mirror of
https://github.com/OrcaSlicer/OrcaSlicer.git
synced 2026-06-11 14:33:04 +00:00
fix revert the changed for signs.
This commit is contained in:
alves
105
.github/workflows/build_orca.yml
vendored
105
.github/workflows/build_orca.yml
vendored
@@ -122,7 +122,7 @@ jobs:
|
||||
|
||||
# Thanks to RaySajuuk, it's working now
|
||||
- name: Sign app and notary
|
||||
if: inputs.os == 'macos-14'
|
||||
if: (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/') || github.ref == 'refs/heads/2.2.0') && inputs.os == 'macos-14'
|
||||
working-directory: ${{ github.workspace }}
|
||||
env:
|
||||
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
|
||||
@@ -144,70 +144,33 @@ jobs:
|
||||
APP_PATH="${{ github.workspace }}/build/universal/Snapmaker_Orca/Snapmaker Orca.app"
|
||||
ENTITLEMENTS_PATH="${{ github.workspace }}/scripts/disable_validation.entitlements"
|
||||
|
||||
# Verify entitlements file exists
|
||||
if [ ! -f "$ENTITLEMENTS_PATH" ]; then
|
||||
echo "Error: Entitlements file not found: $ENTITLEMENTS_PATH"
|
||||
exit 1
|
||||
fi
|
||||
echo "Using entitlements: $ENTITLEMENTS_PATH"
|
||||
|
||||
# Sign Frameworks (must succeed, no silent failures)
|
||||
echo "Signing Frameworks..."
|
||||
if [ -d "$APP_PATH/Contents/Frameworks" ]; then
|
||||
find "$APP_PATH/Contents/Frameworks" -name "*.dylib" -o -name "*.framework" | while read -r item; do
|
||||
if [ -f "$item" ] || [ -d "$item" ]; then
|
||||
echo " Signing: $item"
|
||||
codesign --force --verbose --options runtime --timestamp --sign "$CERTIFICATE_ID" "$item" || {
|
||||
echo "Error: Failed to sign $item"
|
||||
exit 1
|
||||
}
|
||||
codesign --force --verbose --options runtime --timestamp --sign "$CERTIFICATE_ID" "$item" 2>/dev/null || true
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
# Sign MacOS executables (must succeed, no silent failures)
|
||||
echo "Signing MacOS executables..."
|
||||
if [ -d "$APP_PATH/Contents/MacOS" ]; then
|
||||
find "$APP_PATH/Contents/MacOS" -type f -perm +111 | while read -r item; do
|
||||
echo " Signing: $item"
|
||||
codesign --force --verbose --options runtime --timestamp --sign "$CERTIFICATE_ID" "$item" || {
|
||||
echo "Error: Failed to sign $item"
|
||||
exit 1
|
||||
}
|
||||
codesign --force --verbose --options runtime --timestamp --sign "$CERTIFICATE_ID" "$item" 2>/dev/null || true
|
||||
done
|
||||
fi
|
||||
|
||||
# Sign main app with entitlements
|
||||
echo "Signing main app with entitlements..."
|
||||
codesign --force --verbose --options runtime --timestamp --entitlements "$ENTITLEMENTS_PATH" --sign "$CERTIFICATE_ID" "$APP_PATH" || {
|
||||
echo "Error: Failed to sign main app"
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Verify signature
|
||||
echo "Verifying signature..."
|
||||
codesign --verify --verbose "$APP_PATH" || {
|
||||
echo "Error: Signature verification failed"
|
||||
exit 1
|
||||
}
|
||||
codesign --force --verbose --options runtime --timestamp --entitlements "$ENTITLEMENTS_PATH" --sign "$CERTIFICATE_ID" "$APP_PATH"
|
||||
|
||||
# Verify entitlements are embedded
|
||||
echo "Verifying entitlements are embedded..."
|
||||
EMBEDDED_ENTITLEMENTS=$(codesign -d --entitlements - "$APP_PATH" 2>&1)
|
||||
if echo "$EMBEDDED_ENTITLEMENTS" | grep -q "com.apple.security.network.client"; then
|
||||
echo "Verifying entitlements..."
|
||||
if codesign -d --entitlements - "$APP_PATH" 2>&1 | grep -q "com.apple.security.network.client"; then
|
||||
echo "✓ Entitlements successfully embedded"
|
||||
echo " Found network.client entitlement"
|
||||
else
|
||||
echo "✗ Error: Entitlements not embedded correctly"
|
||||
echo " Embedded entitlements output:"
|
||||
echo "$EMBEDDED_ENTITLEMENTS" | head -20
|
||||
exit 1
|
||||
echo "⚠ Warning: Entitlements may not be embedded correctly"
|
||||
fi
|
||||
|
||||
# Display full entitlements for debugging
|
||||
echo "Full embedded entitlements:"
|
||||
codesign -d --entitlements - "$APP_PATH" 2>&1 | head -30
|
||||
|
||||
# Sign Snapmaker_Orca_profile_validator.app if it exists
|
||||
if [ -f "${{ github.workspace }}/build/universal/Snapmaker_Orca/Snapmaker_Orca_profile_validator.app/Contents/MacOS/Snapmaker_Orca_profile_validator" ]; then
|
||||
VALIDATOR_APP_PATH="${{ github.workspace }}/build/universal/Snapmaker_Orca/Snapmaker_Orca_profile_validator.app"
|
||||
@@ -216,11 +179,7 @@ jobs:
|
||||
if [ -d "$VALIDATOR_APP_PATH/Contents/Frameworks" ]; then
|
||||
find "$VALIDATOR_APP_PATH/Contents/Frameworks" -name "*.dylib" -o -name "*.framework" | while read -r item; do
|
||||
if [ -f "$item" ] || [ -d "$item" ]; then
|
||||
echo " Signing: $item"
|
||||
codesign --force --verbose --options runtime --timestamp --sign "$CERTIFICATE_ID" "$item" || {
|
||||
echo "Error: Failed to sign $item"
|
||||
exit 1
|
||||
}
|
||||
codesign --force --verbose --options runtime --timestamp --sign "$CERTIFICATE_ID" "$item" 2>/dev/null || true
|
||||
fi
|
||||
done
|
||||
fi
|
||||
@@ -228,25 +187,12 @@ jobs:
|
||||
echo "Signing profile validator MacOS executables..."
|
||||
if [ -d "$VALIDATOR_APP_PATH/Contents/MacOS" ]; then
|
||||
find "$VALIDATOR_APP_PATH/Contents/MacOS" -type f -perm +111 | while read -r item; do
|
||||
echo " Signing: $item"
|
||||
codesign --force --verbose --options runtime --timestamp --sign "$CERTIFICATE_ID" "$item" || {
|
||||
echo "Error: Failed to sign $item"
|
||||
exit 1
|
||||
}
|
||||
codesign --force --verbose --options runtime --timestamp --sign "$CERTIFICATE_ID" "$item" 2>/dev/null || true
|
||||
done
|
||||
fi
|
||||
|
||||
echo "Signing profile validator app with entitlements..."
|
||||
codesign --force --verbose --options runtime --timestamp --entitlements "$ENTITLEMENTS_PATH" --sign "$CERTIFICATE_ID" "$VALIDATOR_APP_PATH" || {
|
||||
echo "Error: Failed to sign profile validator app"
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Verify profile validator signature
|
||||
codesign --verify --verbose "$VALIDATOR_APP_PATH" || {
|
||||
echo "Error: Profile validator signature verification failed"
|
||||
exit 1
|
||||
}
|
||||
codesign --force --verbose --options runtime --timestamp --entitlements "$ENTITLEMENTS_PATH" --sign "$CERTIFICATE_ID" "$VALIDATOR_APP_PATH"
|
||||
fi
|
||||
|
||||
# Create main Snapmaker Orca DMG without the profile validator helper
|
||||
@@ -255,19 +201,7 @@ jobs:
|
||||
cp -R "${{ github.workspace }}/build/universal/Snapmaker_Orca/Snapmaker Orca.app" "${{ github.workspace }}/build/universal/Snapmaker_Orca_dmg/"
|
||||
ln -sfn /Applications ${{ github.workspace }}/build/universal/Snapmaker_Orca_dmg/Applications
|
||||
hdiutil create -volname "Snapmaker_Orca" -srcfolder ${{ github.workspace }}/build/universal/Snapmaker_Orca_dmg -ov -format UDZO "${{ github.workspace }}/Snapmaker_Orca_Mac_universal_${{ env.ver }}.dmg"
|
||||
|
||||
# Sign DMG (DMG files don't need entitlements, just signature)
|
||||
echo "Signing DMG..."
|
||||
codesign --force --verbose --options runtime --timestamp --sign "$CERTIFICATE_ID" "${{ github.workspace }}/Snapmaker_Orca_Mac_universal_${{ env.ver }}.dmg" || {
|
||||
echo "Error: Failed to sign DMG"
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Verify DMG signature
|
||||
codesign --verify --verbose "${{ github.workspace }}/Snapmaker_Orca_Mac_universal_${{ env.ver }}.dmg" || {
|
||||
echo "Error: DMG signature verification failed"
|
||||
exit 1
|
||||
}
|
||||
codesign --force --verbose --options runtime --timestamp --entitlements "$ENTITLEMENTS_PATH" --sign "$CERTIFICATE_ID" "${{ github.workspace }}/Snapmaker_Orca_Mac_universal_${{ env.ver }}.dmg"
|
||||
|
||||
# Create separate Snapmaker_Orca_profile_validator DMG if the app exists
|
||||
if [ -f "${{ github.workspace }}/build/universal/Snapmaker_Orca/Snapmaker_Orca_profile_validator.app/Contents/MacOS/Snapmaker_Orca_profile_validator" ]; then
|
||||
@@ -276,19 +210,7 @@ jobs:
|
||||
cp -R ${{ github.workspace }}/build/universal/Snapmaker_Orca/Snapmaker_Orca_profile_validator.app ${{ github.workspace }}/build/universal/Snapmaker_Orca_profile_validator_dmg/
|
||||
ln -sfn /Applications ${{ github.workspace }}/build/universal/Snapmaker_Orca_profile_validator_dmg/Applications
|
||||
hdiutil create -volname "Snapmaker_Orca Profile Validator" -srcfolder ${{ github.workspace }}/build/universal/Snapmaker_Orca_profile_validator_dmg -ov -format UDZO "${{ github.workspace }}/Snapmaker_Orca_profile_validator_Mac_universal_${{ env.ver }}.dmg"
|
||||
|
||||
# Sign DMG (DMG files don't need entitlements, just signature)
|
||||
echo "Signing profile validator DMG..."
|
||||
codesign --force --verbose --options runtime --timestamp --sign "$CERTIFICATE_ID" "${{ github.workspace }}/Snapmaker_Orca_profile_validator_Mac_universal_${{ env.ver }}.dmg" || {
|
||||
echo "Error: Failed to sign profile validator DMG"
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Verify DMG signature
|
||||
codesign --verify --verbose "${{ github.workspace }}/Snapmaker_Orca_profile_validator_Mac_universal_${{ env.ver }}.dmg" || {
|
||||
echo "Error: Profile validator DMG signature verification failed"
|
||||
exit 1
|
||||
}
|
||||
codesign --force --verbose --options runtime --timestamp --entitlements "$ENTITLEMENTS_PATH" --sign "$CERTIFICATE_ID" "${{ github.workspace }}/Snapmaker_Orca_profile_validator_Mac_universal_${{ env.ver }}.dmg"
|
||||
fi
|
||||
|
||||
# Notarize main DMG
|
||||
@@ -303,8 +225,7 @@ jobs:
|
||||
fi
|
||||
|
||||
- name: Create DMG without notary
|
||||
#if: github.ref != 'refs/heads/main' && inputs.os == 'macos-14' && github.ref != 'refs/heads/2.2.0'
|
||||
if: inputs.os == 'macos-14'
|
||||
if: github.ref != 'refs/heads/main' && inputs.os == 'macos-14' && github.ref != 'refs/heads/2.2.0'
|
||||
working-directory: ${{ github.workspace }}
|
||||
run: |
|
||||
mkdir -p ${{ github.workspace }}/build/universal/Snapmaker_Orca_dmg
|
||||
|
||||
Reference in New Issue
Block a user