From 518abfdf0b3d2028617b781219086ad932c6f40a Mon Sep 17 00:00:00 2001
From: Ben Soares <b.soares@dundee.ac.uk>
Date: Mon, 19 Aug 2024 17:33:16 +0100
Subject: [PATCH] JAL-4428 README.md file for sign_and_stapled_dmg.sh

---
 utils/osx_signing/README.md              |   58 ++++++++++++++++++++++++++++++
 utils/osx_signing/{README => README.old} |    0
 utils/osx_signing/staple_dmg.sh          |   50 --------------------------
 3 files changed, 58 insertions(+), 50 deletions(-)
 create mode 100644 utils/osx_signing/README.md
 rename utils/osx_signing/{README => README.old} (100%)
 delete mode 100755 utils/osx_signing/staple_dmg.sh

diff --git a/utils/osx_signing/README.md b/utils/osx_signing/README.md
new file mode 100644
index 0000000..d3184cd
--- /dev/null
+++ b/utils/osx_signing/README.md
@@ -0,0 +1,58 @@
+# Using sign_and_staple_dmg.sh
+
+## Important flags
+
+|||
+|-|-|
+|`-i dmgfile`    | Path to the DMG file to be signed/stapled |
+|`-s`            | Sign the known binaries in the DMG file |
+|`-p`            | Staple the .app in the DMG file |
+|`-v iconfile`   | Set the volume icon to iconfile |
+|`-o outputfile` | Output DMG will be outputfile |
+|`-O`            | Overwrite output file if it already exists |
+|`-y`            | Don't ask for confirmation |
+
+### Expected usage
+
+*e.g.*
+`sign_and_staple_dmg.sh -i build/install4j/1.8/Jalview_Develop-2_11_4_0-d*-macos-aarch64-java_11.dmg -s -r -v utils/channel/release/images/jalview_develop-VolumeIcon.icns`
+
+will work mount the DMG file `build/install4j/1.8/Jalview_Develop-2_11_4_0-d*-macos-aarch64-java_11.dmg` in temp folder,
+make a copy of the contents,
+sign the known binaries,
+put the Volume Icon into the copy of the volume,
+staple the .app bundle,
+make a new RW DMG, mount that and set the Volume Icon for the volume,
+convert that back to a RO DMG file.
+
+The DMG file will be saved in a subfolder where the original file was found, called one of `notsigned`, `signed`, `stapled` and with the same filename as the original.
+The output file can be changed with `-o outputfile` (which works from pwd, not necessarily the directory of the original dmgfile).
+
+## Codesigned files
+
+Presently only the files that were signed in sign_dmg.sh and stapled in staple_dmg.sh (see previous commits, e.g. be110b0de5) are being signed/stapled:
+
+### Signed
+
+(`${APPNAME}` is, e.g. "Jalview Develop.app")
+
+- `${APPNAME}/Contents/Resources/app/jre/Contents/MacOS/libjli.dylib`
+- `${APPNAME}/Contents/MacOS/JavaApplicationStub`
+
+### Stapled
+
+- `${APPNAME}`
+
+### Final signing
+
+- The resulting DMG file.
+
+
+### Not signed, maybe should be?
+
+The JAR and specific contents of the JAR mentioned in `README.old` are NOT signed in `sign_and_staple_dmg.sh` (yet).
+
+### Future work
+
+The list of files to be signed should be able to be passed in, maybe as comma or space-separated list option value, or list of remaining args, or as an input text file.
+
diff --git a/utils/osx_signing/README b/utils/osx_signing/README.old
similarity index 100%
rename from utils/osx_signing/README
rename to utils/osx_signing/README.old
diff --git a/utils/osx_signing/staple_dmg.sh b/utils/osx_signing/staple_dmg.sh
deleted file mode 100755
index 0eb24dc..0000000
--- a/utils/osx_signing/staple_dmg.sh
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/bin/bash
-
-if [[ "$GITDIR" == "" ]]; then
-    GITDIR=~/uod-development/jalview-builds/git/jalview
-fi;
-
-
-if [[ "$DEVELOPERID" == "" ]]; then
-    DEVELOPERID="Developer ID"
-fi;
-
-if [[ "$TMPDMG" == "" ]]; then
-    TMPDMG="staplingDMG"
-fi;
-
-
-echo APPNAME $APPNAME like Jalview Test
-echo doing ARCH $ARCH
-echo using entitlements from $GITDIR
-
-FAPPNAME="${APPNAME/ /\\ }"
-FAPPNAMEESC="${APPNAME/ /\\\\\\ }"
-FWAPP="${APPNAME/ [A-Za-z]*/}"
-ARCHNAME="${APPNAME// /_}-${APPVER//\./_}-macos-$ARCH-java_$JVER"
-DMGNAME="${APPNAME/ /_}-${APPVER//\./_}-macos-$ARCH-java_$JVER.dmg"
-VOLNAME="${APPNAME// /_}\\ Installer\\ \\(${APPVER//\./_}\\ $ARCH\\ $JVER\\)"
-VLNAME="${APPNAME// /_} Installer (${APPVER//\./_} $ARCH $JVER)"
-BORINGVLNAME="${APPNAME} Installer"
-echo "will mount $DMGNAME as $VOLNAME"
-
-if [[ -d $TMPDMG ]]; then
-	echo "'$TMPDMG' is in the way. Please delete it or set TMPDMG"
-	exit 1;
-fi
-
-if [[ -f $DMGNAME ]]; then
-    hdiutil attach $DMGNAME
-    ditto /Volumes/${FWAPP}* $TMPDMG
-    hdiutil eject /Volumes/${FWAPP}*
-    xcrun stapler staple $TMPDMG/${FWAPP}*.app
-    mkdir -p stapled
-    hdiutil create -megabytes 240 -srcfolder $TMPDMG -volname "$BORINGVLNAME" stapled/$DMGNAME
-    codesign --force --deep -vvvv -s "$DEVELOPERID" --options runtime --entitlements ${GITDIR}/utils/osx_signing/entitlements.txt stapled/$DMGNAME
-    codesign --deep -vvvv stapled/$DMGNAME
-	echo "Stapled DMG is in stapled/$DMGNAME"
-    rm -Rf $TMPDMG    
-else
-    echo Can\'t find $DMGNAME - dit you set APPNAME APPVER ARCH and JVER correctly ?
-fi
-
-- 
1.7.10.2