Skip to content

Commit 6b29ebd

Browse files
staticfloatstaticfloat
authored
[macOS] Codesign binary-dist tarballs (#44305)
Because we're starting to distribute macOS tarballs as well, let's codesign them by default, when possible.
1 parent f20d5de commit 6b29ebd

File tree

2 files changed

+15
-0
lines changed

2 files changed

+15
-0
lines changed

Makefile

+12
Original file line numberDiff line numberDiff line change
@@ -427,9 +427,21 @@ ifeq ($(OS), Linux)
427427
endif
428428
ifeq ($(OS), WINNT)
429429
cd $(BUILDROOT)/julia-$(JULIA_COMMIT)/bin && rm -f llvm* llc.exe lli.exe opt.exe LTO.dll bugpoint.exe macho-dump.exe
430+
endif
431+
# If we're on macOS, and we have a codesigning identity, then codesign the binary-dist tarball!
432+
ifeq ($(OS),Darwin)
433+
ifneq ($(MACOS_CODESIGN_IDENTITY),)
434+
echo "Codesigning with identity $(MACOS_CODESIGN_IDENTITY)"; \
435+
MACHO_FILES=$$(find "$(BUILDROOT)/julia-$(JULIA_COMMIT)" -type f -perm -0111 | cut -d: -f1); \
436+
for f in $${MACHO_FILES}; do \
437+
echo "Codesigning $${f}..."; \
438+
codesign -s "$(MACOS_CODESIGN_IDENTITY)" --option=runtime --entitlements $(JULIAHOME)/contrib/mac/app/Entitlements.plist -vvv --timestamp --deep --force "$${f}"; \
439+
done
440+
endif
430441
endif
431442
cd $(BUILDROOT) && $(TAR) zcvf $(JULIA_BINARYDIST_FILENAME).tar.gz julia-$(JULIA_COMMIT)
432443

444+
433445
exe:
434446
# run Inno Setup to compile installer
435447
$(call spawn,$(JULIAHOME)/dist-extras/inno/iscc.exe /DAppVersion=$(JULIA_VERSION) /DSourceDir="$(call cygpath_w,$(BUILDROOT)/julia-$(JULIA_COMMIT))" /DRepoDir="$(call cygpath_w,$(JULIAHOME))" /F"$(JULIA_BINARYDIST_FILENAME)" /O"$(call cygpath_w,$(BUILDROOT))" $(INNO_ARGS) $(call cygpath_w,$(JULIAHOME)/contrib/windows/build-installer.iss))

contrib/mac/app/Makefile

+3
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,9 @@ dmg/$(APP_NAME): startup.applescript julia.icns
5050
make -C $(JULIAHOME) binary-dist
5151
tar zxf $(JULIAHOME)/$(JULIA_BINARYDIST_FILENAME).tar.gz -C $@/Contents/Resources/julia --strip-components 1
5252
find $@/Contents/Resources/julia -type f -exec chmod -w {} \;
53+
# Even though the tarball may already be signed, we re-sign here to make it easier to add
54+
# unsigned executables (like the app launcher) and whatnot, without needing to maintain lists
55+
# of what is or is not signed. Codesigning is cheap, so might as well do it early and often.
5356
if [ -n "$$MACOS_CODESIGN_IDENTITY" ]; then \
5457
echo "Codesigning with identity $$MACOS_CODESIGN_IDENTITY"; \
5558
MACHO_FILES=$$(find "$@" -type f -perm -0111 | cut -d: -f1); \

0 commit comments

Comments
 (0)