Skip to content
This repository has been archived by the owner on May 15, 2021. It is now read-only.

Commit

Permalink
dylibs couldn't be signed so were breaking macos gatekeeper
Browse files Browse the repository at this point in the history
  • Loading branch information
Connoropolous committed Feb 14, 2020
1 parent 6b29b99 commit b99782d
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 3 deletions.
4 changes: 1 addition & 3 deletions entitlements.mac.plist
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,7 @@
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.files.all</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
</dict>
</plist>
21 changes: 21 additions & 0 deletions nix/acorn/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,23 @@ let
rm $HOLOCHAIN
'');

macos-fix-dylibs = (pkgs.writeShellScriptBin "acorn-macos-fix-dylibs" ''
set -euxo pipefail
echo 'fixing the dynamic linking of hc and holochain'
echo 'based on: otool -L hc'
install_name_tool -change /nix/store/qjf3nf4qa8q62giagjwdmdbjqni983km-Libsystem-osx-10.12.6/lib/libSystem.B.dylib /usr/lib/libSystem.B.dylib hc
install_name_tool -change /nix/store/qjf3nf4qa8q62giagjwdmdbjqni983km-Libsystem-osx-10.12.6/lib/libresolv.9.dylib /usr/lib/libresolv.9.dylib hc
# note this is a slight hack, with unforeseen consequences?
# because its a different lib? libiconv.dylib > libiconv.2.dylib
install_name_tool -change /nix/store/cib1v4zhizcjwkr96753n87ssm3nsfkm-libiconv-osx-10.12.6/lib/libiconv.dylib /usr/lib/libiconv.2.dylib hc
echo 'based on: otool -L holochain'
install_name_tool -change /nix/store/qjf3nf4qa8q62giagjwdmdbjqni983km-Libsystem-osx-10.12.6/lib/libSystem.B.dylib /usr/lib/libSystem.B.dylib holochain
install_name_tool -change /nix/store/qjf3nf4qa8q62giagjwdmdbjqni983km-Libsystem-osx-10.12.6/lib/libresolv.9.dylib /usr/lib/libresolv.9.dylib holochain
# note this is a slight hack, with unforeseen consequences?
# because its a different lib? libiconv.dylib > libiconv.2.dylib
install_name_tool -change /nix/store/cib1v4zhizcjwkr96753n87ssm3nsfkm-libiconv-osx-10.12.6/lib/libiconv.dylib /usr/lib/libiconv.2.dylib holochain
'');

build-linux = (pkgs.writeShellScriptBin "acorn-build-linux" ''
${pre-build}/bin/acorn-pre-build
acorn_platform=''${1:-linux}
Expand All @@ -83,12 +100,14 @@ let
build-mac = (pkgs.writeShellScriptBin "acorn-build-mac" ''
${pre-build}/bin/acorn-pre-build
${fetch-bins}/bin/acorn-fetch-bins apple-darwin
${macos-fix-dylibs}/bin/acorn-macos-fix-dylibs
electron-packager . Acorn --platform=darwin --arch=x64 --overwrite --prune=true --icon=\"ui/logo/[email protected]\" --osx-sign.hardenedRuntime=true --osx-sign.gatekeeperAssess=false --osx-sign.entitlements=entitlements.mac.plist --osx-sign.entitlements-inherit=entitlements.mac.plist --osx-sign.type=distribution --osx-sign.identity=\"$APPLE_DEV_IDENTITY\" --osx-notarize.apple-id=\"$APPLE_ID_EMAIL\" --osx-notarize.apple-id-password=\"$APPLE_ID_PASSWORD\"
'');

build-mac-unsigned = (pkgs.writeShellScriptBin "acorn-build-mac-unsigned" ''
${pre-build}/bin/acorn-pre-build
${fetch-bins}/bin/acorn-fetch-bins apple-darwin
${macos-fix-dylibs}/bin/acorn-macos-fix-dylibs
electron-packager . Acorn --platform=darwin --arch=x64 --overwrite --prune=true --icon=\"ui/logo/[email protected]\"
'');

Expand All @@ -103,6 +122,8 @@ in
bundle-ui
clean
reset
fetch-bins
macos-fix-dylibs
build-linux
build-mac
build-mac-unsigned
Expand Down

0 comments on commit b99782d

Please sign in to comment.