core/go-build
8
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions
go-build/pkg/build/signing/sign.go
Snider bb64608120 refactor(module): migrate module path to dappco.re/go/core/build 
Update go.mod module declaration, all require lines, and .go import
paths from forge.lthn.ai to dappco.re. Dependencies updated: core
v0.5.0, log v0.1.0, io v0.2.0. Replace directives added for local
module resolution. forge.lthn.ai/core/cli and go-inference retained
at old paths (not yet migrated).

Co-Authored-By: Virgil <virgil@lethean.io>
2026-03-22 01:53:16 +00:00

97 lines
2.3 KiB
Go
Raw Blame History

package signing
import (
"context"
"fmt"
"runtime"
"dappco.re/go/core/io"
coreerr "dappco.re/go/core/log"
)
// Artifact represents a build output that can be signed.
// This mirrors build.Artifact to avoid import cycles.
type Artifact struct {
Path string
OS string
Arch string
}
// SignBinaries signs macOS binaries in the artifacts list.
// Only signs darwin binaries when running on macOS with a configured identity.
func SignBinaries(ctx context.Context, fs io.Medium, cfg SignConfig, artifacts []Artifact) error {
if !cfg.Enabled {
return nil
}
// Only sign on macOS
if runtime.GOOS != "darwin" {
return nil
}
signer := NewMacOSSigner(cfg.MacOS)
if !signer.Available() {
return nil // Silently skip if not configured
}
for _, artifact := range artifacts {
if artifact.OS != "darwin" {
continue
}
fmt.Printf(" Signing %s...\n", artifact.Path)
if err := signer.Sign(ctx, fs, artifact.Path); err != nil {
return coreerr.E("signing.SignBinaries", "failed to sign "+artifact.Path, err)
}
}
return nil
}
// NotarizeBinaries notarizes macOS binaries if enabled.
func NotarizeBinaries(ctx context.Context, fs io.Medium, cfg SignConfig, artifacts []Artifact) error {
if !cfg.Enabled || !cfg.MacOS.Notarize {
return nil
}
if runtime.GOOS != "darwin" {
return nil
}
signer := NewMacOSSigner(cfg.MacOS)
if !signer.Available() {
return coreerr.E("signing.NotarizeBinaries", "notarization requested but codesign not available", nil)
}
for _, artifact := range artifacts {
if artifact.OS != "darwin" {
continue
}
fmt.Printf(" Notarizing %s (this may take a few minutes)...\n", artifact.Path)
if err := signer.Notarize(ctx, fs, artifact.Path); err != nil {
return coreerr.E("signing.NotarizeBinaries", "failed to notarize "+artifact.Path, err)
}
}
return nil
}
// SignChecksums signs the checksums file with GPG.
func SignChecksums(ctx context.Context, fs io.Medium, cfg SignConfig, checksumFile string) error {
if !cfg.Enabled {
return nil
}
signer := NewGPGSigner(cfg.GPG.Key)
if !signer.Available() {
return nil // Silently skip if not configured
}
fmt.Printf(" Signing %s with GPG...\n", checksumFile)
if err := signer.Sign(ctx, fs, checksumFile); err != nil {
return coreerr.E("signing.SignChecksums", "failed to sign checksums file "+checksumFile, err)
}
return nil
}
Reference in a new issue View git blame Copy permalink