diff --git a/desktop/package/macos/build.py b/desktop/package/macos/build.py index 0ba23129..98b39f48 100755 --- a/desktop/package/macos/build.py +++ b/desktop/package/macos/build.py @@ -5,6 +5,7 @@ import subprocess import argparse import shutil import glob +import itertools root = os.path.dirname( os.path.dirname( @@ -15,6 +16,24 @@ root = os.path.dirname( ) +def codesign(path, entitlements, identity): + run( + [ + "codesign", + "--sign", + identity, + "--entitlements", + str(entitlements), + "--timestamp", + "--deep", + str(path), + "--force", + "--options", + "runtime", + ] + ) + + def run(cmd, cwd=None): subprocess.run(cmd, cwd=cwd, check=True) @@ -53,39 +72,29 @@ def main(): if args.with_codesign: identity_name_application = "Developer ID Application: Micah Lee (N9B95FDWH4)" - entitlements_child_filename = os.path.join( + entitlements_child_plist_path = os.path.join( desktop_dir, "package", "macos", "ChildEntitlements.plist" ) - entitlements_filename = os.path.join( + entitlements_plist_path = os.path.join( desktop_dir, "package", "macos", "Entitlements.plist" ) print("○ Code signing app bundle") - run( - [ - "codesign", - "--deep", - "-s", - identity_name_application, - "--force", - "--entitlements", - entitlements_child_filename, - "--timestamp", - app_path, - ] - ) - run( - [ - "codesign", - "-s", - identity_name_application, - "--force", - "--entitlements", - entitlements_filename, - "--timestamp", - app_path, - ] - ) + for path in itertools.chain( + glob.glob(f"{app_path}/Contents/Resources/app_packages/**/*.dylib", recursive=True), + glob.glob(f"{app_path}/Contents/Resources/app_packages/**/*.so", recursive=True), + glob.glob(f"{app_path}/Contents/Resources/Support/**/*.dylib", recursive=True), + glob.glob(f"{app_path}/Contents/Resources/Support/**/*.so", recursive=True), + glob.glob(f"{app_path}/Contents/Resources/app_packages/PySide2/Qt/lib/**/Versions/5/*", recursive=True), + ): + codesign(path, entitlements_plist_path, identity_name_application) + # for path in [ + # f"{app_path}/Contents/Resources/app/onionshare/resources/tor/libevent-2.1.7.dylib", + # f"{app_path}/Contents/Resources/app/onionshare/resources/tor/obfs4proxy", + # f"{app_path}/Contents/Resources/app/onionshare/resources/tor/tor", + # ]: + # codesign(path, entitlements_child_plist_path, identity_name_application) + codesign(app_path, entitlements_plist_path, identity_name_application) print(f"○ Signed app bundle: {app_path}") if not os.path.exists("/usr/local/bin/create-dmg"): diff --git a/desktop/scripts/get-tor-osx.py b/desktop/scripts/get-tor-osx.py index 67aac51a..5cdc72b8 100755 --- a/desktop/scripts/get-tor-osx.py +++ b/desktop/scripts/get-tor-osx.py @@ -37,10 +37,10 @@ import requests def main(): - dmg_url = "https://archive.torproject.org/tor-package-archive/torbrowser/10.0.2/TorBrowser-10.0.2-osx64_en-US.dmg" - dmg_filename = "TorBrowser-10.0.2-osx64_en-US.dmg" + dmg_url = "https://archive.torproject.org/tor-package-archive/torbrowser/10.0.10/TorBrowser-10.0.10-osx64_en-US.dmg" + dmg_filename = "TorBrowser-10.0.10-osx64_en-US.dmg" expected_dmg_sha256 = ( - "ac8d28f6f8d92e220f72ef7b0cb2bba45d5e0d4b243dc50806e33e08278e7730" + "7ed73e94ccdfab76b8d96ddbac7828d3a7c77dd73b54c34e55666f3b6274d12a" ) # Build paths diff --git a/desktop/scripts/get-tor-windows.py b/desktop/scripts/get-tor-windows.py index 16841c60..07656480 100644 --- a/desktop/scripts/get-tor-windows.py +++ b/desktop/scripts/get-tor-windows.py @@ -34,10 +34,10 @@ import requests def main(): - exe_url = "https://archive.torproject.org/tor-package-archive/torbrowser/10.0.2/torbrowser-install-10.0.2_en-US.exe" + exe_url = "https://archive.torproject.org/tor-package-archive/torbrowser/10.0.10/torbrowser-install-10.0.10_en-US.exe" exe_filename = "torbrowser-install-10.0.2_en-US.exe" expected_exe_sha256 = ( - "c685c550fc420c39cbe40e453f2201789af5f64e7b024c9339c2a3bd01e61c2d" + "6cbd14a7232e4ae7f2718d9b7f377e1a7bb96506da21f1ac6f689a22fc5e53fe" ) # Build paths root_path = os.path.dirname(