Have PyInstaller sign MacOS binaries

This commit is contained in:
Jay Lee
2024-09-17 21:35:47 -04:00
parent b7a20ceb4f
commit e54d3d274a
3 changed files with 19 additions and 11 deletions

View File

@@ -608,12 +608,12 @@ jobs:
rm -v "$gam" rm -v "$gam"
mv -v "${gam}-staticx" "$gam" mv -v "${gam}-staticx" "$gam"
- name: MacOS sign GAM binary #- name: MacOS sign GAM binary
if: runner.os == 'macOS' # if: runner.os == 'macOS'
run: | # run: |
security find-identity -v signing_temp.keychain # security find-identity -v signing_temp.keychain
codesign --force --deep --sign "Jay Lee" --options=runtime --entitlements "${GITHUB_WORKSPACE}/.github/actions/entitlements.plist" --timestamp "$gam" # codesign --force --deep --sign "Jay Lee" --options=runtime --entitlements "${GITHUB_WORKSPACE}/.github/actions/entitlements.plist" --timestamp "$gam"
codesign -dv --verbose=4 "$gam" # codesign -dv --verbose=4 "$gam"
- name: MacOS send GAM binary for Apple notarization - name: MacOS send GAM binary for Apple notarization
if: runner.os == 'macOS' if: runner.os == 'macOS'

6
src/add_lib.py Normal file
View File

@@ -0,0 +1,6 @@
import os
import sys
sys.path.append(os.path.join(os.getcwd(), 'lib'))
sys._MEIPASS=os.path.join(sys._MEIPASS, 'lib')

View File

@@ -30,7 +30,7 @@ a = Analysis(
hiddenimports=hiddenimports, hiddenimports=hiddenimports,
hookspath=[], hookspath=[],
hooksconfig={}, hooksconfig={},
runtime_hooks=[], runtime_hooks=['add_lib.py'],
excludes=[], excludes=[],
win_no_prefer_redirects=False, win_no_prefer_redirects=False,
win_private_assemblies=False, win_private_assemblies=False,
@@ -48,12 +48,16 @@ pyz = PYZ(a.pure,
cipher=None) cipher=None)
# requires Python 3.10+ but no one should be compiling # requires Python 3.10+ but no one should be compiling
# GAM with older versions anyway # GAM with older versions anyway
target_arch = None
codesign_identity = None
entitlements_file = None
match platform: match platform:
case "darwin": case "darwin":
if getenv('arch') == 'universal2': if getenv('arch') == 'universal2':
target_arch = "universal2" target_arch = "universal2"
else: codesign_identity = getenv('codesign_identity')
target_arch = None if codesign_identity:
entitlements_file = '../.github/actions/entitlements.plist'
strip = True strip = True
case "win32": case "win32":
target_arch = None target_arch = None
@@ -68,8 +72,6 @@ upx = False
console = True console = True
disable_windowed_traceback = False disable_windowed_traceback = False
argv_emulation = False argv_emulation = False
codesign_identity = None
entitlements_file = None
if not getenv('PYINSTALLER_BUILD_ONEDIR') == 'yes': if not getenv('PYINSTALLER_BUILD_ONEDIR') == 'yes':
# Build one file # Build one file
exe = EXE( exe = EXE(