macOS signing improvements: allow signed app exporting as ZIP, sign DMG after exporting.

This commit is contained in:
bruvzg 2019-11-08 14:38:23 +02:00
parent 00949f0c5f
commit 4bec713b8c
No known key found for this signature in database
GPG Key ID: EBDC1EE1E7261782
1 changed files with 156 additions and 189 deletions

View File

@ -57,6 +57,7 @@ class EditorExportPlatformOSX : public EditorExportPlatform {
Error _code_sign(const Ref<EditorExportPreset> &p_preset, const String &p_path); Error _code_sign(const Ref<EditorExportPreset> &p_preset, const String &p_path);
Error _create_dmg(const String &p_dmg_path, const String &p_pkg_name, const String &p_app_path_name); Error _create_dmg(const String &p_dmg_path, const String &p_pkg_name, const String &p_app_path_name);
void _zip_folder_recursive(zipFile &p_zip, const String &p_root_path, const String &p_folder, const String &p_pkg_name);
#ifdef OSX_ENABLED #ifdef OSX_ENABLED
bool use_codesign() const { return true; } bool use_codesign() const { return true; }
@ -363,6 +364,7 @@ void EditorExportPlatformOSX::_fix_plist(const Ref<EditorExportPreset> &p_preset
**/ **/
Error EditorExportPlatformOSX::_code_sign(const Ref<EditorExportPreset> &p_preset, const String &p_path) { Error EditorExportPlatformOSX::_code_sign(const Ref<EditorExportPreset> &p_preset, const String &p_path) {
#ifdef OSX_ENABLED
List<String> args; List<String> args;
if (p_preset->get("codesign/timestamp")) { if (p_preset->get("codesign/timestamp")) {
@ -373,8 +375,7 @@ Error EditorExportPlatformOSX::_code_sign(const Ref<EditorExportPreset> &p_prese
args.push_back("runtime"); args.push_back("runtime");
} }
if (p_preset->get("codesign/entitlements") != "") { if ((p_preset->get("codesign/entitlements") != "") && (p_path.get_extension() != "dmg")) {
/* this should point to our entitlements.plist file that sandboxes our application, I don't know if this should also be placed in our app bundle */
args.push_back("--entitlements"); args.push_back("--entitlements");
args.push_back(p_preset->get("codesign/entitlements")); args.push_back(p_preset->get("codesign/entitlements"));
} }
@ -407,6 +408,7 @@ Error EditorExportPlatformOSX::_code_sign(const Ref<EditorExportPreset> &p_prese
EditorNode::add_io_error("codesign: invalid entitlements file"); EditorNode::add_io_error("codesign: invalid entitlements file");
return FAILED; return FAILED;
} }
#endif
return OK; return OK;
} }
@ -500,15 +502,11 @@ Error EditorExportPlatformOSX::export_project(const Ref<EditorExportPreset> &p_p
Error err = OK; Error err = OK;
String tmp_app_path_name = ""; String tmp_app_path_name = "";
zlib_filefunc_def io2 = io;
FileAccess *dst_f = nullptr;
io2.opaque = &dst_f;
zipFile dst_pkg_zip = nullptr;
DirAccess *tmp_app_path = nullptr; DirAccess *tmp_app_path = nullptr;
String export_format = use_dmg() && p_path.ends_with("dmg") ? "dmg" : "zip"; String export_format = use_dmg() && p_path.ends_with("dmg") ? "dmg" : "zip";
if (export_format == "dmg") {
// We're on OSX so we can export to DMG, but first we create our application bundle // Create our application bundle.
tmp_app_path_name = EditorSettings::get_singleton()->get_cache_dir().plus_file(pkg_name + ".app"); tmp_app_path_name = EditorSettings::get_singleton()->get_cache_dir().plus_file(pkg_name + ".app");
print_line("Exporting to " + tmp_app_path_name); print_line("Exporting to " + tmp_app_path_name);
tmp_app_path = DirAccess::create_for_path(tmp_app_path_name); tmp_app_path = DirAccess::create_for_path(tmp_app_path_name);
@ -516,7 +514,7 @@ Error EditorExportPlatformOSX::export_project(const Ref<EditorExportPreset> &p_p
err = ERR_CANT_CREATE; err = ERR_CANT_CREATE;
} }
// Create our folder structure or rely on unzip? // Create our folder structure.
if (err == OK) { if (err == OK) {
print_line("Creating " + tmp_app_path_name + "/Contents/MacOS"); print_line("Creating " + tmp_app_path_name + "/Contents/MacOS");
err = tmp_app_path->make_dir_recursive(tmp_app_path_name + "/Contents/MacOS"); err = tmp_app_path->make_dir_recursive(tmp_app_path_name + "/Contents/MacOS");
@ -531,22 +529,15 @@ Error EditorExportPlatformOSX::export_project(const Ref<EditorExportPreset> &p_p
print_line("Creating " + tmp_app_path_name + "/Contents/Resources"); print_line("Creating " + tmp_app_path_name + "/Contents/Resources");
err = tmp_app_path->make_dir_recursive(tmp_app_path_name + "/Contents/Resources"); err = tmp_app_path->make_dir_recursive(tmp_app_path_name + "/Contents/Resources");
} }
} else {
// Open our destination zip file
dst_pkg_zip = zipOpen2(p_path.utf8().get_data(), APPEND_STATUS_CREATE, nullptr, &io2);
if (!dst_pkg_zip) {
err = ERR_CANT_CREATE;
}
}
// Now process our template // Now process our template.
bool found_binary = false; bool found_binary = false;
int total_size = 0; int total_size = 0;
while (ret == UNZ_OK && err == OK) { while (ret == UNZ_OK && err == OK) {
bool is_execute = false; bool is_execute = false;
//get filename // Get filename.
unz_file_info info; unz_file_info info;
char fname[16384]; char fname[16384];
ret = unzGetCurrentFileInfo(src_pkg_zip, &info, fname, 16384, nullptr, 0, nullptr, 0); ret = unzGetCurrentFileInfo(src_pkg_zip, &info, fname, 16384, nullptr, 0, nullptr, 0);
@ -556,13 +547,12 @@ Error EditorExportPlatformOSX::export_project(const Ref<EditorExportPreset> &p_p
Vector<uint8_t> data; Vector<uint8_t> data;
data.resize(info.uncompressed_size); data.resize(info.uncompressed_size);
//read // Read.
unzOpenCurrentFile(src_pkg_zip); unzOpenCurrentFile(src_pkg_zip);
unzReadCurrentFile(src_pkg_zip, data.ptrw(), data.size()); unzReadCurrentFile(src_pkg_zip, data.ptrw(), data.size());
unzCloseCurrentFile(src_pkg_zip); unzCloseCurrentFile(src_pkg_zip);
//write // Write.
file = file.replace_first("osx_template.app/", ""); file = file.replace_first("osx_template.app/", "");
if (file == "Contents/Info.plist") { if (file == "Contents/Info.plist") {
@ -572,7 +562,7 @@ Error EditorExportPlatformOSX::export_project(const Ref<EditorExportPreset> &p_p
if (file.begins_with("Contents/MacOS/godot_")) { if (file.begins_with("Contents/MacOS/godot_")) {
if (file != "Contents/MacOS/" + binary_to_use) { if (file != "Contents/MacOS/" + binary_to_use) {
ret = unzGoToNextFile(src_pkg_zip); ret = unzGoToNextFile(src_pkg_zip);
continue; //ignore! continue; // skip
} }
found_binary = true; found_binary = true;
is_execute = true; is_execute = true;
@ -580,7 +570,7 @@ Error EditorExportPlatformOSX::export_project(const Ref<EditorExportPreset> &p_p
} }
if (file == "Contents/Resources/icon.icns") { if (file == "Contents/Resources/icon.icns") {
//see if there is an icon // See if there is an icon.
String iconpath; String iconpath;
if (p_preset->get("application/icon") != "") { if (p_preset->get("application/icon") != "") {
iconpath = p_preset->get("application/icon"); iconpath = p_preset->get("application/icon");
@ -627,20 +617,18 @@ Error EditorExportPlatformOSX::export_project(const Ref<EditorExportPreset> &p_p
print_line("ADDING: " + file + " size: " + itos(data.size())); print_line("ADDING: " + file + " size: " + itos(data.size()));
total_size += data.size(); total_size += data.size();
if (export_format == "dmg") { // Write it into our application bundle.
// write it into our application bundle
file = tmp_app_path_name.plus_file(file); file = tmp_app_path_name.plus_file(file);
if (err == OK) { if (err == OK) {
err = tmp_app_path->make_dir_recursive(file.get_base_dir()); err = tmp_app_path->make_dir_recursive(file.get_base_dir());
} }
if (err == OK) { if (err == OK) {
// write the file, need to add chmod
FileAccess *f = FileAccess::open(file, FileAccess::WRITE); FileAccess *f = FileAccess::open(file, FileAccess::WRITE);
if (f) { if (f) {
f->store_buffer(data.ptr(), data.size()); f->store_buffer(data.ptr(), data.size());
f->close(); f->close();
if (is_execute) { if (is_execute) {
// Chmod with 0755 if the file is executable // chmod with 0755 if the file is executable.
FileAccess::set_unix_permissions(file, 0755); FileAccess::set_unix_permissions(file, 0755);
} }
memdelete(f); memdelete(f);
@ -648,41 +636,12 @@ Error EditorExportPlatformOSX::export_project(const Ref<EditorExportPreset> &p_p
err = ERR_CANT_CREATE; err = ERR_CANT_CREATE;
} }
} }
} else {
// add it to our zip file
file = pkg_name + ".app/" + file;
zip_fileinfo fi;
fi.tmz_date.tm_hour = info.tmu_date.tm_hour;
fi.tmz_date.tm_min = info.tmu_date.tm_min;
fi.tmz_date.tm_sec = info.tmu_date.tm_sec;
fi.tmz_date.tm_mon = info.tmu_date.tm_mon;
fi.tmz_date.tm_mday = info.tmu_date.tm_mday;
fi.tmz_date.tm_year = info.tmu_date.tm_year;
fi.dosDate = info.dosDate;
fi.internal_fa = info.internal_fa;
fi.external_fa = info.external_fa;
zipOpenNewFileInZip(dst_pkg_zip,
file.utf8().get_data(),
&fi,
nullptr,
0,
nullptr,
0,
nullptr,
Z_DEFLATED,
Z_DEFAULT_COMPRESSION);
zipWriteInFileInZip(dst_pkg_zip, data.ptr(), data.size());
zipCloseFileInZip(dst_pkg_zip);
}
} }
ret = unzGoToNextFile(src_pkg_zip); ret = unzGoToNextFile(src_pkg_zip);
} }
// we're done with our source zip // We're done with our source zip.
unzClose(src_pkg_zip); unzClose(src_pkg_zip);
if (!found_binary) { if (!found_binary) {
@ -695,12 +654,11 @@ Error EditorExportPlatformOSX::export_project(const Ref<EditorExportPreset> &p_p
return ERR_SKIP; return ERR_SKIP;
} }
if (export_format == "dmg") {
String pack_path = tmp_app_path_name + "/Contents/Resources/" + pkg_name + ".pck"; String pack_path = tmp_app_path_name + "/Contents/Resources/" + pkg_name + ".pck";
Vector<SharedObject> shared_objects; Vector<SharedObject> shared_objects;
err = save_pack(p_preset, pack_path, &shared_objects); err = save_pack(p_preset, pack_path, &shared_objects);
// see if we can code sign our new package // See if we can code sign our new package.
bool sign_enabled = p_preset->get("codesign/enable"); bool sign_enabled = p_preset->get("codesign/enable");
if (err == OK) { if (err == OK) {
@ -718,99 +676,108 @@ Error EditorExportPlatformOSX::export_project(const Ref<EditorExportPreset> &p_p
if (ep.step("Code signing bundle", 2)) { if (ep.step("Code signing bundle", 2)) {
return ERR_SKIP; return ERR_SKIP;
} }
// the order in which we code sign is important, this is a bit of a shame or we could do this in our loop that extracts the files from our ZIP
// start with our application
err = _code_sign(p_preset, tmp_app_path_name + "/Contents/MacOS/" + pkg_name); err = _code_sign(p_preset, tmp_app_path_name + "/Contents/MacOS/" + pkg_name);
///@TODO we should check the contents of /Contents/Frameworks for frameworks to sign
} }
// and finally create a DMG if (export_format == "dmg") {
// Create a DMG.
if (err == OK) { if (err == OK) {
if (ep.step("Making DMG", 3)) { if (ep.step("Making DMG", 3)) {
return ERR_SKIP; return ERR_SKIP;
} }
err = _create_dmg(p_path, pkg_name, tmp_app_path_name); err = _create_dmg(p_path, pkg_name, tmp_app_path_name);
} }
// Sign DMG.
// Clean up temporary .app dir if (err == OK && sign_enabled) {
OS::get_singleton()->move_to_trash(tmp_app_path_name); if (ep.step("Code signing DMG", 3)) {
return ERR_SKIP;
} else { // pck
String pack_path = EditorSettings::get_singleton()->get_cache_dir().plus_file(pkg_name + ".pck");
Vector<SharedObject> shared_objects;
err = save_pack(p_preset, pack_path, &shared_objects);
if (err == OK) {
zipOpenNewFileInZip(dst_pkg_zip,
(pkg_name + ".app/Contents/Resources/" + pkg_name + ".pck").utf8().get_data(),
nullptr,
nullptr,
0,
nullptr,
0,
nullptr,
Z_DEFLATED,
Z_DEFAULT_COMPRESSION);
FileAccess *pf = FileAccess::open(pack_path, FileAccess::READ);
if (pf) {
const int BSIZE = 16384;
uint8_t buf[BSIZE];
while (true) {
int r = pf->get_buffer(buf, BSIZE);
if (r <= 0) {
break;
} }
zipWriteInFileInZip(dst_pkg_zip, buf, r); err = _code_sign(p_preset, p_path);
} }
zipCloseFileInZip(dst_pkg_zip);
memdelete(pf);
} else { } else {
err = ERR_CANT_OPEN; // Create ZIP.
}
}
if (err == OK) { if (err == OK) {
//add shared objects if (ep.step("Making ZIP", 3)) {
for (int i = 0; i < shared_objects.size(); i++) { return ERR_SKIP;
Vector<uint8_t> file = FileAccess::get_file_as_array(shared_objects[i].path); }
ERR_CONTINUE(file.empty()); if (FileAccess::exists(p_path)) {
OS::get_singleton()->move_to_trash(p_path);
}
zipOpenNewFileInZip(dst_pkg_zip, FileAccess *dst_f = nullptr;
(pkg_name + ".app/Contents/Frameworks/").plus_file(shared_objects[i].path.get_file()).utf8().get_data(), zlib_filefunc_def io_dst = zipio_create_io_from_file(&dst_f);
nullptr, zipFile zip = zipOpen2(p_path.utf8().get_data(), APPEND_STATUS_CREATE, nullptr, &io_dst);
nullptr,
0,
nullptr,
0,
nullptr,
Z_DEFLATED,
Z_DEFAULT_COMPRESSION);
zipWriteInFileInZip(dst_pkg_zip, file.ptr(), file.size()); _zip_folder_recursive(zip, EditorSettings::get_singleton()->get_cache_dir(), pkg_name + ".app", pkg_name);
zipCloseFileInZip(dst_pkg_zip);
zipClose(zip, nullptr);
} }
} }
// Clean up generated file. // Clean up temporary .app dir.
DirAccess::remove_file_or_error(pack_path); OS::get_singleton()->move_to_trash(tmp_app_path_name);
}
}
if (dst_pkg_zip) {
zipClose(dst_pkg_zip, nullptr);
} }
return err; return err;
} }
void EditorExportPlatformOSX::_zip_folder_recursive(zipFile &p_zip, const String &p_root_path, const String &p_folder, const String &p_pkg_name) {
String dir = p_root_path.plus_file(p_folder);
DirAccess *da = DirAccess::open(dir);
da->list_dir_begin();
String f;
while ((f = da->get_next()) != "") {
if (f == "." || f == "..") {
continue;
}
if (da->current_is_dir()) {
_zip_folder_recursive(p_zip, p_root_path, p_folder.plus_file(f), p_pkg_name);
} else {
bool is_executable = (p_folder.ends_with("MacOS") && (f == p_pkg_name));
OS::Time time = OS::get_singleton()->get_time();
OS::Date date = OS::get_singleton()->get_date();
zip_fileinfo zipfi;
zipfi.tmz_date.tm_hour = time.hour;
zipfi.tmz_date.tm_mday = date.day;
zipfi.tmz_date.tm_min = time.min;
zipfi.tmz_date.tm_mon = date.month;
zipfi.tmz_date.tm_sec = time.sec;
zipfi.tmz_date.tm_year = date.year;
zipfi.dosDate = 0;
zipfi.external_fa = (is_executable ? 0755 : 0644) << 16L;
zipfi.internal_fa = 0;
zipOpenNewFileInZip4(p_zip,
p_folder.plus_file(f).utf8().get_data(),
&zipfi,
nullptr,
0,
nullptr,
0,
nullptr,
Z_DEFLATED,
Z_DEFAULT_COMPRESSION,
0,
-MAX_WBITS,
DEF_MEM_LEVEL,
Z_DEFAULT_STRATEGY,
nullptr,
0,
0x0314, // "version made by", 0x03 - Unix, 0x14 - ZIP specification version 2.0, required to store Unix file permissions
0);
Vector<uint8_t> array = FileAccess::get_file_as_array(dir.plus_file(f));
zipWriteInFileInZip(p_zip, array.ptr(), array.size());
zipCloseFileInZip(p_zip);
}
}
da->list_dir_end();
memdelete(da);
}
bool EditorExportPlatformOSX::can_export(const Ref<EditorExportPreset> &p_preset, String &r_error, bool &r_missing_templates) const { bool EditorExportPlatformOSX::can_export(const Ref<EditorExportPreset> &p_preset, String &r_error, bool &r_missing_templates) const {
String err; String err;
bool valid = false; bool valid = false;