Add macOS disk image notarization

2023-10-19 23:13:05 +02:00
parent 418e220c00
commit 770d21566a
3 changed files with 20 additions and 0 deletions
--- a/Source/Tools/Flax.Build/Deploy/Deployer.cs
+++ b/Source/Tools/Flax.Build/Deploy/Deployer.cs
@@ -44,6 +44,12 @@ namespace Flax.Build
        /// </summary>
        [CommandLine("deployCertPass", "Certificate file password for binaries signing.")]
        public static string DeployCertPass;
+
+        /// <summary>
+        /// Apple keychain profile name to use for app notarize action (installed locally).
+        /// </summary>
+        [CommandLine("deployKeychainProfile", "Apple keychain profile name to use for app notarize action (installed locally).")]
+        public static string DeployKeychainProfile;
    }
 }

--- a/Source/Tools/Flax.Build/Deploy/Deployment.Editor.cs
+++ b/Source/Tools/Flax.Build/Deploy/Deployment.Editor.cs
@@ -204,6 +204,16 @@ namespace Flax.Deploy
                    Utilities.Run("hdiutil", $"create -srcFolder \"{appPath}\" -o \"{dmgPath}\"", null, null, Utilities.RunOptions.Default | Utilities.RunOptions.ThrowExceptionOnError);
                    CodeSign(dmgPath);
                    Log.Info("Output disk image size: " + Utilities.GetFileSize(dmgPath));
+
+                    // Notarize disk image
+                    if (!string.IsNullOrEmpty(Configuration.DeployKeychainProfile))
+                    {
+                        Log.Info(string.Empty);
+                        Log.Info("Notarizing disk image...");
+                        Utilities.Run("xcrun", $"notarytool submit \"{dmgPath}\" --wait --keychain-profile \"{Configuration.DeployKeychainProfile}\"", null, null, Utilities.RunOptions.Default | Utilities.RunOptions.ThrowExceptionOnError);
+                        Utilities.Run("xcrun", $"stapler staple \"{dmgPath}\"", null, null, Utilities.RunOptions.Default | Utilities.RunOptions.ThrowExceptionOnError);
+                        Log.Info("App notarized for macOS distribution!");
+                    }
                }

                // Compress
--- a/Source/Tools/Flax.Build/Platforms/Mac/MacPlatform.cs
+++ b/Source/Tools/Flax.Build/Platforms/Mac/MacPlatform.cs
@@ -62,6 +62,10 @@ namespace Flax.Build.Platforms
                // Automatically sign contents
                cmdLine += " --deep";
            }
+            {
+                // Enable the hardened runtime
+                cmdLine += " --options=runtime";
+            }
            {
                // Add entitlements file with some settings for the app execution
                cmdLine += string.Format(" --entitlements \"{0}\"", Path.Combine(Globals.EngineRoot, "Source/Platforms/Mac/Default.entitlements"));