mirror of
https://github.com/zed-industries/zed.git
synced 2024-12-24 17:28:40 +00:00
New entitlements: (#3118)
Release Notes: - Support Universal Links for Channel links - Share credentials between Stable and Preview
This commit is contained in:
commit
b168bded1d
5 changed files with 29 additions and 13 deletions
BIN
crates/zed/contents/dev/embedded.provisionprofile
Normal file
BIN
crates/zed/contents/dev/embedded.provisionprofile
Normal file
Binary file not shown.
BIN
crates/zed/contents/preview/embedded.provisionprofile
Normal file
BIN
crates/zed/contents/preview/embedded.provisionprofile
Normal file
Binary file not shown.
Binary file not shown.
|
@ -2,6 +2,8 @@
|
||||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||||
<plist version="1.0">
|
<plist version="1.0">
|
||||||
<dict>
|
<dict>
|
||||||
|
<key>com.apple.developer.associated-domains</key>
|
||||||
|
<array><string>applinks:zed.dev</string></array>
|
||||||
<key>com.apple.security.automation.apple-events</key>
|
<key>com.apple.security.automation.apple-events</key>
|
||||||
<true/>
|
<true/>
|
||||||
<key>com.apple.security.cs.allow-jit</key>
|
<key>com.apple.security.cs.allow-jit</key>
|
||||||
|
@ -10,14 +12,8 @@
|
||||||
<true/>
|
<true/>
|
||||||
<key>com.apple.security.device.camera</key>
|
<key>com.apple.security.device.camera</key>
|
||||||
<true/>
|
<true/>
|
||||||
<key>com.apple.security.personal-information.addressbook</key>
|
<key>com.apple.security.keychain-access-groups</key>
|
||||||
<true/>
|
<array><string>MQ55VZLNZQ.dev.zed.Shared</string></array>
|
||||||
<key>com.apple.security.personal-information.calendars</key>
|
|
||||||
<true/>
|
|
||||||
<key>com.apple.security.personal-information.location</key>
|
|
||||||
<true/>
|
|
||||||
<key>com.apple.security.personal-information.photos-library</key>
|
|
||||||
<true/>
|
|
||||||
<!-- <key>com.apple.security.cs.disable-library-validation</key>
|
<!-- <key>com.apple.security.cs.disable-library-validation</key>
|
||||||
<true/> -->
|
<true/> -->
|
||||||
</dict>
|
</dict>
|
||||||
|
|
|
@ -134,6 +134,8 @@ else
|
||||||
cp -R target/${target_dir}/WebRTC.framework "${app_path}/Contents/Frameworks/"
|
cp -R target/${target_dir}/WebRTC.framework "${app_path}/Contents/Frameworks/"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
cp crates/zed/contents/$channel/embedded.provisionprofile "${app_path}/Contents/"
|
||||||
|
|
||||||
if [[ -n $MACOS_CERTIFICATE && -n $MACOS_CERTIFICATE_PASSWORD && -n $APPLE_NOTARIZATION_USERNAME && -n $APPLE_NOTARIZATION_PASSWORD ]]; then
|
if [[ -n $MACOS_CERTIFICATE && -n $MACOS_CERTIFICATE_PASSWORD && -n $APPLE_NOTARIZATION_USERNAME && -n $APPLE_NOTARIZATION_PASSWORD ]]; then
|
||||||
echo "Signing bundle with Apple-issued certificate"
|
echo "Signing bundle with Apple-issued certificate"
|
||||||
security create-keychain -p "$MACOS_CERTIFICATE_PASSWORD" zed.keychain || echo ""
|
security create-keychain -p "$MACOS_CERTIFICATE_PASSWORD" zed.keychain || echo ""
|
||||||
|
@ -143,14 +145,32 @@ if [[ -n $MACOS_CERTIFICATE && -n $MACOS_CERTIFICATE_PASSWORD && -n $APPLE_NOTAR
|
||||||
security import /tmp/zed-certificate.p12 -k zed.keychain -P "$MACOS_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
|
security import /tmp/zed-certificate.p12 -k zed.keychain -P "$MACOS_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
|
||||||
rm /tmp/zed-certificate.p12
|
rm /tmp/zed-certificate.p12
|
||||||
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CERTIFICATE_PASSWORD" zed.keychain
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CERTIFICATE_PASSWORD" zed.keychain
|
||||||
/usr/bin/codesign --force --deep --timestamp --options runtime --entitlements crates/zed/resources/zed.entitlements --sign "Zed Industries, Inc." "${app_path}" -v
|
|
||||||
|
# sequence of codesign commands modeled after this example: https://developer.apple.com/forums/thread/701514
|
||||||
|
/usr/bin/codesign --force --timestamp --sign "Zed Industries, Inc." "${app_path}/Contents/Frameworks/WebRTC.framework" -v
|
||||||
|
/usr/bin/codesign --force --timestamp --options runtime --sign "Zed Industries, Inc." "${app_path}/Contents/MacOS/cli" -v
|
||||||
|
/usr/bin/codesign --force --timestamp --options runtime --entitlements crates/zed/resources/zed.entitlements --sign "Zed Industries, Inc." "${app_path}" -v
|
||||||
|
|
||||||
security default-keychain -s login.keychain
|
security default-keychain -s login.keychain
|
||||||
else
|
else
|
||||||
echo "One or more of the following variables are missing: MACOS_CERTIFICATE, MACOS_CERTIFICATE_PASSWORD, APPLE_NOTARIZATION_USERNAME, APPLE_NOTARIZATION_PASSWORD"
|
echo "One or more of the following variables are missing: MACOS_CERTIFICATE, MACOS_CERTIFICATE_PASSWORD, APPLE_NOTARIZATION_USERNAME, APPLE_NOTARIZATION_PASSWORD"
|
||||||
echo "Performing an ad-hoc signature, but this bundle should not be distributed"
|
if [[ "$local_only" = false ]]; then
|
||||||
echo "If you see 'The application cannot be opened for an unexpected reason,' you likely don't have the necessary entitlements to run the application in your signing keychain"
|
echo "To create a self-signed local build use ./scripts/build.sh -ldf"
|
||||||
echo "You will need to download a new signing key from developer.apple.com, add it to keychain, and export MACOS_SIGNING_KEY=<email address of signing key>"
|
exit 1
|
||||||
codesign --force --deep --entitlements crates/zed/resources/zed.entitlements --sign ${MACOS_SIGNING_KEY:- -} "${app_path}" -v
|
fi
|
||||||
|
|
||||||
|
echo "====== WARNING ======"
|
||||||
|
echo "This bundle is being signed without all entitlements, some features (e.g. universal links) will not work"
|
||||||
|
echo "====== WARNING ======"
|
||||||
|
|
||||||
|
# NOTE: if you need to test universal links you have a few paths forward:
|
||||||
|
# - create a PR and tag it with the `run-build-dmg` label, and download the .dmg file from there.
|
||||||
|
# - get a signing key for the MQ55VZLNZQ team from Nathan.
|
||||||
|
# - create your own signing key, and update references to MQ55VZLNZQ to your own team ID
|
||||||
|
# then comment out this line.
|
||||||
|
cat crates/zed/resources/zed.entitlements | sed '/com.apple.developer.associated-domains/,+1d' > "${app_path}/Contents/Resources/zed.entitlements"
|
||||||
|
|
||||||
|
codesign --force --deep --entitlements "${app_path}/Contents/Resources/zed.entitlements" --sign ${MACOS_SIGNING_KEY:- -} "${app_path}" -v
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ "$target_dir" = "debug" && "$local_only" = false ]]; then
|
if [[ "$target_dir" = "debug" && "$local_only" = false ]]; then
|
||||||
|
|
Loading…
Reference in a new issue