Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release 6.0.0 notarization fix #2709

Merged
merged 6 commits into from
Jan 17, 2024
Merged

Release 6.0.0 notarization fix #2709

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
2345672
Sigining explicetly pyside libs
Jan 16, 2024
575e1a4
Adding deep option to signing, so that subfolders are also signed
Jan 17, 2024
4c3b8fa
Adding deep option to signing to specific part
Jan 17, 2024
ea364d1
Trying with explicit signing
Jan 17, 2024
1fdcf52
Siging helper app first
Jan 17, 2024
98a629d
Adding more packages for explicit signing
Jan 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 34 additions & 3 deletions build_tools/code_sign_osx.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,44 @@
"SasView*.app/Contents/Resources/zmq/.dylibs/*.dylib", recursive=True
)

pyside_QtWebEngineProcessApp = glob.glob(
"SasView*.app/Contents/Resources/PySide6/Qt/lib/QtWebEngineCore.framework/Versions/A/Helpers/QtWebEngineProcess.app", recursive=True
)

pyside_QtWebEngineCore = glob.glob(
"SasView*.app/Contents/Resources/PySide6/Qt/lib/QtWebEngineCore.framework/Versions/A/QtWebEngineCore", recursive=True
)

pyside_QtWebEngineProcess_Helpers = glob.glob(
"SasView*.app/Contents/Resources/PySide6/Qt/lib/QtWebEngineCore.framework/Helpers/QtWebEngineProcess.app/Contents/MacOS/QtWebEngineProcess", recursive=True
)

pyside_Qtlibs = glob.glob(
"SasView*.app/Contents/Resources/PySide6/Qt/lib/Qt*.framework/Versions/A/Qt*", recursive=True
)

#pyside_libs = pyside_QtWebEngineCore + pyside_QtWebEngineProcess
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need to notarize Qt libraries? They are already signed by the Qt Company, after all?
Unless this is something very macos specific? But then, we don't notarize other libraries we depend on...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rozyczko: Yeah, good question. Once they are touched e.g. packaged with pyinstaller they need to be signed again.


sign_command = ['codesign', '--timestamp', '--options=runtime', '--verify', '--verbose=4', '--force',
'--sign', 'Developer ID Application: European Spallation Source Eric (W2AG9MPZ43)']
'--sign', 'Developer ID Application: European Spallation Source Eric (W2AG9MPZ43)']

sign_deep_command = ['codesign', '--timestamp', '--deep', '--options=runtime', '--verify', '--verbose=4', '--force',
'--sign', 'Developer ID Application: European Spallation Source Eric (W2AG9MPZ43)']

#TODO: Check if it is necesarry to do it per file (one long list maybe enough)
for sfile in itertools.chain(so_list, dylib_list, dylib_list_resources, zmq_dylib_list_resources):
#Signing QtWebEngineProcess.app first as it is a helper app
for sfile in itertools.chain(pyside_QtWebEngineProcessApp):
sign_deep_command.append(sfile)
subprocess.check_call(sign_deep_command)
sign_deep_command.pop()

for sfile in itertools.chain(so_list, dylib_list,
dylib_list_resources,
zmq_dylib_list_resources,
pyside_QtWebEngineCore,
pyside_QtWebEngineProcess_Helpers,
pyside_Qtlibs):
sign_command.append(sfile)
subprocess.check_call(sign_command)
sign_command.pop()


Loading