Fix codesigning

install/macos/build_app.py

@@ -6,6 +6,7 @@ import subprocess
 import shutil
 import argparse
 import glob
+import itertools
 
 root = os.path.dirname(
     os.path.dirname(
@@ -18,6 +19,24 @@ def run(cmd):
     subprocess.run(cmd, cwd=root, check=True)
 
 
+def codesign(path, entitlements, identity):
+    run(
+        [
+            "codesign",
+            "--sign",
+            identity,
+            "--entitlements",
+            str(entitlements),
+            "--timestamp",
+            "--deep",
+            str(path),
+            "--force",
+            "--options",
+            "runtime",
+        ]
+    )
+
+
 def main():
     # Parse arguments
     parser = argparse.ArgumentParser()
@@ -58,19 +77,14 @@ def main():
         )
         entitlements_plist_path = os.path.join(root, "install/macos/entitlements.plist")
 
-        run(
+        for path in itertools.chain(
-            [
+            glob.glob(f"{app_path}/**/*.so", recursive=True),
-                "codesign",
+            glob.glob(f"{app_path}/**/*.dylib", recursive=True),
-                "--deep",
+            glob.glob(f"{app_path}/**/Python3", recursive=True),
-                "-s",
+            [app_path],
-                identity_name_application,
+        ):
-                "-o",
+            codesign(path, entitlements_plist_path, identity_name_application)
-                "runtime",
+        print(f"○ Signed app bundle: {app_path}")
-                "--entitlements",
-                entitlements_plist_path,
-                app_path,
-            ]
-        )
 
         # Detect if create-dmg is installed
         if not os.path.exists("/usr/local/bin/create-dmg"):