Codesign more binaries inside JARs

Also use ditto instead of jar in order to preserve MANIFEST files.
daisy · Nov 5, 2024 · 984fbec · 984fbec
1 parent 64ec5d4
commit 984fbec
Showing 1 changed file with 49 additions and 26 deletions.
diff --git a/Makefile b/Makefile
@@ -112,34 +112,57 @@ ifeq ($(OS), MACOSX)
 	if (identities.isEmpty())                                                                                   \
 	    err.println("No identity found to sign code");                                                          \
 	else {                                                                                                      \
+	    // replace signature of binary files within jars                                                        \
 	    String id = identities.size() == 1 ? identities.get(0) : null;                                          \
-	    File tmpDir = new File("target/codesign-workaround/");                                                  \
-	    File jar = new File("target/jars/common/com.microsoft.cognitiveservices.speech.client-sdk-1.37.0.jar"); \
-	    File unzipDir = new File(tmpDir, jar.getName().replaceAll(".jar$$", ""));                               \
-	    mkdirs(unzipDir);                                                                                       \
-	    // FIXME: not using unzip() because it currently does not preserve file permissions                     \
-	    //unzip(jar, unzipDir);                                                                                 \
-	    exitOnError(captureOutput(err::println, unzipDir, "unzip", jar.getAbsolutePath()));                     \
-	    // replace signature of *.extension.kws.ort.dylib files                                                 \
-	    for (File f : glob(unzipDir.getPath() + "/ASSETS/osx-*/*.extension.kws.ort.dylib")) {                   \
-	        exitOnError(captureOutput(err::println, "codesign", "--remove-signature", f.getPath()));            \
-	        if (id == null) {                                                                                   \
-	            err.println("Choose identity to sign code (move with arrows and press ENTER):");                \
-	            try {                                                                                           \
-	                id = identities.get(prompt(identityDescriptions));                                          \
-	            } catch (IOException e) {                                                                       \
-	                System.exit(1);                                                                             \
-	            }                                                                                               \
+	    LinkedList<String> paths = new LinkedList<>();                                                          \
+	    LinkedList<File> unpacked = new LinkedList<>();                                                         \
+	    for (String p : new String[]{                                                                           \
+	        "com.microsoft.cognitiveservices.speech.client-sdk-*.jar/ASSETS/osx-*/*.extension.kws.ort.dylib",   \
+	        "net.java.dev.jna.jna-*.jar/com/sun/jna/darwin-*/libjnidispatch.jnilib",                            \
+	        "org.daisy.libs.io.bit3.jsass-*.jar/darwin-*/libjsass.dylib",                                       \
+	        "*.audio-encoder-lame-*.jar/macosx/lame",                                                           \
+	        "mac/*.libhyphen-utils-*-mac.jar/native/macosx/*/libhyphen.dylib",                                  \
+	        "mac/*.liblouis-utils-*-mac.jar/native/macosx/*/liblouis.dylib",                                    \
+	        "mac/*.liblouis-utils-*-mac.jar/native/macosx/*/liblouisutdml/file2brl",                            \
+	        "mac/*.liblouis-utils-*-mac.jar/native/macosx/*/liblouisutdml/*.dylib",                             \
+	        "*.tts-adapter-acapela-3.1.5.jar/jnaerator-0.11-p1.jar/com/sun/jna/darwin/libjnidispatch.jnilib"    \
+	    })                                                                                                      \
+	        paths.add("target/jars/common/" + p);                                                               \
+	    while (!paths.isEmpty()) {                                                                              \
+	        String p = paths.pop();                                                                             \
+	        String jarPath = p.substring(0, p.indexOf(".jar") + 4);                                             \
+	        File jar = glob(jarPath).get(0);                                                                    \
+	        File unpackDir = new File(jar.getParentFile(), jar.getName().replaceAll(".jar$$", ""));             \
+	        if (!unpackDir.exists()) {                                                                          \
+	            mkdirs(unpackDir);                                                                              \
+	            // FIXME: not using unzip() because it currently does not preserve file permissions             \
+	            //unzip(jar, unpackDir);                                                                        \
+	            exitOnError(captureOutput(err::println, unpackDir, "unzip", jar.getAbsolutePath()));            \
+	            unpacked.push(unpackDir); }                                                                     \
+	        p = p.substring(jarPath.length());                                                                  \
+	        if (p.contains(".jar"))                                                                             \
+	            paths.add(unpackDir.getPath() + p);                                                             \
+	        else {                                                                                              \
+	            for (File f : glob(unpackDir.getPath() + p)) {                                                  \
+	                exitOnError(captureOutput(err::println, "codesign", "--remove-signature", f.getPath()));    \
+	                if (id == null) {                                                                           \
+	                    err.println("Choose identity to sign code (move with arrows and press ENTER):");        \
+	                    try {                                                                                   \
+	                        id = identities.get(prompt(identityDescriptions));                                  \
+	                    } catch (IOException e) {                                                               \
+	                        System.exit(1);                                                                     \
+	                    }                                                                                       \
+	                }                                                                                           \
+	                exitOnError(captureOutput(err::println, "codesign", "-s", id, "-v", f.getPath())); }        \
 	        }                                                                                                   \
-	        exitOnError(captureOutput(err::println, "codesign", "-s", id, "-v", f.getPath())); }                \
-	    // delete META-INF folder with signature files                                                          \
-	    rm(new File(unzipDir, "META-INF"));                                                                     \
-	    File fixedJar = new File(tmpDir, jar.getName());                                                        \
-	    exitOnError(                                                                                            \
-	        captureOutput(err::println, "jar", "cvf", fixedJar.getPath(), "-C", unzipDir.getPath(), "."));      \
-	    rm(jar);                                                                                                \
-	    cp(fixedJar, jar);                                                                                      \
-	    rm(tmpDir);                                                                                             \
+	    }                                                                                                       \
+	    for (File f : unpacked) {                                                                               \
+	        File jar = new File(f.getAbsolutePath() + ".jar");                                                  \
+	        rm(jar);                                                                                            \
+	        exitOnError(                                                                                        \
+	            captureOutput(err::println, "ditto", "-c", "-k", f.getPath(), jar.getPath()));                  \
+	        rm(f);                                                                                              \
+	    }                                                                                                       \
 	}
 endif
 	exec("$(MVN)", "assembly:single", "-Passemble-mac-zip");