Merge pull request #7548 from nextcloud/bugfix/mac-crafter-woes-pt-10…

…0000 Only sign main executable at end (mac-crafter)
nextcloud · Nov 21, 2024 · bd23f5e · bd23f5e
2 parents 4e0e2f4 + bd7c783
commit bd23f5e
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/admin/osx/mac-crafter/Sources/Utils/Codesign.swift b/admin/osx/mac-crafter/Sources/Utils/Codesign.swift
@@ -60,7 +60,8 @@ func codesign(identity: String, path: String, options: String = defaultCodesignO
 func recursivelyCodesign(
     path: String,
     identity: String,
-    options: String = defaultCodesignOptions
+    options: String = defaultCodesignOptions,
+    skip: [String] = []
 ) throws {
     let fm = FileManager.default
     guard let pathEnumerator = fm.enumerator(atPath: path) else {
@@ -71,6 +72,10 @@ func recursivelyCodesign(
 
     for case let enumeratedItem as String in pathEnumerator {
         let enumeratedItemPath = "\(path)/\(enumeratedItem)"
+        guard !skip.contains(enumeratedItemPath) else {
+            print("Skipping \(enumeratedItemPath)...")
+            continue
+        }
         let isExecutableFile = try isExecutable(enumeratedItemPath)
         guard isLibrary(enumeratedItem) || isAppExtension(enumeratedItem) || isExecutableFile else {
             continue
@@ -147,13 +152,14 @@ func codesignClientAppBundle(
     // Now we do the final codesign bit
     let binariesDir = "\(clientContentsDir)/MacOS"
     print("Code-signing Nextcloud Desktop Client binaries...")
-    try recursivelyCodesign(path: binariesDir, identity: codeSignIdentity)
 
     guard let appName = clientAppDir.components(separatedBy: "/").last, clientAppDir.hasSuffix(".app") else {
         throw AppBundleSigningError.couldNotEnumerate("Failed to determine main executable name.")
     }
 
     // Sign the main executable last
     let mainExecutableName = String(appName.dropLast(".app".count))
-    try codesign(identity: codeSignIdentity, path: "\(binariesDir)/\(mainExecutableName)")
+    let mainExecutablePath = "\(binariesDir)/\(mainExecutableName)"
+    try recursivelyCodesign(path: binariesDir, identity: codeSignIdentity, skip: [mainExecutablePath])
+    try codesign(identity: codeSignIdentity, path: mainExecutablePath)
 }