From e321b6d1d29da0b0f629aa306b020d3ca5d3332e Mon Sep 17 00:00:00 2001 From: Bart House Date: Wed, 21 Nov 2018 21:23:30 -0800 Subject: [PATCH] Added ability to sign tty package. --- sys/unix/hints/macosx10.14 | 42 +++++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/sys/unix/hints/macosx10.14 b/sys/unix/hints/macosx10.14 index a08b27acc..c7e38273f 100644 --- a/sys/unix/hints/macosx10.14 +++ b/sys/unix/hints/macosx10.14 @@ -223,6 +223,20 @@ ifdef MAKEFILE_TOP # 2) Do a normal build before trying to package the game. # 3) This matches the 3.4.3 Term package, but there are some things that should # be changed. +# +# Packages that are being distributed must be signed by a Developer ID Installer +# certificate. Set DEVERLOPER_CERT to the name of the certificate if you wish +# for your package to be signed for distribution. +# +# If building a package for signing, you must use sudo approriately. +# the binaries and package using sudo but you DO NOT use sudo to sign the +# package. If you use sudo to sign the package, it will fail. +# +# sudo make all +# sudo make build_tty_pkg +# sudo sign_tty_pkg +# + ifdef WANT_WIN_TTY DEVUTIL=/Developer/Applications/Utilities @@ -232,6 +246,19 @@ SVSDOT=$(shell $(NHSROOT)/util/makedefs --svs .) PKGROOT_UG = PKGROOT/$(PREFIX) PKGROOT_UGLN = PKGROOT/$(HACKDIR) PKGROOT_BIN = PKGROOT/$(SHELLDIR) + +#DEVELOPER_CERT = Developer ID Installer: John Doe (XXXXXXXXXX) +DEVELOPER_CERT = NONE + +spotless:: + rm -rf RESOURCES + rm -rf PKG + rm -rf PKGSCRIPTS + rm -rf PKGROOT + rm Info.plist + rm Distribution.xml + rm NetHack-*-mac-Term* + build_tty_pkg: ifneq (,$(WANT_WIN_X11)$(WANT_WIN_QT)) -echo build_tty_pkg only works for a tty-only build @@ -267,7 +294,20 @@ else mkdir -p PKG pkgbuild --root PKGROOT --identifier org.nethack.term --scripts PKGSCRIPTS PKG/NH-Term.pkg productbuild --synthesize --product Info.plist --package PKG/NH-Term.pkg Distribution.xml - productbuild --distribution Distribution.xml --resources RESOURCES --package-path PKG NetHack-$(SVS)-mac-Term.pkg + productbuild --distribution Distribution.xml --resources RESOURCES --package-path PKG NetHack-$(SVS)-mac-Term-unsigned.pkg +ifeq ($(DEVELOPER_CERT),NONE) + cp NetHack-$(SVS)-mac-Term-unsigned.pkg NetHack-$(SVS)-mac-Term.pkg + hdiutil create -verbose -srcfolder NetHack-$(SVS)-mac-Term-unsigned.pkg NetHack-$(SVS)-mac-Term-unsigned.dmg + @echo ------------------------------------------- + @echo PACKAGE IS NOT SIGNED FOR DISTRIBUTION!!!!! + @echo =========================================== +else + @echo "run 'make sign_tty_pkg' to complete package" +endif + +sign_tty_pkg: + productsign --timestamp=none --sign "$(DEVELOPER_CERT)" NetHack-$(SVS)-mac-Term-unsigned.pkg NetHack-$(SVS)-mac-Term.pkg || (echo "Package signing failed"; exit 1) + spctl -a -v --type install NetHack-362-0-mac-Term.pkg || (echo "Package not signed properly"; exit 1) hdiutil create -verbose -srcfolder NetHack-$(SVS)-mac-Term.pkg NetHack-$(SVS)-mac-Term.dmg build_package_root: