From 863ba0f4fb52c0a57b131f0c6dbc338e21ebb1c2 Mon Sep 17 00:00:00 2001
From: kingtous <kingtous@qq.com>
Date: Thu, 5 Jan 2023 22:05:24 +0800
Subject: [PATCH] feat: notarize dmg support

---
 .github/workflows/flutter-nightly.yml         | 20 +++++++++++++++-
 .../macos/Runner.xcodeproj/project.pbxproj    | 23 +++++++++++++------
 .../macos/Runner/DebugProfile.entitlements    |  2 ++
 flutter/macos/Runner/Release.entitlements     |  4 ++++
 4 files changed, 41 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/flutter-nightly.yml b/.github/workflows/flutter-nightly.yml
index 8c31ee097..d2a256d91 100644
--- a/.github/workflows/flutter-nightly.yml
+++ b/.github/workflows/flutter-nightly.yml
@@ -156,11 +156,27 @@ jobs:
           p12-password: ${{ secrets.MACOS_P12_PASSWORD }}
           keychain: rustdesk
       
-      - name: Check sign 
+      - name: Check sign and import sign key
         run: |
           security default-keychain -s rustdesk.keychain
           security find-identity -v
 
+      - name: Import notarize key
+        uses: timheuer/base64-to-file@v1.2
+        with:
+          fileName: rustdesk.json
+          fileDir: ${{ github.workspace }}
+          encodedString: ${{ secrets.MACOS_NOTARIZE_JSON }}
+          
+      - name: Install rcodesign tool
+        shell: bash
+        run: | 
+          pushd /tmp
+          wget https://github.com/indygreg/apple-platform-rs/releases/download/apple-codesign%2F0.22.0/apple-codesign-0.22.0-macos-universal.tar.gz
+          tar -zxvf apple-codesign-0.22.0-macos-universal.tar.gz
+          mv apple-codesign-0.22.0-macos-universal/rcodesign /usr/local/bin
+          popd
+
       - name: Install build runtime
         run: |
           brew install llvm create-dmg nasm yasm cmake gcc wget ninja
@@ -232,6 +248,8 @@ jobs:
           codesign --force -s ${{ secrets.MACOS_CODESIGN_IDENTITY }} --deep ./flutter/build/macos/Build/Products/Release/rustdesk.app -v
           create-dmg rustdesk-${{ env.VERSION }}.dmg ./flutter/build/macos/Build/Products/Release/rustdesk.app
           codesign --force -s ${{ secrets.MACOS_CODESIGN_IDENTITY }} --deep rustdesk-${{ env.VERSION }}.dmg -v
+          # notarize the rustdesk-${{ env.VERSION }}.dmg
+          rcodesign notary-submit --api-key-path ${{ github.workspace }}/rustdesk.json  --staple rustdesk-${{ env.VERSION }}.dmg
 
       - name: Rename rustdesk
         run: |
diff --git a/flutter/macos/Runner.xcodeproj/project.pbxproj b/flutter/macos/Runner.xcodeproj/project.pbxproj
index e375623f0..1274ec932 100644
--- a/flutter/macos/Runner.xcodeproj/project.pbxproj
+++ b/flutter/macos/Runner.xcodeproj/project.pbxproj
@@ -436,8 +436,11 @@
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_ENTITLEMENTS = Runner/DebugProfile.entitlements;
+				"CODE_SIGN_IDENTITY[sdk=macosx*]" = "-";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
+				DEVELOPMENT_TEAM = "";
+				ENABLE_HARDENED_RUNTIME = YES;
 				INFOPLIST_FILE = Runner/Info.plist;
 				LD_RUNPATH_SEARCH_PATHS = (
 					"$(inherited)",
@@ -558,15 +561,15 @@
 				MACOSX_DEPLOYMENT_TARGET = 10.14;
 				MTL_ENABLE_DEBUG_INFO = NO;
 				ONLY_ACTIVE_ARCH = YES;
-				SDKROOT = macosx;
-				SWIFT_COMPILATION_MODE = wholemodule;
-				SWIFT_OPTIMIZATION_LEVEL = "-O";
 				OTHER_LDFLAGS = (
 					"-sectcreate",
 					__CGPreLoginApp,
 					__cgpreloginapp,
 					/dev/null,
 				);
+				SDKROOT = macosx;
+				SWIFT_COMPILATION_MODE = wholemodule;
+				SWIFT_OPTIMIZATION_LEVEL = "-O";
 			};
 			name = Release;
 		};
@@ -577,8 +580,11 @@
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_ENTITLEMENTS = Runner/DebugProfile.entitlements;
+				"CODE_SIGN_IDENTITY[sdk=macosx*]" = "-";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
+				DEVELOPMENT_TEAM = "";
+				ENABLE_HARDENED_RUNTIME = YES;
 				INFOPLIST_FILE = Runner/Info.plist;
 				LD_RUNPATH_SEARCH_PATHS = (
 					"$(inherited)",
@@ -604,8 +610,11 @@
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_ENTITLEMENTS = Runner/Release.entitlements;
+				"CODE_SIGN_IDENTITY[sdk=macosx*]" = "-";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
+				DEVELOPMENT_TEAM = "";
+				ENABLE_HARDENED_RUNTIME = YES;
 				INFOPLIST_FILE = Runner/Info.plist;
 				LD_RUNPATH_SEARCH_PATHS = (
 					"$(inherited)",
@@ -616,16 +625,16 @@
 					../../target/release,
 				);
 				MACOSX_DEPLOYMENT_TARGET = 10.14;
-				PRODUCT_BUNDLE_IDENTIFIER = com.carriez.rustdesk;
-				PROVISIONING_PROFILE_SPECIFIER = "";
-				"SWIFT_OBJC_BRIDGING_HEADER[arch=*]" = Runner/bridge_generated.h;
-				SWIFT_VERSION = 5.0;
 				OTHER_LDFLAGS = (
 					"-sectcreate",
 					__CGPreLoginApp,
 					__cgpreloginapp,
 					/dev/null,
 				);
+				PRODUCT_BUNDLE_IDENTIFIER = com.carriez.rustdesk;
+				PROVISIONING_PROFILE_SPECIFIER = "";
+				"SWIFT_OBJC_BRIDGING_HEADER[arch=*]" = Runner/bridge_generated.h;
+				SWIFT_VERSION = 5.0;
 			};
 			name = Release;
 		};
diff --git a/flutter/macos/Runner/DebugProfile.entitlements b/flutter/macos/Runner/DebugProfile.entitlements
index 9f56413f3..b52c39df4 100644
--- a/flutter/macos/Runner/DebugProfile.entitlements
+++ b/flutter/macos/Runner/DebugProfile.entitlements
@@ -6,6 +6,8 @@
 	<false/>
 	<key>com.apple.security.cs.allow-jit</key>
 	<true/>
+	<key>com.apple.security.device.audio-input</key>
+	<true/>
 	<key>com.apple.security.network.server</key>
 	<true/>
 </dict>
diff --git a/flutter/macos/Runner/Release.entitlements b/flutter/macos/Runner/Release.entitlements
index 08ba3a3fa..7f588d928 100644
--- a/flutter/macos/Runner/Release.entitlements
+++ b/flutter/macos/Runner/Release.entitlements
@@ -4,6 +4,10 @@
 <dict>
 	<key>com.apple.security.app-sandbox</key>
 	<false/>
+	<key>com.apple.security.cs.allow-jit</key>
+	<true/>
+	<key>com.apple.security.device.audio-input</key>
+	<true/>
 	<key>com.apple.security.network.client</key>
 	<true/>
 </dict>