Skip to content

Commit

Permalink
[build] Sign '*.node' files
Browse files Browse the repository at this point in the history 
This PR has the goal to resolve issue eclipse-wildwebdeveloper#1403 by implementing the steps
that are performed in Orbit to sign Mac '*.node' NPM modules for the
WWD build.
  • Loading branch information
@vrubezhny
vrubezhny committed Nov 17, 2023
1 parent 8187ae6 commit adfde60
Show file tree
Hide file tree
Showing 2 changed files with 97 additions and 1 deletion.
3 changes: 3 additions & 0 deletions org.eclipse.wildwebdeveloper/eclipse-sign-node.properties
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# This file tells the Maven build to sign the *.node contained in built jar
# see the eclipse-sign-node profile defined in the parent pom
jars.directory = target
95 changes: 94 additions & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -212,8 +212,101 @@
</pluginManagement>
</build>


<profiles>
<profile>
<id>eclipse-sign-node</id>
<activation>
<file>
<exists>eclipse-sign-node.properties</exists>
</file>
<os>
<family>mac</family>
</os>
<property>
<name>profile.packAndSign</name>
</property>
</activation>
<!--
To activate *.node signing for a bundle, create a file in the project called 'eclipse-sign-node.properties' and
define as value of the key 'jars.directory' the directory that contains the jars whose *.node files have to be signed.
The following ant-script then extracts all *.node files, sign them and repacks them into the jar file.
-->
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-antrun-plugin</artifactId>
<dependencies>
<dependency>
<groupId>ant-contrib</groupId>
<artifactId>ant-contrib</artifactId>
<version>1.0b3</version>
<exclusions>
<exclusion>
<groupId>ant</groupId>
<artifactId>ant</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<executions>
<execution>
<id>sign-node-files</id>
<goals>
<goal>run</goal>
</goals>
<phase>verify</phase> <!-- Do this before extracting sources-->
<configuration>
<target>
<!-- See last answer of https://stackoverflow.com/questions/4368243/maven-antrun-with-sequential-ant-contrib-fails-to-run/45958355 -->
<!-- and http://ant-contrib.sourceforge.net/tasks/tasks/index.html -->
<taskdef resource="net/sf/antcontrib/antlib.xml"
classpathref="maven.plugin.classpath" />
<loadproperties srcFile="${project.basedir}/eclipse-sign-node.properties" prefix="signProperties." />
<for param="jarFile">
<fileset dir="${project.basedir}/${signProperties.jars.directory}" includes="**/*.jar" />
<sequential>
<local name="jarFilename" />
<basename property="jarFilename" file="@{jarFile}" suffix=".jar" />
<local name="signingDir" />
<property name="signingDir" value="${project.build.directory}/node-signing/${jarFilename}" />

<unzip src="@{jarFile}" dest="${signingDir}">
<patternset includes="node_modules/**/*.node" />
</unzip>

<for param="nodeFileAbsolute">
<fileset dir="${signingDir}" includes="node_modules/**/*.node" erroronmissingdir="false" />
<sequential>
<echo level="info" message="Mac-sign @{nodeFileAbsolute}" />
<local name="nodeFile" />
<property name="nodeFile" value="@{nodeFileAbsolute}" relative="true" basedir="${signingDir}" />
<move file="@{nodeFileAbsolute}" tofile="@{nodeFileAbsolute}-tosign" />
<exec executable="curl" dir="${signingDir}" failonerror="true">
<arg value="-o" />
<arg value="${nodeFile}" />
<arg value="-F" />
<arg value="file=@${nodeFile}-tosign" />
<arg value="https://cbi.eclipse.org/macos/codesign/sign" />
</exec>
<exec executable="jar" dir="${signingDir}" failonerror="true">
<arg value="--update" />
<arg value="--file=@{jarFile}" />
<arg value="${nodeFile}" />
</exec>
</sequential>
</for>
</sequential>
</for>
</target>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>

<profile>
<id>packAndSign</id>
<build>
Expand Down

0 comments on commit adfde60

Please sign in to comment.