42 lines
1.1 KiB
Go
42 lines
1.1 KiB
Go
|
package codesign
|
||
|
|
|
||
|
|
import (
|
||
|
|
"context"
|
||
|
|
"fmt"
|
||
|
|
|
||
|
|
"github.com/leonmika/wails-release/internal/runner"
|
||
|
|
)
|
||
|
|
|
||
|
|
// SignOpts configures a codesign invocation.
|
||
|
|
type SignOpts struct {
|
||
|
|
AppPath string
|
||
|
|
Identity string
|
||
|
|
KeychainPath string
|
||
|
|
}
|
||
|
|
|
||
|
|
// Sign runs `codesign` against a .app bundle, signing recursively with
|
||
|
|
// the hardened runtime and a secure timestamp.
|
||
|
|
func Sign(ctx context.Context, r runner.Runner, opts SignOpts) error {
|
||
|
|
args := []string{
|
||
|
|
"--deep", "--force", "--options", "runtime", "--timestamp",
|
||
|
|
"--sign", opts.Identity,
|
||
|
|
"--keychain", opts.KeychainPath,
|
||
|
|
opts.AppPath,
|
||
|
|
}
|
||
|
|
if _, err := r.Run(ctx, runner.Spec{Name: "codesign", Args: args}); err != nil {
|
||
|
|
return fmt.Errorf("codesign sign: %w", err)
|
||
|
|
}
|
||
|
|
return nil
|
||
|
|
}
|
||
|
|
|
||
|
|
// Verify runs `codesign --verify --deep --strict` against the bundle.
|
||
|
|
func Verify(ctx context.Context, r runner.Runner, appPath string) error {
|
||
|
|
if _, err := r.Run(ctx, runner.Spec{
|
||
|
|
Name: "codesign",
|
||
|
|
Args: []string{"--verify", "--deep", "--strict", appPath},
|
||
|
|
}); err != nil {
|
||
|
|
return fmt.Errorf("codesign verify: %w", err)
|
||
|
|
}
|
||
|
|
return nil
|
||
|
|
}
|