Merge pull request #15961 from danteruiz/revert-signing

Revert "Merge pull request #15944 from danteruiz/add-signing"

interface/CMakeLists.txt

@@ -142,22 +142,6 @@ endif()
 if (APPLE)
   add_executable(${TARGET_NAME} MACOSX_BUNDLE ${INTERFACE_SRCS} ${QM})
 
-  set_from_env(XCODE_DEVELOPMENT_TEAM XCODE_DEVELOPMENT_TEAM "")
-  if ("${XCODE_DEVELOPMENT_TEAM}" STREQUAL "")
-    message(WARNING "XCODE_DEVELOPMENT_TEAM environment variable is not set. Not signing build.")
-  else()
-    set_target_properties(${TARGET_NAME} PROPERTIES
-        XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS "${CMAKE_CURRENT_SOURCE_DIR}/interface.entitlements"
-        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Developer ID Application"
-        XCODE_ATTRIBUTE_CODE_SIGN_INJECT_BASE_ENTITLEMENTS NO
-        XCODE_ATTRIBUTE_CODE_SIGN_STYLE "Manual"
-        XCODE_ATTRIBUTE_DEVELOPMENT_TEAM "${XCODE_DEVELOPMENT_TEAM}"
-        XCODE_ATTRIBUTE_ENABLE_HARDENED_RUNTIME YES
-        XCODE_ATTRIBUTE_OTHER_CODE_SIGN_FLAGS "--timestamp --deep"
-        XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER ""
-    )
-  endif()
-
   # make sure the output name for the .app bundle is correct
   # Fix up the rpath so macdeployqt works
   set_target_properties(${TARGET_NAME} PROPERTIES INSTALL_RPATH "@executable_path/../Frameworks")

interface/interface.entitlements

@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-	<key>com.apple.security.app-sandbox</key>
-	<true/>
-	<key>com.apple.security.application-groups</key>
-	<array>
-		<string>high-fidelity.hifi</string>
-	</array>
-	<key>com.apple.security.cs.allow-jit</key>
-	<true/>
-	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
-	<true/>
-	<key>com.apple.security.device.audio-input</key>
-	<true/>
-	<key>com.apple.security.network.client</key>
-	<true/>
-	<key>com.apple.security.network.server</key>
-	<true/>
-</dict>
-</plist>

launchers/darwin/CMakeLists.txt

@@ -69,27 +69,8 @@ function(set_from_env _RESULT_NAME _ENV_VAR_NAME _DEFAULT_VALUE)
 endfunction()
 
 add_executable(${PROJECT_NAME} MACOSX_BUNDLE ${src_files})
-
+set_target_properties(${PROJECT_NAME} PROPERTIES OUTPUT_NAME ${APP_NAME}
-set_from_env(XCODE_DEVELOPMENT_TEAM XCODE_DEVELOPMENT_TEAM "")
+  MACOSX_BUNDLE_BUNDLE_NAME ${APP_NAME})
-if ("${XCODE_DEVELOPMENT_TEAM}" STREQUAL "")
-    message(WARNING "XCODE_DEVELOPMENT_TEAM environmental variable is not set. Not signing build.")
-    set_target_properties(${PROJECT_NAME} PROPERTIES OUTPUT_NAME ${APP_NAME}
-      MACOSX_BUNDLE_BUNDLE_NAME ${APP_NAME}
-    )
-else()
-    set_target_properties(${PROJECT_NAME} PROPERTIES OUTPUT_NAME ${APP_NAME}
-      MACOSX_BUNDLE_BUNDLE_NAME ${APP_NAME}
-      XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS "HQ Launcher.entitlements"
-      XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Developer ID Application"
-      XCODE_ATTRIBUTE_CODE_SIGN_INJECT_BASE_ENTITLEMENTS NO
-      XCODE_ATTRIBUTE_CODE_SIGN_STYLE "Manual"
-      XCODE_ATTRIBUTE_DEVELOPMENT_TEAM "${XCODE_DEVELOPMENT_TEAM}"
-      XCODE_ATTRIBUTE_ENABLE_HARDENED_RUNTIME YES
-      XCODE_ATTRIBUTE_OTHER_CODE_SIGN_FLAGS "--timestamp"
-      XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER ""
-    )
-endif()
-
 set_from_env(LAUNCHER_HMAC_SECRET LAUNCHER_HMAC_SECRET "")
 if ("${LAUNCHER_HMAC_SECRET}" STREQUAL "")
     message(FATAL_ERROR "LAUNCHER_HMAC_SECRET is not set")

launchers/darwin/HQ Launcher.entitlements

@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-	<key>com.apple.security.app-sandbox</key>
-	<true/>
-	<key>com.apple.security.application-groups</key>
-	<array>
-		<string>high-fidelity.hifi</string>
-	</array>
-	<key>com.apple.security.network.client</key>
-	<true/>
-</dict>
-</plist>

tools/ci-scripts/postbuild.py

@@ -2,9 +2,6 @@
 import os
 import sys
 import shutil
-import subprocess
-import tempfile
-import uuid
 import zipfile
 import base64
 
@@ -14,33 +11,6 @@ sys.path.append(SOURCE_PATH)
 
 import hifi_utils
 
-
-class ZipAttrs:
-    """ A readable wrapper for ZipInfo's external attributes bit field """
-
-    S_IFREG = 0x8
-    S_IFLNK = 0xa
-    S_IFDIR = 0x4
-    MODE_MASK = 0xfff0000
-
-    def __init__(self, zip_info):
-        # File stats are the 4 high bits of external_attr, a 32 bit field.
-        self._stat = zip_info.external_attr >> 28
-        self.mode = (zip_info.external_attr & self.MODE_MASK) >> 16
-
-    @property
-    def is_symlink(self):
-        return self._stat == self.S_IFLNK
-
-    @property
-    def is_dir(self):
-        return self._stat == self.S_IFDIR
-
-    @property
-    def is_regular(self):
-        return self._stat == self.S_IFREG
-
-
 BUILD_PATH = os.path.join(SOURCE_PATH, 'build')
 INTERFACE_BUILD_PATH = os.path.join(BUILD_PATH, 'interface', 'Release')
 WIPE_PATHS = []
@@ -95,12 +65,8 @@ def fixupMacZip(filename):
     fullPath = os.path.join(BUILD_PATH, "{}.zip".format(filename))
     outFullPath = "{}.zip".format(fullPath)
     print("Fixup mac ZIP file {}".format(fullPath))
-    tmpDir = os.path.join(tempfile.gettempdir(),
-                          'com.highfidelity.launcher.postbuild',
-                          str(uuid.uuid4()))
-
-    try:
     with zipfile.ZipFile(fullPath) as inzip:
+        with zipfile.ZipFile(outFullPath, 'w') as outzip:
             rootPath = inzip.infolist()[0].filename
             for entry in inzip.infolist():
                 if entry.filename == rootPath:
@@ -120,51 +86,11 @@ def fixupMacZip(filename):
                     continue
                 # if we made it here, include the file in the output
                 buffer = inzip.read(entry.filename)
-                newFilename = os.path.join(tmpDir, newFilename)
+                entry.filename = newFilename
-
+                outzip.writestr(entry, buffer)
-                attrs = ZipAttrs(entry)
+            outzip.close()
-                if attrs.is_dir:
+    print("Replacing {} with fixed {}".format(fullPath, outFullPath))
-                    os.makedirs(newFilename)
+    shutil.move(outFullPath, fullPath)
-                elif attrs.is_regular:
-                    with open(newFilename, mode='wb') as _file:
-                        _file.write(buffer)
-                    os.chmod(newFilename, mode=attrs.mode)
-                elif attrs.is_symlink:
-                    os.symlink(buffer, newFilename)
-                else:
-                    raise IOError('Invalid file stat')
-
-        if 'XCODE_DEVELOPMENT_TEAM' in os.environ:
-            print('XCODE_DEVELOPMENT_TEAM environment variable is not set. '
-                  'Not signing build.', file=sys.stderr)
-        else:
-            # The interface.app bundle must be signed again after being
-            # stripped.
-            print('Signing interface.app bundle')
-            entitlementsPath = os.path.join(
-                os.path.dirname(__file__),
-                '../../interface/interface.entitlements')
-            subprocess.run([
-                'codesign', '-s', 'Developer ID Application', '--deep',
-                '--timestamp', '--force', '--entitlements', entitlementsPath,
-                os.path.join(tmpDir, 'interface.app')
-            ], check=True)
-
-        # Repackage the zip including the signed version of interface.app
-        print('Replacing {} with fixed {}'.format(fullPath, outFullPath))
-        if os.path.exists(outFullPath):
-            print('fixed zip already exists, deleting it', file=sys.stderr)
-            os.unlink(outFullPath)
-        previous_cwd = os.getcwd()
-        os.chdir(tmpDir)
-        try:
-            subprocess.run(['zip', '--symlink', '-r', outFullPath, './.'],
-                           stdout=subprocess.DEVNULL, check=True)
-        finally:
-            os.chdir(previous_cwd)
-
-    finally:
-        shutil.rmtree(tmpDir)
 
 def fixupWinZip(filename):
     fullPath = os.path.join(BUILD_PATH, "{}.zip".format(filename))