cargo-apple-runner 0.0.1

Cargo runner for bundling and launching applications on simulator / on device
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

//! Docs on code signing:
//! - <https://developer.apple.com/library/archive/technotes/tn2206/_index.html#//apple_ref/doc/uid/DTS40007919>
//! - <https://developer.apple.com/help/account/>
//!
//! Various tech notes:
//! - <https://developer.apple.com/documentation/technotes/tn3125-inside-code-signing-provisioning-profiles>
//! - <https://developer.apple.com/documentation/technotes/tn3126-inside-code-signing-hashes>
//! - <https://developer.apple.com/documentation/technotes/tn3127-inside-code-signing-requirements>
//! - <https://developer.apple.com/documentation/technotes/tn3161-inside-code-signing-certificates>
use std::{path::Path, process::Command};

use anyhow::Result;
use tracing::debug;

use crate::{Binary, Platform, util};

/// Sign the given path.
///
/// NOTE: We don't provide a way to set `--identifier` here, the user should
/// do that with their `CFBundleIdentifier` in their embedded `Info.plist`
/// instead. Similar for `--options`, the user should set `CSFlags` instead.
pub fn codesign(
    path: &Path,
    binary: &Binary,
    signing_identity: &str,
    entitlements_path: Option<&Path>,
) -> Result<()> {
    // if matches!(
    //     binary.version().platform,
    //     Platform::MACOS | Platform::MACCATALYST
    // ) && binary.signed
    //     && binary.entitlements_data.is_none()
    // {
    //     warn!("avoided signing, we'd just have done a dummy resigning");
    //     return Ok(());
    // }

    // TODO: Use `tauri-macos-sign`?
    let mut cmd = Command::new("codesign");

    // Resign.
    cmd.arg("--force");

    // Use given signing identity.
    cmd.arg("--sign");
    cmd.arg(signing_identity);

    if let Some(entitlements_path) = entitlements_path {
        cmd.arg("--entitlements");
        cmd.arg(entitlements_path);

        // Unsure if required, Xcode adds this by default.
        cmd.arg("--generate-entitlement-der");
    }

    // Don't contact Apple's servers.
    if binary.platform() == Platform::MACOS {
        // TODO: Is this the right condition? Do we need to allow users to
        // control this?
        cmd.arg("--timestamp=none");
    }

    // The thing to sign.
    cmd.arg(path);

    debug!("{cmd:?}");

    let stdout = util::command_stdout(cmd)?;
    debug_assert_eq!(stdout, b"");

    Ok(())
}