fix signing and notarization (#127)

2022-04-15 11:22:02 -07:00 · 2022-04-15 11:22:02 -07:00 · 79c3320105
parent 190c0c5f84
commit 79c3320105
5 changed files with 13 additions and 4 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -151,8 +151,8 @@ jobs:
        elif [[ "$RUNNER_OS" == "macOS" && "${{ env.signRelease }}" == "true" ]]; then
            brew tap mitchellh/gon
            brew install mitchellh/gon/gon jq
-            echo "${{ secrets.GON_CONF }}" | base64 -D -i - > notarize.json
-            env ID="${{ env.name }}.dmg" cat gon.json |jq '.notarize[0].path = env.ID'
+            export ID=${{ env.name }}.dmg
+            echo "${{ secrets.GON_CONF }}" | base64 -D -i - | jq '.notarize[0].path = env.ID' > notarize.json
            gon notarize.json
        fi
        mv ashirt-*.* dist/
--- a/deploy/CMakeLists.txt
+++ b/deploy/CMakeLists.txt
@ -39,6 +39,8 @@ if(CMAKE_SYSTEM_NAME MATCHES "Windows")
    )
    set(CPACK_GENERATOR "NSIS")
 elseif(CMAKE_SYSTEM_NAME MATCHES "Darwin")
+    # Write our cert identifier to a file generate_ds_store.applescript can read
+    file(WRITE ${PROJECT_SOURCE_DIR}/deploy/NOTARIZE_AS ${NOTARIZE_AS})
    set(CPACK_PACKAGE_ICON "${PROJECT_SOURCE_DIR}/deploy/dmg_icon.icns")
    set(CPACK_DMG_BACKGROUND_IMAGE "${PROJECT_SOURCE_DIR}/deploy/dmg_background.png")
    set(CPACK_DMG_DS_STORE_SETUP_SCRIPT "${PROJECT_SOURCE_DIR}/deploy/generate_ds_store.applescript")
--- a/deploy/generate_ds_store.applescript
+++ b/deploy/generate_ds_store.applescript
@ -32,7 +32,7 @@ on run argv
    close

    -- next setup the position of the app and Applications symlink
-    -- plus hide all the window decoration
+    -- hide all the window decoration, and finally re-sign the binary
    open
      tell container window
        set sidebar width to 0
@ -42,6 +42,7 @@ on run argv
        set position of item "ashirt.app" to { 0, 225 }
        set position of item "README.MD" to { 250, 0 }
        set position of item "Applications" to { 500, 225 }
+        do shell script "codesign -v -f --timestamp --options runtime --sign \"$(cat deploy/NOTARIZE_AS)\" /Volumes/" & image_name & "/ashirt.app/Contents/MacOS/ashirt"
      end tell
      delay 5
    close
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@ -69,6 +69,9 @@ if(APPLE)
        message(STATUS "Sign Bundle As: ${NOTARIZE_AS}")
        add_custom_command(
            TARGET ashirt POST_BUILD
+            COMMAND mkdir ${CMAKE_CURRENT_BINARY_DIR}/ashirt.app/Contents/Frameworks
+            COMMAND cp /usr/local/Cellar/brotli/1.0.9/lib/libbrotlicommon.1.0.9.dylib ${CMAKE_CURRENT_BINARY_DIR}/ashirt.app/Contents/Frameworks/libbrotlicommon.1.dylib
+            COMMAND codesign -v --timestamp --sign ${NOTARIZE_AS} ${CMAKE_CURRENT_BINARY_DIR}/ashirt.app/Contents/Frameworks/libbrotlicommon.1.dylib
            COMMAND ${PLATFORMDEPLOYQT} ${CMAKE_CURRENT_BINARY_DIR}/ashirt.app -sign-for-notarization=${NOTARIZE_AS}
        )
    endif()
--- a/src/helpers/CMakeLists.txt
+++ b/src/helpers/CMakeLists.txt
@ -42,7 +42,10 @@ target_link_libraries ( HELPERS
 )

 if(APPLE)
-    target_link_libraries(HELPERS PRIVATE ${CARBON_LIBRARY})
+    find_package(Qt${QT_DEFAULT_MAJOR_VERSION} REQUIRED COMPONENTS
+    DBus
+    )
+    target_link_libraries(HELPERS PRIVATE Qt::DBus ${CARBON_LIBRARY})
 elseif(UNIX AND NOT APPLE)
    target_link_libraries(HELPERS PRIVATE xcb xcb-keysyms pthread)
 elseif(WIN32)