Build: Mac: Use ad-hoc signing when no developer certificate is avail…

…able Previously, only (pre-)release builds were signed. This signing and notarization was only possible with a proper developer certificate. As the Jamulus project currently does not have one and has to rely on other developers doing the signing, we only go this route for (pre-)releases due to the manual effort required. With Mac M1 support, having a valid signature becomes more important as unsigned binaries can only be started after turning several knobs. This commit adds very basic ad-hoc signing which does not require any Apple account/certificate, but improves user experience for M1 users. Fixes: #2791
jamulussoftware · Aug 28, 2022 · d1d1bab · d1d1bab
1 parent 82bf498
commit d1d1bab
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/mac/deploy_mac.sh b/mac/deploy_mac.sh
@@ -45,6 +45,11 @@ build_app() {
     local target_archs_array
     IFS=' ' read -ra target_archs_array <<< "${TARGET_ARCHS:-x86_64}"
     for target_arch in "${target_archs_array[@]}"; do
+        if [[ "${target_arch}" != "${target_archs_array[0]}" ]]; then
+            # This is the second (or a later) first pass of a multi-architecture build.
+            # We need to prune all leftovers from the previous pass here in order to force re-compilation now.
+            make -f "${build_path}/Makefile" -C "${build_path}" distclean
+        fi
         qmake "${project_path}" -o "${build_path}/Makefile" \
             "CONFIG+=release" \
             "QMAKE_APPLE_DEVICE_ARCHS=${target_arch}" "QT_ARCH=${target_arch}" \
@@ -55,10 +60,6 @@ build_app() {
             # When building for multiple architectures, move the binary to a safe place to avoid overwriting by the other passes.
             mv "${build_path}/${target_name}.app/Contents/MacOS/${target_name}" "${build_path}/${target_name}.app/Contents/MacOS/${target_name}.arch_${target_arch}"
         fi
-        # We need to prune all object files here in order to force re-compilation in the next pass which builds
-        # for another architecture.
-        # We need to keep the ${build_path}/ contents though as we will use those artifacts later.
-        make -f "${build_path}/Makefile" -C "${build_path}" clean
     done
     if [[ ${#target_archs_array[@]} -gt 1 ]]; then
         echo "Building universal binary from: " "${build_path}/${target_name}.app/Contents/MacOS/${target_name}.arch_"*
@@ -69,7 +70,7 @@ build_app() {
 
     # Add Qt deployment dependencies
     if [[ -z "$cert_name" ]]; then
-        macdeployqt "${build_path}/${target_name}.app" -verbose=2 -always-overwrite
+        macdeployqt "${build_path}/${target_name}.app" -verbose=2 -always-overwrite -codesign="-"
     else
         macdeployqt "${build_path}/${target_name}.app" -verbose=2 -always-overwrite -hardened-runtime -timestamp -appstore-compliant -sign-for-notarization="${cert_name}"
     fi