diff --git a/platform/osx/export/export.cpp b/platform/osx/export/export.cpp index c9c7fa8eb38..17dd60f490b 100644 --- a/platform/osx/export/export.cpp +++ b/platform/osx/export/export.cpp @@ -102,6 +102,7 @@ class EditorExportPlatformOSX : public EditorExportPlatform { protected: virtual void get_preset_features(const Ref &p_preset, List *r_features); virtual void get_export_options(List *r_options); + virtual bool get_option_visibility(const String &p_option, const Map &p_options) const; public: virtual String get_name() const { return "Mac OSX"; } @@ -148,6 +149,23 @@ void EditorExportPlatformOSX::get_preset_features(const Ref r_features->push_back("64"); } +bool EditorExportPlatformOSX::get_option_visibility(const String &p_option, const Map &p_options) const { + // These options are not supported by built-in codesign, used on non macOS host. + if (!OS::get_singleton()->has_feature("OSX")) { + if (p_option == "codesign/identity" || p_option == "codesign/timestamp" || p_option == "codesign/hardened_runtime" || p_option == "codesign/custom_options" || p_option.begins_with("notarization/")) { + return false; + } + } + + // These entitlements are required to run managed code, and are always enabled in Mono builds. + if (Engine::get_singleton()->has_singleton("GodotSharp")) { + if (p_option == "codesign/entitlements/allow_jit_code_execution" || p_option == "codesign/entitlements/allow_unsigned_executable_memory" || p_option == "codesign/entitlements/allow_dyld_environment_variables") { + return false; + } + } + return true; +} + void EditorExportPlatformOSX::get_export_options(List *r_options) { r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "custom_template/debug", PROPERTY_HINT_GLOBAL_FILE, "*.zip"), "")); r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "custom_template/release", PROPERTY_HINT_GLOBAL_FILE, "*.zip"), "")); @@ -175,20 +193,15 @@ void EditorExportPlatformOSX::get_export_options(List *r_options) r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "privacy/removable_volumes_usage_description", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide a message if you need to use removable volumes"), "")); r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/enable"), true)); -#ifdef OSX_ENABLED r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "codesign/identity", PROPERTY_HINT_PLACEHOLDER_TEXT, "Type: Name (ID)"), "")); r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/timestamp"), true)); r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/hardened_runtime"), true)); -#endif r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/replace_existing_signature"), true)); r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "codesign/entitlements/custom_file", PROPERTY_HINT_GLOBAL_FILE, "*.plist"), "")); - if (!Engine::get_singleton()->has_singleton("GodotSharp")) { - // These entitlements are required to run managed code, and are always enabled in Mono builds. - r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/allow_jit_code_execution"), false)); - r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/allow_unsigned_executable_memory"), false)); - r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/allow_dyld_environment_variables"), false)); - } + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/allow_jit_code_execution"), false)); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/allow_unsigned_executable_memory"), false)); + r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/allow_dyld_environment_variables"), false)); r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/disable_library_validation"), false)); r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/entitlements/audio_input"), false)); @@ -210,14 +223,12 @@ void EditorExportPlatformOSX::get_export_options(List *r_options) r_options->push_back(ExportOption(PropertyInfo(Variant::INT, "codesign/entitlements/app_sandbox/files_music", PROPERTY_HINT_ENUM, "No,Read-only,Read-write"), 0)); r_options->push_back(ExportOption(PropertyInfo(Variant::INT, "codesign/entitlements/app_sandbox/files_movies", PROPERTY_HINT_ENUM, "No,Read-only,Read-write"), 0)); -#ifdef OSX_ENABLED r_options->push_back(ExportOption(PropertyInfo(Variant::POOL_STRING_ARRAY, "codesign/custom_options"), PoolStringArray())); r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "notarization/enable"), false)); r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "notarization/apple_id_name", PROPERTY_HINT_PLACEHOLDER_TEXT, "Apple ID email"), "")); r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "notarization/apple_id_password", PROPERTY_HINT_PLACEHOLDER_TEXT, "Enable two-factor authentication and provide app-specific password"), "")); r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "notarization/apple_team_id", PROPERTY_HINT_PLACEHOLDER_TEXT, "Provide team ID if your Apple ID belongs to multiple teams"), "")); -#endif r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "texture_format/s3tc"), true)); r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "texture_format/etc"), false)); @@ -543,12 +554,14 @@ Error EditorExportPlatformOSX::_code_sign(const Ref &p_prese if ((!FileAccess::exists("/usr/bin/codesign") && !FileAccess::exists("/bin/codesign")) || force_builtin_codesign) { print_verbose("using built-in codesign..."); #ifdef MODULE_REGEX_ENABLED +#ifdef OSX_ENABLED if (p_preset->get("codesign/timestamp")) { WARN_PRINT("Timestamping is not compatible with ad-hoc signature, and was disabled!"); } if (p_preset->get("codesign/hardened_runtime")) { WARN_PRINT("Hardened Runtime is not compatible with ad-hoc signature, and was disabled!"); } +#endif String error_msg; Error err = CodeSign::codesign(false, p_preset->get("codesign/replace_existing_signature"), p_path, p_ent_path, error_msg); @@ -1229,6 +1242,7 @@ Error EditorExportPlatformOSX::export_project(const Ref &p_p } } +#ifdef OSX_ENABLED bool noto_enabled = p_preset->get("notarization/enable"); if (err == OK && noto_enabled) { if (export_format == "app") { @@ -1240,6 +1254,7 @@ Error EditorExportPlatformOSX::export_project(const Ref &p_p err = _notarize(p_preset, p_path); } } +#endif // Clean up temporary .app dir and generated entitlements. if ((String)(p_preset->get("codesign/entitlements/custom_file")) == "") { @@ -1410,17 +1425,17 @@ bool EditorExportPlatformOSX::can_export(const Ref &p_preset } bool sign_enabled = p_preset->get("codesign/enable"); + +#ifdef OSX_ENABLED bool noto_enabled = p_preset->get("notarization/enable"); bool ad_hoc = ((p_preset->get("codesign/identity") == "") || (p_preset->get("codesign/identity") == "-")); -#ifdef OSX_ENABLED if (!ad_hoc && (bool)EditorSettings::get_singleton()->get("export/macos/force_builtin_codesign")) { err += TTR("Warning: Built-in \"codesign\" is selected in the Editor Settings. Code signing is limited to ad-hoc signature only.") + "\n"; } if (!ad_hoc && !FileAccess::exists("/usr/bin/codesign") && !FileAccess::exists("/bin/codesign")) { err += TTR("Warning: Xcode command line tools are not installed, using built-in \"codesign\". Code signing is limited to ad-hoc signature only.") + "\n"; } -#endif if (noto_enabled) { if (ad_hoc) { @@ -1448,11 +1463,7 @@ bool EditorExportPlatformOSX::can_export(const Ref &p_preset valid = false; } } else { -#ifdef OSX_ENABLED err += TTR("Warning: Notarization is disabled. The exported project will be blocked by Gatekeeper, if it's downloaded from an unknown source.") + "\n"; -#else - err += TTR("Warning: Notarization is not supported on this OS. The exported project will be blocked by Gatekeeper, if it's downloaded from an unknown source.") + "\n"; -#endif if (!sign_enabled) { err += TTR("Code signing is disabled. Exported project will not run on Macs with enabled Gatekeeper and Apple Silicon powered Macs.") + "\n"; } else { @@ -1464,6 +1475,12 @@ bool EditorExportPlatformOSX::can_export(const Ref &p_preset } } } +#else + err += TTR("Warning: Notarization is not supported on this OS. Exported project will be blocked by Gatekeeper, if it's downloaded from an unknown source.") + "\n"; + if (!sign_enabled) { + err += TTR("Code signing is disabled. Exported project will not run on Macs with enabled Gatekeeper and Apple Silicon powered Macs.") + "\n"; + } +#endif if (sign_enabled) { if ((bool)p_preset->get("codesign/entitlements/audio_input") && ((String)p_preset->get("privacy/microphone_usage_description")).empty()) { diff --git a/platform/windows/export/export.cpp b/platform/windows/export/export.cpp index ab4ec59a089..3de9710975b 100644 --- a/platform/windows/export/export.cpp +++ b/platform/windows/export/export.cpp @@ -47,6 +47,7 @@ public: virtual Error export_project(const Ref &p_preset, bool p_debug, const String &p_path, int p_flags = 0); virtual Error sign_shared_object(const Ref &p_preset, bool p_debug, const String &p_path); virtual void get_export_options(List *r_options); + virtual bool get_option_visibility(const String &p_option, const Map &p_options) const; }; Error EditorExportPlatformWindows::sign_shared_object(const Ref &p_preset, bool p_debug, const String &p_path) { @@ -73,13 +74,19 @@ Error EditorExportPlatformWindows::export_project(const Ref return err; } +bool EditorExportPlatformWindows::get_option_visibility(const String &p_option, const Map &p_options) const { + // This option is not supported by "osslsigncode", used on non-Windows host. + if (!OS::get_singleton()->has_feature("Windows") && p_option == "codesign/identity_type") { + return false; + } + return true; +} + void EditorExportPlatformWindows::get_export_options(List *r_options) { EditorExportPlatformPC::get_export_options(r_options); r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/enable"), false)); -#ifdef WINDOWS_ENABLED r_options->push_back(ExportOption(PropertyInfo(Variant::INT, "codesign/identity_type", PROPERTY_HINT_ENUM, "Select automatically,Use PKCS12 file (specify *.PFX/*.P12 file),Use certificate store (specify SHA1 hash)"), 0)); -#endif r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "codesign/identity", PROPERTY_HINT_GLOBAL_FILE, "*.pfx,*.p12"), "")); r_options->push_back(ExportOption(PropertyInfo(Variant::STRING, "codesign/password"), "")); r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "codesign/timestamp"), true));