forked from digital195/unifi-protect-viewer
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsign-script.sh
executable file
·62 lines (48 loc) · 2.48 KB
/
sign-script.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#!/bin/bash
set -e
# Paths must be properly quoted to handle spaces
APP_PATH="/Users/jdlien/code/unifi-protect-viewer/builds/UniFi Protect Viewer-darwin-arm64/UniFi Protect Viewer.app"
ENTITLEMENTS="/Users/jdlien/code/unifi-protect-viewer/entitlements.plist"
IDENTITY="Developer ID Application: Joseph Lien (A93Q7MKECL)"
echo "Signing app bundle: $APP_PATH"
# Thoroughly remove existing signatures
echo "Removing existing signatures..."
xattr -cr "$APP_PATH"
# Remove signatures from all binary and framework files
echo "Removing signatures from all components..."
find "$APP_PATH" -type f \( -name "*.dylib" -o -name "*.so" -o -path "*/Frameworks/*" \) | while read -r file; do
codesign --remove-signature "$file" 2>/dev/null || true
done
# Remove signature from helper apps
find "$APP_PATH" -name "*.app" -type d | while read -r helper; do
codesign --remove-signature "$helper" 2>/dev/null || true
done
# Remove signature from the main app
codesign --remove-signature "$APP_PATH" 2>/dev/null || true
echo "All existing signatures removed."
# Sign all the dynamic libraries EXCEPT problematic ones
echo "Signing dynamic libraries..."
find "$APP_PATH" -name "*.dylib" -type f | grep -v "libEGL\.dylib" | grep -v "libGLESv2\.dylib" | while read -r lib; do
codesign --force --sign "$IDENTITY" --timestamp --options runtime "$lib"
done
# Sign all the frameworks EXCEPT Electron Framework (which contains problematic dylibs)
echo "Signing frameworks..."
find "$APP_PATH/Contents/Frameworks" -name "*.framework" -type d | grep -v "Electron Framework.framework" | while read -r framework; do
codesign --force --sign "$IDENTITY" --timestamp --options runtime "$framework"
done
# Now sign Electron Framework with special handling
echo "Signing Electron Framework with special handling..."
codesign --force --sign "$IDENTITY" --options runtime --timestamp --no-strict "$APP_PATH/Contents/Frameworks/Electron Framework.framework"
# Sign all the helper apps
echo "Signing helper apps..."
find "$APP_PATH/Contents/Frameworks" -name "*.app" -type d | while read -r helper; do
codesign --force --timestamp --options runtime --entitlements "$ENTITLEMENTS" --sign "$IDENTITY" "$helper"
done
# Sign the main app
echo "Signing main app..."
codesign --force --timestamp --options runtime --entitlements "$ENTITLEMENTS" --sign "$IDENTITY" "$APP_PATH"
# Final verification with less strict requirements
echo "Verifying signature (with --no-strict)..."
codesign --verify --no-strict --verbose "$APP_PATH"
echo "Signing completed!"
exit 0