From 984fbecde9b069b6c429762abb0f5fa85b7f90ba Mon Sep 17 00:00:00 2001 From: Bert Frees Date: Tue, 5 Nov 2024 15:57:22 +0100 Subject: [PATCH] Codesign more binaries inside JARs Also use ditto instead of jar in order to preserve MANIFEST files. --- Makefile | 75 ++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 49 insertions(+), 26 deletions(-) diff --git a/Makefile b/Makefile index 170c769..8da0365 100644 --- a/Makefile +++ b/Makefile @@ -112,34 +112,57 @@ ifeq ($(OS), MACOSX) if (identities.isEmpty()) \ err.println("No identity found to sign code"); \ else { \ + // replace signature of binary files within jars \ String id = identities.size() == 1 ? identities.get(0) : null; \ - File tmpDir = new File("target/codesign-workaround/"); \ - File jar = new File("target/jars/common/com.microsoft.cognitiveservices.speech.client-sdk-1.37.0.jar"); \ - File unzipDir = new File(tmpDir, jar.getName().replaceAll(".jar$$", "")); \ - mkdirs(unzipDir); \ - // FIXME: not using unzip() because it currently does not preserve file permissions \ - //unzip(jar, unzipDir); \ - exitOnError(captureOutput(err::println, unzipDir, "unzip", jar.getAbsolutePath())); \ - // replace signature of *.extension.kws.ort.dylib files \ - for (File f : glob(unzipDir.getPath() + "/ASSETS/osx-*/*.extension.kws.ort.dylib")) { \ - exitOnError(captureOutput(err::println, "codesign", "--remove-signature", f.getPath())); \ - if (id == null) { \ - err.println("Choose identity to sign code (move with arrows and press ENTER):"); \ - try { \ - id = identities.get(prompt(identityDescriptions)); \ - } catch (IOException e) { \ - System.exit(1); \ - } \ + LinkedList paths = new LinkedList<>(); \ + LinkedList unpacked = new LinkedList<>(); \ + for (String p : new String[]{ \ + "com.microsoft.cognitiveservices.speech.client-sdk-*.jar/ASSETS/osx-*/*.extension.kws.ort.dylib", \ + "net.java.dev.jna.jna-*.jar/com/sun/jna/darwin-*/libjnidispatch.jnilib", \ + "org.daisy.libs.io.bit3.jsass-*.jar/darwin-*/libjsass.dylib", \ + "*.audio-encoder-lame-*.jar/macosx/lame", \ + "mac/*.libhyphen-utils-*-mac.jar/native/macosx/*/libhyphen.dylib", \ + "mac/*.liblouis-utils-*-mac.jar/native/macosx/*/liblouis.dylib", \ + "mac/*.liblouis-utils-*-mac.jar/native/macosx/*/liblouisutdml/file2brl", \ + "mac/*.liblouis-utils-*-mac.jar/native/macosx/*/liblouisutdml/*.dylib", \ + "*.tts-adapter-acapela-3.1.5.jar/jnaerator-0.11-p1.jar/com/sun/jna/darwin/libjnidispatch.jnilib" \ + }) \ + paths.add("target/jars/common/" + p); \ + while (!paths.isEmpty()) { \ + String p = paths.pop(); \ + String jarPath = p.substring(0, p.indexOf(".jar") + 4); \ + File jar = glob(jarPath).get(0); \ + File unpackDir = new File(jar.getParentFile(), jar.getName().replaceAll(".jar$$", "")); \ + if (!unpackDir.exists()) { \ + mkdirs(unpackDir); \ + // FIXME: not using unzip() because it currently does not preserve file permissions \ + //unzip(jar, unpackDir); \ + exitOnError(captureOutput(err::println, unpackDir, "unzip", jar.getAbsolutePath())); \ + unpacked.push(unpackDir); } \ + p = p.substring(jarPath.length()); \ + if (p.contains(".jar")) \ + paths.add(unpackDir.getPath() + p); \ + else { \ + for (File f : glob(unpackDir.getPath() + p)) { \ + exitOnError(captureOutput(err::println, "codesign", "--remove-signature", f.getPath())); \ + if (id == null) { \ + err.println("Choose identity to sign code (move with arrows and press ENTER):"); \ + try { \ + id = identities.get(prompt(identityDescriptions)); \ + } catch (IOException e) { \ + System.exit(1); \ + } \ + } \ + exitOnError(captureOutput(err::println, "codesign", "-s", id, "-v", f.getPath())); } \ } \ - exitOnError(captureOutput(err::println, "codesign", "-s", id, "-v", f.getPath())); } \ - // delete META-INF folder with signature files \ - rm(new File(unzipDir, "META-INF")); \ - File fixedJar = new File(tmpDir, jar.getName()); \ - exitOnError( \ - captureOutput(err::println, "jar", "cvf", fixedJar.getPath(), "-C", unzipDir.getPath(), ".")); \ - rm(jar); \ - cp(fixedJar, jar); \ - rm(tmpDir); \ + } \ + for (File f : unpacked) { \ + File jar = new File(f.getAbsolutePath() + ".jar"); \ + rm(jar); \ + exitOnError( \ + captureOutput(err::println, "ditto", "-c", "-k", f.getPath(), jar.getPath())); \ + rm(f); \ + } \ } endif exec("$(MVN)", "assembly:single", "-Passemble-mac-zip");