From c39383da2df4ad497ebe5566bd15e87cb3458b65 Mon Sep 17 00:00:00 2001 From: Jacob Heider Date: Sun, 12 Feb 2023 21:55:35 -0500 Subject: [PATCH] sometimes codesign doesn't like existing metadata --- .github/actions/apple-signing/action.yml | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/.github/actions/apple-signing/action.yml b/.github/actions/apple-signing/action.yml index 3cfb6d2f..274ed00a 100644 --- a/.github/actions/apple-signing/action.yml +++ b/.github/actions/apple-signing/action.yml @@ -42,12 +42,15 @@ runs: shell: bash run: | for PATH in $PATHS; do - /usr/bin/find $PATH -name '*.so' -or -name '*.dylib' -print0 | \ - /usr/bin/xargs -0 /usr/bin/codesign -s "$IDENTITY" --force -v --deep --timestamp --preserve-metadata=entitlements -o runtime || true + LIBS="$(/usr/bin/find $PATH -name '*.so' -or -name '*.dylib')" if test -d $PATH/bin; then - /usr/bin/find $PATH/bin -type f -print0 | \ - /usr/bin/xargs -0 /usr/bin/codesign -s "$IDENTITY" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime || true + BINS="$(/usr/bin/find $PATH/bin -type f)" fi + + for FILE in $LIBS $BINS; do + BASENAME="$(/usr/bin/basename "$FILE")" + /usr/bin/codesign -s "$IDENTITY" --force -v --deep --timestamp --preserve-metadata=entitlements -o runtime "$FILE" || true + done done env: PATHS: ${{ inputs.paths }} @@ -63,6 +66,12 @@ runs: BINS="$(/usr/bin/find $PATH/bin -type f)" fi for SIGNED in $LIBS $BINS; do + # FIXME: `deno` compiled binaries don't currently pass validation. + # https://github.com/denoland/deno/issues/17753 + if test "$(/usr/bin/basename "$SIGNED")" = "tea"; then + continue + fi + /usr/bin/codesign -vvv --deep --strict "$SIGNED" done done