diff --git a/tvb_build/conda_env_to_app.py b/tvb_build/conda_env_to_app.py index 4d06b3603..4a761360a 100644 --- a/tvb_build/conda_env_to_app.py +++ b/tvb_build/conda_env_to_app.py @@ -59,8 +59,9 @@ APP_NAME = "tvb-{}".format(VERSION) # should match an Apple Developer defined identifier IDENTIFIER = "ro.codemart.tvb" -# KEY for the ENV variable where we expect the signing identity to be defined +# KEYs for the ENV variable where we expect the signing identity to be defined KEY_SIGN_IDENTITY = "SIGN_APP_IDENTITY" +KEY_MAC_PWD = "MAC_PASSWORD" # The author of this package AUTHOR = "TVB Team" # Full path to the anaconda environment folder to package @@ -388,9 +389,11 @@ def _sign_app(app_path=APP_FILE): Sign a .APP file, with an Apple Developer Identity previously installed on the current machine. The identity needs to show when executing command "security find-identity" """ - if KEY_SIGN_IDENTITY not in os.environ: - print(f"!! We can not sign the resulting .app because the {KEY_SIGN_IDENTITY} variable is not in ENV defined!!") + if KEY_SIGN_IDENTITY not in os.environ or KEY_MAC_PWD not in os.environ: + print(f"!! We can not sign the resulting .app because the {KEY_SIGN_IDENTITY} and " + f"{KEY_MAC_PWD} variables are not in ENV!!") dev_identity = os.environ.get(KEY_SIGN_IDENTITY) + mac_pwd = os.environ.get(KEY_MAC_PWD) print(f"Preparing to sign: {app_path} with {dev_identity}") # Create app.entitlements file with the application allowed security allowed points ent_file = "app.entitlements" @@ -412,9 +415,12 @@ def _sign_app(app_path=APP_FILE): """) - # Uncomment the following command if needed for debug purposes + # Some of the following command are just for debug purposes. Codesign is the critical one! subprocess.Popen(["security", "find-identity"], shell=False).communicate() - subprocess.Popen(["codesign", "-s", dev_identity, "-f", "--timestamp", "-o", "runtime", "--entitlements", "app.entitlements", app_path], shell=False).communicate() + subprocess.Popen(["security", "unlock-keychain", "-p", mac_pwd, + "/Users/tvb/Library/Keychains/login.keychain"], shell=False).communicate() + subprocess.Popen(["codesign", "-s", dev_identity, "-f", "--timestamp", "-o", "runtime", + "--entitlements", "app.entitlements", app_path], shell=False).communicate() subprocess.Popen(["spctl", "-a", "-t", "exec", "-vv", app_path], shell=False).communicate() if os.path.exists(ent_file):