Mirrors/Stirling-PDF
Mirrors/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2025-08-02 13:48:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Recursive signing

Browse Source
This commit is contained in:
Connor Yoh 2025-07-10 20:43:50 +01:00
parent d3ec7ed7de
commit e694835883
1 changed files with 78 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
.github/workflows/tauri-test.yml vendored
View File

@ -237,42 +237,88 @@ jobs:
SIGNING_DIR=$(mktemp -d) SIGNING_DIR=$(mktemp -d)
echo "🔧 Using temporary directory: $SIGNING_DIR" echo "🔧 Using temporary directory: $SIGNING_DIR"
# List JAR contents to find .dylib files # Extract the main JAR to access nested JARs
echo "🔍 Scanning for .dylib files in JAR..." echo "📦 Extracting main JAR to scan nested JARs..."
jar -tf "$MAIN_JAR" | grep '\.dylib$' > "$SIGNING_DIR/dylib_list.txt" || true cd "$SIGNING_DIR"
jar -xf "../$MAIN_JAR"
if [ -s "$SIGNING_DIR/dylib_list.txt" ]; then # Find .dylib files in nested JARs within BOOT-INF/lib/
echo "📦 Found .dylib files to sign:" echo "🔍 Scanning for .dylib files in nested JARs..."
cat "$SIGNING_DIR/dylib_list.txt" DYLIB_COUNT=0
# Extract and sign each .dylib file if [ -d "BOOT-INF/lib" ]; then
while IFS= read -r dylib_path; do echo "📂 Found Spring Boot structure, scanning BOOT-INF/lib/"
echo "🔐 Processing: $dylib_path" for nested_jar in BOOT-INF/lib/*.jar; do
if [ -f "$nested_jar" ]; then
# Extract the .dylib file echo "🔍 Checking $nested_jar for .dylib files..."
jar -xf "$MAIN_JAR" "$dylib_path" DYLIBS_IN_JAR=$(jar -tf "$nested_jar" | grep '\.dylib$' || true)
if [ -n "$DYLIBS_IN_JAR" ]; then
# Sign the extracted .dylib file echo "📦 Found .dylib files in $nested_jar:"
codesign --force --verify --verbose --timestamp \ echo "$DYLIBS_IN_JAR"
--options runtime \
--sign "$CERT_ID" \ # Create temp directory for this nested JAR
"$dylib_path" NESTED_TEMP=$(mktemp -d)
cd "$NESTED_TEMP"
# Update the JAR with the signed .dylib file
jar -uf "$MAIN_JAR" "$dylib_path" # Extract nested JAR
jar -xf "$SIGNING_DIR/$nested_jar"
echo "✅ Signed and updated: $dylib_path"
# Sign all .dylib files in this nested JAR
# Clean up the extracted file echo "$DYLIBS_IN_JAR" | while IFS= read -r dylib_path; do
rm -rf "$(dirname "$dylib_path")" if [ -f "$dylib_path" ]; then
echo "🔐 Signing: $dylib_path"
done < "$SIGNING_DIR/dylib_list.txt" codesign --force --verify --verbose --timestamp \
--options runtime \
echo "✅ All .dylib files signed and updated in JAR" --sign "$CERT_ID" \
"$dylib_path"
echo "✅ Signed: $dylib_path"
DYLIB_COUNT=$((DYLIB_COUNT + 1))
fi
done
# Repackage the nested JAR with signed .dylib files
echo "📦 Repacking $nested_jar with signed libraries..."
jar -cf "$SIGNING_DIR/$nested_jar" -C . .
# Clean up
cd "$SIGNING_DIR"
rm -rf "$NESTED_TEMP"
fi
fi
done
else else
echo " No .dylib files found in JAR" echo " No BOOT-INF/lib structure found"
fi fi
# Also check for .dylib files directly in the main JAR
MAIN_DYLIBS=$(jar -tf "../$MAIN_JAR" | grep '\.dylib$' || true)
if [ -n "$MAIN_DYLIBS" ]; then
echo "📦 Found .dylib files directly in main JAR:"
echo "$MAIN_DYLIBS"
echo "$MAIN_DYLIBS" | while IFS= read -r dylib_path; do
if [ -f "$dylib_path" ]; then
echo "🔐 Signing: $dylib_path"
codesign --force --verify --verbose --timestamp \
--options runtime \
--sign "$CERT_ID" \
"$dylib_path"
echo "✅ Signed: $dylib_path"
DYLIB_COUNT=$((DYLIB_COUNT + 1))
fi
done
fi
# Repackage the main JAR preserving Spring Boot structure
echo "📦 Repacking main JAR with Spring Boot structure preserved..."
# First, extract and preserve the original manifest
jar -xf "../$MAIN_JAR" META-INF/MANIFEST.MF
# Create new JAR with explicit manifest preservation
jar -cfm "../$MAIN_JAR.new" META-INF/MANIFEST.MF -C . .
cd ..
mv "$MAIN_JAR.new" "$MAIN_JAR"
echo "✅ Processed and signed native libraries in JAR"
# Clean up # Clean up
rm -rf "$SIGNING_DIR" rm -rf "$SIGNING_DIR"