Fix notarization

.gitignore

@@ -5,4 +5,7 @@ pdxu.properties
 bin
 !resources/bin
 .vscode
-out
+out
+misc/macos_notarize_test.sh
+notarization.zip
+.DS_Store

README.md

@@ -223,8 +223,8 @@ you can join the [Pdx-Unlimiter Discord](https://discord.gg/BVE4vxqFpU).
 # Development
 
 To build this project, a JDK for at least Java 19 is required.
-You can then build the gradle project using the gradle wrapper with `gradle/gradlew build` or `gradle\gradlew.bat build`.
-For running, you can use `gradle/gradlew run`.
+You can then build the gradle project using the gradle wrapper with `./gradle/gradlew build` or `.\gradle\gradlew.bat build`.
+For running, you can use `./gradle/gradlew run`.
 Note here that the gradle wrapper has been moved into the `gradle` subdirectory.
 You can use the automatically generated file `pdxu.properties`, which is created when gradle is run the first time,
 to set some useful development options when needed.

gradle/build.gradle

@@ -33,7 +33,7 @@ dependencies {
 }
 
 repositories {
-    flatDir{
+    flatDir {
         dirs file("$rootDir/misc/lib")
     }
     mavenCentral()
@@ -93,12 +93,20 @@ jlink {
         appVersion = canonicalVersion
         imageOutputDir = file("$buildDir/dist")
         imageName = 'Pdx-Unlimiter'
+        imageOptions += ['--verbose']
         if (DefaultNativePlatform.currentOperatingSystem.windows) {
             icon = "misc/logo.ico"
         } else if (DefaultNativePlatform.currentOperatingSystem.linux) {
             icon = "misc/logo.png"
         } else {
             icon = "misc/logo.icns"
+            imageOptions += [
+                    '--mac-sign',
+                    '--mac-package-signing-prefix', 'com.crschnick.pdxu',
+                    '--mac-signing-key-user-name', 'Christopher Schnick (PF6V9HYACS)',
+                    '--mac-package-name', "X-Pipe",
+                    '--mac-entitlements', "$projectDir/misc/Entitlements.plist"
+            ]
         }
         skipInstaller = true
         applicationName = 'Pdx-Unlimiter'
@@ -161,11 +169,13 @@ task createDist(type: Zip, dependsOn: jpackage) {
 
 task bundleDmg(type: org.gradle.api.DefaultTask) {
     doLast {
-        exec {
-            commandLine "$projectDir/misc/macos_notarize.sh", "$projectDir"
-        }
-        exec {
-            commandLine "$projectDir/misc/macos_dmg.sh", "$projectDir"
+        if (System.getenv("MAC_NOTARIZATION_APPLE_ID") != null) {
+            exec {
+                commandLine "$projectDir/misc/macos_notarize.sh", "$projectDir"
+            }
+            exec {
+                commandLine "$projectDir/misc/macos_dmg.sh", "$projectDir"
+            }
         }
     }
 }

misc/Entitlements.plist

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
+        "https://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+    <dict>
+        <key>com.apple.security.cs.allow-dyld-environment-variables</key>
+        <true/>
+        <key>com.apple.security.cs.allow-jit</key>
+        <true/>
+        <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+        <true/>
+        <key>com.apple.security.cs.debugger</key>
+        <true/>
+        <key>com.apple.security.cs.disable-library-validation</key>
+        <true/>
+        <key>com.apple.security.device.audio-input</key>
+        <true/>
+    </dict>
+</plist>

misc/macos_dmg.sh

@@ -9,9 +9,6 @@ echo "$DMG_FILE"
 mkdir -p "$1/build/dist/"
 rm -f "$DMG_FILE"
 
-codesign -vvv --options runtime --deep --force --sign "Developer ID Application: Christopher Schnick (PF6V9HYACS)" "$APP_DIR"
-codesign -vvv --force --sign "Developer ID Application: Christopher Schnick (PF6V9HYACS)" "$APP_DIR"
-
 create-dmg \
   --volname "Pdx-Unlimiter" \
   --volicon "$1/misc/logo.icns" \

misc/macos_notarize.sh

@@ -3,6 +3,12 @@
 set -e
 
 APP_DIR="$1/build/dist/Pdx-Unlimiter.app"
+ARCHIVE="$TMPDIR/notarization.zip"
+
+mv -f "$APP_DIR/Contents/Resources/resources/bin/rakaly_mac" "$APP_DIR/Contents/MacOS/rakaly_mac" || true
+codesign -vvv --deep --entitlements "$1/misc/Entitlements.plist" --options=runtime --force --strict --sign "Developer ID Application: Christopher Schnick (PF6V9HYACS)" "$APP_DIR/Contents/MacOS/Pdx-Unlimiter"
+codesign -vvv --deep --options=runtime --force --strict --sign "Developer ID Application: Christopher Schnick (PF6V9HYACS)" "$APP_DIR/Contents/MacOS/rakaly_mac"
+
 
 echo "Create keychain profile"
 xcrun notarytool store-credentials "notarytool-profile" --apple-id "$MAC_NOTARIZATION_APPLE_ID" --team-id "$MAC_NOTARIZATION_TEAM_ID" --password "$MAC_APP_SPECIFIC_PASSWORD"
@@ -12,15 +18,17 @@ xcrun notarytool store-credentials "notarytool-profile" --apple-id "$MAC_NOTARIZ
 # notarization service
 
 echo "Creating temp notarization archive"
-ditto -c -k --keepParent "$APP_DIR" "notarization.zip"
+ditto -c -k --sequesterRsrc --keepParent "$APP_DIR" "$ARCHIVE"
 
 # Here we send the notarization request to the Apple's Notarization service, waiting for the result.
 # This typically takes a few seconds inside a CI environment, but it might take more depending on the App
 # characteristics. Visit the Notarization docs for more information and strategies on how to optimize it if
 # you're curious
 
 echo "Notarize app"
-xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait
+ID=$(xcrun notarytool submit "$ARCHIVE" --keychain-profile "notarytool-profile" --wait | grep -o -i -E '[0-9A-F]{8}-[0-9A-F]{4}-[4][0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}' | head -1)
+echo "Submission ID is $ID"
+xcrun notarytool log "$ID" --keychain-profile "notarytool-profile"
 
 # Finally, we need to "attach the staple" to our executable, which will allow our app to be
 # validated by macOS even when an internet connection is not available.

pdxu-app/build.gradle

@@ -16,7 +16,6 @@ compileJava {
 }
 
 def currentOS = DefaultNativePlatform.currentOperatingSystem;
-def suffix = ''
 def platform
 if (currentOS.isWindows()) {
     platform = 'win'
@@ -26,7 +25,7 @@ if (currentOS.isWindows()) {
     platform = 'mac'
     def macArch = System.getProperty ("os.arch");
     if (macArch == 'aarch64') {
-        suffix = '-aarch64'
+        platform = 'mac-aarch64'
     }
 }
 

pdxu-app/src/main/java/com/crschnick/pdxu/app/PdxuApp.java

@@ -38,7 +38,11 @@ public static PdxuApp getApp() {
     }
 
     public static void main() {
-        launch();
+        try {
+            launch();
+        } catch (Throwable t) {
+            ErrorHandler.handleTerminalException(t);
+        }
     }
 
     public void setupWindowState() {

pdxu-app/src/main/java/com/crschnick/pdxu/app/core/ComponentManager.java

@@ -107,7 +107,8 @@ private static void registerNativeHook() {
         } catch (Throwable ex) {
             GuiErrorReporter.showSimpleErrorMessage("Unable to register native hook.\n" +
                     "This might be a permissions issue with your system. " +
-                    "In-game keyboard shortcuts will be unavailable!");
+                    "In-game keyboard shortcuts will be unavailable!" +
+                    "\nRestart the Pdx-Unlimiter once the permission issues are fixed to enable in-game shortcuts.");
             logger.warn("Unable to register native hook", ex);
         }
     }

pdxu-app/src/main/java/com/crschnick/pdxu/app/core/ErrorHandler.java

@@ -196,6 +196,10 @@ private static void handleException(Throwable ex, String msg, Path attachFile, b
                 } catch (InterruptedException ignored) {
                 }
             }
+        } else {
+            if (LogManager.getInstance() != null) {
+                LoggerFactory.getLogger(ErrorHandler.class).error(msg, ex);
+            }
         }
 
         if (terminal) {

pdxu-app/src/main/java/com/crschnick/pdxu/app/core/PdxuInstallation.java

@@ -296,7 +296,7 @@ public Path getRakalyExecutable() {
                 return dir.resolve("bin").resolve("rakaly_linux");
             }
             case MAC -> {
-                return dir.resolve("bin").resolve("rakaly_mac");
+                return getAppPath().resolve("Contents").resolve("MacOS").resolve("rakaly_mac");
             }
             default -> {
                 return null;