kotschak/qelectrotech-source-mirror
0
0
Fork 0
mirror of https://github.com/qelectrotech/qelectrotech-source-mirror.git synced 2026-05-15 07:09:58 +02:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Update MacQetDeploy_arm64.sh

Browse Source
This commit is contained in:
Laurent Trinques
2026-05-14 12:11:21 +02:00
committed by GitHub
parent c0ba961fb3
commit d6251c901e
1 changed files with 34 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
misc/MacQetDeploy_arm64.sh
View File

@@ -223,33 +223,50 @@ if [ -d "${QET_LICENSES_DIR}" ]; then
cp -R -L ${QET_LICENSES_DIR} $BUNDLE/Contents/Resources/licenses cp -R -L ${QET_LICENSES_DIR} $BUNDLE/Contents/Resources/licenses
fi fi
### Sign the bundle (without --deep, component by component) ######## ### Sign the bundle #################################################
# --deep is deprecated and can produce invalid signatures on nested # Sign in the correct order: deepest binaries first, bundle last.
# binaries. We sign frameworks and plugins first, then the bundle. # We sign ALL .dylib files individually (including flat libs copied
# by macdeployqt into Contents/Frameworks/) before signing the bundle.
# Using --deep is deprecated and misses flat dylibs, causing notarization
# to fail with "not signed with a valid Developer ID certificate".
echo echo
echo "______________________________________________________________" echo "______________________________________________________________"
echo "Code signing bundle (component by component):" echo "Code signing (all dylibs, plugins, frameworks, then bundle):"
# Sign frameworks # 1. Sign all flat .dylib files in Frameworks (copied by macdeployqt from Homebrew)
find "$BUNDLE/Contents/Frameworks" -name "*.framework" -prune | while read fw; do echo "-- Signing dylibs in Frameworks..."
find "$BUNDLE/Contents/Frameworks" -name "*.dylib" | while read lib; do
echo " $(basename $lib)"
codesign --force --sign "$IDENTITY" --timestamp --options=runtime "$lib"
done
# 2. Sign .framework bundles
echo "-- Signing .framework bundles..."
find "$BUNDLE/Contents/Frameworks" -maxdepth 1 -name "*.framework" | while read fw; do
echo " $(basename $fw)"
codesign --force --sign "$IDENTITY" --timestamp --options=runtime "$fw" codesign --force --sign "$IDENTITY" --timestamp --options=runtime "$fw"
done done
# Sign plugins (.dylib and .so) # 3. Sign plugins (.dylib and .so in PlugIns/)
echo "-- Signing plugins..."
find "$BUNDLE/Contents/PlugIns" \( -name "*.dylib" -o -name "*.so" \) | while read lib; do find "$BUNDLE/Contents/PlugIns" \( -name "*.dylib" -o -name "*.so" \) | while read lib; do
echo " $(basename $lib)"
codesign --force --sign "$IDENTITY" --timestamp --options=runtime "$lib" codesign --force --sign "$IDENTITY" --timestamp --options=runtime "$lib"
done done
# Sign remaining dylibs at bundle root level # 4. Sign any remaining dylibs in MacOS/
echo "-- Signing dylibs in MacOS/..."
find "$BUNDLE/Contents/MacOS" -name "*.dylib" | while read lib; do find "$BUNDLE/Contents/MacOS" -name "*.dylib" | while read lib; do
echo " $(basename $lib)"
codesign --force --sign "$IDENTITY" --timestamp --options=runtime "$lib" codesign --force --sign "$IDENTITY" --timestamp --options=runtime "$lib"
done done
# Sign the bundle itself last # 5. Sign the bundle itself last
echo "-- Signing bundle..."
codesign --force --sign "$IDENTITY" --timestamp --options=runtime "$BUNDLE" codesign --force --sign "$IDENTITY" --timestamp --options=runtime "$BUNDLE"
# Verify signature before proceeding # 6. Verify the whole bundle signature before proceeding
echo echo
echo "Verifying bundle signature..." echo "Verifying bundle signature..."
codesign --verify --deep --strict --verbose=2 "$BUNDLE" codesign --verify --deep --strict --verbose=2 "$BUNDLE"
@@ -260,8 +277,8 @@ fi
echo "Bundle signature OK." echo "Bundle signature OK."
### Create zip for notarization only ################################ ### Create zip for notarization only ################################
# This ZIP is temporary used only to submit to notarytool. # Temporary ZIP used only for notarytool submission.
# The final deliverable will be a DMG (see below). # The final deliverable is a DMG (see below).
echo echo
echo "______________________________________________________________" echo "______________________________________________________________"
@@ -282,6 +299,7 @@ if [[ $a == "Y" || $a == "y" ]]; then
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo "ERROR: notarization failed. Check the log with:" echo "ERROR: notarization failed. Check the log with:"
echo " xcrun notarytool log <submission-id> --keychain-profile org.qelectrotech" echo " xcrun notarytool log <submission-id> --keychain-profile org.qelectrotech"
rm -f "$NOTARIZE_ZIP"
exit 1 exit 1
fi fi
else else
@@ -308,10 +326,11 @@ fi
### Create final DMG ################################################ ### Create final DMG ################################################
# A DMG is used instead of a ZIP because it correctly preserves the # A DMG is used instead of a ZIP because it correctly preserves the
# Gatekeeper staple when downloaded via Chrome or any other browser. # Gatekeeper staple when downloaded via Chrome or any other browser.
# ZIP extraction via Archive Utility can strip extended attributes,
# causing Gatekeeper to block the app.
# #
# We create the DMG directly in UDZO (compressed read-only) format # The DMG is created directly in UDZO (compressed read-only) format
# to avoid the UDRW -> UDZO conversion step, which can alter file # to avoid a UDRW -> UDZO conversion step that can alter file signatures.
# signatures and cause notarization to fail.
echo echo
echo "______________________________________________________________" echo "______________________________________________________________"
@@ -319,7 +338,6 @@ echo "Create final DMG (Gatekeeper-compatible with Chrome and Safari):"
mkdir -p "build-aux/mac-osx" mkdir -p "build-aux/mac-osx"
# Create compressed read-only DMG directly from the stapled .app bundle
hdiutil create \ hdiutil create \
-volname "QElectroTech $VERSION" \ -volname "QElectroTech $VERSION" \
-srcfolder "$BUNDLE" \ -srcfolder "$BUNDLE" \