Add codesign ability

perdian · Nov 1, 2022 · 872557e · 872557e
1 parent d40d047
commit 872557e
Show file tree

Hide file tree

Showing 5 changed files with 159 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -19,7 +19,7 @@ Maven plugin for creating a native [macOS bundle](https://developer.apple.com/li
     <plugin>
         <groupId>de.perdian.maven.plugins</groupId>
         <artifactId>macosappbundler-maven-plugin</artifactId>
-        <version>1.18.1</version>
+        <version>1.90.0</version>
         <configuration>
             <plist>
                 <JVMMainClassName>de.perdian.test.YourApplication</JVMMainClassName>
@@ -44,7 +44,7 @@ Maven plugin for creating a native [macOS bundle](https://developer.apple.com/li
     <plugin>
         <groupId>de.perdian.maven.plugins</groupId>
         <artifactId>macosappbundler-maven-plugin</artifactId>
-        <version>1.18.1</version>
+        <version>1.19.0</version>
         <configuration>
             <plist>
                 <CFBundleIconFile>src/bundle/test.icns</CFBundleIconFile>
@@ -72,6 +72,9 @@ Maven plugin for creating a native [macOS bundle](https://developer.apple.com/li
                     </additionalResource>
                 </additionalResources>
             </dmg>
+            <codesign>
+                <identity>3rd Party Mac Developer Application: MyName (MyNumber)</identity>
+            </codesign>
         </configuration>
         <executions>
             <execution>
@@ -92,7 +95,7 @@ Maven plugin for creating a native [macOS bundle](https://developer.apple.com/li
     <plugin>
         <groupId>de.perdian.maven.plugins</groupId>
         <artifactId>macosappbundler-maven-plugin</artifactId>
-        <version>1.18.1</version>
+        <version>1.19.0</version>
         <configuration>
             <plist>
                 <CFBundleIconFile>src/bundle/test.icns</CFBundleIconFile>
@@ -215,6 +218,27 @@ The following other properties can be added to the `app` element configuring add
 ...
 ```
 
+### Code signing
+
+The plugin can automatically sign the created application bundle if a codesign identiy is given:
+
+```
+...
+    <configuration>
+        <codesign>
+            <identity>3rd Party Mac Developer Application: MyName (MyNumber)</identity>
+        </codesign>
+    </configuration>
+...
+```
+
+The following other properties can be added to the `codesign` element configuring additional options for signing:
+
+| Key | Type | Required? | Default | Description |
+| --- | ---- | --------- | ------- | ----------- |
+| `identity` | String | Yes | | The identity of the signer. Required if the `codesign` element is present. |
+| `preserveMetadata` | List<String> | No | `entitlements` | |
+
 ### JDK inclusion
 
 Usually the application bundle built by the plugin will depend upon a Java runtime being available on the machine where the application is executed. To be completely self-sustaining, the plugin supports including the runtime into the target application. That runtime will then be used to launch the application, so there are no dependencies to a JDK being installed locally.

diff --git a/example-classpath/pom.xml b/example-classpath/pom.xml
@@ -83,6 +83,11 @@
                             </resource>
                         </additionalResources>
                     </app>
+<!--
+                    <codesign>
+                      <identity>-</identity>
+                    </codesign>
+-->
                 </configuration>
                 <executions>
                     <execution>

diff --git a/src/main/java/de/perdian/maven/plugins/macosappbundler/mojo/BundleMojo.java b/src/main/java/de/perdian/maven/plugins/macosappbundler/mojo/BundleMojo.java
@@ -33,7 +33,9 @@
 
 import de.perdian.maven.plugins.macosappbundler.mojo.impl.AppGenerator;
 import de.perdian.maven.plugins.macosappbundler.mojo.impl.DmgGenerator;
+import de.perdian.maven.plugins.macosappbundler.mojo.impl.SignatureGenerator;
 import de.perdian.maven.plugins.macosappbundler.mojo.model.AppConfiguration;
+import de.perdian.maven.plugins.macosappbundler.mojo.model.CodesignConfiguration;
 import de.perdian.maven.plugins.macosappbundler.mojo.model.DmgConfiguration;
 import de.perdian.maven.plugins.macosappbundler.mojo.model.JdkConfiguration;
 import de.perdian.maven.plugins.macosappbundler.mojo.model.NativeBinaryType;
@@ -64,6 +66,9 @@ public class BundleMojo extends AbstractMojo {
     @Parameter
     private NativeBinaryType nativeBinary = NativeBinaryType.UNIVERSAL;
 
+    @Parameter
+    private CodesignConfiguration codesign = new CodesignConfiguration();
+
     @Override
     public void execute() throws MojoExecutionException {
         Validate.notNull(this.getProject(), "MavenProject cannot be null");
@@ -94,6 +99,11 @@ public void execute() throws MojoExecutionException {
             appGenerator.setNativeBinaryType(this.nativeBinary);
             appGenerator.generateApp(this.project, appDirectory);
 
+            if (StringUtils.isNotEmpty(this.codesign.identity)) {
+                SignatureGenerator signatureGenerator = new SignatureGenerator(this.codesign, this.getLog());
+                signatureGenerator.sign(appDirectory);
+            }
+
             if (this.dmg.generate) {
                 File bundleDirectory = new File(targetDirectory, "bundle");
                 File dmgFile = new File(targetDirectory, this.createDmgFileName(appName));

diff --git a/src/main/java/de/perdian/maven/plugins/macosappbundler/mojo/impl/SignatureGenerator.java b/src/main/java/de/perdian/maven/plugins/macosappbundler/mojo/impl/SignatureGenerator.java
@@ -0,0 +1,82 @@
+/*
+ * macOS app bundler Maven plugin
+ * Copyright 2019 Christian Seifert
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.perdian.maven.plugins.macosappbundler.mojo.impl;
+
+import java.io.File;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.maven.plugin.MojoExecutionException;
+import org.apache.maven.plugin.logging.Log;
+import org.apache.maven.shared.utils.cli.Commandline;
+
+import de.perdian.maven.plugins.macosappbundler.mojo.model.CodesignConfiguration;
+
+public class SignatureGenerator {
+
+    private CodesignConfiguration configuration = null;
+    private Log log = null;
+
+    public SignatureGenerator(CodesignConfiguration configuration, Log log) {
+        this.setConfiguration(configuration);
+        this.setLog(log);
+    }
+
+    public void sign(File appDirectory) throws MojoExecutionException {
+
+        this.getLog().info("Signing application '" + appDirectory.getName() + "' using identity: '" + this.getConfiguration().identity + "'");
+
+        String preserveMetadataValue = StringUtils.join(this.getConfiguration().preserveMetadata, ",");
+
+        Commandline codesignCommandLine = new Commandline();
+        codesignCommandLine.setExecutable("codesign");
+        codesignCommandLine.createArg().setValue("--force");
+        codesignCommandLine.createArg().setValue("--timestamp");
+        codesignCommandLine.createArg().setValue("--sign");
+        codesignCommandLine.createArg().setValue(this.getConfiguration().identity);
+        if (StringUtils.isNotEmpty(preserveMetadataValue)) {
+            codesignCommandLine.createArg().setValue("--preserve-metadata=" + preserveMetadataValue);
+        }
+        codesignCommandLine.createArg().setFile(appDirectory);
+
+        try {
+            Process codesignProcess = codesignCommandLine.execute();
+            int codesignReturnValue = codesignProcess.waitFor();
+            if (codesignReturnValue != 0) {
+                throw new Exception("Command 'codesign' exited with status " + codesignReturnValue);
+            }
+        } catch (Exception e) {
+            this.getLog().error("Cannot sign app", e);
+            throw new MojoExecutionException("Cannot sign app", e);
+        }
+
+    }
+
+    private CodesignConfiguration getConfiguration() {
+        return this.configuration;
+    }
+    private void setConfiguration(CodesignConfiguration configuration) {
+        this.configuration = configuration;
+    }
+
+    private Log getLog() {
+        return this.log;
+    }
+    private void setLog(Log log) {
+        this.log = log;
+    }
+
+}
diff --git a/src/main/java/de/perdian/maven/plugins/macosappbundler/mojo/model/CodesignConfiguration.java b/src/main/java/de/perdian/maven/plugins/macosappbundler/mojo/model/CodesignConfiguration.java
@@ -0,0 +1,35 @@
+/*
+ * macOS app bundler Maven plugin
+ * Copyright 2019 Christian Seifert
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.perdian.maven.plugins.macosappbundler.mojo.model;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import org.apache.maven.plugins.annotations.Parameter;
+
+public class CodesignConfiguration {
+
+   // https://www.manpagez.com/man/1/codesign/
+
+    @Parameter
+    public String identity = null;
+
+    @Parameter
+    public List<String> preserveMetadata = new ArrayList<>(Arrays.asList("entitlements"));
+
+}