From 8149fe0f7e68ab75262da25b7e78968538fa5f7d Mon Sep 17 00:00:00 2001 From: Timothy Schoen <44585538+timothyschoen@users.noreply.github.com> Date: Sun, 4 Jan 2026 13:11:25 +0100 Subject: [PATCH 1/3] Sign libusb for macOS --- build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.sh b/build.sh index d7dde9a..d089b8f 100755 --- a/build.sh +++ b/build.sh @@ -246,7 +246,7 @@ EOF find ./Heavy/bin -type f -perm +111 -exec /usr/bin/codesign --force --options runtime -s "Developer ID Application: Timothy Schoen (7SV7JPRR2L)" {} \; /usr/bin/codesign --force --options runtime --entitlements entitlements.plist -s "Developer ID Application: Timothy Schoen (7SV7JPRR2L)" ./Heavy/bin/Heavy/Heavy - + /usr/bin/codesign --force --options runtime --entitlements entitlements.plist -s "Developer ID Application: Timothy Schoen (7SV7JPRR2L)" ./Heavy/lib/libusb-1.0.0.dylib # Submit the zipped executable for notarization # This makes sure we can at least run it with online notarization ditto -c -k --keepParent ./Heavy/bin Heavy.zip From f0189697c129d1376e662a4520c4212ee628e51d Mon Sep 17 00:00:00 2001 From: Timothy Schoen <44585538+timothyschoen@users.noreply.github.com> Date: Sun, 4 Jan 2026 15:18:35 +0100 Subject: [PATCH 2/3] Search recursively for all executables and shared libs, sign them all --- build.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/build.sh b/build.sh index d089b8f..81e3b0f 100755 --- a/build.sh +++ b/build.sh @@ -244,9 +244,11 @@ elif [[ "$OSTYPE" == "darwin"* ]]; then EOF - find ./Heavy/bin -type f -perm +111 -exec /usr/bin/codesign --force --options runtime -s "Developer ID Application: Timothy Schoen (7SV7JPRR2L)" {} \; - /usr/bin/codesign --force --options runtime --entitlements entitlements.plist -s "Developer ID Application: Timothy Schoen (7SV7JPRR2L)" ./Heavy/bin/Heavy/Heavy - /usr/bin/codesign --force --options runtime --entitlements entitlements.plist -s "Developer ID Application: Timothy Schoen (7SV7JPRR2L)" ./Heavy/lib/libusb-1.0.0.dylib + find ./Heavy -type f -perm +111 -exec file {} \; | grep "Mach-O.*executable" | cut -d: -f1 | while read f; do + /usr/bin/codesign --force --options runtime --entitlements entitlements.plist -s "Developer ID Application: Timothy Schoen (7SV7JPRR2L)" "$f" + done + find ./Heavy -type f \( -name "*.dylib" -o -name "*.so" \) -exec /usr/bin/codesign --force --options runtime --entitlements entitlements.plist -s "Developer ID Application: Timothy Schoen (7SV7JPRR2L)" {} \; + # Submit the zipped executable for notarization # This makes sure we can at least run it with online notarization ditto -c -k --keepParent ./Heavy/bin Heavy.zip From 734903f0d9005d40025752a4680854bb5729249f Mon Sep 17 00:00:00 2001 From: Timothy Schoen Date: Sun, 4 Jan 2026 15:43:23 +0100 Subject: [PATCH 3/3] Notarize all binaries --- build.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.sh b/build.sh index 81e3b0f..356e8d5 100755 --- a/build.sh +++ b/build.sh @@ -248,10 +248,10 @@ EOF /usr/bin/codesign --force --options runtime --entitlements entitlements.plist -s "Developer ID Application: Timothy Schoen (7SV7JPRR2L)" "$f" done find ./Heavy -type f \( -name "*.dylib" -o -name "*.so" \) -exec /usr/bin/codesign --force --options runtime --entitlements entitlements.plist -s "Developer ID Application: Timothy Schoen (7SV7JPRR2L)" {} \; - + # Submit the zipped executable for notarization # This makes sure we can at least run it with online notarization - ditto -c -k --keepParent ./Heavy/bin Heavy.zip + ditto -c -k --keepParent ./Heavy Heavy.zip xcrun notarytool store-credentials "notary_login" --apple-id ${AC_USERNAME} --password ${AC_PASSWORD} --team-id "7SV7JPRR2L" xcrun notarytool submit Heavy.zip --keychain-profile "notary_login" --wait rm Heavy.zip