Sign .jnilib within LibreOffice extension to fix macOS notarization
Some checks failed
CI / Build, Upload, Test (push) Has been cancelled

Apple's notarization service started rejecting the libjnidispatch.jnilib
file within a .jar within the .oxt for not being signed.
This commit is contained in:
Dan Stillman 2024-09-05 09:13:20 -04:00
parent 6631e7c3e0
commit 4c04dc583e

View file

@ -581,6 +581,21 @@ if [ $BUILD_MAC == 1 ]; then
find "$APPDIR/Contents" -name '*.app' -exec /usr/bin/codesign --force --options runtime --entitlements "$entitlements_file" --sign "$DEVELOPER_ID" {} \; find "$APPDIR/Contents" -name '*.app' -exec /usr/bin/codesign --force --options runtime --entitlements "$entitlements_file" --sign "$DEVELOPER_ID" {} \;
/usr/bin/codesign --force --options runtime --entitlements "$entitlements_file" --sign "$DEVELOPER_ID" "$APPDIR/Contents/MacOS/zotero" /usr/bin/codesign --force --options runtime --entitlements "$entitlements_file" --sign "$DEVELOPER_ID" "$APPDIR/Contents/MacOS/zotero"
# Sign .jnilib (Java native shared library) within LibreOffice extension, since notarization
# started failing without this. The .jnilib is within a .jar within the .oxt, so we have to
# extract both, sign the library, and then update each ZIP.
pushd "$BUILD_DIR"
mkdir libreoffice-repack
cd libreoffice-repack
unzip -q "$APPDIR/Contents/Resources/integration/libreoffice/Zotero_LibreOffice_Integration.oxt" external_jars/jna.jar
unzip -q external_jars/jna.jar com/sun/jna/darwin/libjnidispatch.jnilib
/usr/bin/codesign --force --options runtime --entitlements "$entitlements_file" --sign "$DEVELOPER_ID" com/sun/jna/darwin/libjnidispatch.jnilib
zip -u external_jars/jna.jar com/sun/jna/darwin/libjnidispatch.jnilib
zip -u "$APPDIR/Contents/Resources/integration/libreoffice/Zotero_LibreOffice_Integration.oxt" external_jars/jna.jar
cd ..
rm -rf libreoffice-repack
popd
# Sign Safari App Extension # Sign Safari App Extension
# #
# Even though it's signed by Xcode, we sign it again to make sure it matches the parent app signature # Even though it's signed by Xcode, we sign it again to make sure it matches the parent app signature