Code signing too

.gitignore

@@ -1,4 +1,6 @@
 **pycodesign.ini
+!dev/pycodesign.ini
+package
 
 # Byte-compiled / optimized / DLL files
 __pycache__/

dev/entitlements.plist

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+        <!-- These are required for binaries built by PyInstaller -->
+        <key>com.apple.security.cs.allow-jit</key>
+        <true/>
+        <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+        <true/>
+        <key>com.apple.security.cs.disable-library-validation</key>
+        <true/>
+</dict>
+</plist>
+

dev/pycodesign.ini

@@ -0,0 +1,12 @@
+[identification]
+application_id = {{MACOS_CODESIGN_DEV_ID}}
+installer_id = {{MACOS_CODESIGN_INSTALL_ID}}
+keychain-profile = jonkeane
+
+[package_details]
+package_name = fflipper
+bundle_id = com.jonkeane.fflipper
+file_list = fflipper.app
+installation_path = /Applications/
+entitlements = ./entitlements.plist
+version = 0.1.0

developing.md

@@ -2,10 +2,29 @@
 
 Following: https://github.com/txoof/codesign (which is also included under dev/pycodesign.py)
 
-xcrun notarytool store-credentials {some name, must match keychain-profile in the pycodesign.ini} --apple-id {apple id (email)} --team-id {team_id}
 
 Also add _Developer ID Application_ and _Developer ID Installer_ in xcode under certificates if they aren't there already.
 
+Finding IDs available by running `security find-identity -p basic -v`. There should be a few different identities, but we must store the one marked "Developer ID Application" as env var `MACOS_CODESIGN_DEV_ID` and the one marked "Developer ID Installer as env var `MACOS_CODESIGN_INSTALL_ID`. Might need to also make the keychain profile with:
+
+```
+xcrun notarytool store-credentials {some name, must match keychain-profile in the pycodesign.ini} --apple-id {apple id (email)} --team-id {team_id}
+```
+
+```
+export MACOS_CODESIGN_DEV_ID=...
+export MACOS_CODESIGN_INSTALL_ID=...
+poetry run build
+mkdir -p package
+cp -R dist/fflipper.app package/fflipper.app
+cp dev/entitlements.plist package/entitlements.plist
+cp dev/pycodesign.ini package/pycodesign.ini
+sed -i "" "s/{{MACOS_CODESIGN_DEV_ID}}/${MACOS_CODESIGN_DEV_ID}/g" package/pycodesign.ini
+sed -i "" "s/{{MACOS_CODESIGN_INSTALL_ID}}/${MACOS_CODESIGN_INSTALL_ID}/g" package/pycodesign.ini
+pushd package
+../dev/pycodesign.py pycodesign.ini
+```
+
 ## Example pycodesign.ini
 ```
 [identification]

fflipper/fflipper.py

@@ -498,7 +498,7 @@ def selectTiers(self, tierSelection):
         file_opt = options = {}
         options["filetypes"] = [("eaf files", ".eaf"), ("all files", ".*")]
         file = filedialog.askopenfilename(**options)
-       
+
         # clear any clips in progress
         self.clearClips()
 
@@ -508,17 +508,22 @@ def selectTiers(self, tierSelection):
             [widget.destroy() for widget in tierSelection.scrollable_frame.winfo_children()]
         self.annosToClip = []
 
-        try:
-            self.allTiers = pyelan.tierSet(file=file)
-        except pyelan.noMediaError as e:
-            # error if there are no tiers selected.
+        # load the tiers
+        self.allTiers = pyelan.tierSet(file=file)
+
+        # check if the media we would use is found
+        if os.path.isfile(self.allTiers.media[0]) == False:
             messagebox.showwarning(
                 "No media found",
-                "Could not find the media attached to the ELAN file (path:"
-                + e.filename
+                "Could not find the media attached to the ELAN file ("
+                + file
                 + "). Please open the ELAN file, find the media, and then save it again.",
             )
 
+            # clean up
+            self.allTiers = []
+            return(None)
+
         self.msg = Label(
             tierSelection.scrollable_frame,
             text="Which tiers would you like to clip?",

fflipper/pyinstaller.py

@@ -1,7 +1,7 @@
 import PyInstaller.__main__
 from PyInstaller.utils.hooks import collect_data_files
 from pathlib import Path
-import platform
+import os, platform
 
 HERE = Path(__file__).parent.absolute()
 path_to_main = str(HERE / "fflipper.py")
@@ -14,6 +14,8 @@
         platform_dir = "macos_arm"
 
 path_to_ffmpeg_binary = str(HERE / ".." / "bin" / platform_dir / "ffmpeg")
+entitlements_file = str(HERE / ".." / "dev" / "entitlements.plist")
+codesign_id = os.environ['MACOS_CODESIGN_DEV_ID']
 
 def install():
     PyInstaller.__main__.run([
@@ -24,4 +26,6 @@ def install():
         '--icon=logo/fflipper.icns',
         '--name', 'fflipper',
         '--hidden-import=_tkinter',
+        f'--codesign-identity={codesign_id}',
+        f'--osx-entitlements-file={entitlements_file}'
     ])

fflipper/tests/test_utils.py

@@ -0,0 +1,12 @@
+import pytest
+import os
+import tempfile
+from pathlib import Path
+
+from fflipper.utils import *
+
+def test_fetch_resource():
+    # because we go up two levels, we expected flipper/flipper in this path.
+    path_out = fetch_resource(Path(__file__)) / "some" / "path"
+
+    assert "fflipper/fflipper/some/path" in str(path_out)

fflipper/utils.py

@@ -5,7 +5,7 @@
 def fetch_resource(resource_path):
     try:  # running as *.exe; fetch resource from temp directory
         base_path = Path(sys._MEIPASS)
-    except AttributeError:  # running as script; return one up
-        return resource_path.resolve().parents[0]
+    except AttributeError:  # running as script; return two up
+        return resource_path.resolve().parents[1]
     else:  # return temp resource path, two up
         return base_path.joinpath(resource_path.resolve().parents[1])