From d16efb07279452cce5957850f9dadbb58033e77e Mon Sep 17 00:00:00 2001
From: Claudio Cambra <claudio.cambra@nextcloud.com>
Date: Tue, 14 Jan 2025 13:43:58 +0800
Subject: [PATCH] mac-crafter: Apply code-signing procedure on Sparkle as
 recommended by Sparkle docs

Signed-off-by: Claudio Cambra <claudio.cambra@nextcloud.com>
---
 .../mac-crafter/Sources/Utils/Codesign.swift  | 32 +++++++++++++------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/admin/osx/mac-crafter/Sources/Utils/Codesign.swift b/admin/osx/mac-crafter/Sources/Utils/Codesign.swift
index f262ff39d..1f43d3e49 100644
--- a/admin/osx/mac-crafter/Sources/Utils/Codesign.swift
+++ b/admin/osx/mac-crafter/Sources/Utils/Codesign.swift
@@ -126,17 +126,31 @@ func codesignClientAppBundle(
     // We need to strip these out manually.
 
     let sparkleFrameworkPath = "\(frameworksPath)/Sparkle.framework"
-    if FileManager.default.fileExists(atPath: "\(sparkleFrameworkPath)/Resources/Autoupdate.app") {
-        print("Code-signing Sparkle autoupdater app (without entitlements)...")
-
-        try recursivelyCodesign(
-            path: "\(sparkleFrameworkPath)/Resources/Autoupdate.app",
+    if FileManager.default.fileExists(atPath: sparkleFrameworkPath) {
+        print("Code-signing Sparkle...")
+        try codesign(
             identity: codeSignIdentity,
-            options: "--timestamp --force --verbose=4 --options runtime --deep"
+            path: "\(sparkleFrameworkPath)/Versions/B/XPCServices/Installer.xpc",
+            options: "-f -o runtime"
+        )
+        try codesign(
+            identity: codeSignIdentity,
+            path: "\(sparkleFrameworkPath)/Versions/B/XPCServices/Downloader.xpc",
+            options: "-f -o runtime --preserve-metadata=entitlements"
+        )
+        try codesign(
+            identity: codeSignIdentity,
+            path: "\(sparkleFrameworkPath)/Versions/B/Autoupdate",
+            options: "-f -o runtime"
+        )
+        try codesign(
+            identity: codeSignIdentity,
+            path: "\(sparkleFrameworkPath)/Versions/B/Updater.app",
+            options: "-f -o runtime"
+        )
+        try codesign(
+            identity: codeSignIdentity, path: sparkleFrameworkPath, options: "-f -o runtime"
         )
-
-        print("Re-codesigning Sparkle library...")
-        try codesign(identity: codeSignIdentity, path: "\(sparkleFrameworkPath)/Sparkle")
     } else {
         print("Build does not have Sparkle, skipping.")
     }
-- 
2.30.2