mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-01-25 10:43:19 -03:00
4fdd836db9
The Apple notary service requires submitted app bundles to be configured to use the hardened runtime libraries. This is configured at signing time, and supported by the signapple tool Bitcoin Core uses for reproduceable signed binaries. We simply need to pass "--hardened-runtime" when the signature is created. Once attached to the bundle, the resulting codesigned binary can be successfully submitted to the Apple binary notarization service by any Apple Developer.
31 lines
790 B
Bash
Executable file
31 lines
790 B
Bash
Executable file
#!/bin/sh
|
|
# Copyright (c) 2014-2022 The Bitcoin Core developers
|
|
# Distributed under the MIT software license, see the accompanying
|
|
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
|
|
|
export LC_ALL=C
|
|
set -e
|
|
|
|
ROOTDIR=dist
|
|
BUNDLE="${ROOTDIR}/Bitcoin-Qt.app"
|
|
BINARY="${BUNDLE}/Contents/MacOS/Bitcoin-Qt"
|
|
SIGNAPPLE=signapple
|
|
TEMPDIR=sign.temp
|
|
ARCH=$(${SIGNAPPLE} info ${BINARY} | head -n 1 | cut -d " " -f 1)
|
|
OUT="signature-osx-${ARCH}.tar.gz"
|
|
OUTROOT=osx/dist
|
|
|
|
if [ -z "$1" ]; then
|
|
echo "usage: $0 <signapple args>"
|
|
echo "example: $0 <path to key>"
|
|
exit 1
|
|
fi
|
|
|
|
rm -rf ${TEMPDIR}
|
|
mkdir -p ${TEMPDIR}
|
|
|
|
${SIGNAPPLE} sign -f --detach "${TEMPDIR}/${OUTROOT}" "$@" "${BUNDLE}" --hardened-runtime
|
|
|
|
tar -C "${TEMPDIR}" -czf "${OUT}" .
|
|
rm -rf "${TEMPDIR}"
|
|
echo "Created ${OUT}"
|