status-im/status-desktop
2
0
Fork 0
mirror of https://github.com/status-im/status-desktop.git synced 2025-01-09 05:52:41 +00:00
Code Issues Projects Releases Wiki Activity
status-desktop/scripts/sign-macos-pkg.sh
Stefan ccd8c5b65f feat(wallet) Wallet Connect integration prototype 
Implement a prototype of integrating [WalletConnect Web SDK]()

- integrate WalletConnect Web SDK using Node.js and packing it using
  [webpack](https://webpack.js.org/guides/getting-started/)
  - this way, we achieve the same versioning strategy for the SDK
- add WalletConnectSDK view
  - it is used to load the web SDK via a WebView (validated working on
  Mac and Windows)
- add new app dependency of WebView QT
  - also update vendor packages `Dotherside` and `nimqml` to add
    required WebView::initialize API used to initialize the WebView
    integration at the app start
- add WalletConnectPage to Storybook for quick prototyping
  - Also add dependency for WebView Qt lib
- index.js is the wrapper used to provide a simple stateful interface
  with the WC SDK
- Entry in ui/generate-rcc.go ensures the node_modules cache is excluded
  from the resource file

Notes:

- Added `com.apple.security.cs.allow-jit` entitlement when signing the
app package. This allows Execution of JIT-compiled Code Entitlement
required by the fast-path of the JavaScriptCore framework on MacOS
platforms.
- Keep some debugging entries expected to help debugging Linux package
- Removed outdated `DerivationPathInputRegressionTests` qml test

Closes #12301
2023-10-30 09:29:33 +01:00

85 lines
2.5 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -e
[[ $(uname) != 'Darwin' ]] && { echo 'This only works on macOS.' >&2; exit 1; }
[[ $# -lt 2 ]] && { echo 'sign-macos-bundle.sh <file_to_sign> <sign_identity>' >&2; exit 1; }
# First is the target file/directory to sign
TARGET="${1}"
# Second argument is the signing identity
CODESIGN_ID="${2}"
# Rest are extra command line flags for codesign
shift 2
CODESIGN_OPTS_EXTRA=("${@}")
[[ ! -e "${TARGET}" ]] && { echo 'Target file does not exist.' >&2; exit 1; }
function clean_up {
STATUS=$?
if [[ "${STATUS}" -ne 0 ]]; then
echo -e "\n###### ERROR: See above for details."
fi
set +e
echo -e "\n###### Cleaning up..."
echo -e "\n### Locking keychain..."
security lock-keychain "${MACOS_KEYCHAIN_FILE}"
echo -e "\n### Restoring default keychain search list..."
security list-keychains -s ${ORIG_KEYCHAIN_LIST}
security list-keychains
exit $STATUS
}
# Flags for codesign
CODESIGN_OPTS=(
"--sign ${CODESIGN_ID}"
"--options runtime"
"--verbose=4"
"--force"
)
# Add extra flags provided via command line
CODESIGN_OPTS+=(
${CODESIGN_OPTS_EXTRA[@]}
)
# Setting MACOS_KEYCHAIN_FILE nd MACOS_KEYCHAIN_PASS is not required because
# MACOS_CODESIGN_IDENT can be found in e.g. your login keychain.
# Those would normally be specified only in CI.
if [[ -n "${MACOS_KEYCHAIN_FILE}" ]]; then
if [[ -z "${MACOS_KEYCHAIN_PASS}" ]]; then
echo "Unable to unlock the keychain without MACOS_KEYCHAIN_PASS!" >&2
exit 1
fi
echo -e "\n### Storing original keychain search list..."
# We want to restore the normal keychains and ignore Jenkis created ones
ORIG_KEYCHAIN_LIST=$(security list-keychains | grep -v -e "^/private" -e "secretFiles" | xargs)
# The keychain file needs to be locked afterwards
trap clean_up EXIT ERR
echo -e "\n### Adding keychain to search list..."
security list-keychains -s ${ORIG_KEYCHAIN_LIST} "${MACOS_KEYCHAIN_FILE}"
security list-keychains
echo -e "\n### Unlocking keychain..."
security unlock-keychain -p "${MACOS_KEYCHAIN_PASS}" "${MACOS_KEYCHAIN_FILE}"
# Add a flag to use the unlocked keychain
CODESIGN_OPTS+=("--keychain ${MACOS_KEYCHAIN_FILE}")
fi
# If 'TARGET' is a directory, we assume it's an app
# bundle, otherwise we consider it to be a dmg.
if [[ -d "${TARGET}" ]]; then
CODESIGN_OPTS+=("--deep")
fi
echo -e "\n### Signing target..."
codesign ${CODESIGN_OPTS[@]} "${TARGET}"
echo -e "\n### Verifying signature..."
codesign --verify --strict=all --deep --verbose=4 "${TARGET}"
echo -e "\n###### DONE"
Reference in New Issue View Git Blame Copy Permalink