alex/nih-plug
1
0
Fork 0
Code Activity

Self-sign all produced bundles on macOS

Browse source 
This apparently may be needed on new macOS versions and/or AArch64 macOS.
This commit is contained in:
Robbert van der Helm 2023-01-15 02:31:16 +01:00
parent b8cb2837d5
commit 4b2ba9de12
1 changed files with 32 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
nih_plug_xtask/src/lib.rs
View file

@ -365,6 +365,7 @@ fn bundle_binary(
compilation_target, compilation_target,
BundleType::Binary, BundleType::Binary,
)?; )?;
maybe_codesign(&standalone_bundle_home, compilation_target);
eprintln!( eprintln!(
"Created a standalone bundle at '{}'", "Created a standalone bundle at '{}'",
@ -429,6 +430,7 @@ fn bundle_plugin(
compilation_target, compilation_target,
BundleType::Plugin, BundleType::Plugin,
)?; )?;
maybe_codesign(&clap_bundle_home, compilation_target);
eprintln!("Created a CLAP bundle at '{}'", clap_bundle_home.display()); eprintln!("Created a CLAP bundle at '{}'", clap_bundle_home.display());
} }
@ -456,6 +458,7 @@ fn bundle_plugin(
compilation_target, compilation_target,
BundleType::Plugin, BundleType::Plugin,
)?; )?;
maybe_codesign(&vst2_bundle_home, compilation_target);
eprintln!("Created a VST2 bundle at '{}'", vst2_bundle_home.display()); eprintln!("Created a VST2 bundle at '{}'", vst2_bundle_home.display());
} }
@ -482,6 +485,7 @@ fn bundle_plugin(
compilation_target, compilation_target,
BundleType::Plugin, BundleType::Plugin,
)?; )?;
maybe_codesign(vst3_bundle_home, compilation_target);
eprintln!("Created a VST3 bundle at '{}'", vst3_bundle_home.display()); eprintln!("Created a VST3 bundle at '{}'", vst3_bundle_home.display());
} }
@ -755,3 +759,31 @@ pub fn maybe_create_macos_bundle_metadata(
Ok(()) Ok(())
} }
/// If compiling for macOS, try to self-sign the bundle at the given path. This shouldn't be
/// necessary, but AArch64 macOS is stricter about these things and sometimes self built plugins may
/// not load otherwise. Presumably in combination with hardened runtimes.
///
/// If the codesigning command could not be run then this merely prints a warning.
pub fn maybe_codesign(bundle_home: &Path, target: CompilationTarget) {
if !matches!(
target,
CompilationTarget::MacOS(_) | CompilationTarget::MacOSUniversal
) {
return;
}
let success = Command::new("codesign")
.arg("-f")
.arg("-s")
.arg("-")
.arg(bundle_home)
.status()
.is_ok();
if !success {
eprintln!(
"WARNING: Could not self-sign '{}', it may fail to run depending on the environment",
bundle_home.display()
)
}
}