From cc37aa14bc33bc708ef480fbcde9ba3ccad4073a Mon Sep 17 00:00:00 2001
From: Claudio Cambra <claudio.cambra@nextcloud.com>
Date: Fri, 22 Nov 2024 02:29:49 +0800
Subject: [PATCH 1/2] Add ability to skip certain files in recursive codesign

Signed-off-by: Claudio Cambra <claudio.cambra@nextcloud.com>
---
 admin/osx/mac-crafter/Sources/Utils/Codesign.swift | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/admin/osx/mac-crafter/Sources/Utils/Codesign.swift b/admin/osx/mac-crafter/Sources/Utils/Codesign.swift
index 405371f11..1e31b244c 100644
--- a/admin/osx/mac-crafter/Sources/Utils/Codesign.swift
+++ b/admin/osx/mac-crafter/Sources/Utils/Codesign.swift
@@ -60,7 +60,8 @@ func codesign(identity: String, path: String, options: String = defaultCodesignO
 func recursivelyCodesign(
     path: String,
     identity: String,
-    options: String = defaultCodesignOptions
+    options: String = defaultCodesignOptions,
+    skip: [String] = []
 ) throws {
     let fm = FileManager.default
     guard let pathEnumerator = fm.enumerator(atPath: path) else {
@@ -71,6 +72,10 @@ func recursivelyCodesign(
 
     for case let enumeratedItem as String in pathEnumerator {
         let enumeratedItemPath = "\(path)/\(enumeratedItem)"
+        guard !skip.contains(enumeratedItemPath) else {
+            print("Skipping \(enumeratedItemPath)...")
+            continue
+        }
         let isExecutableFile = try isExecutable(enumeratedItemPath)
         guard isLibrary(enumeratedItem) || isAppExtension(enumeratedItem) || isExecutableFile else {
             continue

From bd7c78300ab7f4a3127daad12bbc8525539797f2 Mon Sep 17 00:00:00 2001
From: Claudio Cambra <claudio.cambra@nextcloud.com>
Date: Fri, 22 Nov 2024 02:30:04 +0800
Subject: [PATCH 2/2] Skip main executable during first binary codesign round

Signed-off-by: Claudio Cambra <claudio.cambra@nextcloud.com>
---
 admin/osx/mac-crafter/Sources/Utils/Codesign.swift | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/admin/osx/mac-crafter/Sources/Utils/Codesign.swift b/admin/osx/mac-crafter/Sources/Utils/Codesign.swift
index 1e31b244c..be7eb586d 100644
--- a/admin/osx/mac-crafter/Sources/Utils/Codesign.swift
+++ b/admin/osx/mac-crafter/Sources/Utils/Codesign.swift
@@ -152,7 +152,6 @@ func codesignClientAppBundle(
     // Now we do the final codesign bit
     let binariesDir = "\(clientContentsDir)/MacOS"
     print("Code-signing Nextcloud Desktop Client binaries...")
-    try recursivelyCodesign(path: binariesDir, identity: codeSignIdentity)
 
     guard let appName = clientAppDir.components(separatedBy: "/").last, clientAppDir.hasSuffix(".app") else {
         throw AppBundleSigningError.couldNotEnumerate("Failed to determine main executable name.")
@@ -160,5 +159,7 @@ func codesignClientAppBundle(
 
     // Sign the main executable last
     let mainExecutableName = String(appName.dropLast(".app".count))
-    try codesign(identity: codeSignIdentity, path: "\(binariesDir)/\(mainExecutableName)")
+    let mainExecutablePath = "\(binariesDir)/\(mainExecutableName)"
+    try recursivelyCodesign(path: binariesDir, identity: codeSignIdentity, skip: [mainExecutablePath])
+    try codesign(identity: codeSignIdentity, path: mainExecutablePath)
 }