Skip to content

Commit

Permalink
Harden runtime; Notarize app (#161)
Browse files Browse the repository at this point in the history 
* Harden runtime; Change Signing Certificate to 'Development'

* Add AppCenter post build script for notarization

* Update Sparkle to 1.23.0 for hardened runtime

* Run copy-helper script after Embed Frameworks phase

* Codesign LaunchAtLoginHelper
  • Loading branch information
@dexterleng
dexterleng authored Jun 17, 2020
1 parent 00d906a commit 2398b92
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 5 deletions.
6 changes: 3 additions & 3 deletions Podfile.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ PODS:
- RxRelay (5.0.0):
- RxSwift (~> 5)
- RxSwift (5.0.0)
- Sparkle (1.21.3)
- Sparkle (1.23.0)

DEPENDENCIES:
- AXSwift (~> 0.2)
Expand All @@ -25,9 +25,9 @@ SPEC REPOS:
- RxCocoa
- RxRelay
- RxSwift
- Sparkle
trunk:
- Preferences
- Sparkle

SPEC CHECKSUMS:
AXSwift: d49fe05ca04f983196c5caedfc88f617922ae671
Expand All @@ -36,7 +36,7 @@ SPEC CHECKSUMS:
RxCocoa: fcf32050ac00d801f34a7f71d5e8e7f23026dcd8
RxRelay: 4f7409406a51a55cd88483f21ed898c234d60f18
RxSwift: 8b0671caa829a763bbce7271095859121cbd895f
Sparkle: 3f75576db8b0265adef36c43249d747f22d0b708
Sparkle: 55b1a87ba69d56913375a281546b7c82dec95bb0

PODFILE CHECKSUM: 7b6ba65266337439d7050314252aa63d075aba9b

Expand Down
8 changes: 6 additions & 2 deletions Vimac.xcodeproj/project.pbxproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -329,9 +329,9 @@
E20696FA23294E25001EFDB2 /* Run Script */,
E261721E2322968500E396CA /* Resources */,
B3CE1D10BB47F45CF7F30714 /* [CP] Embed Pods Frameworks */,
E27776E1240B765E00488320 /* ShellScript */,
E27776E5240B780D00488320 /* Embed Frameworks */,
E27776E6240B782800488320 /* CopyFiles */,
E27776E1240B765E00488320 /* ShellScript */,
);
buildRules = (
);
Expand Down Expand Up @@ -572,7 +572,7 @@
);
runOnlyForDeploymentPostprocessing = 0;
shellPath = /bin/sh;
shellScript = "origin_helper_path=\"$BUILT_PRODUCTS_DIR/$FRAMEWORKS_FOLDER_PATH/LaunchAtLogin.framework/Resources/LaunchAtLoginHelper.app\"\nhelper_dir=\"$BUILT_PRODUCTS_DIR/$CONTENTS_FOLDER_PATH/Library/LoginItems\"\nhelper_path=\"$helper_dir/LaunchAtLoginHelper.app\"\n\nrm -rf \"$helper_path\"\nmkdir -p \"$helper_dir\"\ncp -rf \"$origin_helper_path\" \"$helper_dir/\"\n\ndefaults write \"$helper_path/Contents/Info\" CFBundleIdentifier -string \"$PRODUCT_BUNDLE_IDENTIFIER-LaunchAtLoginHelper\"\n\nif [[ -n $CODE_SIGN_ENTITLEMENTS ]]; then\n codesign --force --entitlements=\"$CODE_SIGN_ENTITLEMENTS\" --options=runtime --sign=\"$EXPANDED_CODE_SIGN_IDENTITY_NAME\" \"$helper_path\"\nelse\n codesign --force --options=runtime --sign=\"$EXPANDED_CODE_SIGN_IDENTITY_NAME\" \"$helper_path\"\nfi\n";
shellScript = "origin_helper_path=\"$BUILT_PRODUCTS_DIR/$FRAMEWORKS_FOLDER_PATH/LaunchAtLogin.framework/Resources/LaunchAtLoginHelper.app\"\nhelper_dir=\"$BUILT_PRODUCTS_DIR/$CONTENTS_FOLDER_PATH/Library/LoginItems\"\nhelper_path=\"$helper_dir/LaunchAtLoginHelper.app\"\n\nrm -rf \"$helper_path\"\nmkdir -p \"$helper_dir\"\ncp -rf \"$origin_helper_path\" \"$helper_dir/\"\n\ndefaults write \"$helper_path/Contents/Info\" CFBundleIdentifier -string \"$PRODUCT_BUNDLE_IDENTIFIER-LaunchAtLoginHelper\"\n\nif [[ -n $CODE_SIGN_ENTITLEMENTS ]]; then\n codesign --force --entitlements=\"$CODE_SIGN_ENTITLEMENTS\" --options=runtime --sign=\"$EXPANDED_CODE_SIGN_IDENTITY_NAME\" \"$helper_path\"\nelse\n codesign --force --options=runtime --sign=\"$EXPANDED_CODE_SIGN_IDENTITY_NAME\" \"$helper_path\"\nfi\n\nframework_path=\"$BUILT_PRODUCTS_DIR/$FRAMEWORKS_FOLDER_PATH/LaunchAtLogin.framework\"\ncodesign --verbose --force --deep -o runtime --sign \"$EXPANDED_CODE_SIGN_IDENTITY_NAME\" \"$framework_path/Versions/A/Resources/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper\"\n";
};
/* End PBXShellScriptBuildPhase section */

Expand Down Expand Up @@ -778,9 +778,11 @@
ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
CLANG_ENABLE_MODULES = YES;
CODE_SIGN_ENTITLEMENTS = "ViMac-Swift/ViMac_Swift.entitlements";
CODE_SIGN_IDENTITY = "Apple Development";
CODE_SIGN_STYLE = Automatic;
COMBINE_HIDPI_IMAGES = YES;
DEVELOPMENT_TEAM = LQ2VH8VB84;
ENABLE_HARDENED_RUNTIME = YES;
FRAMEWORK_SEARCH_PATHS = (
"$(inherited)",
"$(PROJECT_DIR)/Carthage/Build/Mac",
Expand All @@ -805,9 +807,11 @@
ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
CLANG_ENABLE_MODULES = YES;
CODE_SIGN_ENTITLEMENTS = "ViMac-Swift/ViMac_Swift.entitlements";
CODE_SIGN_IDENTITY = "Apple Development";
CODE_SIGN_STYLE = Automatic;
COMBINE_HIDPI_IMAGES = YES;
DEVELOPMENT_TEAM = LQ2VH8VB84;
ENABLE_HARDENED_RUNTIME = YES;
FRAMEWORK_SEARCH_PATHS = (
"$(inherited)",
"$(PROJECT_DIR)/Carthage/Build/Mac",
Expand Down
4 changes: 4 additions & 0 deletions appcenter-post-build.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# https://github.com/iseebi/TransporterPad/blob/master/appcenter-post-build.sh
BUNDLE_IDENTIFIER=dexterleng.vimac
DISTRIBUTION_FILE=$APPCENTER_OUTPUT_DIRECTORY/Vimac_distribution.zip
xcrun altool --notarize-app --primary-bundle-id $BUNDLE_IDENTIFIER --username $AC_USERNAME --password $AC_PASSWORD --file $DISTRIBUTION_FILE

0 comments on commit 2398b92

Please sign in to comment.