diff --git a/.github/actions/setup-macos/CMakeLists.txt b/.github/actions/setup-macos/CMakeLists.txt index e4613ee5..a9d8d3e2 100755 --- a/.github/actions/setup-macos/CMakeLists.txt +++ b/.github/actions/setup-macos/CMakeLists.txt @@ -43,7 +43,7 @@ endmacro(ADD_GH_GROUP) ExternalProject_Add(libpng URL "https://github.com/glennrp/libpng/archive/refs/tags/v1.6.54.tar.gz" URL_HASH SHA256=ba7efce137409079989df4667706c339bebfbb10e9f413474718012a13c8cd4c - CMAKE_ARGS ${CMAKE_ARGS} + CMAKE_ARGS ${CMAKE_ARGS} -DPNG_FRAMEWORK=OFF ) ADD_GH_GROUP(libpng) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 038538e7..954318e0 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -255,6 +255,13 @@ jobs: id: package uses: ./.github/actions/package-macos + - name: Check signature + run: | + mkdir -p ${{ runner.temp }}/pkg + hdiutil attach -mountpoint ${{ runner.temp }}/pkg ${{ steps.package.outputs.file }} + codesign --verify --verbose=4 ${{ runner.temp }}/pkg/TeXworks.app + hdiutil detach ${{ runner.temp }}/pkg + - name: Upload artifact uses: actions/upload-artifact@v4 with: diff --git a/CMake/packaging/mac/MacPackagingTasks.in.cmake b/CMake/packaging/mac/MacPackagingTasks.in.cmake index 9fad6619..4ff573e8 100644 --- a/CMake/packaging/mac/MacPackagingTasks.in.cmake +++ b/CMake/packaging/mac/MacPackagingTasks.in.cmake @@ -150,3 +150,16 @@ IF ( ${CMAKE_INSTALL_PREFIX} MATCHES .*/_CPack_Packages/.* ) ENDIF () +# Do adhoc code signing (required on arm platforms) +# FIXME: use a proper DeveloperID instead of adhoc signing if this ever becomes +# feasible +file(GLOB_RECURSE SharedModules "${CMAKE_INSTALL_PREFIX}/${PROJECT_NAME}.app/Contents/*.so") +file(GLOB_RECURSE SharedLibraries "${CMAKE_INSTALL_PREFIX}/${PROJECT_NAME}.app/Contents/*.dylib") +file(GLOB_RECURSE Frameworks LIST_DIRECTORIES TRUE "${CMAKE_INSTALL_PREFIX}/${PROJECT_NAME}.app/Contents/*.framework") +foreach(LIB IN LISTS SharedLibraries Frameworks SharedModules) + message(STATUS "Signing ${LIB} (ad hoc)") + execute_process(COMMAND codesign --sign - ${LIB}) +endforeach() + +message(STATUS "Signing ${CMAKE_INSTALL_PREFIX}/${PROJECT_NAME}.app (ad hoc)") +execute_process(COMMAND codesign --sign - ${CMAKE_INSTALL_PREFIX}/${PROJECT_NAME}.app)