diff options
Diffstat (limited to 'platform/osx/export')
| -rw-r--r-- | platform/osx/export/export.cpp | 4 | ||||
| -rw-r--r-- | platform/osx/export/export.h | 4 | ||||
| -rw-r--r-- | platform/osx/export/export_plugin.cpp | 205 | ||||
| -rw-r--r-- | platform/osx/export/export_plugin.h | 11 |
4 files changed, 182 insertions, 42 deletions
diff --git a/platform/osx/export/export.cpp b/platform/osx/export/export.cpp index 1164d76580..afc0d63338 100644 --- a/platform/osx/export/export.cpp +++ b/platform/osx/export/export.cpp @@ -5,8 +5,8 @@ /* GODOT ENGINE */ /* https://godotengine.org */ /*************************************************************************/ -/* Copyright (c) 2007-2021 Juan Linietsky, Ariel Manzur. */ -/* Copyright (c) 2014-2021 Godot Engine contributors (cf. AUTHORS.md). */ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ /* */ /* Permission is hereby granted, free of charge, to any person obtaining */ /* a copy of this software and associated documentation files (the */ diff --git a/platform/osx/export/export.h b/platform/osx/export/export.h index f8cf41c0e7..b386337a09 100644 --- a/platform/osx/export/export.h +++ b/platform/osx/export/export.h @@ -5,8 +5,8 @@ /* GODOT ENGINE */ /* https://godotengine.org */ /*************************************************************************/ -/* Copyright (c) 2007-2021 Juan Linietsky, Ariel Manzur. */ -/* Copyright (c) 2014-2021 Godot Engine contributors (cf. AUTHORS.md). */ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ /* */ /* Permission is hereby granted, free of charge, to any person obtaining */ /* a copy of this software and associated documentation files (the */ diff --git a/platform/osx/export/export_plugin.cpp b/platform/osx/export/export_plugin.cpp index a88f7bb332..3a731f2172 100644 --- a/platform/osx/export/export_plugin.cpp +++ b/platform/osx/export/export_plugin.cpp @@ -5,8 +5,8 @@ /* GODOT ENGINE */ /* https://godotengine.org */ /*************************************************************************/ -/* Copyright (c) 2007-2021 Juan Linietsky, Ariel Manzur. */ -/* Copyright (c) 2014-2021 Godot Engine contributors (cf. AUTHORS.md). */ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ /* */ /* Permission is hereby granted, free of charge, to any person obtaining */ /* a copy of this software and associated documentation files (the */ @@ -381,12 +381,22 @@ Error EditorExportPlatformOSX::_code_sign(const Ref<EditorExportPreset> &p_prese #ifdef OSX_ENABLED List<String> args; + bool ad_hoc = (p_preset->get("codesign/identity") == "" || p_preset->get("codesign/identity") == "-"); + if (p_preset->get("codesign/timestamp")) { - args.push_back("--timestamp"); + if (ad_hoc) { + WARN_PRINT("Timestamping is not compatible with ad-hoc signature, and was disabled!"); + } else { + args.push_back("--timestamp"); + } } if (p_preset->get("codesign/hardened_runtime")) { - args.push_back("--options"); - args.push_back("runtime"); + if (ad_hoc) { + WARN_PRINT("Hardened Runtime is not compatible with ad-hoc signature, and was disabled!"); + } else { + args.push_back("--options"); + args.push_back("runtime"); + } } if (p_path.get_extension() != "dmg") { @@ -403,7 +413,7 @@ Error EditorExportPlatformOSX::_code_sign(const Ref<EditorExportPreset> &p_prese } args.push_back("-s"); - if (p_preset->get("codesign/identity") == "") { + if (ad_hoc) { args.push_back("-"); } else { args.push_back(p_preset->get("codesign/identity")); @@ -435,6 +445,101 @@ Error EditorExportPlatformOSX::_code_sign(const Ref<EditorExportPreset> &p_prese return OK; } +Error EditorExportPlatformOSX::_code_sign_directory(const Ref<EditorExportPreset> &p_preset, const String &p_path, + const String &p_ent_path, bool p_should_error_on_non_code) { +#ifdef OSX_ENABLED + static Vector<String> extensions_to_sign; + + if (extensions_to_sign.is_empty()) { + extensions_to_sign.push_back("dylib"); + extensions_to_sign.push_back("framework"); + } + + Error dir_access_error; + DirAccessRef dir_access{ DirAccess::open(p_path, &dir_access_error) }; + + if (dir_access_error != OK) { + return dir_access_error; + } + + dir_access->list_dir_begin(); + String current_file{ dir_access->get_next() }; + while (!current_file.is_empty()) { + String current_file_path{ p_path.plus_file(current_file) }; + + if (current_file == ".." || current_file == ".") { + current_file = dir_access->get_next(); + continue; + } + + if (extensions_to_sign.find(current_file.get_extension()) > -1) { + Error code_sign_error{ _code_sign(p_preset, current_file_path, p_ent_path) }; + if (code_sign_error != OK) { + return code_sign_error; + } + } else if (dir_access->current_is_dir()) { + Error code_sign_error{ _code_sign_directory(p_preset, current_file_path, p_ent_path, p_should_error_on_non_code) }; + if (code_sign_error != OK) { + return code_sign_error; + } + } else if (p_should_error_on_non_code) { + ERR_PRINT(vformat("Cannot sign file %s.", current_file)); + return Error::FAILED; + } + + current_file = dir_access->get_next(); + } +#endif + + return OK; +} + +Error EditorExportPlatformOSX::_copy_and_sign_files(DirAccessRef &dir_access, const String &p_src_path, + const String &p_in_app_path, bool p_sign_enabled, + const Ref<EditorExportPreset> &p_preset, const String &p_ent_path, + bool p_should_error_on_non_code_sign) { + Error err{ OK }; + if (dir_access->dir_exists(p_src_path)) { +#ifndef UNIX_ENABLED + WARN_PRINT("Relative symlinks are not supported, exported " + p_src_path.get_file() + " might be broken!"); +#endif + print_verbose("export framework: " + p_src_path + " -> " + p_in_app_path); + err = dir_access->make_dir_recursive(p_in_app_path); + if (err == OK) { + err = dir_access->copy_dir(p_src_path, p_in_app_path, -1, true); + } + } else { + print_verbose("export dylib: " + p_src_path + " -> " + p_in_app_path); + err = dir_access->copy(p_src_path, p_in_app_path); + } + if (err == OK && p_sign_enabled) { + if (dir_access->dir_exists(p_src_path) && p_src_path.get_extension().is_empty()) { + // If it is a directory, find and sign all dynamic libraries. + err = _code_sign_directory(p_preset, p_in_app_path, p_ent_path, p_should_error_on_non_code_sign); + } else { + err = _code_sign(p_preset, p_in_app_path, p_ent_path); + } + } + return err; +} + +Error EditorExportPlatformOSX::_export_osx_plugins_for(Ref<EditorExportPlugin> p_editor_export_plugin, + const String &p_app_path_name, DirAccessRef &dir_access, + bool p_sign_enabled, const Ref<EditorExportPreset> &p_preset, + const String &p_ent_path) { + Error error{ OK }; + const Vector<String> &osx_plugins{ p_editor_export_plugin->get_osx_plugin_files() }; + for (int i = 0; i < osx_plugins.size(); ++i) { + String src_path{ ProjectSettings::get_singleton()->globalize_path(osx_plugins[i]) }; + String path_in_app{ p_app_path_name + "/Contents/PlugIns/" + src_path.get_file() }; + error = _copy_and_sign_files(dir_access, src_path, path_in_app, p_sign_enabled, p_preset, p_ent_path, false); + if (error != OK) { + break; + } + } + return error; +} + Error EditorExportPlatformOSX::_create_dmg(const String &p_dmg_path, const String &p_pkg_name, const String &p_app_path_name) { List<String> args; @@ -481,10 +586,10 @@ Error EditorExportPlatformOSX::export_project(const Ref<EditorExportPreset> &p_p src_pkg_name = p_preset->get("custom_template/release"); } - if (src_pkg_name == "") { + if (src_pkg_name.is_empty()) { String err; src_pkg_name = find_export_template("osx.zip", &err); - if (src_pkg_name == "") { + if (src_pkg_name.is_empty()) { EditorNode::add_io_error(err); return ERR_FILE_NOT_FOUND; } @@ -571,7 +676,7 @@ Error EditorExportPlatformOSX::export_project(const Ref<EditorExportPreset> &p_p char fname[16384]; ret = unzGetCurrentFileInfo(src_pkg_zip, &info, fname, 16384, nullptr, 0, nullptr, 0); - String file = fname; + String file = String::utf8(fname); Vector<uint8_t> data; data.resize(info.uncompressed_size); @@ -607,7 +712,7 @@ Error EditorExportPlatformOSX::export_project(const Ref<EditorExportPreset> &p_p iconpath = ProjectSettings::get_singleton()->get("application/config/icon"); } - if (iconpath != "") { + if (!iconpath.is_empty()) { if (iconpath.get_extension() == "icns") { FileAccess *icon = FileAccess::open(iconpath, FileAccess::READ); if (icon) { @@ -695,7 +800,7 @@ Error EditorExportPlatformOSX::export_project(const Ref<EditorExportPreset> &p_p String ent_path = p_preset->get("codesign/entitlements/custom_file"); String hlp_ent_path = EditorPaths::get_singleton()->get_cache_dir().plus_file(pkg_name + "_helper.entitlements"); - if (sign_enabled && (ent_path == "")) { + if (sign_enabled && (ent_path.is_empty())) { ent_path = EditorPaths::get_singleton()->get_cache_dir().plus_file(pkg_name + ".entitlements"); FileAccess *ent_f = FileAccess::open(ent_path, FileAccess::WRITE); @@ -860,26 +965,22 @@ Error EditorExportPlatformOSX::export_project(const Ref<EditorExportPreset> &p_p FileAccess::set_unix_permissions(tmp_app_path_name + "/Contents/Helpers/" + hlp_path.get_file(), 0755); } } - if (err == OK) { DirAccessRef da = DirAccess::create(DirAccess::ACCESS_FILESYSTEM); for (int i = 0; i < shared_objects.size(); i++) { String src_path = ProjectSettings::get_singleton()->globalize_path(shared_objects[i].path); - if (da->dir_exists(src_path)) { -#ifndef UNIX_ENABLED - WARN_PRINT("Relative symlinks are not supported, exported " + src_path.get_file() + " might be broken!"); -#endif - print_verbose("export framework: " + src_path + " -> " + tmp_app_path_name + "/Contents/Frameworks/" + src_path.get_file()); - err = da->make_dir_recursive(tmp_app_path_name + "/Contents/Frameworks/" + src_path.get_file()); - if (err == OK) { - err = da->copy_dir(src_path, tmp_app_path_name + "/Contents/Frameworks/" + src_path.get_file(), -1, true); - } - } else { - print_verbose("export dylib: " + src_path + " -> " + tmp_app_path_name + "/Contents/Frameworks/" + src_path.get_file()); - err = da->copy(src_path, tmp_app_path_name + "/Contents/Frameworks/" + src_path.get_file()); + String path_in_app{ tmp_app_path_name + "/Contents/Frameworks/" + src_path.get_file() }; + err = _copy_and_sign_files(da, src_path, path_in_app, sign_enabled, p_preset, ent_path, true); + if (err != OK) { + break; } - if (err == OK && sign_enabled) { - err = _code_sign(p_preset, tmp_app_path_name + "/Contents/Frameworks/" + src_path.get_file(), ent_path); + } + + Vector<Ref<EditorExportPlugin>> export_plugins{ EditorExport::get_singleton()->get_export_plugins() }; + for (int i = 0; i < export_plugins.size(); ++i) { + err = _export_osx_plugins_for(export_plugins[i], tmp_app_path_name, da, sign_enabled, p_preset, ent_path); + if (err != OK) { + break; } } } @@ -960,9 +1061,10 @@ void EditorExportPlatformOSX::_zip_folder_recursive(zipFile &p_zip, const String DirAccessRef da = DirAccess::open(dir); da->list_dir_begin(); - String f; - while ((f = da->get_next()) != "") { + String f = da->get_next(); + while (!f.is_empty()) { if (f == "." || f == "..") { + f = da->get_next(); continue; } if (da->is_link(f)) { @@ -1065,6 +1167,7 @@ void EditorExportPlatformOSX::_zip_folder_recursive(zipFile &p_zip, const String zipCloseFileInZip(p_zip); } + f = da->get_next(); } da->list_dir_end(); } @@ -1073,10 +1176,9 @@ bool EditorExportPlatformOSX::can_export(const Ref<EditorExportPreset> &p_preset String err; bool valid = false; - // Look for export templates (first official, and if defined custom templates). - - bool dvalid = exists_export_template("osx.zip", &err); - bool rvalid = dvalid; // Both in the same ZIP. + // Look for export templates (custom templates). + bool dvalid = false; + bool rvalid = false; if (p_preset->get("custom_template/debug") != "") { dvalid = FileAccess::exists(p_preset->get("custom_template/debug")); @@ -1091,6 +1193,12 @@ bool EditorExportPlatformOSX::can_export(const Ref<EditorExportPreset> &p_preset } } + // Look for export templates (official templates, check only is custom templates are not set). + if (!dvalid || !rvalid) { + dvalid = exists_export_template("osx.zip", &err); + rvalid = dvalid; // Both in the same ZIP. + } + valid = dvalid || rvalid; r_missing_templates = !valid; @@ -1101,16 +1209,26 @@ bool EditorExportPlatformOSX::can_export(const Ref<EditorExportPreset> &p_preset valid = false; } +#ifdef OSX_ENABLED bool sign_enabled = p_preset->get("codesign/enable"); bool noto_enabled = p_preset->get("notarization/enable"); + bool ad_hoc = ((p_preset->get("codesign/identity") == "") || (p_preset->get("codesign/identity") == "-")); + if (noto_enabled) { + if (ad_hoc) { + err += TTR("Notarization: Notarization with the ad-hoc signature is not supported.") + "\n"; + valid = false; + } if (!sign_enabled) { - err += TTR("Notarization: code signing required.") + "\n"; + err += TTR("Notarization: Code signing is required for notarization.") + "\n"; valid = false; } - bool hr_enabled = p_preset->get("codesign/hardened_runtime"); - if (!hr_enabled) { - err += TTR("Notarization: hardened runtime required.") + "\n"; + if (!(bool)p_preset->get("codesign/hardened_runtime")) { + err += TTR("Notarization: Hardened runtime is required for notarization.") + "\n"; + valid = false; + } + if (!(bool)p_preset->get("codesign/timestamp")) { + err += TTR("Notarization: Timestamping is required for notarization.") + "\n"; valid = false; } if (p_preset->get("notarization/apple_id_name") == "") { @@ -1121,7 +1239,22 @@ bool EditorExportPlatformOSX::can_export(const Ref<EditorExportPreset> &p_preset err += TTR("Notarization: Apple ID password not specified.") + "\n"; valid = false; } + } else { + err += TTR("Notarization is disabled. Exported project will be blocked by Gatekeeper, if it's downloaded from an unknown source.") + "\n"; + if (!sign_enabled) { + err += TTR("Code signing is disabled. Exported project will not run on Macs with enabled Gatekeeper and Apple Silicon powered Macs.") + "\n"; + } else { + if ((bool)p_preset->get("codesign/hardened_runtime") && ad_hoc) { + err += TTR("Hardened Runtime is not compatible with ad-hoc signature, and will be disabled!") + "\n"; + } + if ((bool)p_preset->get("codesign/timestamp") && ad_hoc) { + err += TTR("Timestamping is not compatible with ad-hoc signature, and will be disabled!") + "\n"; + } + } } +#else + err += TTR("macOS code signing and Notarization is not supported on the host OS. Exported project will not run on Macs with enabled Gatekeeper and Apple Silicon powered Macs.") + "\n"; +#endif if (!err.is_empty()) { r_error = err; diff --git a/platform/osx/export/export_plugin.h b/platform/osx/export/export_plugin.h index ca5086622e..aa22ad6384 100644 --- a/platform/osx/export/export_plugin.h +++ b/platform/osx/export/export_plugin.h @@ -5,8 +5,8 @@ /* GODOT ENGINE */ /* https://godotengine.org */ /*************************************************************************/ -/* Copyright (c) 2007-2021 Juan Linietsky, Ariel Manzur. */ -/* Copyright (c) 2014-2021 Godot Engine contributors (cf. AUTHORS.md). */ +/* Copyright (c) 2007-2022 Juan Linietsky, Ariel Manzur. */ +/* Copyright (c) 2014-2022 Godot Engine contributors (cf. AUTHORS.md). */ /* */ /* Permission is hereby granted, free of charge, to any person obtaining */ /* a copy of this software and associated documentation files (the */ @@ -58,6 +58,13 @@ class EditorExportPlatformOSX : public EditorExportPlatform { Error _notarize(const Ref<EditorExportPreset> &p_preset, const String &p_path); Error _code_sign(const Ref<EditorExportPreset> &p_preset, const String &p_path, const String &p_ent_path); + Error _code_sign_directory(const Ref<EditorExportPreset> &p_preset, const String &p_path, const String &p_ent_path, bool p_should_error_on_non_code = true); + Error _copy_and_sign_files(DirAccessRef &dir_access, const String &p_src_path, const String &p_in_app_path, + bool p_sign_enabled, const Ref<EditorExportPreset> &p_preset, const String &p_ent_path, + bool p_should_error_on_non_code_sign); + Error _export_osx_plugins_for(Ref<EditorExportPlugin> p_editor_export_plugin, const String &p_app_path_name, + DirAccessRef &dir_access, bool p_sign_enabled, const Ref<EditorExportPreset> &p_preset, + const String &p_ent_path); Error _create_dmg(const String &p_dmg_path, const String &p_pkg_name, const String &p_app_path_name); void _zip_folder_recursive(zipFile &p_zip, const String &p_root_path, const String &p_folder, const String &p_pkg_name); |