if ((int)p_preset->get("codesign/entitlements/app_sandbox/files_movies") == 1) { + ent_f->store_line("<key>com.apple.security.files.movies.read-only</key>"); + ent_f->store_line("<true/>"); + } + if ((int)p_preset->get("codesign/entitlements/app_sandbox/files_movies") == 2) { + ent_f->store_line("<key>com.apple.security.files.movies.read-write</key>"); + ent_f->store_line("<true/>"); + } + } + + ent_f->store_line("</dict>"); + ent_f->store_line("</plist>"); + } else { + add_message(EXPORT_MESSAGE_ERROR, TTR("Code Signing"), TTR("Could not create entitlements file.")); + err = ERR_CANT_CREATE; + } + + if ((err == OK) && helpers.size() > 0) { + ent_f = FileAccess::open(hlp_ent_path, FileAccess::WRITE); + if (ent_f.is_valid()) { + ent_f->store_line("<?xml version=\"1.0\" encoding=\"UTF-8\"?>"); + ent_f->store_line("<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">"); + ent_f->store_line("<plist version=\"1.0\">"); + ent_f->store_line("<dict>"); + ent_f->store_line("<key>com.apple.security.app-sandbox</key>"); + ent_f->store_line("<true/>"); + ent_f->store_line("<key>com.apple.security.inherit</key>"); + ent_f->store_line("<true/>"); + ent_f->store_line("</dict>"); + ent_f->store_line("</plist>"); + } else { + add_message(EXPORT_MESSAGE_ERROR, TTR("Code Signing"), TTR("Could not create helper entitlements file.")); + err = ERR_CANT_CREATE; + } + } + } + + if ((err == OK) && helpers.size() > 0) { + Ref<DirAccess> da = DirAccess::create(DirAccess::ACCESS_FILESYSTEM); + for (int i = 0; i < helpers.size(); i++) { + String hlp_path = helpers[i]; + err = da->copy(hlp_path, tmp_app_path_name + "/Contents/Helpers/" + hlp_path.get_file()); + if (err == OK && sign_enabled) { + err = _code_sign(p_preset, tmp_app_path_name + "/Contents/Helpers/" + hlp_path.get_file(), hlp_ent_path, false); + } + FileAccess::set_unix_permissions(tmp_app_path_name + "/Contents/Helpers/" + hlp_path.get_file(), 0755); + } + } + + bool ad_hoc = true; + if (err == OK) { +#ifdef MACOS_ENABLED + String sign_identity = p_preset->get("codesign/identity"); +#else + String sign_identity = "-"; +#endif + ad_hoc = (sign_identity == "" || sign_identity == "-"); + bool lib_validation = p_preset->get("codesign/entitlements/disable_library_validation"); + if ((!dylibs_found.is_empty() || !shared_objects.is_empty()) && sign_enabled && ad_hoc && !lib_validation) { + add_message(EXPORT_MESSAGE_ERROR, TTR("Code Signing"), TTR("Ad-hoc signed applications require the 'Disable Library Validation' entitlement to load dynamic libraries.")); + err = ERR_CANT_CREATE; + } + } + + if (err == OK) { + Ref<DirAccess> da = DirAccess::create(DirAccess::ACCESS_FILESYSTEM); + for (int i = 0; i < shared_objects.size(); i++) { + String src_path = ProjectSettings::get_singleton()->globalize_path(shared_objects[i].path); + if (shared_objects[i].target.is_empty()) { + String path_in_app = tmp_app_path_name + "/Contents/Frameworks/" + src_path.get_file(); + err = _copy_and_sign_files(da, src_path, path_in_app, sign_enabled, p_preset, ent_path, true); + } else { + String path_in_app = tmp_app_path_name.plus_file(shared_objects[i].target).plus_file(src_path.get_file()); + err = _copy_and_sign_files(da, src_path, path_in_app, sign_enabled, p_preset, ent_path, false); + } + if (err != OK) { + break; + } + } + + Vector<Ref<EditorExportPlugin>> export_plugins{ EditorExport::get_singleton()->get_export_plugins() }; + for (int i = 0; i < export_plugins.size(); ++i) { + err = _export_macos_plugins_for(export_plugins[i], tmp_app_path_name, da, sign_enabled, p_preset, ent_path); + if (err != OK) { + break; + } + } + } + + if (sign_enabled) { + for (int i = 0; i < dylibs_found.size(); i++) { + if (err == OK) { + err = _code_sign(p_preset, tmp_app_path_name + "/" + dylibs_found[i], ent_path, false); + } + } + } + + if (err == OK && sign_enabled) { + if (ep.step(TTR("Code signing bundle"), 2)) { + return ERR_SKIP; + } + err = _code_sign(p_preset, tmp_app_path_name, ent_path); + } + + if (export_format == "dmg") { + // Create a DMG. + if (err == OK) { + if (ep.step(TTR("Making DMG"), 3)) { + return ERR_SKIP; + } + err = _create_dmg(p_path, pkg_name, tmp_base_path_name); + } + // Sign DMG. + if (err == OK && sign_enabled && !ad_hoc) { + if (ep.step(TTR("Code signing DMG"), 3)) { + return ERR_SKIP; + } + err = _code_sign(p_preset, p_path, ent_path, false); + } + } else if (export_format == "zip") { + // Create ZIP. + if (err == OK) { + if (ep.step(TTR("Making ZIP"), 3)) { + return ERR_SKIP; + } + if (FileAccess::exists(p_path)) { + OS::get_singleton()->move_to_trash(p_path); + } + + Ref<FileAccess> io_fa_dst; + zlib_filefunc_def io_dst = zipio_create_io(&io_fa_dst); + zipFile zip = zipOpen2(p_path.utf8().get_data(), APPEND_STATUS_CREATE, nullptr, &io_dst); + + _zip_folder_recursive(zip, tmp_base_path_name, "", pkg_name); + + zipClose(zip, nullptr); + } + } + +#ifdef MACOS_ENABLED + bool noto_enabled = p_preset->get("notarization/enable"); + if (err == OK && noto_enabled) { + if (export_format == "app") { + add_message(EXPORT_MESSAGE_INFO, TTR("Notarization"), TTR("Notarization requires the app to be archived first, select the DMG or ZIP export format instead.")); + } else { + if (ep.step(TTR("Sending archive for notarization"), 4)) { + return ERR_SKIP; + } + err = _notarize(p_preset, p_path); + } + } +#endif + + // Clean up temporary entitlements files. + DirAccess::remove_file_or_error(hlp_ent_path); + + // Clean up temporary .app dir and generated entitlements. + if ((String)(p_preset->get("codesign/entitlements/custom_file")) == "") { + tmp_app_dir->remove(ent_path); + } + if (export_format != "app") { + if (tmp_app_dir->change_dir(tmp_base_path_name) == OK) { + tmp_app_dir->erase_contents_recursive(); + tmp_app_dir->change_dir(".."); + tmp_app_dir->remove(pkg_name); + } + } + } + + return err; +} + +void EditorExportPlatformMacOS::_zip_folder_recursive(zipFile &p_zip, const String &p_root_path, const String &p_folder, const String &p_pkg_name) { + String dir = p_folder.is_empty() ? p_root_path : p_root_path.plus_file(p_folder); + + Ref<DirAccess> da = DirAccess::open(dir); + da->list_dir_begin(); + String f = da->get_next(); + while (!f.is_empty()) { + if (f == "." || f == "..") { + f = da->get_next(); + continue; + } + if (da->is_link(f)) { + OS::Time time = OS::get_singleton()->get_time(); + OS::Date date = OS::get_singleton()->get_date(); + + zip_fileinfo zipfi; + zipfi.tmz_date.tm_hour = time.hour; + zipfi.tmz_date.tm_mday = date.day; + zipfi.tmz_date.tm_min = time.minute; + zipfi.tmz_date.tm_mon = date.month - 1; // Note: "tm" month range - 0..11, Godot month range - 1..12, https://www.cplusplus.com/reference/ctime/tm/ + zipfi.tmz_date.tm_sec = time.second; + zipfi.tmz_date.tm_year = date.year; + zipfi.dosDate = 0; + // 0120000: symbolic link type + // 0000755: permissions rwxr-xr-x + // 0000644: permissions rw-r--r-- + uint32_t _mode = 0120644; + zipfi.external_fa = (_mode << 16L) | !(_mode & 0200); + zipfi.internal_fa = 0; + + zipOpenNewFileInZip4(p_zip, + p_folder.plus_file(f).utf8().get_data(), + &zipfi, + nullptr, + 0, + nullptr, + 0, + nullptr, + Z_DEFLATED, + Z_DEFAULT_COMPRESSION, + 0, + -MAX_WBITS, + DEF_MEM_LEVEL, + Z_DEFAULT_STRATEGY, + nullptr, + 0, + 0x0314, // "version made by", 0x03 - Unix, 0x14 - ZIP specification version 2.0, required to store Unix file permissions + 0); + + String target = da->read_link(f); + zipWriteInFileInZip(p_zip, target.utf8().get_data(), target.utf8().size()); + zipCloseFileInZip(p_zip); + } else if (da->current_is_dir()) { + _zip_folder_recursive(p_zip, p_root_path, p_folder.plus_file(f), p_pkg_name); + } else { + bool is_executable = (p_folder.ends_with("MacOS") && (f == p_pkg_name)) || p_folder.ends_with("Helpers") || f.ends_with(".command"); + + OS::Time time = OS::get_singleton()->get_time(); + OS::Date date = OS::get_singleton()->get_date(); + + zip_fileinfo zipfi; + zipfi.tmz_date.tm_hour = time.hour; + zipfi.tmz_date.tm_mday = date.day; + zipfi.tmz_date.tm_min = time.minute; + zipfi.tmz_date.tm_mon = date.month - 1; // Note: "tm" month range - 0..11, Godot month range - 1..12, https://www.cplusplus.com/reference/ctime/tm/ + zipfi.tmz_date.tm_sec = time.second; + zipfi.tmz_date.tm_year = date.year; + zipfi.dosDate = 0; + // 0100000: regular file type + // 0000755: permissions rwxr-xr-x + // 0000644: permissions rw-r--r-- + uint32_t _mode = (is_executable ? 0100755 : 0100644); + zipfi.external_fa = (_mode << 16L) | !(_mode & 0200); + zipfi.internal_fa = 0; + + zipOpenNewFileInZip4(p_zip, + p_folder.plus_file(f).utf8().get_data(), + &zipfi, + nullptr, + 0, + nullptr, + 0, + nullptr, + Z_DEFLATED, + Z_DEFAULT_COMPRESSION, + 0, + -MAX_WBITS, + DEF_MEM_LEVEL, + Z_DEFAULT_STRATEGY, + nullptr, + 0, + 0x0314, // "version made by", 0x03 - Unix, 0x14 - ZIP specification version 2.0, required to store Unix file permissions + 0); + + Ref<FileAccess> fa = FileAccess::open(dir.plus_file(f), FileAccess::READ); + if (fa.is_null()) { + add_message(EXPORT_MESSAGE_ERROR, TTR("ZIP Creation"), vformat(TTR("Could not open file to read from path \"%s\"."), dir.plus_file(f))); + return; + } + const int bufsize = 16384; + uint8_t buf[bufsize]; + + while (true) { + uint64_t got = fa->get_buffer(buf, bufsize); + if (got == 0) { + break; + } + zipWriteInFileInZip(p_zip, buf, got); + } + + zipCloseFileInZip(p_zip); + } + f = da->get_next(); + } + da->list_dir_end(); +} + +bool EditorExportPlatformMacOS::can_export(const Ref<EditorExportPreset> &p_preset, String &r_error, bool &r_missing_templates) const { + String err; + bool valid = false; + + // Look for export templates (custom templates). + bool dvalid = false; + bool rvalid = false; + + if (p_preset->get("custom_template/debug") != "") { + dvalid = FileAccess::exists(p_preset->get("custom_template/debug")); + if (!dvalid) { + err += TTR("Custom debug template not found.") + "\n"; + } + } + if (p_preset->get("custom_template/release") != "") { + rvalid = FileAccess::exists(p_preset->get("custom_template/release")); + if (!rvalid) { + err += TTR("Custom release template not found.") + "\n"; + } + } + + // Look for export templates (official templates, check only is custom templates are not set). + if (!dvalid || !rvalid) { + dvalid = exists_export_template("macos.zip", &err); + rvalid = dvalid; // Both in the same ZIP. + } + + valid = dvalid || rvalid; + r_missing_templates = !valid; + + String identifier = p_preset->get("application/bundle_identifier"); + String pn_err; + if (!is_package_name_valid(identifier, &pn_err)) { + err += TTR("Invalid bundle identifier:") + " " + pn_err + "\n"; + valid = false; + } + + bool sign_enabled = p_preset->get("codesign/enable"); + +#ifdef MACOS_ENABLED + bool noto_enabled = p_preset->get("notarization/enable"); + bool ad_hoc = ((p_preset->get("codesign/identity") == "") || (p_preset->get("codesign/identity") == "-")); + + if (!ad_hoc && (bool)EditorSettings::get_singleton()->get("export/macos/force_builtin_codesign")) { + err += TTR("Warning: Built-in \"codesign\" is selected in the Editor Settings. Code signing is limited to ad-hoc signature only.") + "\n"; + } + if (!ad_hoc && !FileAccess::exists("/usr/bin/codesign") && !FileAccess::exists("/bin/codesign")) { + err += TTR("Warning: Xcode command line tools are not installed, using built-in \"codesign\". Code signing is limited to ad-hoc signature only.") + "\n"; + } + + if (noto_enabled) { + if (ad_hoc) { + err += TTR("Notarization: Notarization with an ad-hoc signature is not supported.") + "\n"; + valid = false; + } + if (!sign_enabled) { + err += TTR("Notarization: Code signing is required for notarization.") + "\n"; + valid = false; + } + if (!(bool)p_preset->get("codesign/hardened_runtime")) { + err += TTR("Notarization: Hardened runtime is required for notarization.") + "\n"; + valid = false; + } + if (!(bool)p_preset->get("codesign/timestamp")) { + err += TTR("Notarization: Timestamping is required for notarization.") + "\n"; + valid = false; + } + if (p_preset->get("notarization/apple_id_name") == "") { + err += TTR("Notarization: Apple ID name not specified.") + "\n"; + valid = false; + } + if (p_preset->get("notarization/apple_id_password") == "") { + err += TTR("Notarization: Apple ID password not specified.") + "\n"; + valid = false; + } + } else { + err += TTR("Warning: Notarization is disabled. The exported project will be blocked by Gatekeeper if it's downloaded from an unknown source.") + "\n"; + if (!sign_enabled) { + err += TTR("Code signing is disabled. The exported project will not run on Macs with enabled Gatekeeper and Apple Silicon powered Macs.") + "\n"; + } else { + if ((bool)p_preset->get("codesign/hardened_runtime") && ad_hoc) { + err += TTR("Hardened Runtime is not compatible with ad-hoc signature, and will be disabled!") + "\n"; + } + if ((bool)p_preset->get("codesign/timestamp") && ad_hoc) { + err += TTR("Timestamping is not compatible with ad-hoc signature, and will be disabled!") + "\n"; + } + } + } +#else + err += TTR("Warning: Notarization is not supported from this OS. The exported project will be blocked by Gatekeeper if it's downloaded from an unknown source.") + "\n"; + if (!sign_enabled) { + err += TTR("Code signing is disabled. The exported project will not run on Macs with enabled Gatekeeper and Apple Silicon powered Macs.") + "\n"; + } +#endif + + if (sign_enabled) { + if ((bool)p_preset->get("codesign/entitlements/audio_input") && ((String)p_preset->get("privacy/microphone_usage_description")).is_empty()) { + err += TTR("Privacy: Microphone access is enabled, but usage description is not specified.") + "\n"; + valid = false; + } + if ((bool)p_preset->get("codesign/entitlements/camera") && ((String)p_preset->get("privacy/camera_usage_description")).is_empty()) { + err += TTR("Privacy: Camera access is enabled, but usage description is not specified.") + "\n"; + valid = false; + } + if ((bool)p_preset->get("codesign/entitlements/location") && ((String)p_preset->get("privacy/location_usage_description")).is_empty()) { + err += TTR("Privacy: Location information access is enabled, but usage description is not specified.") + "\n"; + valid = false; + } + if ((bool)p_preset->get("codesign/entitlements/address_book") && ((String)p_preset->get("privacy/address_book_usage_description")).is_empty()) { + err += TTR("Privacy: Address book access is enabled, but usage description is not specified.") + "\n"; + valid = false; + } + if ((bool)p_preset->get("codesign/entitlements/calendars") && ((String)p_preset->get("privacy/calendar_usage_description")).is_empty()) { + err += TTR("Privacy: Calendar access is enabled, but usage description is not specified.") + "\n"; + valid = false; + } + if ((bool)p_preset->get("codesign/entitlements/photos_library") && ((String)p_preset->get("privacy/photos_library_usage_description")).is_empty()) { + err += TTR("Privacy: Photo library access is enabled, but usage description is not specified.") + "\n"; + valid = false; + } + } + + if (!err.is_empty()) { + r_error = err; + } + return valid; +} + +EditorExportPlatformMacOS::EditorExportPlatformMacOS() { + logo = ImageTexture::create_from_image(memnew(Image(_macos_logo))); +} + +EditorExportPlatformMacOS::~EditorExportPlatformMacOS() { +} diff --git a/platform/macos/export/export_plugin.h b/platform/macos/export/export_plugin.h new file mode 100644 index 0000000000..410ec22545 --- /dev/null +++ b/platform/macos/export/export_plugin.h @@ -0,0 +1,137 @@ +/*************************************************************************/ +/* export_plugin.h */ +/*************************************************************************/ +/* This file is part of: */ +/* GODOT ENGINE */ +/* https://godotengine.org */ +/*************************************************************************/ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ +/* */ +/* Permission is hereby granted, free of charge, to any person obtaining */ +/* a copy of this software and associated documentation files (the */ +/* "Software"), to deal in the Software without restriction, including */ +/* without limitation the rights to use, copy, modify, merge, publish, */ +/* distribute, sublicense, and/or sell copies of the Software, and to */ +/* permit persons to whom the Software is furnished to do so, subject to */ +/* the following conditions: */ +/* */ +/* The above copyright notice and this permission notice shall be */ +/* included in all copies or substantial portions of the Software. */ +/* */ +/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ +/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ +/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ +/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ +/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ +/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ +/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ +/*************************************************************************/ + +#ifndef MACOS_EXPORT_PLUGIN_H +#define MACOS_EXPORT_PLUGIN_H + +#include "core/config/project_settings.h" +#include "core/io/dir_access.h" +#include "core/io/file_access.h" +#include "core/io/marshalls.h" +#include "core/io/resource_saver.h" +#include "core/io/zip_io.h" +#include "core/os/os.h" +#include "core/version.h" +#include "editor/editor_export.h" +#include "editor/editor_settings.h" +#include "platform/macos/logo.gen.h" + +#include <sys/stat.h> + +class EditorExportPlatformMacOS : public EditorExportPlatform { + GDCLASS(EditorExportPlatformMacOS, EditorExportPlatform); + + int version_code = 0; + + Ref<ImageTexture> logo; + + void _fix_plist(const Ref<EditorExportPreset> &p_preset, Vector<uint8_t> &plist, const String &p_binary); + void _make_icon(const Ref<Image> &p_icon, Vector<uint8_t> &p_data); + + Error _notarize(const Ref<EditorExportPreset> &p_preset, const String &p_path); + Error _code_sign(const Ref<EditorExportPreset> &p_preset, const String &p_path, const String &p_ent_path, bool p_warn = true); + Error _code_sign_directory(const Ref<EditorExportPreset> &p_preset, const String &p_path, const String &p_ent_path, bool p_should_error_on_non_code = true); + Error _copy_and_sign_files(Ref<DirAccess> &dir_access, const String &p_src_path, const String &p_in_app_path, + bool p_sign_enabled, const Ref<EditorExportPreset> &p_preset, const String &p_ent_path, + bool p_should_error_on_non_code_sign); + Error _export_macos_plugins_for(Ref<EditorExportPlugin> p_editor_export_plugin, const String &p_app_path_name, + Ref<DirAccess> &dir_access, bool p_sign_enabled, const Ref<EditorExportPreset> &p_preset, + const String &p_ent_path); + Error _create_dmg(const String &p_dmg_path, const String &p_pkg_name, const String &p_app_path_name); + void _zip_folder_recursive(zipFile &p_zip, const String &p_root_path, const String &p_folder, const String &p_pkg_name); + Error _export_debug_script(const Ref<EditorExportPreset> &p_preset, const String &p_app_name, const String &p_pkg_name, const String &p_path); + + bool use_codesign() const { return true; } +#ifdef MACOS_ENABLED + bool use_dmg() const { return true; } +#else + bool use_dmg() const { return false; } +#endif + + bool is_package_name_valid(const String &p_package, String *r_error = nullptr) const { + String pname = p_package; + + if (pname.length() == 0) { + if (r_error) { + *r_error = TTR("Identifier is missing."); + } + return false; + } + + for (int i = 0; i < pname.length(); i++) { + char32_t c = pname[i]; + if (!(is_ascii_alphanumeric_char(c) || c == '-' || c == '.')) { + if (r_error) { + *r_error = vformat(TTR("The character '%s' is not allowed in Identifier."), String::chr(c)); + } + return false; + } + } + + return true; + } + +protected: + virtual void get_preset_features(const Ref<EditorExportPreset> &p_preset, List<String> *r_features) override; + virtual void get_export_options(List<ExportOption> *r_options) override; + virtual bool get_export_option_visibility(const String &p_option, const HashMap<StringName, Variant> &p_options) const override; + +public: + virtual String get_name() const override { return "macOS"; } + virtual String get_os_name() const override { return "macOS"; } + virtual Ref<Texture2D> get_logo() const override { return logo; } + + virtual List<String> get_binary_extensions(const Ref<EditorExportPreset> &p_preset) const override { + List<String> list; + if (use_dmg()) { + list.push_back("dmg"); + } + list.push_back("zip"); + list.push_back("app"); + return list; + } + virtual Error export_project(const Ref<EditorExportPreset> &p_preset, bool p_debug, const String &p_path, int p_flags = 0) override; + + virtual bool can_export(const Ref<EditorExportPreset> &p_preset, String &r_error, bool &r_missing_templates) const override; + + virtual void get_platform_features(List<String> *r_features) override { + r_features->push_back("pc"); + r_features->push_back("s3tc"); + r_features->push_back("macos"); + } + + virtual void resolve_platform_feature_priorities(const Ref<EditorExportPreset> &p_preset, HashSet<String> &p_features) override { + } + + EditorExportPlatformMacOS(); + ~EditorExportPlatformMacOS(); +}; + +#endif diff --git a/platform/macos/export/lipo.cpp b/platform/macos/export/lipo.cpp new file mode 100644 index 0000000000..82baf18c52 --- /dev/null +++ b/platform/macos/export/lipo.cpp @@ -0,0 +1,236 @@ +/*************************************************************************/ +/* lipo.cpp */ +/*************************************************************************/ +/* This file is part of: */ +/* GODOT ENGINE */ +/* https://godotengine.org */ +/*************************************************************************/ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ +/* */ +/* Permission is hereby granted, free of charge, to any person obtaining */ +/* a copy of this software and associated documentation files (the */ +/* "Software"), to deal in the Software without restriction, including */ +/* without limitation the rights to use, copy, modify, merge, publish, */ +/* distribute, sublicense, and/or sell copies of the Software, and to */ +/* permit persons to whom the Software is furnished to do so, subject to */ +/* the following conditions: */ +/* */ +/* The above copyright notice and this permission notice shall be */ +/* included in all copies or substantial portions of the Software. */ +/* */ +/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ +/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ +/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ +/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ +/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ +/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ +/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ +/*************************************************************************/ + +#include "modules/modules_enabled.gen.h" // For regex. + +#include "lipo.h" + +#ifdef MODULE_REGEX_ENABLED + +bool LipO::is_lipo(const String &p_path) { + Ref<FileAccess> fb = FileAccess::open(p_path, FileAccess::READ); + ERR_FAIL_COND_V_MSG(fb.is_null(), false, vformat("LipO: Can't open file: \"%s\".", p_path)); + uint32_t magic = fb->get_32(); + return (magic == 0xbebafeca || magic == 0xcafebabe || magic == 0xbfbafeca || magic == 0xcafebabf); +} + +bool LipO::create_file(const String &p_output_path, const PackedStringArray &p_files) { + close(); + + fa = FileAccess::open(p_output_path, FileAccess::WRITE); + ERR_FAIL_COND_V_MSG(fa.is_null(), false, vformat("LipO: Can't open file: \"%s\".", p_output_path)); + + uint64_t max_size = 0; + for (int i = 0; i < p_files.size(); i++) { + MachO mh; + if (!mh.open_file(p_files[i])) { + ERR_FAIL_V_MSG(false, vformat("LipO: Invalid MachO file: \"%s.\"", p_files[i])); + } + + FatArch arch; + arch.cputype = mh.get_cputype(); + arch.cpusubtype = mh.get_cpusubtype(); + arch.offset = 0; + arch.size = mh.get_size(); + arch.align = mh.get_align(); + max_size += arch.size; + + archs.push_back(arch); + + Ref<FileAccess> fb = FileAccess::open(p_files[i], FileAccess::READ); + if (fb.is_null()) { + close(); + ERR_FAIL_V_MSG(false, vformat("LipO: Can't open file: \"%s.\"", p_files[i])); + } + } + + // Write header. + bool is_64 = (max_size >= std::numeric_limits<uint32_t>::max()); + if (is_64) { + fa->store_32(0xbfbafeca); + } else { + fa->store_32(0xbebafeca); + } + fa->store_32(BSWAP32(archs.size())); + uint64_t offset = archs.size() * (is_64 ? 32 : 20) + 8; + for (int i = 0; i < archs.size(); i++) { + archs.write[i].offset = offset + PAD(offset, uint64_t(1) << archs[i].align); + if (is_64) { + fa->store_32(BSWAP32(archs[i].cputype)); + fa->store_32(BSWAP32(archs[i].cpusubtype)); + fa->store_64(BSWAP64(archs[i].offset)); + fa->store_64(BSWAP64(archs[i].size)); + fa->store_32(BSWAP32(archs[i].align)); + fa->store_32(0); + } else { + fa->store_32(BSWAP32(archs[i].cputype)); + fa->store_32(BSWAP32(archs[i].cpusubtype)); + fa->store_32(BSWAP32(archs[i].offset)); + fa->store_32(BSWAP32(archs[i].size)); + fa->store_32(BSWAP32(archs[i].align)); + } + offset = archs[i].offset + archs[i].size; + } + + // Write files and padding. + for (int i = 0; i < archs.size(); i++) { + Ref<FileAccess> fb = FileAccess::open(p_files[i], FileAccess::READ); + if (fb.is_null()) { + close(); + ERR_FAIL_V_MSG(false, vformat("LipO: Can't open file: \"%s.\"", p_files[i])); + } + uint64_t cur = fa->get_position(); + for (uint64_t j = cur; j < archs[i].offset; j++) { + fa->store_8(0); + } + int pages = archs[i].size / 4096; + int remain = archs[i].size % 4096; + unsigned char step[4096]; + for (int j = 0; j < pages; j++) { + uint64_t br = fb->get_buffer(step, 4096); + if (br > 0) { + fa->store_buffer(step, br); + } + } + uint64_t br = fb->get_buffer(step, remain); + if (br > 0) { + fa->store_buffer(step, br); + } + } + return true; +} + +bool LipO::open_file(const String &p_path) { + close(); + + fa = FileAccess::open(p_path, FileAccess::READ); + ERR_FAIL_COND_V_MSG(fa.is_null(), false, vformat("LipO: Can't open file: \"%s\".", p_path)); + + uint32_t magic = fa->get_32(); + if (magic == 0xbebafeca) { + // 32-bit fat binary, bswap. + uint32_t nfat_arch = BSWAP32(fa->get_32()); + for (uint32_t i = 0; i < nfat_arch; i++) { + FatArch arch; + arch.cputype = BSWAP32(fa->get_32()); + arch.cpusubtype = BSWAP32(fa->get_32()); + arch.offset = BSWAP32(fa->get_32()); + arch.size = BSWAP32(fa->get_32()); + arch.align = BSWAP32(fa->get_32()); + + archs.push_back(arch); + } + } else if (magic == 0xcafebabe) { + // 32-bit fat binary. + uint32_t nfat_arch = fa->get_32(); + for (uint32_t i = 0; i < nfat_arch; i++) { + FatArch arch; + arch.cputype = fa->get_32(); + arch.cpusubtype = fa->get_32(); + arch.offset = fa->get_32(); + arch.size = fa->get_32(); + arch.align = fa->get_32(); + + archs.push_back(arch); + } + } else if (magic == 0xbfbafeca) { + // 64-bit fat binary, bswap. + uint32_t nfat_arch = BSWAP32(fa->get_32()); + for (uint32_t i = 0; i < nfat_arch; i++) { + FatArch arch; + arch.cputype = BSWAP32(fa->get_32()); + arch.cpusubtype = BSWAP32(fa->get_32()); + arch.offset = BSWAP64(fa->get_64()); + arch.size = BSWAP64(fa->get_64()); + arch.align = BSWAP32(fa->get_32()); + fa->get_32(); // Skip, reserved. + + archs.push_back(arch); + } + } else if (magic == 0xcafebabf) { + // 64-bit fat binary. + uint32_t nfat_arch = fa->get_32(); + for (uint32_t i = 0; i < nfat_arch; i++) { + FatArch arch; + arch.cputype = fa->get_32(); + arch.cpusubtype = fa->get_32(); + arch.offset = fa->get_64(); + arch.size = fa->get_64(); + arch.align = fa->get_32(); + fa->get_32(); // Skip, reserved. + + archs.push_back(arch); + } + } else { + close(); + ERR_FAIL_V_MSG(false, vformat("LipO: Invalid fat binary: \"%s\".", p_path)); + } + return true; +} + +int LipO::get_arch_count() const { + ERR_FAIL_COND_V_MSG(fa.is_null(), 0, "LipO: File not opened."); + return archs.size(); +} + +bool LipO::extract_arch(int p_index, const String &p_path) { + ERR_FAIL_COND_V_MSG(fa.is_null(), false, "LipO: File not opened."); + ERR_FAIL_INDEX_V(p_index, archs.size(), false); + + Ref<FileAccess> fb = FileAccess::open(p_path, FileAccess::WRITE); + ERR_FAIL_COND_V_MSG(fb.is_null(), false, vformat("LipO: Can't open file: \"%s\".", p_path)); + + fa->seek(archs[p_index].offset); + + int pages = archs[p_index].size / 4096; + int remain = archs[p_index].size % 4096; + unsigned char step[4096]; + for (int i = 0; i < pages; i++) { + uint64_t br = fa->get_buffer(step, 4096); + if (br > 0) { + fb->store_buffer(step, br); + } + } + uint64_t br = fa->get_buffer(step, remain); + if (br > 0) { + fb->store_buffer(step, br); + } + return true; +} + +void LipO::close() { + archs.clear(); +} + +LipO::~LipO() { + close(); +} + +#endif // MODULE_REGEX_ENABLED diff --git a/platform/macos/export/lipo.h b/platform/macos/export/lipo.h new file mode 100644 index 0000000000..0e419be17e --- /dev/null +++ b/platform/macos/export/lipo.h @@ -0,0 +1,76 @@ +/*************************************************************************/ +/* lipo.h */ +/*************************************************************************/ +/* This file is part of: */ +/* GODOT ENGINE */ +/* https://godotengine.org */ +/*************************************************************************/ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ +/* */ +/* Permission is hereby granted, free of charge, to any person obtaining */ +/* a copy of this software and associated documentation files (the */ +/* "Software"), to deal in the Software without restriction, including */ +/* without limitation the rights to use, copy, modify, merge, publish, */ +/* distribute, sublicense, and/or sell copies of the Software, and to */ +/* permit persons to whom the Software is furnished to do so, subject to */ +/* the following conditions: */ +/* */ +/* The above copyright notice and this permission notice shall be */ +/* included in all copies or substantial portions of the Software. */ +/* */ +/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ +/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ +/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ +/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ +/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ +/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ +/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ +/*************************************************************************/ + +// Universal / Universal 2 fat binary file creator and extractor. + +#ifndef LIPO_H +#define LIPO_H + +#include "core/io/file_access.h" +#include "core/object/ref_counted.h" +#include "modules/modules_enabled.gen.h" // For regex. + +#include "macho.h" + +#ifdef MODULE_REGEX_ENABLED + +class LipO : public RefCounted { + struct FatArch { + uint32_t cputype; + uint32_t cpusubtype; + uint64_t offset; + uint64_t size; + uint32_t align; + }; + + Ref<FileAccess> fa; + Vector<FatArch> archs; + + static inline size_t PAD(size_t s, size_t a) { + return (a - s % a); + } + +public: + static bool is_lipo(const String &p_path); + + bool create_file(const String &p_output_path, const PackedStringArray &p_files); + + bool open_file(const String &p_path); + int get_arch_count() const; + bool extract_arch(int p_index, const String &p_path); + + void close(); + + ~LipO(); +}; + +#endif // MODULE_REGEX_ENABLED + +#endif // LIPO_H diff --git a/platform/macos/export/macho.cpp b/platform/macos/export/macho.cpp new file mode 100644 index 0000000000..e6e67eff06 --- /dev/null +++ b/platform/macos/export/macho.cpp @@ -0,0 +1,548 @@ +/*************************************************************************/ +/* macho.cpp */ +/*************************************************************************/ +/* This file is part of: */ +/* GODOT ENGINE */ +/* https://godotengine.org */ +/*************************************************************************/ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ +/* */ +/* Permission is hereby granted, free of charge, to any person obtaining */ +/* a copy of this software and associated documentation files (the */ +/* "Software"), to deal in the Software without restriction, including */ +/* without limitation the rights to use, copy, modify, merge, publish, */ +/* distribute, sublicense, and/or sell copies of the Software, and to */ +/* permit persons to whom the Software is furnished to do so, subject to */ +/* the following conditions: */ +/* */ +/* The above copyright notice and this permission notice shall be */ +/* included in all copies or substantial portions of the Software. */ +/* */ +/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ +/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ +/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ +/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ +/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ +/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ +/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ +/*************************************************************************/ + +#include "modules/modules_enabled.gen.h" // For regex. + +#include "macho.h" + +#ifdef MODULE_REGEX_ENABLED + +uint32_t MachO::seg_align(uint64_t p_vmaddr, uint32_t p_min, uint32_t p_max) { + uint32_t align = p_max; + if (p_vmaddr != 0) { + uint64_t seg_align = 1; + align = 0; + while ((seg_align & p_vmaddr) == 0) { + seg_align = seg_align << 1; + align++; + } + align = CLAMP(align, p_min, p_max); + } + return align; +} + +bool MachO::alloc_signature(uint64_t p_size) { + ERR_FAIL_COND_V_MSG(fa.is_null(), false, "MachO: File not opened."); + if (signature_offset != 0) { + // Nothing to do, already have signature load command. + return true; + } + if (lc_limit == 0 || lc_limit + 16 > exe_base) { + ERR_FAIL_V_MSG(false, "MachO: Can't allocate signature load command, please use \"codesign_allocate\" utility first."); + } else { + // Add signature load command. + signature_offset = lc_limit; + + fa->seek(lc_limit); + LoadCommandHeader lc; + lc.cmd = LC_CODE_SIGNATURE; + lc.cmdsize = 16; + if (swap) { + lc.cmdsize = BSWAP32(lc.cmdsize); + } + fa->store_buffer((const uint8_t *)&lc, sizeof(LoadCommandHeader)); + + uint32_t lc_offset = fa->get_length() + PAD(fa->get_length(), 16); + uint32_t lc_size = 0; + if (swap) { + lc_offset = BSWAP32(lc_offset); + lc_size = BSWAP32(lc_size); + } + fa->store_32(lc_offset); + fa->store_32(lc_size); + + // Write new command number. + fa->seek(0x10); + uint32_t ncmds = fa->get_32(); + uint32_t cmdssize = fa->get_32(); + if (swap) { + ncmds = BSWAP32(ncmds); + cmdssize = BSWAP32(cmdssize); + } + ncmds += 1; + cmdssize += 16; + if (swap) { + ncmds = BSWAP32(ncmds); + cmdssize = BSWAP32(cmdssize); + } + fa->seek(0x10); + fa->store_32(ncmds); + fa->store_32(cmdssize); + + lc_limit = lc_limit + sizeof(LoadCommandHeader) + 8; + + return true; + } +} + +bool MachO::is_macho(const String &p_path) { + Ref<FileAccess> fb = FileAccess::open(p_path, FileAccess::READ); + ERR_FAIL_COND_V_MSG(fb.is_null(), false, vformat("MachO: Can't open file: \"%s\".", p_path)); + uint32_t magic = fb->get_32(); + return (magic == 0xcefaedfe || magic == 0xfeedface || magic == 0xcffaedfe || magic == 0xfeedfacf); +} + +bool MachO::open_file(const String &p_path) { + fa = FileAccess::open(p_path, FileAccess::READ_WRITE); + ERR_FAIL_COND_V_MSG(fa.is_null(), false, vformat("MachO: Can't open file: \"%s\".", p_path)); + uint32_t magic = fa->get_32(); + MachHeader mach_header; + + // Read MachO header. + swap = (magic == 0xcffaedfe || magic == 0xcefaedfe); + if (magic == 0xcefaedfe || magic == 0xfeedface) { + // Thin 32-bit binary. + fa->get_buffer((uint8_t *)&mach_header, sizeof(MachHeader)); + } else if (magic == 0xcffaedfe || magic == 0xfeedfacf) { + // Thin 64-bit binary. + fa->get_buffer((uint8_t *)&mach_header, sizeof(MachHeader)); + fa->get_32(); // Skip extra reserved field. + } else { + ERR_FAIL_V_MSG(false, vformat("MachO: File is not a valid MachO binary: \"%s\".", p_path)); + } + + if (swap) { + mach_header.ncmds = BSWAP32(mach_header.ncmds); + mach_header.cpusubtype = BSWAP32(mach_header.cpusubtype); + mach_header.cputype = BSWAP32(mach_header.cputype); + } + cpusubtype = mach_header.cpusubtype; + cputype = mach_header.cputype; + align = 0; + exe_base = std::numeric_limits<uint64_t>::max(); + exe_limit = 0; + lc_limit = 0; + link_edit_offset = 0; + signature_offset = 0; + + // Read load commands. + for (uint32_t i = 0; i < mach_header.ncmds; i++) { + LoadCommandHeader lc; + fa->get_buffer((uint8_t *)&lc, sizeof(LoadCommandHeader)); + if (swap) { + lc.cmd = BSWAP32(lc.cmd); + lc.cmdsize = BSWAP32(lc.cmdsize); + } + uint64_t ps = fa->get_position(); + switch (lc.cmd) { + case LC_SEGMENT: { + LoadCommandSegment lc_seg; + fa->get_buffer((uint8_t *)&lc_seg, sizeof(LoadCommandSegment)); + if (swap) { + lc_seg.nsects = BSWAP32(lc_seg.nsects); + lc_seg.vmaddr = BSWAP32(lc_seg.vmaddr); + lc_seg.vmsize = BSWAP32(lc_seg.vmsize); + } + align = MAX(align, seg_align(lc_seg.vmaddr, 2, 15)); + if (String(lc_seg.segname) == "__TEXT") { + exe_limit = MAX(exe_limit, lc_seg.vmsize); + for (uint32_t j = 0; j < lc_seg.nsects; j++) { + Section lc_sect; + fa->get_buffer((uint8_t *)&lc_sect, sizeof(Section)); + if (String(lc_sect.sectname) == "__text") { + if (swap) { + exe_base = MIN(exe_base, BSWAP32(lc_sect.offset)); + } else { + exe_base = MIN(exe_base, lc_sect.offset); + } + } + if (swap) { + align = MAX(align, BSWAP32(lc_sect.align)); + } else { + align = MAX(align, lc_sect.align); + } + } + } else if (String(lc_seg.segname) == "__LINKEDIT") { + link_edit_offset = ps - 8; + } + } break; + case LC_SEGMENT_64: { + LoadCommandSegment64 lc_seg; + fa->get_buffer((uint8_t *)&lc_seg, sizeof(LoadCommandSegment64)); + if (swap) { + lc_seg.nsects = BSWAP32(lc_seg.nsects); + lc_seg.vmaddr = BSWAP64(lc_seg.vmaddr); + lc_seg.vmsize = BSWAP64(lc_seg.vmsize); + } + align = MAX(align, seg_align(lc_seg.vmaddr, 3, 15)); + if (String(lc_seg.segname) == "__TEXT") { + exe_limit = MAX(exe_limit, lc_seg.vmsize); + for (uint32_t j = 0; j < lc_seg.nsects; j++) { + Section64 lc_sect; + fa->get_buffer((uint8_t *)&lc_sect, sizeof(Section64)); + if (String(lc_sect.sectname) == "__text") { + if (swap) { + exe_base = MIN(exe_base, BSWAP32(lc_sect.offset)); + } else { + exe_base = MIN(exe_base, lc_sect.offset); + } + if (swap) { + align = MAX(align, BSWAP32(lc_sect.align)); + } else { + align = MAX(align, lc_sect.align); + } + } + } + } else if (String(lc_seg.segname) == "__LINKEDIT") { + link_edit_offset = ps - 8; + } + } break; + case LC_CODE_SIGNATURE: { + signature_offset = ps - 8; + } break; + default: { + } break; + } + fa->seek(ps + lc.cmdsize - 8); + lc_limit = ps + lc.cmdsize - 8; + } + + if (exe_limit == 0 || lc_limit == 0) { + ERR_FAIL_V_MSG(false, vformat("MachO: No load commands or executable code found: \"%s\".", p_path)); + } + + return true; +} + +uint64_t MachO::get_exe_base() { + ERR_FAIL_COND_V_MSG(fa.is_null(), 0, "MachO: File not opened."); + return exe_base; +} + +uint64_t MachO::get_exe_limit() { + ERR_FAIL_COND_V_MSG(fa.is_null(), 0, "MachO: File not opened."); + return exe_limit; +} + +int32_t MachO::get_align() { + ERR_FAIL_COND_V_MSG(fa.is_null(), 0, "MachO: File not opened."); + return align; +} + +uint32_t MachO::get_cputype() { + ERR_FAIL_COND_V_MSG(fa.is_null(), 0, "MachO: File not opened."); + return cputype; +} + +uint32_t MachO::get_cpusubtype() { + ERR_FAIL_COND_V_MSG(fa.is_null(), 0, "MachO: File not opened."); + return cpusubtype; +} + +uint64_t MachO::get_size() { + ERR_FAIL_COND_V_MSG(fa.is_null(), 0, "MachO: File not opened."); + return fa->get_length(); +} + +uint64_t MachO::get_signature_offset() { + ERR_FAIL_COND_V_MSG(fa.is_null(), 0, "MachO: File not opened."); + ERR_FAIL_COND_V_MSG(signature_offset == 0, 0, "MachO: No signature load command."); + + fa->seek(signature_offset + 8); + if (swap) { + return BSWAP32(fa->get_32()); + } else { + return fa->get_32(); + } +} + +uint64_t MachO::get_code_limit() { + ERR_FAIL_COND_V_MSG(fa.is_null(), 0, "MachO: File not opened."); + + if (signature_offset == 0) { + return fa->get_length() + PAD(fa->get_length(), 16); + } else { + return get_signature_offset(); + } +} + +uint64_t MachO::get_signature_size() { + ERR_FAIL_COND_V_MSG(fa.is_null(), 0, "MachO: File not opened."); + ERR_FAIL_COND_V_MSG(signature_offset == 0, 0, "MachO: No signature load command."); + + fa->seek(signature_offset + 12); + if (swap) { + return BSWAP32(fa->get_32()); + } else { + return fa->get_32(); + } +} + +bool MachO::is_signed() { + ERR_FAIL_COND_V_MSG(fa.is_null(), false, "MachO: File not opened."); + if (signature_offset == 0) { + return false; + } + + fa->seek(get_signature_offset()); + uint32_t magic = BSWAP32(fa->get_32()); + if (magic != 0xfade0cc0) { + return false; // No SuperBlob found. + } + fa->get_32(); // Skip size field, unused. + uint32_t count = BSWAP32(fa->get_32()); + for (uint32_t i = 0; i < count; i++) { + uint32_t index_type = BSWAP32(fa->get_32()); + uint32_t offset = BSWAP32(fa->get_32()); + if (index_type == 0x00000000) { // CodeDirectory index type. + fa->seek(get_signature_offset() + offset + 12); + uint32_t flags = BSWAP32(fa->get_32()); + if (flags & 0x20000) { + return false; // Found CD, linker-signed. + } else { + return true; // Found CD, not linker-signed. + } + } + } + return false; // No CD found. +} + +PackedByteArray MachO::get_cdhash_sha1() { + ERR_FAIL_COND_V_MSG(fa.is_null(), PackedByteArray(), "MachO: File not opened."); + if (signature_offset == 0) { + return PackedByteArray(); + } + + fa->seek(get_signature_offset()); + uint32_t magic = BSWAP32(fa->get_32()); + if (magic != 0xfade0cc0) { + return PackedByteArray(); // No SuperBlob found. + } + fa->get_32(); // Skip size field, unused. + uint32_t count = BSWAP32(fa->get_32()); + for (uint32_t i = 0; i < count; i++) { + fa->get_32(); // Index type, skip. + uint32_t offset = BSWAP32(fa->get_32()); + uint64_t pos = fa->get_position(); + + fa->seek(get_signature_offset() + offset); + uint32_t cdmagic = BSWAP32(fa->get_32()); + uint32_t cdsize = BSWAP32(fa->get_32()); + if (cdmagic == 0xfade0c02) { // CodeDirectory. + fa->seek(get_signature_offset() + offset + 36); + uint8_t hash_size = fa->get_8(); + uint8_t hash_type = fa->get_8(); + if (hash_size == 0x14 && hash_type == 0x01) { /* SHA-1 */ + PackedByteArray hash; + hash.resize(0x14); + + fa->seek(get_signature_offset() + offset); + PackedByteArray blob; + blob.resize(cdsize); + fa->get_buffer(blob.ptrw(), cdsize); + + CryptoCore::SHA1Context ctx; + ctx.start(); + ctx.update(blob.ptr(), blob.size()); + ctx.finish(hash.ptrw()); + + return hash; + } + } + fa->seek(pos); + } + return PackedByteArray(); +} + +PackedByteArray MachO::get_cdhash_sha256() { + ERR_FAIL_COND_V_MSG(fa.is_null(), PackedByteArray(), "MachO: File not opened."); + if (signature_offset == 0) { + return PackedByteArray(); + } + + fa->seek(get_signature_offset()); + uint32_t magic = BSWAP32(fa->get_32()); + if (magic != 0xfade0cc0) { + return PackedByteArray(); // No SuperBlob found. + } + fa->get_32(); // Skip size field, unused. + uint32_t count = BSWAP32(fa->get_32()); + for (uint32_t i = 0; i < count; i++) { + fa->get_32(); // Index type, skip. + uint32_t offset = BSWAP32(fa->get_32()); + uint64_t pos = fa->get_position(); + + fa->seek(get_signature_offset() + offset); + uint32_t cdmagic = BSWAP32(fa->get_32()); + uint32_t cdsize = BSWAP32(fa->get_32()); + if (cdmagic == 0xfade0c02) { // CodeDirectory. + fa->seek(get_signature_offset() + offset + 36); + uint8_t hash_size = fa->get_8(); + uint8_t hash_type = fa->get_8(); + if (hash_size == 0x20 && hash_type == 0x02) { /* SHA-256 */ + PackedByteArray hash; + hash.resize(0x20); + + fa->seek(get_signature_offset() + offset); + PackedByteArray blob; + blob.resize(cdsize); + fa->get_buffer(blob.ptrw(), cdsize); + + CryptoCore::SHA256Context ctx; + ctx.start(); + ctx.update(blob.ptr(), blob.size()); + ctx.finish(hash.ptrw()); + + return hash; + } + } + fa->seek(pos); + } + return PackedByteArray(); +} + +PackedByteArray MachO::get_requirements() { + ERR_FAIL_COND_V_MSG(fa.is_null(), PackedByteArray(), "MachO: File not opened."); + if (signature_offset == 0) { + return PackedByteArray(); + } + + fa->seek(get_signature_offset()); + uint32_t magic = BSWAP32(fa->get_32()); + if (magic != 0xfade0cc0) { + return PackedByteArray(); // No SuperBlob found. + } + fa->get_32(); // Skip size field, unused. + uint32_t count = BSWAP32(fa->get_32()); + for (uint32_t i = 0; i < count; i++) { + fa->get_32(); // Index type, skip. + uint32_t offset = BSWAP32(fa->get_32()); + uint64_t pos = fa->get_position(); + + fa->seek(get_signature_offset() + offset); + uint32_t rqmagic = BSWAP32(fa->get_32()); + uint32_t rqsize = BSWAP32(fa->get_32()); + if (rqmagic == 0xfade0c01) { // Requirements. + PackedByteArray blob; + fa->seek(get_signature_offset() + offset); + blob.resize(rqsize); + fa->get_buffer(blob.ptrw(), rqsize); + return blob; + } + fa->seek(pos); + } + return PackedByteArray(); +} + +const Ref<FileAccess> MachO::get_file() const { + return fa; +} + +Ref<FileAccess> MachO::get_file() { + return fa; +} + +bool MachO::set_signature_size(uint64_t p_size) { + ERR_FAIL_COND_V_MSG(fa.is_null(), false, "MachO: File not opened."); + + // Ensure signature load command exists. + ERR_FAIL_COND_V_MSG(link_edit_offset == 0, false, "MachO: No __LINKEDIT segment found."); + ERR_FAIL_COND_V_MSG(!alloc_signature(p_size), false, "MachO: Can't allocate signature load command."); + + // Update signature load command. + uint64_t old_size = get_signature_size(); + uint64_t new_size = p_size + PAD(p_size, 16384); + + if (new_size <= old_size) { + fa->seek(get_signature_offset()); + for (uint64_t i = 0; i < old_size; i++) { + fa->store_8(0x00); + } + return true; + } + + fa->seek(signature_offset + 12); + if (swap) { + fa->store_32(BSWAP32(new_size)); + } else { + fa->store_32(new_size); + } + + uint64_t end = get_signature_offset() + new_size; + + // Update "__LINKEDIT" segment. + LoadCommandHeader lc; + fa->seek(link_edit_offset); + fa->get_buffer((uint8_t *)&lc, sizeof(LoadCommandHeader)); + if (swap) { + lc.cmd = BSWAP32(lc.cmd); + lc.cmdsize = BSWAP32(lc.cmdsize); + } + switch (lc.cmd) { + case LC_SEGMENT: { + LoadCommandSegment lc_seg; + fa->get_buffer((uint8_t *)&lc_seg, sizeof(LoadCommandSegment)); + if (swap) { + lc_seg.vmsize = BSWAP32(lc_seg.vmsize); + lc_seg.filesize = BSWAP32(lc_seg.filesize); + lc_seg.fileoff = BSWAP32(lc_seg.fileoff); + } + + lc_seg.vmsize = end - lc_seg.fileoff; + lc_seg.vmsize += PAD(lc_seg.vmsize, 4096); + lc_seg.filesize = end - lc_seg.fileoff; + + if (swap) { + lc_seg.vmsize = BSWAP32(lc_seg.vmsize); + lc_seg.filesize = BSWAP32(lc_seg.filesize); + } + fa->seek(link_edit_offset + 8); + fa->store_buffer((const uint8_t *)&lc_seg, sizeof(LoadCommandSegment)); + } break; + case LC_SEGMENT_64: { + LoadCommandSegment64 lc_seg; + fa->get_buffer((uint8_t *)&lc_seg, sizeof(LoadCommandSegment64)); + if (swap) { + lc_seg.vmsize = BSWAP64(lc_seg.vmsize); + lc_seg.filesize = BSWAP64(lc_seg.filesize); + lc_seg.fileoff = BSWAP64(lc_seg.fileoff); + } + lc_seg.vmsize = end - lc_seg.fileoff; + lc_seg.vmsize += PAD(lc_seg.vmsize, 4096); + lc_seg.filesize = end - lc_seg.fileoff; + if (swap) { + lc_seg.vmsize = BSWAP64(lc_seg.vmsize); + lc_seg.filesize = BSWAP64(lc_seg.filesize); + } + fa->seek(link_edit_offset + 8); + fa->store_buffer((const uint8_t *)&lc_seg, sizeof(LoadCommandSegment64)); + } break; + default: { + ERR_FAIL_V_MSG(false, "MachO: Invalid __LINKEDIT segment type."); + } break; + } + fa->seek(get_signature_offset()); + for (uint64_t i = 0; i < new_size; i++) { + fa->store_8(0x00); + } + return true; +} + +#endif // MODULE_REGEX_ENABLED diff --git a/platform/macos/export/macho.h b/platform/macos/export/macho.h new file mode 100644 index 0000000000..6cfc3c44f5 --- /dev/null +++ b/platform/macos/export/macho.h @@ -0,0 +1,215 @@ +/*************************************************************************/ +/* macho.h */ +/*************************************************************************/ +/* This file is part of: */ +/* GODOT ENGINE */ +/* https://godotengine.org */ +/*************************************************************************/ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ +/* */ +/* Permission is hereby granted, free of charge, to any person obtaining */ +/* a copy of this software and associated documentation files (the */ +/* "Software"), to deal in the Software without restriction, including */ +/* without limitation the rights to use, copy, modify, merge, publish, */ +/* distribute, sublicense, and/or sell copies of the Software, and to */ +/* permit persons to whom the Software is furnished to do so, subject to */ +/* the following conditions: */ +/* */ +/* The above copyright notice and this permission notice shall be */ +/* included in all copies or substantial portions of the Software. */ +/* */ +/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ +/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ +/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ +/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ +/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ +/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ +/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ +/*************************************************************************/ + +// Mach-O binary object file format parser and editor. + +#ifndef MACHO_H +#define MACHO_H + +#include "core/crypto/crypto.h" +#include "core/crypto/crypto_core.h" +#include "core/io/file_access.h" +#include "core/object/ref_counted.h" +#include "modules/modules_enabled.gen.h" // For regex. + +#ifdef MODULE_REGEX_ENABLED + +class MachO : public RefCounted { + struct MachHeader { + uint32_t cputype; + uint32_t cpusubtype; + uint32_t filetype; + uint32_t ncmds; + uint32_t sizeofcmds; + uint32_t flags; + }; + + enum LoadCommandID { + LC_SEGMENT = 0x00000001, + LC_SYMTAB = 0x00000002, + LC_SYMSEG = 0x00000003, + LC_THREAD = 0x00000004, + LC_UNIXTHREAD = 0x00000005, + LC_LOADFVMLIB = 0x00000006, + LC_IDFVMLIB = 0x00000007, + LC_IDENT = 0x00000008, + LC_FVMFILE = 0x00000009, + LC_PREPAGE = 0x0000000a, + LC_DYSYMTAB = 0x0000000b, + LC_LOAD_DYLIB = 0x0000000c, + LC_ID_DYLIB = 0x0000000d, + LC_LOAD_DYLINKER = 0x0000000e, + LC_ID_DYLINKER = 0x0000000f, + LC_PREBOUND_DYLIB = 0x00000010, + LC_ROUTINES = 0x00000011, + LC_SUB_FRAMEWORK = 0x00000012, + LC_SUB_UMBRELLA = 0x00000013, + LC_SUB_CLIENT = 0x00000014, + LC_SUB_LIBRARY = 0x00000015, + LC_TWOLEVEL_HINTS = 0x00000016, + LC_PREBIND_CKSUM = 0x00000017, + LC_LOAD_WEAK_DYLIB = 0x80000018, + LC_SEGMENT_64 = 0x00000019, + LC_ROUTINES_64 = 0x0000001a, + LC_UUID = 0x0000001b, + LC_RPATH = 0x8000001c, + LC_CODE_SIGNATURE = 0x0000001d, + LC_SEGMENT_SPLIT_INFO = 0x0000001e, + LC_REEXPORT_DYLIB = 0x8000001f, + LC_LAZY_LOAD_DYLIB = 0x00000020, + LC_ENCRYPTION_INFO = 0x00000021, + LC_DYLD_INFO = 0x00000022, + LC_DYLD_INFO_ONLY = 0x80000022, + LC_LOAD_UPWARD_DYLIB = 0x80000023, + LC_VERSION_MIN_MACOSX = 0x00000024, + LC_VERSION_MIN_IPHONEOS = 0x00000025, + LC_FUNCTION_STARTS = 0x00000026, + LC_DYLD_ENVIRONMENT = 0x00000027, + LC_MAIN = 0x80000028, + LC_DATA_IN_CODE = 0x00000029, + LC_SOURCE_VERSION = 0x0000002a, + LC_DYLIB_CODE_SIGN_DRS = 0x0000002b, + LC_ENCRYPTION_INFO_64 = 0x0000002c, + LC_LINKER_OPTION = 0x0000002d, + LC_LINKER_OPTIMIZATION_HINT = 0x0000002e, + LC_VERSION_MIN_TVOS = 0x0000002f, + LC_VERSION_MIN_WATCHOS = 0x00000030, + }; + + struct LoadCommandHeader { + uint32_t cmd; + uint32_t cmdsize; + }; + + struct LoadCommandSegment { + char segname[16]; + uint32_t vmaddr; + uint32_t vmsize; + uint32_t fileoff; + uint32_t filesize; + uint32_t maxprot; + uint32_t initprot; + uint32_t nsects; + uint32_t flags; + }; + + struct LoadCommandSegment64 { + char segname[16]; + uint64_t vmaddr; + uint64_t vmsize; + uint64_t fileoff; + uint64_t filesize; + uint32_t maxprot; + uint32_t initprot; + uint32_t nsects; + uint32_t flags; + }; + + struct Section { + char sectname[16]; + char segname[16]; + uint32_t addr; + uint32_t size; + uint32_t offset; + uint32_t align; + uint32_t reloff; + uint32_t nreloc; + uint32_t flags; + uint32_t reserved1; + uint32_t reserved2; + }; + + struct Section64 { + char sectname[16]; + char segname[16]; + uint64_t addr; + uint64_t size; + uint32_t offset; + uint32_t align; + uint32_t reloff; + uint32_t nreloc; + uint32_t flags; + uint32_t reserved1; + uint32_t reserved2; + uint32_t reserved3; + }; + + Ref<FileAccess> fa; + bool swap = false; + + uint64_t lc_limit = 0; + + uint64_t exe_limit = 0; + uint64_t exe_base = std::numeric_limits<uint64_t>::max(); // Start of first __text section. + uint32_t align = 0; + uint32_t cputype = 0; + uint32_t cpusubtype = 0; + + uint64_t link_edit_offset = 0; // __LINKEDIT segment offset. + uint64_t signature_offset = 0; // Load command offset. + + uint32_t seg_align(uint64_t p_vmaddr, uint32_t p_min, uint32_t p_max); + bool alloc_signature(uint64_t p_size); + + static inline size_t PAD(size_t s, size_t a) { + return (a - s % a); + } + +public: + static bool is_macho(const String &p_path); + + bool open_file(const String &p_path); + + uint64_t get_exe_base(); + uint64_t get_exe_limit(); + int32_t get_align(); + uint32_t get_cputype(); + uint32_t get_cpusubtype(); + uint64_t get_size(); + uint64_t get_code_limit(); + + uint64_t get_signature_offset(); + bool is_signed(); + + PackedByteArray get_cdhash_sha1(); + PackedByteArray get_cdhash_sha256(); + + PackedByteArray get_requirements(); + + const Ref<FileAccess> get_file() const; + Ref<FileAccess> get_file(); + + uint64_t get_signature_size(); + bool set_signature_size(uint64_t p_size); +}; + +#endif // MODULE_REGEX_ENABLED + +#endif // MACHO_H diff --git a/platform/macos/export/plist.cpp b/platform/macos/export/plist.cpp new file mode 100644 index 0000000000..36de9dd34b --- /dev/null +++ b/platform/macos/export/plist.cpp @@ -0,0 +1,570 @@ +/*************************************************************************/ +/* plist.cpp */ +/*************************************************************************/ +/* This file is part of: */ +/* GODOT ENGINE */ +/* https://godotengine.org */ +/*************************************************************************/ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ +/* */ +/* Permission is hereby granted, free of charge, to any person obtaining */ +/* a copy of this software and associated documentation files (the */ +/* "Software"), to deal in the Software without restriction, including */ +/* without limitation the rights to use, copy, modify, merge, publish, */ +/* distribute, sublicense, and/or sell copies of the Software, and to */ +/* permit persons to whom the Software is furnished to do so, subject to */ +/* the following conditions: */ +/* */ +/* The above copyright notice and this permission notice shall be */ +/* included in all copies or substantial portions of the Software. */ +/* */ +/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ +/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ +/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ +/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ +/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ +/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ +/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ +/*************************************************************************/ + +#include "modules/modules_enabled.gen.h" // For regex. + +#include "plist.h" + +#ifdef MODULE_REGEX_ENABLED + +Ref<PListNode> PListNode::new_array() { + Ref<PListNode> node = memnew(PListNode()); + ERR_FAIL_COND_V(node.is_null(), Ref<PListNode>()); + node->data_type = PList::PLNodeType::PL_NODE_TYPE_ARRAY; + return node; +} + +Ref<PListNode> PListNode::new_dict() { + Ref<PListNode> node = memnew(PListNode()); + ERR_FAIL_COND_V(node.is_null(), Ref<PListNode>()); + node->data_type = PList::PLNodeType::PL_NODE_TYPE_DICT; + return node; +} + +Ref<PListNode> PListNode::new_string(const String &p_string) { + Ref<PListNode> node = memnew(PListNode()); + ERR_FAIL_COND_V(node.is_null(), Ref<PListNode>()); + node->data_type = PList::PLNodeType::PL_NODE_TYPE_STRING; + node->data_string = p_string.utf8(); + return node; +} + +Ref<PListNode> PListNode::new_data(const String &p_string) { + Ref<PListNode> node = memnew(PListNode()); + ERR_FAIL_COND_V(node.is_null(), Ref<PListNode>()); + node->data_type = PList::PLNodeType::PL_NODE_TYPE_DATA; + node->data_string = p_string.utf8(); + return node; +} + +Ref<PListNode> PListNode::new_date(const String &p_string) { + Ref<PListNode> node = memnew(PListNode()); + ERR_FAIL_COND_V(node.is_null(), Ref<PListNode>()); + node->data_type = PList::PLNodeType::PL_NODE_TYPE_DATE; + node->data_string = p_string.utf8(); + return node; +} + +Ref<PListNode> PListNode::new_bool(bool p_bool) { + Ref<PListNode> node = memnew(PListNode()); + ERR_FAIL_COND_V(node.is_null(), Ref<PListNode>()); + node->data_type = PList::PLNodeType::PL_NODE_TYPE_BOOLEAN; + node->data_bool = p_bool; + return node; +} + +Ref<PListNode> PListNode::new_int(int32_t p_int) { + Ref<PListNode> node = memnew(PListNode()); + ERR_FAIL_COND_V(node.is_null(), Ref<PListNode>()); + node->data_type = PList::PLNodeType::PL_NODE_TYPE_INTEGER; + node->data_int = p_int; + return node; +} + +Ref<PListNode> PListNode::new_real(float p_real) { + Ref<PListNode> node = memnew(PListNode()); + ERR_FAIL_COND_V(node.is_null(), Ref<PListNode>()); + node->data_type = PList::PLNodeType::PL_NODE_TYPE_REAL; + node->data_real = p_real; + return node; +} + +bool PListNode::push_subnode(const Ref<PListNode> &p_node, const String &p_key) { + ERR_FAIL_COND_V(p_node.is_null(), false); + if (data_type == PList::PLNodeType::PL_NODE_TYPE_DICT) { + ERR_FAIL_COND_V(p_key.is_empty(), false); + ERR_FAIL_COND_V(data_dict.has(p_key), false); + data_dict[p_key] = p_node; + return true; + } else if (data_type == PList::PLNodeType::PL_NODE_TYPE_ARRAY) { + data_array.push_back(p_node); + return true; + } else { + ERR_FAIL_V_MSG(false, "PList: Invalid parent node type, should be DICT or ARRAY."); + } +} + +size_t PListNode::get_asn1_size(uint8_t p_len_octets) const { + // Get size of all data, excluding type and size information. + switch (data_type) { + case PList::PLNodeType::PL_NODE_TYPE_NIL: { + return 0; + } break; + case PList::PLNodeType::PL_NODE_TYPE_DATA: + case PList::PLNodeType::PL_NODE_TYPE_DATE: { + ERR_FAIL_V_MSG(0, "PList: DATE and DATA nodes are not supported by ASN.1 serialization."); + } break; + case PList::PLNodeType::PL_NODE_TYPE_STRING: { + return data_string.length(); + } break; + case PList::PLNodeType::PL_NODE_TYPE_BOOLEAN: { + return 1; + } break; + case PList::PLNodeType::PL_NODE_TYPE_INTEGER: + case PList::PLNodeType::PL_NODE_TYPE_REAL: { + return 4; + } break; + case PList::PLNodeType::PL_NODE_TYPE_ARRAY: { + size_t size = 0; + for (int i = 0; i < data_array.size(); i++) { + size += 1 + _asn1_size_len(p_len_octets) + data_array[i]->get_asn1_size(p_len_octets); + } + return size; + } break; + case PList::PLNodeType::PL_NODE_TYPE_DICT: { + size_t size = 0; + + for (const KeyValue<String, Ref<PListNode>> &E : data_dict) { + size += 1 + _asn1_size_len(p_len_octets); // Sequence. + size += 1 + _asn1_size_len(p_len_octets) + E.key.utf8().length(); //Key. + size += 1 + _asn1_size_len(p_len_octets) + E.value->get_asn1_size(p_len_octets); // Value. + } + return size; + } break; + default: { + return 0; + } break; + } +} + +int PListNode::_asn1_size_len(uint8_t p_len_octets) { + if (p_len_octets > 1) { + return p_len_octets + 1; + } else { + return 1; + } +} + +void PListNode::store_asn1_size(PackedByteArray &p_stream, uint8_t p_len_octets) const { + uint32_t size = get_asn1_size(p_len_octets); + if (p_len_octets > 1) { + p_stream.push_back(0x80 + p_len_octets); + } + for (int i = p_len_octets - 1; i >= 0; i--) { + uint8_t x = (size >> i * 8) & 0xFF; + p_stream.push_back(x); + } +} + +bool PListNode::store_asn1(PackedByteArray &p_stream, uint8_t p_len_octets) const { + // Convert to binary ASN1 stream. + bool valid = true; + switch (data_type) { + case PList::PLNodeType::PL_NODE_TYPE_NIL: { + // Nothing to store. + } break; + case PList::PLNodeType::PL_NODE_TYPE_DATE: + case PList::PLNodeType::PL_NODE_TYPE_DATA: { + ERR_FAIL_V_MSG(false, "PList: DATE and DATA nodes are not supported by ASN.1 serialization."); + } break; + case PList::PLNodeType::PL_NODE_TYPE_STRING: { + p_stream.push_back(0x0C); + store_asn1_size(p_stream, p_len_octets); + for (int i = 0; i < data_string.size(); i++) { + p_stream.push_back(data_string[i]); + } + } break; + case PList::PLNodeType::PL_NODE_TYPE_BOOLEAN: { + p_stream.push_back(0x01); + store_asn1_size(p_stream, p_len_octets); + if (data_bool) { + p_stream.push_back(0x01); + } else { + p_stream.push_back(0x00); + } + } break; + case PList::PLNodeType::PL_NODE_TYPE_INTEGER: { + p_stream.push_back(0x02); + store_asn1_size(p_stream, p_len_octets); + for (int i = 4; i >= 0; i--) { + uint8_t x = (data_int >> i * 8) & 0xFF; + p_stream.push_back(x); + } + } break; + case PList::PLNodeType::PL_NODE_TYPE_REAL: { + p_stream.push_back(0x03); + store_asn1_size(p_stream, p_len_octets); + for (int i = 4; i >= 0; i--) { + uint8_t x = (data_int >> i * 8) & 0xFF; + p_stream.push_back(x); + } + } break; + case PList::PLNodeType::PL_NODE_TYPE_ARRAY: { + p_stream.push_back(0x30); // Sequence. + store_asn1_size(p_stream, p_len_octets); + for (int i = 0; i < data_array.size(); i++) { + valid = valid && data_array[i]->store_asn1(p_stream, p_len_octets); + } + } break; + case PList::PLNodeType::PL_NODE_TYPE_DICT: { + p_stream.push_back(0x31); // Set. + store_asn1_size(p_stream, p_len_octets); + for (const KeyValue<String, Ref<PListNode>> &E : data_dict) { + CharString cs = E.key.utf8(); + uint32_t size = cs.length(); + + // Sequence. + p_stream.push_back(0x30); + uint32_t seq_size = 2 * (1 + _asn1_size_len(p_len_octets)) + size + E.value->get_asn1_size(p_len_octets); + if (p_len_octets > 1) { + p_stream.push_back(0x80 + p_len_octets); + } + for (int i = p_len_octets - 1; i >= 0; i--) { + uint8_t x = (seq_size >> i * 8) & 0xFF; + p_stream.push_back(x); + } + // Key. + p_stream.push_back(0x0C); + if (p_len_octets > 1) { + p_stream.push_back(0x80 + p_len_octets); + } + for (int i = p_len_octets - 1; i >= 0; i--) { + uint8_t x = (size >> i * 8) & 0xFF; + p_stream.push_back(x); + } + for (uint32_t i = 0; i < size; i++) { + p_stream.push_back(cs[i]); + } + // Value. + valid = valid && E.value->store_asn1(p_stream, p_len_octets); + } + } break; + } + return valid; +} + +void PListNode::store_text(String &p_stream, uint8_t p_indent) const { + // Convert to text XML stream. + switch (data_type) { + case PList::PLNodeType::PL_NODE_TYPE_NIL: { + // Nothing to store. + } break; + case PList::PLNodeType::PL_NODE_TYPE_DATA: { + p_stream += String("\t").repeat(p_indent); + p_stream += "<data>\n"; + p_stream += String("\t").repeat(p_indent); + p_stream += data_string + "\n"; + p_stream += String("\t").repeat(p_indent); + p_stream += "</data>\n"; + } break; + case PList::PLNodeType::PL_NODE_TYPE_DATE: { + p_stream += String("\t").repeat(p_indent); + p_stream += "<date>"; + p_stream += data_string; + p_stream += "</date>\n"; + } break; + case PList::PLNodeType::PL_NODE_TYPE_STRING: { + p_stream += String("\t").repeat(p_indent); + p_stream += "<string>"; + p_stream += String::utf8(data_string); + p_stream += "</string>\n"; + } break; + case PList::PLNodeType::PL_NODE_TYPE_BOOLEAN: { + p_stream += String("\t").repeat(p_indent); + if (data_bool) { + p_stream += "<true/>\n"; + } else { + p_stream += "<false/>\n"; + } + } break; + case PList::PLNodeType::PL_NODE_TYPE_INTEGER: { + p_stream += String("\t").repeat(p_indent); + p_stream += "<integer>"; + p_stream += itos(data_int); + p_stream += "</integer>\n"; + } break; + case PList::PLNodeType::PL_NODE_TYPE_REAL: { + p_stream += String("\t").repeat(p_indent); + p_stream += "<real>"; + p_stream += rtos(data_real); + p_stream += "</real>\n"; + } break; + case PList::PLNodeType::PL_NODE_TYPE_ARRAY: { + p_stream += String("\t").repeat(p_indent); + p_stream += "<array>\n"; + for (int i = 0; i < data_array.size(); i++) { + data_array[i]->store_text(p_stream, p_indent + 1); + } + p_stream += String("\t").repeat(p_indent); + p_stream += "</array>\n"; + } break; + case PList::PLNodeType::PL_NODE_TYPE_DICT: { + p_stream += String("\t").repeat(p_indent); + p_stream += "<dict>\n"; + for (const KeyValue<String, Ref<PListNode>> &E : data_dict) { + p_stream += String("\t").repeat(p_indent + 1); + p_stream += "<key>"; + p_stream += E.key; + p_stream += "</key>\n"; + E.value->store_text(p_stream, p_indent + 1); + } + p_stream += String("\t").repeat(p_indent); + p_stream += "</dict>\n"; + } break; + } +} + +/*************************************************************************/ + +PList::PList() { + root = PListNode::new_dict(); +} + +PList::PList(const String &p_string) { + load_string(p_string); +} + +bool PList::load_file(const String &p_filename) { + root = Ref<PListNode>(); + + Ref<FileAccess> fb = FileAccess::open(p_filename, FileAccess::READ); + if (fb.is_null()) { + return false; + } + + unsigned char magic[8]; + fb->get_buffer(magic, 8); + + if (String((const char *)magic, 8) == "bplist00") { + ERR_FAIL_V_MSG(false, "PList: Binary property lists are not supported."); + } else { + // Load text plist. + Error err; + Vector<uint8_t> array = FileAccess::get_file_as_array(p_filename, &err); + ERR_FAIL_COND_V(err != OK, false); + + String ret; + ret.parse_utf8((const char *)array.ptr(), array.size()); + return load_string(ret); + } +} + +bool PList::load_string(const String &p_string) { + root = Ref<PListNode>(); + + int pos = 0; + bool in_plist = false; + bool done_plist = false; + List<Ref<PListNode>> stack; + String key; + while (pos >= 0) { + int open_token_s = p_string.find("<", pos); + if (open_token_s == -1) { + ERR_FAIL_V_MSG(false, "PList: Unexpected end of data. No tags found."); + } + int open_token_e = p_string.find(">", open_token_s); + pos = open_token_e; + + String token = p_string.substr(open_token_s + 1, open_token_e - open_token_s - 1); + if (token.is_empty()) { + ERR_FAIL_V_MSG(false, "PList: Invalid token name."); + } + String value; + if (token[0] == '?' || token[0] == '!') { // Skip <?xml ... ?> and <!DOCTYPE ... > + int end_token_e = p_string.find(">", open_token_s); + pos = end_token_e; + continue; + } + + if (token.find("plist", 0) == 0) { + in_plist = true; + continue; + } + + if (token == "/plist") { + done_plist = true; + break; + } + + if (!in_plist) { + ERR_FAIL_V_MSG(false, "PList: Node outside of <plist> tag."); + } + + if (token == "dict") { + if (!stack.is_empty()) { + // Add subnode end enter it. + Ref<PListNode> dict = PListNode::new_dict(); + dict->data_type = PList::PLNodeType::PL_NODE_TYPE_DICT; + if (!stack.back()->get()->push_subnode(dict, key)) { + ERR_FAIL_V_MSG(false, "PList: Can't push subnode, invalid parent type."); + } + stack.push_back(dict); + } else { + // Add root node. + if (!root.is_null()) { + ERR_FAIL_V_MSG(false, "PList: Root node already set."); + } + Ref<PListNode> dict = PListNode::new_dict(); + stack.push_back(dict); + root = dict; + } + continue; + } + + if (token == "/dict") { + // Exit current dict. + if (stack.is_empty() || stack.back()->get()->data_type != PList::PLNodeType::PL_NODE_TYPE_DICT) { + ERR_FAIL_V_MSG(false, "PList: Mismatched </dict> tag."); + } + stack.pop_back(); + continue; + } + + if (token == "array") { + if (!stack.is_empty()) { + // Add subnode end enter it. + Ref<PListNode> arr = PListNode::new_array(); + if (!stack.back()->get()->push_subnode(arr, key)) { + ERR_FAIL_V_MSG(false, "PList: Can't push subnode, invalid parent type."); + } + stack.push_back(arr); + } else { + // Add root node. + if (!root.is_null()) { + ERR_FAIL_V_MSG(false, "PList: Root node already set."); + } + Ref<PListNode> arr = PListNode::new_array(); + stack.push_back(arr); + root = arr; + } + continue; + } + + if (token == "/array") { + // Exit current array. + if (stack.is_empty() || stack.back()->get()->data_type != PList::PLNodeType::PL_NODE_TYPE_ARRAY) { + ERR_FAIL_V_MSG(false, "PList: Mismatched </array> tag."); + } + stack.pop_back(); + continue; + } + + if (token[token.length() - 1] == '/') { + token = token.substr(0, token.length() - 1); + } else { + int end_token_s = p_string.find("</", pos); + if (end_token_s == -1) { + ERR_FAIL_V_MSG(false, vformat("PList: Mismatched <%s> tag.", token)); + } + int end_token_e = p_string.find(">", end_token_s); + pos = end_token_e; + String end_token = p_string.substr(end_token_s + 2, end_token_e - end_token_s - 2); + if (end_token != token) { + ERR_FAIL_V_MSG(false, vformat("PList: Mismatched <%s> and <%s> token pair.", token, end_token)); + } + value = p_string.substr(open_token_e + 1, end_token_s - open_token_e - 1); + } + if (token == "key") { + key = value; + } else { + Ref<PListNode> var = nullptr; + if (token == "true") { + var = PListNode::new_bool(true); + } else if (token == "false") { + var = PListNode::new_bool(false); + } else if (token == "integer") { + var = PListNode::new_int(value.to_int()); + } else if (token == "real") { + var = PListNode::new_real(value.to_float()); + } else if (token == "string") { + var = PListNode::new_string(value); + } else if (token == "data") { + var = PListNode::new_data(value); + } else if (token == "date") { + var = PListNode::new_date(value); + } else { + ERR_FAIL_V_MSG(false, "PList: Invalid value type."); + } + if (stack.is_empty() || !stack.back()->get()->push_subnode(var, key)) { + ERR_FAIL_V_MSG(false, "PList: Can't push subnode, invalid parent type."); + } + } + } + if (!stack.is_empty() || !done_plist) { + ERR_FAIL_V_MSG(false, "PList: Unexpected end of data. Root node is not closed."); + } + return true; +} + +PackedByteArray PList::save_asn1() const { + if (root == nullptr) { + ERR_FAIL_V_MSG(PackedByteArray(), "PList: Invalid PList, no root node."); + } + size_t size = root->get_asn1_size(1); + uint8_t len_octets = 0; + if (size < 0x80) { + len_octets = 1; + } else { + size = root->get_asn1_size(2); + if (size < 0xFFFF) { + len_octets = 2; + } else { + size = root->get_asn1_size(3); + if (size < 0xFFFFFF) { + len_octets = 3; + } else { + size = root->get_asn1_size(4); + if (size < 0xFFFFFFFF) { + len_octets = 4; + } else { + ERR_FAIL_V_MSG(PackedByteArray(), "PList: Data is too big for ASN.1 serializer, should be < 4 GiB."); + } + } + } + } + + PackedByteArray ret; + if (!root->store_asn1(ret, len_octets)) { + ERR_FAIL_V_MSG(PackedByteArray(), "PList: ASN.1 serializer error."); + } + return ret; +} + +String PList::save_text() const { + if (root == nullptr) { + ERR_FAIL_V_MSG(String(), "PList: Invalid PList, no root node."); + } + + String ret; + ret += "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"; + ret += "<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n"; + ret += "<plist version=\"1.0\">\n"; + + root->store_text(ret, 0); + + ret += "</plist>\n\n"; + return ret; +} + +Ref<PListNode> PList::get_root() { + return root; +} + +#endif // MODULE_REGEX_ENABLED diff --git a/platform/macos/export/plist.h b/platform/macos/export/plist.h new file mode 100644 index 0000000000..ba9eaec196 --- /dev/null +++ b/platform/macos/export/plist.h @@ -0,0 +1,116 @@ +/*************************************************************************/ +/* plist.h */ +/*************************************************************************/ +/* This file is part of: */ +/* GODOT ENGINE */ +/* https://godotengine.org */ +/*************************************************************************/ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ +/* */ +/* Permission is hereby granted, free of charge, to any person obtaining */ +/* a copy of this software and associated documentation files (the */ +/* "Software"), to deal in the Software without restriction, including */ +/* without limitation the rights to use, copy, modify, merge, publish, */ +/* distribute, sublicense, and/or sell copies of the Software, and to */ +/* permit persons to whom the Software is furnished to do so, subject to */ +/* the following conditions: */ +/* */ +/* The above copyright notice and this permission notice shall be */ +/* included in all copies or substantial portions of the Software. */ +/* */ +/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ +/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ +/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ +/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ +/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ +/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ +/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ +/*************************************************************************/ + +// Property list file format (application/x-plist) parser, property list ASN-1 serialization. + +#ifndef PLIST_H +#define PLIST_H + +#include "core/crypto/crypto_core.h" +#include "core/io/file_access.h" +#include "modules/modules_enabled.gen.h" // For regex. + +#ifdef MODULE_REGEX_ENABLED + +class PListNode; + +class PList : public RefCounted { + friend class PListNode; + +public: + enum PLNodeType { + PL_NODE_TYPE_NIL, + PL_NODE_TYPE_STRING, + PL_NODE_TYPE_ARRAY, + PL_NODE_TYPE_DICT, + PL_NODE_TYPE_BOOLEAN, + PL_NODE_TYPE_INTEGER, + PL_NODE_TYPE_REAL, + PL_NODE_TYPE_DATA, + PL_NODE_TYPE_DATE, + }; + +private: + Ref<PListNode> root; + +public: + PList(); + PList(const String &p_string); + + bool load_file(const String &p_filename); + bool load_string(const String &p_string); + + PackedByteArray save_asn1() const; + String save_text() const; + + Ref<PListNode> get_root(); +}; + +/*************************************************************************/ + +class PListNode : public RefCounted { + static int _asn1_size_len(uint8_t p_len_octets); + +public: + PList::PLNodeType data_type = PList::PLNodeType::PL_NODE_TYPE_NIL; + + CharString data_string; + Vector<Ref<PListNode>> data_array; + HashMap<String, Ref<PListNode>> data_dict; + union { + int32_t data_int; + bool data_bool; + float data_real; + }; + + static Ref<PListNode> new_array(); + static Ref<PListNode> new_dict(); + static Ref<PListNode> new_string(const String &p_string); + static Ref<PListNode> new_data(const String &p_string); + static Ref<PListNode> new_date(const String &p_string); + static Ref<PListNode> new_bool(bool p_bool); + static Ref<PListNode> new_int(int32_t p_int); + static Ref<PListNode> new_real(float p_real); + + bool push_subnode(const Ref<PListNode> &p_node, const String &p_key = ""); + + size_t get_asn1_size(uint8_t p_len_octets) const; + + void store_asn1_size(PackedByteArray &p_stream, uint8_t p_len_octets) const; + bool store_asn1(PackedByteArray &p_stream, uint8_t p_len_octets) const; + void store_text(String &p_stream, uint8_t p_indent) const; + + PListNode() {} + ~PListNode() {} +}; + +#endif // MODULE_REGEX_ENABLED + +#endif // PLIST_H |