diff --git a/.github/workflows/macos-alpha-build.yml b/.github/workflows/macos-alpha-build.yml index 6d418b909..168c13837 100644 --- a/.github/workflows/macos-alpha-build.yml +++ b/.github/workflows/macos-alpha-build.yml @@ -140,7 +140,9 @@ jobs: - name: Sign to .dmg run: | + set -ex hdiutil convert ./dist/*.dmg -format UDZO -imagekey zlib-level=9 -o zen.macos-${{ matrix.arch }}.dmg + xattr -cr zen.macos-${{ matrix.arch }}.dmg codesign -s "${{ secrets.macOS_AppleDeveloperId }}" zen.macos-${{ matrix.arch }}.dmg xcrun notarytool submit "zen.macos-${{ matrix.arch }}.dmg" \ --apple-id "${{ secrets.macOS_AppleAccountId }}" \ diff --git a/build/codesign/codesign.bash b/build/codesign/codesign.bash index 590e0922d..d3c66027e 100644 --- a/build/codesign/codesign.bash +++ b/build/codesign/codesign.bash @@ -109,6 +109,8 @@ echo "plugin-container entitlements file: $PLUGINCONTAINER_ENTITLEMENTS_FILE" echo "output dmg file (optional): $OUTPUT_DMG_FILE" echo "-------------------------------------------------------------------------" +set -x + # Clear extended attributes which cause codesign to fail xattr -cr "${BUNDLE}" @@ -118,19 +120,15 @@ codesign --force -o runtime --verbose --sign "$IDENTITY" \ "${BUNDLE}/Contents/Library/LaunchServices/org.mozilla.updater" \ "${BUNDLE}/Contents/MacOS/XUL" \ "${BUNDLE}/Contents/MacOS/pingsender" \ -"${BUNDLE}/Contents/MacOS/minidump-analyzer" \ "${BUNDLE}/Contents/MacOS/*.dylib" \ -codesign --force -o runtime --verbose --sign "$IDENTITY" --deep \ -"${BUNDLE}"/Contents/MacOS/crashreporter.app - codesign --force -o runtime --verbose --sign "$IDENTITY" --deep \ "${BUNDLE}"/Contents/MacOS/updater.app -# Sign floorp main executable +# Sign zen main executable codesign --force -o runtime --verbose --sign "$IDENTITY" --deep \ --entitlements ${BROWSER_ENTITLEMENTS_FILE} \ -"${BUNDLE}"/Contents/MacOS/floorp +"${BUNDLE}"/Contents/MacOS/zen # Sign Library/LaunchServices codesign --force -o runtime --verbose --sign "$IDENTITY" --deep \