mcp-loxone/sign-binary.sh at main · avrabe/mcp-loxone · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/bin/bash
# Code signing script for Loxone MCP Rust server
# This prevents keychain password prompts during development

set -e

BINARY_NAME="loxone-mcp-server"
TARGET_DIR="target/release"
BINARY_PATH="$TARGET_DIR/$BINARY_NAME"

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

echo -e "${YELLOW}🔐 Code signing Loxone MCP Rust server...${NC}"

# Check if binary exists
if [ ! -f "$BINARY_PATH" ]; then
    echo -e "${RED}❌ Binary not found at $BINARY_PATH${NC}"
    echo -e "${YELLOW}💡 Run 'cargo build --release' first${NC}"
    exit 1
fi

# Check if binary is already signed
if codesign -v "$BINARY_PATH" 2>/dev/null; then
    echo -e "${GREEN}✅ Binary is already signed${NC}"
    codesign -dv "$BINARY_PATH" 2>&1 | grep "Authority"
    exit 0
fi

# Get available signing identities
echo -e "${YELLOW}🔍 Available signing identities:${NC}"
IDENTITIES=$(security find-identity -v -p codesigning | grep "Developer ID Application" | head -5)

if [ -z "$IDENTITIES" ]; then
    echo -e "${YELLOW}⚠️  No Developer ID found, using ad-hoc signing${NC}"
    # Ad-hoc signing (for local development)
    codesign -s - "$BINARY_PATH"
    echo -e "${GREEN}✅ Binary signed with ad-hoc signature${NC}"
else
    echo "$IDENTITIES"
    echo

    # Try to find the first valid Developer ID
    IDENTITY=$(echo "$IDENTITIES" | head -1 | sed 's/.*) \([^"]*\).*/\1/')

    if [ -n "$IDENTITY" ]; then
        echo -e "${YELLOW}🔑 Using identity: $IDENTITY${NC}"
        codesign -s "$IDENTITY" "$BINARY_PATH"
        echo -e "${GREEN}✅ Binary signed with Developer ID${NC}"
    else
        echo -e "${YELLOW}⚠️  Using ad-hoc signing as fallback${NC}"
        codesign -s - "$BINARY_PATH"
        echo -e "${GREEN}✅ Binary signed with ad-hoc signature${NC}"
    fi
fi

# Verify signing
echo -e "${YELLOW}🔍 Verifying signature...${NC}"
if codesign -v "$BINARY_PATH"; then
    echo -e "${GREEN}✅ Signature verification successful${NC}"

    # Show signature details
    echo -e "${YELLOW}📋 Signature details:${NC}"
    codesign -dv "$BINARY_PATH" 2>&1 || true
else
    echo -e "${RED}❌ Signature verification failed${NC}"
    exit 1
fi

echo -e "${GREEN}🎉 Code signing completed successfully!${NC}"
echo -e "${YELLOW}💡 This should prevent keychain password prompts during development${NC}"