Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix signing and notarizing in GHA.
Browse files Browse the repository at this point in the history
MrAlex94 committed Sep 5, 2024

Verified

This commit was signed with the committer’s verified signature.
MrAlex94 Alex Kontos
1 parent 5117fd4 commit 92138a0
Showing 3 changed files with 6 additions and 6 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -650,7 +650,7 @@ jobs:
chmod +x ./sign/sign.sh
./sign/sign.sh -k "$PWD"/sign/1 -p ${{ secrets.ONE_PEM }} -c "$PWD"/sign/2 -i "$PWD"/obj-${{ env.ARCH-X64 }}/dist/waterfox/Waterfox.app -t macos
rm -rf ./sign/
python3 ./security/mac/hardenedruntime/codesign.py -v -m ./security/mac/hardenedruntime/codesign-map.json -r ./obj-${{ env.ARCH-X64 }}/dist/waterfox/Waterfox.app -d ./security/mac/hardenedruntime -s '${{ secrets.MACOS_CERTIFICATE_NAME }}'
./mach macos-sign -a ./obj-${{ env.ARCH-X64 }}/dist/waterfox/Waterfox.app -s ${{ secrets.MACOS_NOTARIZATION_TEAM_ID }}
echo "Creating temp notarization archive"
ditto -c -k --keepParent "./obj-${{ env.ARCH-X64 }}/dist/waterfox/Waterfox.app" "notarization.zip"
echo "Notarize app"
4 changes: 2 additions & 2 deletions taskcluster/config.yml
Original file line number Diff line number Diff line change
@@ -1013,7 +1013,7 @@ mac-signing:
- "/Contents/MacOS/crashreporter.app"
- "/Contents/MacOS/updater.app/Contents/Frameworks/UpdateSettings.framework"
- "/Contents/MacOS/updater.app"
- "/Contents/Library/LaunchServices/org.mozilla.updater"
- "/Contents/Library/LaunchServices/net.waterfox.updater"
- "/Contents/MacOS/XUL"
- "/Contents/MacOS/pingsender"
- "/Contents/MacOS/minidump-analyzer"
@@ -1058,7 +1058,7 @@ mac-signing:
- "/Contents/MacOS/crashreporter.app"
- "/Contents/MacOS/updater.app/Contents/Frameworks/UpdateSettings.framework"
- "/Contents/MacOS/updater.app"
- "/Contents/Library/LaunchServices/org.mozilla.updater"
- "/Contents/Library/LaunchServices/net.waterfox.updater"
- "/Contents/MacOS/pingsender"
- "/Contents/MacOS/minidump-analyzer"
- "/Contents/MacOS/nmhproxy"
6 changes: 3 additions & 3 deletions tools/signing/macos/mach_commands.py
Original file line number Diff line number Diff line change
@@ -37,7 +37,7 @@
"Release channel entitlements, but the configuration used will be the "
"Release configuration as defined in the repo working directory, not the "
"configuration from the revision of the earlier 120 build.",
conditions=[conditions.is_firefox],
# conditions=[conditions.is_firefox],
)
@CommandArgument(
"-v",
@@ -378,10 +378,10 @@ def auto_detect_channel(ctx, app):
# The bundle IDs for different channels. We use these strings to
# auto-detect the channel being signed. Different channels use
# different entitlement files.
NIGHTLY_BUNDLEID = "org.mozilla.nightly"
NIGHTLY_BUNDLEID = "net.mozilla.nightly"
DEVEDITION_BUNDLEID = "org.mozilla.firefoxdeveloperedition"
# BETA uses the same bundle ID as Release
RELEASE_BUNDLEID = "org.mozilla.firefox"
RELEASE_BUNDLEID = "net.waterfox.waterfox"

info_plist = os.path.join(app, "Contents/Info.plist")

0 comments on commit 92138a0

Please sign in to comment.