Sign MonoBundle automatically if detected in .app

2025-10-25 15:19:22 +00:00 · 2024-10-20 21:26:29 +01:00
parent eabae74663
commit d1a72e547e
3 changed files with 45 additions and 19 deletions
--- a/src/vpk/Velopack.Packaging.Unix/Commands/OsxPackCommandRunner.cs
+++ b/src/vpk/Velopack.Packaging.Unix/Commands/OsxPackCommandRunner.cs
@@ -1,4 +1,5 @@
-using System.Runtime.Versioning;
+using System.Collections.Concurrent;
+using System.Runtime.Versioning;
 using Microsoft.Extensions.Logging;
 using Velopack.Packaging.Abstractions;
 using Velopack.Util;
@@ -73,25 +74,49 @@ public class OsxPackCommandRunner : PackageBuilder<OsxPackOptions>
    {
        var helper = new OsxBuildTools(Log);
        var keychainPath = Options.Keychain;
+        var monoBundlePath = Path.Combine(packDir, "Contents", "MonoBundle");
+
+        string entitlements = Options.SignEntitlements;
+        if (String.IsNullOrEmpty(entitlements)) {
+            Log.Info("No entitlements specified, using default: " +
+                     "https://docs.microsoft.com/dotnet/core/install/macos-notarization-issues");
+            entitlements = HelperFile.VelopackEntitlements;
+        }
+
+        void InnerSign()
+        {
+            if (Directory.Exists(monoBundlePath)) {
+                Log.Warn("Detected invalid Xamarin MonoBundle, fixing code signing...");
+                var files = Directory.EnumerateFiles(monoBundlePath).ToArray();
+                int processed = 0;
+                Parallel.ForEach(files, new ParallelOptions() { MaxDegreeOfParallelism = 4}, (file) => {
+                    helper.CodeSign(Options.SignAppIdentity, entitlements, file, false, keychainPath);
+                    Interlocked.Increment(ref processed);
+                    progress(Math.Min((int)(processed * 100d / files.Length), 95));
+                });
+                Thread.Sleep(100);
+            }
+            Log.Info("Code signing application bundle...");
+            progress(-1); // indeterminate
+            helper.CodeSign(Options.SignAppIdentity, entitlements, packDir, true, keychainPath);
+        }
+        
        // code signing all mach-o binaries
        if (!string.IsNullOrEmpty(Options.SignAppIdentity) && !string.IsNullOrEmpty(Options.NotaryProfile)) {
-            progress(-1); // indeterminate
            var zipPath = Path.Combine(TempDir.FullName, "notarize.zip");
-            helper.CodeSign(Options.SignAppIdentity, Options.SignEntitlements, packDir, keychainPath);
+            InnerSign();
            helper.CreateDittoZip(packDir, zipPath);
            helper.Notarize(zipPath, Options.NotaryProfile, keychainPath);
            helper.Staple(packDir);
            helper.SpctlAssessCode(packDir);
            File.Delete(zipPath);
-            progress(100);
        } else if (!string.IsNullOrEmpty(Options.SignAppIdentity)) {
-            progress(-1); // indeterminate
-            Log.Warn("Package will be signed, but [underline]not notarized[/]. Missing the --notaryProfile option.");
-            helper.CodeSign(Options.SignAppIdentity, Options.SignEntitlements, packDir, keychainPath);
-            progress(100);
+            Log.Warn("Package will be signed but not notarized. Missing the --notaryProfile option.");
+            InnerSign();
        } else {
            Log.Warn("Package will not be signed or notarized. Missing the --signAppIdentity and --notaryProfile options.");
        }
+        progress(100);
        return Task.CompletedTask;
    }

--- a/src/vpk/Velopack.Packaging.Unix/OsxBuildTools.cs
+++ b/src/vpk/Velopack.Packaging.Unix/OsxBuildTools.cs
@@ -15,14 +15,8 @@ public class OsxBuildTools
        Log = logger;
    }

-    public void CodeSign(string identity, string entitlements, string filePath, string keychainPath)
+    public void CodeSign(string identity, string entitlements, string filePath, bool deep, string keychainPath)
    {
-        if (String.IsNullOrEmpty(entitlements)) {
-            Log.Info("No entitlements specified, using default: " +
-                     "https://docs.microsoft.com/dotnet/core/install/macos-notarization-issues");
-            entitlements = HelperFile.VelopackEntitlements;
-        }
-
        if (!File.Exists(entitlements)) {
            throw new Exception("Could not find entitlements file at: " + entitlements);
        }
@@ -31,11 +25,14 @@ public class OsxBuildTools
            "-s", identity,
            "-f",
            "-v",
-            "--deep",
            "--timestamp",
            "--options", "runtime",
            "--entitlements", entitlements,
        };
+        
+        if (deep) {
+            args.Add("--deep");
+        }

        if (!String.IsNullOrEmpty(keychainPath)) {
            Log.Info($"Using non-default keychain at '{keychainPath}'");
@@ -45,9 +42,12 @@ public class OsxBuildTools

        args.Add(filePath);

-        Log.Info($"Beginning codesign for package...");
-        Log.Info(Exe.InvokeAndThrowIfNonZero("codesign", args, null));
-        Log.Info("codesign completed successfully");
+        Log.Debug($"Beginning codesign for package...");
+        string output = Exe.InvokeAndThrowIfNonZero("codesign", args, null);
+        if (!String.IsNullOrWhiteSpace(output)) {
+            Log.Info(output);
+        }
+        Log.Debug("codesign completed successfully");
    }

    public void SpctlAssessCode(string filePath)
--- a/src/vpk/Velopack.Packaging/HelperFile.cs
+++ b/src/vpk/Velopack.Packaging/HelperFile.cs
@@ -92,6 +92,7 @@ public static class HelperFile
        AddSearchPath(AppContext.BaseDirectory, "..", "..", "..", "target", "debug");
        AddSearchPath(AppContext.BaseDirectory, "..", "..", "..", "vendor");
        AddSearchPath(AppContext.BaseDirectory, "..", "..", "..", "artwork");
+        AddSearchPath(AppContext.BaseDirectory, "..", "..", "..");
 #else
        AddSearchPath(AppContext.BaseDirectory, "..", "..", "..", "vendor");
 #endif