juli/OrcaSlicer
1
1
Fork 0
mirror of https://github.com/OrcaSlicer/OrcaSlicer.git synced 2026-06-11 22:43:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

feature revert the entitlements changed for pack the dmg

Browse Source
This commit is contained in:
alves
2026-01-28 15:34:53 +08:00
parent f52f346e40
commit 367178b664
1 changed files with 4 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
.github/workflows/build_orca.yml vendored
View File

@@ -139,60 +139,10 @@ jobs:
security import $CERTIFICATE_PATH -P $P12_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $P12_PASSWORD $KEYCHAIN_PATH
# Sign Snapmaker Orca.app with entitlements (manual recursive signing, not using --deep)
APP_PATH="${{ github.workspace }}/build/universal/Snapmaker_Orca/Snapmaker Orca.app"
ENTITLEMENTS_PATH="${{ github.workspace }}/scripts/disable_validation.entitlements"
echo "Signing Frameworks..."
if [ -d "$APP_PATH/Contents/Frameworks" ]; then
find "$APP_PATH/Contents/Frameworks" -name "*.dylib" -o -name "*.framework" | while read -r item; do
if [ -f "$item" ] || [ -d "$item" ]; then
codesign --force --verbose --options runtime --timestamp --sign "$CERTIFICATE_ID" "$item" 2>/dev/null || true
fi
done
fi
echo "Signing MacOS executables..."
if [ -d "$APP_PATH/Contents/MacOS" ]; then
find "$APP_PATH/Contents/MacOS" -type f -perm +111 | while read -r item; do
codesign --force --verbose --options runtime --timestamp --sign "$CERTIFICATE_ID" "$item" 2>/dev/null || true
done
fi
echo "Signing main app with entitlements..."
codesign --force --verbose --options runtime --timestamp --entitlements "$ENTITLEMENTS_PATH" --sign "$CERTIFICATE_ID" "$APP_PATH"
# Verify entitlements are embedded
echo "Verifying entitlements..."
if codesign -d --entitlements - "$APP_PATH" 2>&1 | grep -q "com.apple.security.network.client"; then
echo "✓ Entitlements successfully embedded"
else
echo "⚠ Warning: Entitlements may not be embedded correctly"
fi
codesign --deep --force --verbose --options runtime --timestamp --entitlements ${{ github.workspace }}/scripts/disable_validation.entitlements --sign "$CERTIFICATE_ID" "${{ github.workspace }}/build/universal/Snapmaker_Orca/Snapmaker Orca.app"
# Sign Snapmaker_Orca_profile_validator.app if it exists
if [ -f "${{ github.workspace }}/build/universal/Snapmaker_Orca/Snapmaker_Orca_profile_validator.app/Contents/MacOS/Snapmaker_Orca_profile_validator" ]; then
VALIDATOR_APP_PATH="${{ github.workspace }}/build/universal/Snapmaker_Orca/Snapmaker_Orca_profile_validator.app"
echo "Signing profile validator Frameworks..."
if [ -d "$VALIDATOR_APP_PATH/Contents/Frameworks" ]; then
find "$VALIDATOR_APP_PATH/Contents/Frameworks" -name "*.dylib" -o -name "*.framework" | while read -r item; do
if [ -f "$item" ] || [ -d "$item" ]; then
codesign --force --verbose --options runtime --timestamp --sign "$CERTIFICATE_ID" "$item" 2>/dev/null || true
fi
done
fi
echo "Signing profile validator MacOS executables..."
if [ -d "$VALIDATOR_APP_PATH/Contents/MacOS" ]; then
find "$VALIDATOR_APP_PATH/Contents/MacOS" -type f -perm +111 | while read -r item; do
codesign --force --verbose --options runtime --timestamp --sign "$CERTIFICATE_ID" "$item" 2>/dev/null || true
done
fi
echo "Signing profile validator app with entitlements..."
codesign --force --verbose --options runtime --timestamp --entitlements "$ENTITLEMENTS_PATH" --sign "$CERTIFICATE_ID" "$VALIDATOR_APP_PATH"
codesign --deep --force --verbose --options runtime --timestamp --entitlements ${{ github.workspace }}/scripts/disable_validation.entitlements --sign "$CERTIFICATE_ID" ${{ github.workspace }}/build/universal/Snapmaker_Orca/Snapmaker_Orca_profile_validator.app
fi
# Create main Snapmaker Orca DMG without the profile validator helper
@@ -201,7 +151,7 @@ jobs:
cp -R "${{ github.workspace }}/build/universal/Snapmaker_Orca/Snapmaker Orca.app" "${{ github.workspace }}/build/universal/Snapmaker_Orca_dmg/"
ln -sfn /Applications ${{ github.workspace }}/build/universal/Snapmaker_Orca_dmg/Applications
hdiutil create -volname "Snapmaker_Orca" -srcfolder ${{ github.workspace }}/build/universal/Snapmaker_Orca_dmg -ov -format UDZO "${{ github.workspace }}/Snapmaker_Orca_Mac_universal_${{ env.ver }}.dmg"
codesign --force --verbose --options runtime --timestamp --entitlements "$ENTITLEMENTS_PATH" --sign "$CERTIFICATE_ID" "${{ github.workspace }}/Snapmaker_Orca_Mac_universal_${{ env.ver }}.dmg"
codesign --deep --force --verbose --options runtime --timestamp --entitlements ${{ github.workspace }}/scripts/disable_validation.entitlements --sign "$CERTIFICATE_ID" "${{ github.workspace }}/Snapmaker_Orca_Mac_universal_${{ env.ver }}.dmg"
# Create separate Snapmaker_Orca_profile_validator DMG if the app exists
if [ -f "${{ github.workspace }}/build/universal/Snapmaker_Orca/Snapmaker_Orca_profile_validator.app/Contents/MacOS/Snapmaker_Orca_profile_validator" ]; then
@@ -210,7 +160,7 @@ jobs:
cp -R ${{ github.workspace }}/build/universal/Snapmaker_Orca/Snapmaker_Orca_profile_validator.app ${{ github.workspace }}/build/universal/Snapmaker_Orca_profile_validator_dmg/
ln -sfn /Applications ${{ github.workspace }}/build/universal/Snapmaker_Orca_profile_validator_dmg/Applications
hdiutil create -volname "Snapmaker_Orca Profile Validator" -srcfolder ${{ github.workspace }}/build/universal/Snapmaker_Orca_profile_validator_dmg -ov -format UDZO "${{ github.workspace }}/Snapmaker_Orca_profile_validator_Mac_universal_${{ env.ver }}.dmg"
codesign --force --verbose --options runtime --timestamp --entitlements "$ENTITLEMENTS_PATH" --sign "$CERTIFICATE_ID" "${{ github.workspace }}/Snapmaker_Orca_profile_validator_Mac_universal_${{ env.ver }}.dmg"
codesign --deep --force --verbose --options runtime --timestamp --entitlements ${{ github.workspace }}/scripts/disable_validation.entitlements --sign "$CERTIFICATE_ID" "${{ github.workspace }}/Snapmaker_Orca_profile_validator_Mac_universal_${{ env.ver }}.dmg"
fi
# Notarize main DMG