Try signing inside the JAR

spring-projects · Sep 6, 2024 · 336186f · 336186f
1 parent 448ae23
commit 336186f
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 18 deletions.
diff --git a/.github/scripts/notarize-osx-distro-file.sh b/.github/scripts/notarize-osx-distro-file.sh
@@ -7,9 +7,7 @@ dmg_filename="$(basename -- $dmg_file)"
 dir="$(dirname "$dmg_file")"
 
 cd $dir
-submission_id=`xcrun notarytool submit ./${dmg_filename} --keychain-profile $notarize_profile --wait --no-progress -f json | jq -r .id`
-echo $submission_id
-xcrun notarytool log --keychain-profile $notarize_profile $submission_id
+xcrun notarytool submit ./${dmg_filename} --keychain-profile $notarize_profile --wait
 echo "Staple and generate checksums for ${dmg_filename}"
 xcrun stapler staple $dmg_filename
 if [ $? -eq 0 ]; then

diff --git a/.github/scripts/sign-osx-distro-file.sh b/.github/scripts/sign-osx-distro-file.sh
@@ -24,6 +24,32 @@ do
   codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" $f
 done
 
+function signExecutableInsideJar() {
+  # sign libjansi.jnilib inside kotlin-compiler-embeddable.jar
+  for f in `find ${dir}/${destination_folder_name}/SpringToolSuite4.app -type f | grep -E $1`
+  do
+    echo "Looking for '$2' files inside ${f} to sign..."
+    f_name="$(basename -- $f)"
+    extracted_jar_dir=extracted_${f_name}
+    rm -rf $extracted_jar_dir
+    mkdir $extracted_jar_dir
+    echo "Extracting archive ${f}"
+    unzip -q $f -d ./${extracted_jar_dir}
+    for jnilib_file in `find $extracted_jar_dir -type f | grep -E "$3"`
+    do
+      echo "Signing binary file: ${jnilib_file}"
+      codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" $jnilib_file
+    done
+    cd $extracted_jar_dir
+    zip -r -u ../$f .
+    cd ..
+    rm -rf $extracted_jar_dir
+
+    echo "Signing binary file: ${f}"
+    codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" $f
+  done
+}
+
 # sign libjansi.jnilib inside kotlin-compiler-embeddable.jar
 for f in `find ${dir}/${destination_folder_name}/SpringToolSuite4.app -type f | grep -E ".*/kotlin-compiler-embeddable.*\.jar$"`
 do
@@ -48,13 +74,13 @@ do
   codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" $f
 done
 
+# sign libsnappyjava.jnilib inside snappy-java.jar
+signExecutableInsideJar ".*/snappy-java.*\.jar$" "libsnappyjava.jnilib" ".*/libsnappyjava\.jnilib$"
+
 # Sign the app
 ls -la ${dir}/${destination_folder_name}/SpringToolSuite4.app/
 codesign --verbose --deep --force --timestamp --entitlements "${entitlements}" --options=runtime --keychain "${KEYCHAIN}" -s "${MACOS_CERTIFICATE_ID}" ${dir}/${destination_folder_name}/SpringToolSuite4.app
 
-#Verify codesign
-codesign --verify --deep --verbose ${dir}/${destination_folder_name}/SpringToolSuite4.app
-
 cd ${dir}/${destination_folder_name}
 echo "Generating dmg-config.json..."
 echo '{' >> dmg-config.json

diff --git a/headless-services/spring-boot-language-server/pom.xml b/headless-services/spring-boot-language-server/pom.xml
@@ -118,19 +118,7 @@
 			<groupId>org.eclipse.jdt</groupId>
 			<artifactId>org.eclipse.jdt.core</artifactId>
 			<version>${jdt.core.version}</version>
- 		    <exclusions>
-		        <exclusion>
-		            <groupId>org.eclipse.platform</groupId>
-		            <artifactId>org.eclipse.equinox.preferences</artifactId>
-		        </exclusion>
-		    </exclusions>
     	</dependency>
-		<!-- the 3.10.1 org.eclipse.platform fixed the pb -->
-		<dependency>
-		    <groupId>org.eclipse.platform</groupId>
-		    <artifactId>org.eclipse.equinox.preferences</artifactId>
-		    <version>3.10.1</version>
-		</dependency>
 
 		<dependency>
 			<groupId>commons-io</groupId>