Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apple Distribution/Developer Signing Certs added to Apothecary (for XCFramework Signed) #369

Open
danoli3 opened this issue Mar 22, 2024 · 3 comments
Open

Apple Distribution/Developer Signing Certs added to Apothecary (for XCFramework Signed) #369

danoli3 opened this issue Mar 22, 2024 · 3 comments
Assignees
@ofTheo
Labels
enhancement

Comments

@danoli3
Copy link
Member

danoli3 commented Mar 22, 2024

Looks like we need Apple Developer / Distribution Signing @ofTheo

https://developer.apple.com/documentation/xcode/creating-a-multi-platform-binary-framework-bundle
Screenshot 2024-03-22 at 2 56 26 pm

This is only required for when using Multiplatform Target it seems however best to get this sorted now!

  • As this has more strict code signing requirements

Current PR xcframeworks no issues. Best we set this up though! Here's some guides

Changes can be made once added to Apothecary.
Refer to Project Generator - https://github.com/openframeworks/projectGenerator/tree/master/scripts

Or guide: https://localazy.com/blog/how-to-automatically-sign-macos-apps-using-github-actions

Then add to actions workflow when needed:

  env:
          GA_CI_SECRET: ${{ secrets.CI_SECRET }}
          CERTIFICATE_OSX_APPLICATION: ${{ secrets.CERTIFICATE_OSX_APPLICATION }}
          CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
          GA_APPLE_USERNAME: ${{ secrets.GA_APPLE_USERNAME }}
          GA_APPLE_PASS: ${{ secrets.GA_APPLE_PASS }}
          GA_NOTARIZE_PROVIDER: ${{ secrets.GA_NOTARIZE_PROVIDER }}

I would recommend making a new signing cert for Distribution and Developer so we can test both for these binaries.
Again this is just to validate to developers we built it here, its signed from here, and to our best ability is the most secure it can be :)
@danoli3
Copy link
Member Author

danoli3 commented Mar 22, 2024
edited
Loading

Currently all the static binaries within the framework are signed via:

XCFRAMEWORK_PATH="${LIBS_DIR_REAL}/${1}/lib/${TYPE}/$1.xcframework"
        # Loop over each .a file found within the xcframework
        find "$XCFRAMEWORK_PATH" -type f -name "*.a" | while read -r lib_a; do
            echo "Securing $lib_a..."
            lipo -info "$lib_a"
            xcrun codesign --sign - "$lib_a" || true
             . "$SECURE_SCRIPT"
            secure "$lib_a" "$VERSION" "$DEFINES"
        done

This method, and this is mostly okay however this is the error in the Super Mega Multiplatform Workplace project I'm building for macOS:

Screenshot 2024-03-22 at 3 15 19 pm

@danoli3
Copy link
Member Author

danoli3 commented Mar 22, 2024

Screenshot 2024-03-22 at 3 17 21 pm Screenshot 2024-03-22 at 3 17 31 pm

And these errors do go away once accepting unsigned xcframework.

@danoli3
Copy link
Member Author

danoli3 commented Mar 22, 2024

Also just for Sanity, again. This does not occur in any of the current Xcode Projects just the new one

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ofTheo ofTheo

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ofTheo @danoli3