mirror of
https://github.com/dolphin-emu/dolphin.git
synced 2025-01-24 15:01:16 +01:00
Apple M1: Fix code signing regression
This commit fixes a regression in 2ba88d5c131636158fe0216b0b1f9787dcc90bdf that would cause an app bundle to not be resigned after merging the two single architecture builds. Also, applies formatting suggestions from Leo Lam
This commit is contained in:
parent
1015cdc265
commit
76130d8b3b
@ -1,6 +1,6 @@
|
|||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
"""
|
"""
|
||||||
The current tooling supported in CMake, Homebrew, and QT5 are insufficient for
|
The current tooling supported in CMake, Homebrew, and Qt5 are insufficient for
|
||||||
creating macOS universal binaries automatically for applications like Dolphin
|
creating macOS universal binaries automatically for applications like Dolphin
|
||||||
which have more complicated build requirements (like different libraries, build
|
which have more complicated build requirements (like different libraries, build
|
||||||
flags and source files for each target architecture).
|
flags and source files for each target architecture).
|
||||||
@ -16,10 +16,10 @@ Running this script will:
|
|||||||
already exist)
|
already exist)
|
||||||
3) Build the ARM project for the selected build_target
|
3) Build the ARM project for the selected build_target
|
||||||
4) Build the x64 project for the selected build_target
|
4) Build the x64 project for the selected build_target
|
||||||
5) Generates universal .app packages combining the ARM and x64 packages
|
5) Generate universal .app packages combining the ARM and x64 packages
|
||||||
6) Utilizes the lipo tool to combine the binary objects inside each of the
|
6) Use the lipo tool to combine the binary objects inside each of the
|
||||||
packages into universal binaries
|
packages into universal binaries
|
||||||
7) Code signs the final universal binaries using the specified
|
7) Code sign the final universal binaries using the specified
|
||||||
codesign_identity
|
codesign_identity
|
||||||
"""
|
"""
|
||||||
|
|
||||||
@ -42,15 +42,15 @@ DEFAULT_CONFIG = {
|
|||||||
# Build Target (dolphin-emu to just build the emulator and skip the tests)
|
# Build Target (dolphin-emu to just build the emulator and skip the tests)
|
||||||
"build_target": "ALL_BUILD",
|
"build_target": "ALL_BUILD",
|
||||||
|
|
||||||
# Location for CMake to search for files(default is for homebrew
|
# Location for CMake to search for files (default is for homebrew)
|
||||||
"arm64_cmake_prefix": '/opt/homebrew',
|
"arm64_cmake_prefix": "/opt/homebrew",
|
||||||
"x86_64_cmake_prefix": '/usr/local',
|
"x86_64_cmake_prefix": "/usr/local",
|
||||||
|
|
||||||
# Locations to qt5 directories for arm and x64 libraries
|
# Locations to qt5 directories for arm and x64 libraries
|
||||||
# The default values of these paths are taken from the default
|
# The default values of these paths are taken from the default
|
||||||
# paths used for homebrew
|
# paths used for homebrew
|
||||||
"arm64_qt5_path": '/opt/homebrew/opt/qt5',
|
"arm64_qt5_path": "/opt/homebrew/opt/qt5",
|
||||||
"x86_64_qt5_path": '/usr/local/opt/qt5',
|
"x86_64_qt5_path": "/usr/local/opt/qt5",
|
||||||
|
|
||||||
# Identity to use for code signing. "-" indicates that the app will not
|
# Identity to use for code signing. "-" indicates that the app will not
|
||||||
# be cryptographically signed/notarized but will instead just use a
|
# be cryptographically signed/notarized but will instead just use a
|
||||||
@ -58,7 +58,7 @@ DEFAULT_CONFIG = {
|
|||||||
# protect against malicious actors, but it does protect against
|
# protect against malicious actors, but it does protect against
|
||||||
# running corrupted binaries and allows for access to the extended
|
# running corrupted binaries and allows for access to the extended
|
||||||
# permisions needed for ARM builds
|
# permisions needed for ARM builds
|
||||||
"codesign_identity": '-',
|
"codesign_identity": "-",
|
||||||
# Entitlements file to use for code signing
|
# Entitlements file to use for code signing
|
||||||
"entitlements": "../Source/Core/DolphinQt/DolphinEmu.entitlements",
|
"entitlements": "../Source/Core/DolphinQt/DolphinEmu.entitlements",
|
||||||
|
|
||||||
@ -68,7 +68,7 @@ DEFAULT_CONFIG = {
|
|||||||
|
|
||||||
# CMake Generator to use for building
|
# CMake Generator to use for building
|
||||||
"generator": "Unix Makefiles",
|
"generator": "Unix Makefiles",
|
||||||
"build_type": "Release"
|
"build_type": "Release",
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -90,65 +90,64 @@ def parse_args(conf=DEFAULT_CONFIG):
|
|||||||
formatter_class=argparse.ArgumentDefaultsHelpFormatter)
|
formatter_class=argparse.ArgumentDefaultsHelpFormatter)
|
||||||
|
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'--target',
|
"--target",
|
||||||
help='Build target in generated project files',
|
help="Build target in generated project files",
|
||||||
default=conf["build_target"],
|
default=conf["build_target"],
|
||||||
dest="build_target")
|
dest="build_target")
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'-G',
|
"-G",
|
||||||
help='CMake Generator to use for creating project files',
|
help="CMake Generator to use for creating project files",
|
||||||
default=conf["generator"],
|
default=conf["generator"],
|
||||||
dest="generator")
|
dest="generator")
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'--build_type',
|
"--build_type",
|
||||||
help='CMake build type [Debug, Release, RelWithDebInfo, MinSizeRel]',
|
help="CMake build type [Debug, Release, RelWithDebInfo, MinSizeRel]",
|
||||||
default=conf["build_type"],
|
default=conf["build_type"],
|
||||||
dest="build_type")
|
dest="build_type")
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'--dst_app',
|
"--dst_app",
|
||||||
help='Directory where universal binary will be stored',
|
help="Directory where universal binary will be stored",
|
||||||
default=conf["dst_app"])
|
default=conf["dst_app"])
|
||||||
|
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'--entitlements',
|
"--entitlements",
|
||||||
help='Path to .entitlements file for code signing',
|
help="Path to .entitlements file for code signing",
|
||||||
default=conf["entitlements"])
|
default=conf["entitlements"])
|
||||||
|
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'--codesign',
|
"--codesign",
|
||||||
help='Code signing identity to use to sign the applications',
|
help="Code signing identity to use to sign the applications",
|
||||||
default=conf["codesign_identity"],
|
default=conf["codesign_identity"],
|
||||||
dest="codesign_identity")
|
dest="codesign_identity")
|
||||||
|
|
||||||
for arch in ARCHITECTURES:
|
for arch in ARCHITECTURES:
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'--{}_cmake_prefix'.format(arch),
|
f"--{arch}_cmake_prefix",
|
||||||
help="Folder for cmake to search for packages".format(arch),
|
help="Folder for cmake to search for packages",
|
||||||
default=conf[arch+"_cmake_prefix"],
|
default=conf[arch+"_cmake_prefix"],
|
||||||
dest=arch+"_cmake_prefix")
|
dest=arch+"_cmake_prefix")
|
||||||
|
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'--{}_qt5_path'.format(arch),
|
f"--{arch}_qt5_path",
|
||||||
help="Install path for {} qt5 libraries".format(arch),
|
help=f"Install path for {arch} qt5 libraries",
|
||||||
default=conf[arch+"_qt5_path"])
|
default=conf[arch+"_qt5_path"])
|
||||||
|
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'--{}_mac_os_deployment_target'.format(arch),
|
f"--{arch}_mac_os_deployment_target",
|
||||||
help="Deployment architecture for {} slice".format(arch),
|
help=f"Deployment architecture for {arch} slice",
|
||||||
default=conf[arch+"_mac_os_deployment_target"])
|
default=conf[arch+"_mac_os_deployment_target"])
|
||||||
|
|
||||||
return vars(parser.parse_args())
|
return vars(parser.parse_args())
|
||||||
|
|
||||||
|
|
||||||
def lipo(path0, path1, dst):
|
def lipo(path0, path1, dst):
|
||||||
if subprocess.call(['lipo', '-create', '-output', dst, path0, path1]) != 0:
|
if subprocess.call(["lipo", "-create", "-output", dst, path0, path1]) != 0:
|
||||||
print("WARNING: {0} and {1} can not be lipo'd, keeping {0}"
|
print(f"WARNING: {path0} and {path1} cannot be lipo'd")
|
||||||
.format(path0, path1))
|
|
||||||
|
|
||||||
shutil.copy(path0, dst)
|
shutil.copy(path0, dst)
|
||||||
|
|
||||||
|
|
||||||
def recursiveMergeBinaries(src0, src1, dst):
|
def recursive_merge_binaries(src0, src1, dst):
|
||||||
"""
|
"""
|
||||||
Merges two build trees together for different architectures into a single
|
Merges two build trees together for different architectures into a single
|
||||||
universal binary.
|
universal binary.
|
||||||
@ -177,7 +176,7 @@ def recursiveMergeBinaries(src0, src1, dst):
|
|||||||
|
|
||||||
if os.path.isdir(newpath1):
|
if os.path.isdir(newpath1):
|
||||||
os.mkdir(new_dst_path)
|
os.mkdir(new_dst_path)
|
||||||
recursiveMergeBinaries(newpath0, newpath1, new_dst_path)
|
recursive_merge_binaries(newpath0, newpath1, new_dst_path)
|
||||||
continue
|
continue
|
||||||
|
|
||||||
if filecmp.cmp(newpath0, newpath1):
|
if filecmp.cmp(newpath0, newpath1):
|
||||||
@ -227,9 +226,9 @@ def build(config):
|
|||||||
os.mkdir(arch)
|
os.mkdir(arch)
|
||||||
|
|
||||||
env = os.environ.copy()
|
env = os.environ.copy()
|
||||||
env['Qt5_DIR'] = config[arch+"_qt5_path"]
|
env["Qt5_DIR"] = config[arch+"_qt5_path"]
|
||||||
env['CMAKE_OSX_ARCHITECTURES'] = arch
|
env["CMAKE_OSX_ARCHITECTURES"] = arch
|
||||||
env['CMAKE_PREFIX_PATH'] = config[arch+"_cmake_prefix"]
|
env["CMAKE_PREFIX_PATH"] = config[arch+"_cmake_prefix"]
|
||||||
|
|
||||||
# Add the other architecture's prefix path to the ignore path so that
|
# Add the other architecture's prefix path to the ignore path so that
|
||||||
# CMake doesn't try to pick up the wrong architecture's libraries when
|
# CMake doesn't try to pick up the wrong architecture's libraries when
|
||||||
@ -240,28 +239,28 @@ def build(config):
|
|||||||
ignore_path = config[a+"_cmake_prefix"]
|
ignore_path = config[a+"_cmake_prefix"]
|
||||||
|
|
||||||
subprocess.check_call([
|
subprocess.check_call([
|
||||||
'cmake', '../../', '-G', config['generator'],
|
"cmake", "../../", "-G", config["generator"],
|
||||||
'-DCMAKE_BUILD_TYPE=' + config['build_type'],
|
"-DCMAKE_BUILD_TYPE=" + config["build_type"],
|
||||||
# System name needs to be specified for CMake to use
|
# System name needs to be specified for CMake to use
|
||||||
# the specified CMAKE_SYSTEM_PROCESSOR
|
# the specified CMAKE_SYSTEM_PROCESSOR
|
||||||
'-DCMAKE_SYSTEM_NAME=Darwin',
|
"-DCMAKE_SYSTEM_NAME=Darwin",
|
||||||
'-DCMAKE_PREFIX_PATH='+config[arch+'_cmake_prefix'],
|
"-DCMAKE_PREFIX_PATH="+config[arch+"_cmake_prefix"],
|
||||||
'-DCMAKE_SYSTEM_PROCESSOR='+arch,
|
"-DCMAKE_SYSTEM_PROCESSOR="+arch,
|
||||||
'-DCMAKE_IGNORE_PATH='+ignore_path,
|
"-DCMAKE_IGNORE_PATH="+ignore_path,
|
||||||
'-DCMAKE_OSX_DEPLOYMENT_TARGET='
|
"-DCMAKE_OSX_DEPLOYMENT_TARGET="
|
||||||
+ config[arch+"_mac_os_deployment_target"],
|
+ config[arch+"_mac_os_deployment_target"],
|
||||||
'-DMACOS_CODE_SIGNING_IDENTITY='
|
"-DMACOS_CODE_SIGNING_IDENTITY="
|
||||||
+ config['codesign_identity'],
|
+ config["codesign_identity"],
|
||||||
'-DMACOS_CODE_SIGNING_IDENTITY_UPDATER='
|
"-DMACOS_CODE_SIGNING_IDENTITY_UPDATER="
|
||||||
+ config['codesign_identity'],
|
+ config["codesign_identity"],
|
||||||
'-DMACOS_CODE_SIGNING="ON"'
|
'-DMACOS_CODE_SIGNING="ON"'
|
||||||
],
|
],
|
||||||
env=env, cwd=arch)
|
env=env, cwd=arch)
|
||||||
|
|
||||||
threads = multiprocessing.cpu_count()
|
threads = multiprocessing.cpu_count()
|
||||||
subprocess.check_call(['cmake', '--build', '.',
|
subprocess.check_call(["cmake", "--build", ".",
|
||||||
'--config', config['build_type'],
|
"--config", config["build_type"],
|
||||||
'--parallel', '{}'.format(threads)], cwd=arch)
|
"--parallel", f"{threads}"], cwd=arch)
|
||||||
|
|
||||||
dst_app = config["dst_app"]
|
dst_app = config["dst_app"]
|
||||||
|
|
||||||
@ -275,21 +274,21 @@ def build(config):
|
|||||||
src_app0 = ARCHITECTURES[0]+"/Binaries/"
|
src_app0 = ARCHITECTURES[0]+"/Binaries/"
|
||||||
src_app1 = ARCHITECTURES[1]+"/Binaries/"
|
src_app1 = ARCHITECTURES[1]+"/Binaries/"
|
||||||
|
|
||||||
recursiveMergeBinaries(src_app0, src_app1, dst_app)
|
recursive_merge_binaries(src_app0, src_app1, dst_app)
|
||||||
for path in glob.glob(dst_app+"/*"):
|
for path in glob.glob(dst_app+"/*"):
|
||||||
if os.path.isdir(path) and os.path.splitext(path) != ".app":
|
if os.path.isdir(path) and os.path.splitext(path)[1] != ".app":
|
||||||
continue
|
continue
|
||||||
|
|
||||||
subprocess.check_call([
|
subprocess.check_call([
|
||||||
'codesign',
|
"codesign",
|
||||||
'-d',
|
"-d",
|
||||||
'--force',
|
"--force",
|
||||||
'-s',
|
"-s",
|
||||||
config["codesign_identity"],
|
config["codesign_identity"],
|
||||||
'--options=runtime',
|
"--options=runtime",
|
||||||
'--entitlements', config["entitlements"],
|
"--entitlements", config["entitlements"],
|
||||||
'--deep',
|
"--deep",
|
||||||
'--verbose=2',
|
"--verbose=2",
|
||||||
path])
|
path])
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user