[bugfix] Improve macOS notarization process

Closes #2

Author: adamretter

exist-core/pom.xml

@@ -202,7 +202,7 @@
         <dependency>
             <groupId>org.lz4</groupId>
             <artifactId>lz4-java</artifactId>
-            <version>1.8.0</version>
+            <version>${lz4-java.version}</version>
         </dependency>
 
         <dependency>
@@ -251,17 +251,6 @@
             <version>${jline.version}</version>
         </dependency>
 
-        <dependency>
-            <groupId>org.jline</groupId>
-            <artifactId>jansi</artifactId>
-            <version>${jline.version}</version>
-            <!--
-                Optionally used by jline at runtime on Linux and macOS,
-                and required by jline at runtime on Windows.
-            -->
-            <scope>runtime</scope>
-        </dependency>
-
         <dependency>
             <groupId>net.bytebuddy</groupId>
             <artifactId>byte-buddy</artifactId>

exist-distribution/pom.xml

@@ -381,7 +381,8 @@
                                 <include>src/app/entitlements.plist</include>
                                 <include>src/assembly/**</include>
                                 <include>src/dmgbuild/settings.py</include>
-                                <include>src/main/scripts/codesign-jansi-mac.sh</include>
+                                <include>src/main/scripts/codesign-jline-mac.sh</include>
+                                <include>src/main/scripts/codesign-lz4-java-mac.sh</include>
                                 <include>src/main/scripts/create-dmg-mac.sh</include>
                                 <include>src/main/xslt/catalog.xml</include>
                                 <include>src/main/xslt/web.xslt</include>
@@ -1248,20 +1249,40 @@
                         <executions>
                             <execution>
                                 <!--
-                                    Signs the jansi native binaries
+                                    Signs the JLine native binaries
                                 -->
-                                <id>mac-codesign-jansi-native</id>
+                                <id>mac-codesign-jline-native</id>
                                 <phase>package</phase>
                                 <goals>
                                     <goal>exec</goal>
                                 </goals>
                                 <configuration>
                                     <useMavenLogger>true</useMavenLogger>
-                                    <executable>${project.basedir}/src/main/scripts/codesign-jansi-mac.sh</executable>
+                                    <executable>${project.basedir}/src/main/scripts/codesign-jline-mac.sh</executable>
                                     <arguments>
                                         <argument>${mac.bundle.java.dir}</argument>
                                         <argument>${jline.version}</argument>
-                                        <argument>${project.build.directory}/jansi-native</argument>
+                                        <argument>${project.build.directory}/jline-native</argument>
+                                        <argument>${mac.codesign.identity}</argument>
+                                    </arguments>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <!--
+                                    Signs the LZ4 Java native binaries
+                                -->
+                                <id>mac-codesign-lz4-java-native</id>
+                                <phase>package</phase>
+                                <goals>
+                                    <goal>exec</goal>
+                                </goals>
+                                <configuration>
+                                    <useMavenLogger>true</useMavenLogger>
+                                    <executable>${project.basedir}/src/main/scripts/codesign-lz4-java-mac.sh</executable>
+                                    <arguments>
+                                        <argument>${mac.bundle.java.dir}</argument>
+                                        <argument>${lz4-java.version}</argument>
+                                        <argument>${project.build.directory}/lz4-java-native</argument>
                                         <argument>${mac.codesign.identity}</argument>
                                     </arguments>
                                 </configuration>
@@ -1423,6 +1444,7 @@
                                         <argument>notarytool</argument>
                                         <argument>submit</argument>
                                         <argument>--verbose</argument>
+                                        <argument>--wait</argument>
                                         <argument>--apple-id</argument>
                                         <argument>${elemental.release.notarize.apple-id}</argument>
                                         <argument>--team-id</argument>
@@ -1433,6 +1455,23 @@
                                     </arguments>
                                 </configuration>
                             </execution>
+                            <execution>
+                                <id>mac-stapler-staple-dmg</id>
+                                <phase>package</phase>
+                                <goals>
+                                    <goal>exec</goal>
+                                </goals>
+                                <configuration>
+                                    <useMavenLogger>true</useMavenLogger>
+                                    <executable>/usr/bin/xcrun</executable>
+                                    <arguments>
+                                        <argument>stapler</argument>
+                                        <argument>staple</argument>
+                                        <argument>--verbose</argument>
+                                        <argument>${mac.dmg}</argument>
+                                    </arguments>
+                                </configuration>
+                            </execution>
 
                         </executions>
                     </plugin>

exist-distribution/src/main/scripts/codesign-jansi-mac.sh renamed to exist-distribution/src/main/scripts/codesign-jline-mac.sh

@@ -25,7 +25,7 @@
 
 
 # $1 is .app/Contents/Java dir
-# $2 is the jansi version
+# $2 is the jline version
 # $3 is temp work directory
 # $4 the mac codesign identity
 
@@ -50,15 +50,16 @@ do
   pushd "${3}"
 
   # extract the native files
-  jar -xf "${1}/jansi-${2}.jar" "org/jline/nativ/Mac/${arch}/libjlinenative.jnilib"
+  jar -xf "${1}/jline-${2}.jar" "org/jline/nativ/Mac/${arch}/libjlinenative.jnilib"
 
   # test if the file is unsigned, and sign if needed
   /usr/bin/codesign --verbose --test-requirement="=anchor trusted" --verify "org/jline/nativ/Mac/${arch}/libjlinenative.jnilib" || /usr/bin/codesign --verbose --force --timestamp --sign "${4}" "org/jline/nativ/Mac/${arch}/libjlinenative.jnilib"
 
   # overwrite the file in the jar
-  jar -uf "${1}/jansi-${2}.jar" "org/jline/nativ/Mac/${arch}/libjlinenative.jnilib"
+  jar -uf "${1}/jline-${2}.jar" "org/jline/nativ/Mac/${arch}/libjlinenative.jnilib"
 
   # switch back from temp output dir
   popd
 
 done
+

exist-distribution/src/main/scripts/codesign-lz4-java-mac.sh

@@ -0,0 +1,65 @@
+#!/usr/bin/env bash
+#
+# Elemental
+# Copyright (C) 2024, Evolved Binary Ltd
+#
+# [email protected]
+# https://www.evolvedbinary.com | https://www.elemental.xyz
+#
+# Use of this software is governed by the Business Source License 1.1
+# included in the LICENSE file and at www.mariadb.com/bsl11.
+#
+# Change Date: 2028-04-27
+#
+# On the date above, in accordance with the Business Source License, use
+# of this software will be governed by the Apache License, Version 2.0.
+#
+# Additional Use Grant: Production use of the Licensed Work for a permitted
+# purpose. A Permitted Purpose is any purpose other than a Competing Use.
+# A Competing Use means making the Software available to others in a commercial
+# product or service that: substitutes for the Software; substitutes for any
+# other product or service we offer using the Software that exists as of the
+# date we make the Software available; or offers the same or substantially
+# similar functionality as the Software.
+#
+
+
+# $1 is .app/Contents/Java dir
+# $2 is the lz4-java version
+# $3 is temp work directory
+# $4 the mac codesign identity
+
+
+set -e
+#set -x  ## enable to help debug
+
+# ensure a clean temp work directory
+if [ -d "${3}/net" ]
+then
+  rm -rf "${3}/net"
+fi
+
+# for each native arch
+archs=('aarch64' 'x86_64')
+for arch in ${archs[@]}
+do
+  # create the temp output dirs
+  mkdir -p "${3}/net/jpountz/util/darwin/${arch}"
+
+  # switch to temp output dir
+  pushd "${3}"
+
+  # extract the native files
+  jar -xf "${1}/lz4-java-${2}.jar" "net/jpountz/util/darwin/${arch}/liblz4-java.dylib"
+
+  # test if the file is unsigned, and sign if needed
+  /usr/bin/codesign --verbose --test-requirement="=anchor trusted" --verify "net/jpountz/util/darwin/${arch}/liblz4-java.dylib" || /usr/bin/codesign --verbose --force --timestamp --sign "${4}" "net/jpountz/util/darwin/${arch}/liblz4-java.dylib"
+
+  # overwrite the file in the jar
+  jar -uf "${1}/lz4-java-${2}.jar" "net/jpountz/util/darwin/${arch}/liblz4-java.dylib"
+
+  # switch back from temp output dir
+  popd
+
+done
+

exist-parent/pom.xml

@@ -102,6 +102,7 @@
         <icu.version>59.1</icu.version>
         <izpack.version>5.2.4</izpack.version>
         <jline.version>3.29.0</jline.version>
+        <lz4-java.version>1.8.0</lz4-java.version>
         <jdom1.version>1.1.3</jdom1.version>
         <jetty.version>11.0.25</jetty.version>
         <log4j.version>2.24.3</log4j.version>