Skip to content

Commit

Permalink
[macOS] Codesign binary-dist tarballs (#44305)
Browse files Browse the repository at this point in the history
Because we're starting to distribute macOS tarballs as well, let's
codesign them by default, when possible.

(cherry picked from commit 6b29ebd)
  • Loading branch information
staticfloat authored and KristofferC committed Mar 3, 2022
1 parent deb3049 commit e3a126a
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
12 changes: 12 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -427,9 +427,21 @@ ifeq ($(OS), Linux)
endif
ifeq ($(OS), WINNT)
cd $(BUILDROOT)/julia-$(JULIA_COMMIT)/bin && rm -f llvm* llc.exe lli.exe opt.exe LTO.dll bugpoint.exe macho-dump.exe
endif
# If we're on macOS, and we have a codesigning identity, then codesign the binary-dist tarball!
ifeq ($(OS),Darwin)
ifneq ($(MACOS_CODESIGN_IDENTITY),)
echo "Codesigning with identity $(MACOS_CODESIGN_IDENTITY)"; \
MACHO_FILES=$$(find "$(BUILDROOT)/julia-$(JULIA_COMMIT)" -type f -perm -0111 | cut -d: -f1); \
for f in $${MACHO_FILES}; do \
echo "Codesigning $${f}..."; \
codesign -s "$(MACOS_CODESIGN_IDENTITY)" --option=runtime --entitlements $(JULIAHOME)/contrib/mac/app/Entitlements.plist -vvv --timestamp --deep --force "$${f}"; \
done
endif
endif
cd $(BUILDROOT) && $(TAR) zcvf $(JULIA_BINARYDIST_FILENAME).tar.gz julia-$(JULIA_COMMIT)


exe:
# run Inno Setup to compile installer
$(call spawn,$(JULIAHOME)/dist-extras/inno/iscc.exe /DAppVersion=$(JULIA_VERSION) /DSourceDir="$(call cygpath_w,$(BUILDROOT)/julia-$(JULIA_COMMIT))" /DRepoDir="$(call cygpath_w,$(JULIAHOME))" /F"$(JULIA_BINARYDIST_FILENAME)" /O"$(call cygpath_w,$(BUILDROOT))" $(INNO_ARGS) $(call cygpath_w,$(JULIAHOME)/contrib/windows/build-installer.iss))
Expand Down
3 changes: 3 additions & 0 deletions contrib/mac/app/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,9 @@ dmg/$(APP_NAME): startup.applescript julia.icns
make -C $(JULIAHOME) binary-dist
tar zxf $(JULIAHOME)/$(JULIA_BINARYDIST_FILENAME).tar.gz -C $@/Contents/Resources/julia --strip-components 1
find $@/Contents/Resources/julia -type f -exec chmod -w {} \;
# Even though the tarball may already be signed, we re-sign here to make it easier to add
# unsigned executables (like the app launcher) and whatnot, without needing to maintain lists
# of what is or is not signed. Codesigning is cheap, so might as well do it early and often.
if [ -n "$$MACOS_CODESIGN_IDENTITY" ]; then \
echo "Codesigning with identity $$MACOS_CODESIGN_IDENTITY"; \
MACHO_FILES=$$(find "$@" -type f -perm -0111 | cut -d: -f1); \
Expand Down

0 comments on commit e3a126a

Please sign in to comment.