--- /dev/null
+# Using sign_and_staple_dmg.sh
+
+## Important flags
+
+|||
+|-|-|
+|`-i dmgfile` | Path to the DMG file to be signed/stapled |
+|`-s` | Sign the known binaries in the DMG file |
+|`-p` | Staple the .app in the DMG file |
+|`-v iconfile` | Set the volume icon to iconfile |
+|`-o outputfile` | Output DMG will be outputfile |
+|`-O` | Overwrite output file if it already exists |
+|`-y` | Don't ask for confirmation |
+
+### Expected usage
+
+*e.g.*
+`sign_and_staple_dmg.sh -i build/install4j/1.8/Jalview_Develop-2_11_4_0-d*-macos-aarch64-java_11.dmg -s -r -v utils/channel/release/images/jalview_develop-VolumeIcon.icns`
+
+will work mount the DMG file `build/install4j/1.8/Jalview_Develop-2_11_4_0-d*-macos-aarch64-java_11.dmg` in temp folder,
+make a copy of the contents,
+sign the known binaries,
+put the Volume Icon into the copy of the volume,
+staple the .app bundle,
+make a new RW DMG, mount that and set the Volume Icon for the volume,
+convert that back to a RO DMG file.
+
+The DMG file will be saved in a subfolder where the original file was found, called one of `notsigned`, `signed`, `stapled` and with the same filename as the original.
+The output file can be changed with `-o outputfile` (which works from pwd, not necessarily the directory of the original dmgfile).
+
+## Codesigned files
+
+Presently only the files that were signed in sign_dmg.sh and stapled in staple_dmg.sh (see previous commits, e.g. be110b0de5) are being signed/stapled:
+
+### Signed
+
+(`${APPNAME}` is, e.g. "Jalview Develop.app")
+
+- `${APPNAME}/Contents/Resources/app/jre/Contents/MacOS/libjli.dylib`
+- `${APPNAME}/Contents/MacOS/JavaApplicationStub`
+
+### Stapled
+
+- `${APPNAME}`
+
+### Final signing
+
+- The resulting DMG file.
+
+
+### Not signed, maybe should be?
+
+The JAR and specific contents of the JAR mentioned in `README.old` are NOT signed in `sign_and_staple_dmg.sh` (yet).
+
+### Future work
+
+The list of files to be signed should be able to be passed in, maybe as comma or space-separated list option value, or list of remaining args, or as an input text file.
+
+++ /dev/null
-#!/bin/bash
-
-if [[ "$GITDIR" == "" ]]; then
- GITDIR=~/uod-development/jalview-builds/git/jalview
-fi;
-
-
-if [[ "$DEVELOPERID" == "" ]]; then
- DEVELOPERID="Developer ID"
-fi;
-
-if [[ "$TMPDMG" == "" ]]; then
- TMPDMG="staplingDMG"
-fi;
-
-
-echo APPNAME $APPNAME like Jalview Test
-echo doing ARCH $ARCH
-echo using entitlements from $GITDIR
-
-FAPPNAME="${APPNAME/ /\\ }"
-FAPPNAMEESC="${APPNAME/ /\\\\\\ }"
-FWAPP="${APPNAME/ [A-Za-z]*/}"
-ARCHNAME="${APPNAME// /_}-${APPVER//\./_}-macos-$ARCH-java_$JVER"
-DMGNAME="${APPNAME/ /_}-${APPVER//\./_}-macos-$ARCH-java_$JVER.dmg"
-VOLNAME="${APPNAME// /_}\\ Installer\\ \\(${APPVER//\./_}\\ $ARCH\\ $JVER\\)"
-VLNAME="${APPNAME// /_} Installer (${APPVER//\./_} $ARCH $JVER)"
-BORINGVLNAME="${APPNAME} Installer"
-echo "will mount $DMGNAME as $VOLNAME"
-
-if [[ -d $TMPDMG ]]; then
- echo "'$TMPDMG' is in the way. Please delete it or set TMPDMG"
- exit 1;
-fi
-
-if [[ -f $DMGNAME ]]; then
- hdiutil attach $DMGNAME
- ditto /Volumes/${FWAPP}* $TMPDMG
- hdiutil eject /Volumes/${FWAPP}*
- xcrun stapler staple $TMPDMG/${FWAPP}*.app
- mkdir -p stapled
- hdiutil create -megabytes 240 -srcfolder $TMPDMG -volname "$BORINGVLNAME" stapled/$DMGNAME
- codesign --force --deep -vvvv -s "$DEVELOPERID" --options runtime --entitlements ${GITDIR}/utils/osx_signing/entitlements.txt stapled/$DMGNAME
- codesign --deep -vvvv stapled/$DMGNAME
- echo "Stapled DMG is in stapled/$DMGNAME"
- rm -Rf $TMPDMG
-else
- echo Can\'t find $DMGNAME - dit you set APPNAME APPVER ARCH and JVER correctly ?
-fi
-