From ca913eb38fc52c0bfc91f3e77ce0ac5c2818baf3 Mon Sep 17 00:00:00 2001 From: speakeloudest Date: Tue, 9 Dec 2025 05:51:32 -0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E5=A2=9E=E5=8A=A0ios=E6=94=AF=E4=BB=98?= =?UTF-8?q?&ui=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ios/Podfile.lock | 63 ++- ios/Runner/AppDelegate.swift | 17 +- ios/Runner/Runner.entitlements | 4 + ios/Runner/RunnerRelease.entitlements | 4 + .../kr_purchase_membership_controller.dart | 46 +- lib/main.dart | 4 +- macos/Podfile.lock | 7 + macos/Runner.xcodeproj/project.pbxproj | 111 ++-- macos/Runner/DebugProfile.entitlements | 4 +- macos/Runner/Info.plist | 64 ++- macos/Runner/Release.entitlements | 23 +- sign_and_notarize.sh | 481 ++++++++---------- 12 files changed, 463 insertions(+), 365 deletions(-) mode change 100755 => 100644 ios/Podfile.lock mode change 100755 => 100644 macos/Runner.xcodeproj/project.pbxproj diff --git a/ios/Podfile.lock b/ios/Podfile.lock old mode 100755 new mode 100644 index 745dcf0..4578849 --- a/ios/Podfile.lock +++ b/ios/Podfile.lock @@ -16,9 +16,6 @@ PODS: - flutter_udid (0.0.1): - Flutter - SAMKeychain - - in_app_purchase_storekit (0.0.1): - - Flutter - - FlutterMacOS - OrderedSet (6.0.3) - package_info_plus (0.4.5): - Flutter @@ -31,6 +28,42 @@ PODS: - SAMKeychain (1.5.3) - share_plus (0.0.1): - Flutter + - Stripe (23.27.6): + - StripeApplePay (= 23.27.6) + - StripeCore (= 23.27.6) + - StripePayments (= 23.27.6) + - StripePaymentsUI (= 23.27.6) + - StripeUICore (= 23.27.6) + - stripe_ios (0.0.1): + - Flutter + - Stripe (~> 23.27.0) + - StripeApplePay (~> 23.27.0) + - StripeFinancialConnections (~> 23.27.0) + - StripePayments (~> 23.27.0) + - StripePaymentSheet (~> 23.27.0) + - StripePaymentsUI (~> 23.27.0) + - StripeApplePay (23.27.6): + - StripeCore (= 23.27.6) + - StripeCore (23.27.6) + - StripeFinancialConnections (23.27.6): + - StripeCore (= 23.27.6) + - StripeUICore (= 23.27.6) + - StripePayments (23.27.6): + - StripeCore (= 23.27.6) + - StripePayments/Stripe3DS2 (= 23.27.6) + - StripePayments/Stripe3DS2 (23.27.6): + - StripeCore (= 23.27.6) + - StripePaymentSheet (23.27.6): + - StripeApplePay (= 23.27.6) + - StripeCore (= 23.27.6) + - StripePayments (= 23.27.6) + - StripePaymentsUI (= 23.27.6) + - StripePaymentsUI (23.27.6): + - StripeCore (= 23.27.6) + - StripePayments (= 23.27.6) + - StripeUICore (= 23.27.6) + - StripeUICore (23.27.6): + - StripeCore (= 23.27.6) - url_launcher_ios (0.0.1): - Flutter - webview_flutter_wkwebview (0.0.1): @@ -44,11 +77,11 @@ DEPENDENCIES: - Flutter (from `Flutter`) - flutter_inappwebview_ios (from `.symlinks/plugins/flutter_inappwebview_ios/ios`) - flutter_udid (from `.symlinks/plugins/flutter_udid/ios`) - - in_app_purchase_storekit (from `.symlinks/plugins/in_app_purchase_storekit/darwin`) - package_info_plus (from `.symlinks/plugins/package_info_plus/ios`) - path_provider_foundation (from `.symlinks/plugins/path_provider_foundation/darwin`) - permission_handler_apple (from `.symlinks/plugins/permission_handler_apple/ios`) - share_plus (from `.symlinks/plugins/share_plus/ios`) + - stripe_ios (from `.symlinks/plugins/stripe_ios/ios`) - url_launcher_ios (from `.symlinks/plugins/url_launcher_ios/ios`) - webview_flutter_wkwebview (from `.symlinks/plugins/webview_flutter_wkwebview/darwin`) @@ -58,6 +91,14 @@ SPEC REPOS: - OrderedSet - ReachabilitySwift - SAMKeychain + - Stripe + - StripeApplePay + - StripeCore + - StripeFinancialConnections + - StripePayments + - StripePaymentSheet + - StripePaymentsUI + - StripeUICore EXTERNAL SOURCES: connectivity_plus: @@ -70,8 +111,6 @@ EXTERNAL SOURCES: :path: ".symlinks/plugins/flutter_inappwebview_ios/ios" flutter_udid: :path: ".symlinks/plugins/flutter_udid/ios" - in_app_purchase_storekit: - :path: ".symlinks/plugins/in_app_purchase_storekit/darwin" package_info_plus: :path: ".symlinks/plugins/package_info_plus/ios" path_provider_foundation: @@ -80,6 +119,8 @@ EXTERNAL SOURCES: :path: ".symlinks/plugins/permission_handler_apple/ios" share_plus: :path: ".symlinks/plugins/share_plus/ios" + stripe_ios: + :path: ".symlinks/plugins/stripe_ios/ios" url_launcher_ios: :path: ".symlinks/plugins/url_launcher_ios/ios" webview_flutter_wkwebview: @@ -92,7 +133,6 @@ SPEC CHECKSUMS: Flutter: e0871f40cf51350855a761d2e70bf5af5b9b5de7 flutter_inappwebview_ios: 6f63631e2c62a7c350263b13fa5427aedefe81d4 flutter_udid: b2417673f287ee62817a1de3d1643f47b9f508ab - in_app_purchase_storekit: a1ce04056e23eecc666b086040239da7619cd783 OrderedSet: e539b66b644ff081c73a262d24ad552a69be3a94 package_info_plus: c0502532a26c7662a62a356cebe2692ec5fe4ec4 path_provider_foundation: 2b6b4c569c0fb62ec74538f866245ac84301af46 @@ -100,6 +140,15 @@ SPEC CHECKSUMS: ReachabilitySwift: 32793e867593cfc1177f5d16491e3a197d2fccda SAMKeychain: 483e1c9f32984d50ca961e26818a534283b4cd5c share_plus: c3fef564749587fc939ef86ffb283ceac0baf9f5 + Stripe: 9fec845645e39f371e6898926d096fd9c2feb5a5 + stripe_ios: 03c617acee72e48a2d055d096a4b0ed2afebb256 + StripeApplePay: 5f017e8dfe259fafbab70137776189deef754bb2 + StripeCore: 01ec57f0dddfe742054dc6a322f811426c25313d + StripeFinancialConnections: 56698cb6274bf89fb8c76b934f6156f368e97765 + StripePayments: 6adf11faf1b7038e77aa97019410305c6adca79d + StripePaymentSheet: 3eaf870c4388e44b0cc37e4c69d00b6957fd8bd7 + StripePaymentsUI: 59ccddeacad592b09fa67e8d641340820ddb4751 + StripeUICore: 879bbf5889265db13f52fac8aad7a176ba62481f url_launcher_ios: 5334b05cef931de560670eeae103fd3e431ac3fe webview_flutter_wkwebview: a4af96a051138e28e29f60101d094683b9f82188 diff --git a/ios/Runner/AppDelegate.swift b/ios/Runner/AppDelegate.swift index 6b56081..5c66422 100755 --- a/ios/Runner/AppDelegate.swift +++ b/ios/Runner/AppDelegate.swift @@ -1,7 +1,7 @@ import UIKit import Flutter import Libcore - +import PassKit @main @objc class AppDelegate: FlutterAppDelegate { @@ -12,9 +12,22 @@ import Libcore setupFileManager() registerHandlers() GeneratedPluginRegistrant.register(with: self) + + // ✅ Apple Pay 调试代码 + debugApplePaySupport() return super.application(application, didFinishLaunchingWithOptions: launchOptions) } - + func debugApplePaySupport() { + // 是否能使用 Apple Pay(设备是否支持) + let canPay = PKPaymentAuthorizationController.canMakePayments() + print("💳 Can make payments: \(canPay)") + + // 是否能使用指定卡网络支付 + let canPayWithNetworks = PKPaymentAuthorizationController.canMakePayments( + usingNetworks: [.visa, .masterCard, .amex] + ) + print("💳 Can pay with Visa/Master/Amex: \(canPayWithNetworks)") + } func setupFileManager() { try? FileManager.default.createDirectory(at: FilePath.workingDirectory, withIntermediateDirectories: true) FileManager.default.changeCurrentDirectoryPath(FilePath.sharedDirectory.path) diff --git a/ios/Runner/Runner.entitlements b/ios/Runner/Runner.entitlements index 53d974b..09833f4 100755 --- a/ios/Runner/Runner.entitlements +++ b/ios/Runner/Runner.entitlements @@ -4,6 +4,10 @@ aps-environment development + com.apple.developer.in-app-payments + + merchant.com.taw.hifastvpn + com.apple.developer.networking.networkextension packet-tunnel-provider diff --git a/ios/Runner/RunnerRelease.entitlements b/ios/Runner/RunnerRelease.entitlements index 53d974b..09833f4 100755 --- a/ios/Runner/RunnerRelease.entitlements +++ b/ios/Runner/RunnerRelease.entitlements @@ -4,6 +4,10 @@ aps-environment development + com.apple.developer.in-app-payments + + merchant.com.taw.hifastvpn + com.apple.developer.networking.networkextension packet-tunnel-provider diff --git a/lib/app/modules/kr_purchase_membership/controllers/kr_purchase_membership_controller.dart b/lib/app/modules/kr_purchase_membership/controllers/kr_purchase_membership_controller.dart index c88bd23..c659ddf 100755 --- a/lib/app/modules/kr_purchase_membership/controllers/kr_purchase_membership_controller.dart +++ b/lib/app/modules/kr_purchase_membership/controllers/kr_purchase_membership_controller.dart @@ -842,17 +842,47 @@ class KRPurchaseMembershipController extends GetxController { print(' Stripe Client Secret: ${checkoutResponse.stripe?.clientSecret}'); print('💳 显示 Stripe 支付表单...'); print('═══════════════════════════════════════'); - await Stripe.instance.initPaymentSheet( - paymentSheetParameters: SetupPaymentSheetParameters( - // ⚠️ Stripe SDK 必须在 main() 中初始化过 publishableKey - paymentIntentClientSecret: checkoutResponse.stripe?.clientSecret, - merchantDisplayName: 'Hi快VPN', - // 确保 customerId 和 ephemeralKeySecret 也被设置,如果需要保存卡片信息 + + final clientSecret = checkoutResponse.stripe?.clientSecret; + if (clientSecret == null || clientSecret.isEmpty) { + KRCommonUtil.kr_showToast('缺少支付凭证,请稍后重试'); + return; + } + + // 仅 iOS 使用 Apple Pay + if (!Platform.isIOS) { + KRCommonUtil.kr_showToast('Apple Pay 仅在 iOS 可用'); + return; + } + print('Platform: ${Platform.operatingSystem} ${Platform.operatingSystemVersion}'); + print('Merchant identifier: ${Stripe.merchantIdentifier}'); + // 检查设备是否支持 Platform Pay(Apple Pay) + final supported = await Stripe.instance.isPlatformPaySupported(); + if (!supported) { + KRCommonUtil.kr_showToast('当前设备或 Wallet 不支持 Apple Pay,请确认已添加可用卡'); + return; + } + // 2. 创建确认支付的参数对象 + final params = PlatformPayConfirmParams.applePay( + applePay: ApplePayParams( + merchantCountryCode: 'US', + currencyCode: 'USD', + cartItems: [ + ApplePayCartSummaryItem.immediate( + label: 'Hi快VPN 服务', + amount: kr_getPlanPrice( + kr_plans[kr_selectedPlanIndex.value], + ).toStringAsFixed(2), + ), + ], ), ); - // B. 显示支付表单给用户 - await Stripe.instance.presentPaymentSheet(); + // 🚀 3. 调用方法,直接启动 Apple Pay 原生界面 + await Stripe.instance.confirmPlatformPayPaymentIntent( + clientSecret: clientSecret, + confirmParams: params, + ); // C. 支付成功 print('✅ Stripe 支付成功!'); diff --git a/lib/main.dart b/lib/main.dart index 7cbf428..ed411c6 100755 --- a/lib/main.dart +++ b/lib/main.dart @@ -49,10 +49,12 @@ void main() async { KRLogUtil.kr_init(); Stripe.publishableKey = 'pk_live_51SbuYxAawOMH8rEEkz6f4mnxAUjGC72eQ6qdm5tT6whC4hULkxxdbiPsB4gSCIMnNIGCsIgeASTXBakUcbOuUwQO00jSWjuufx'; - + Stripe.merchantIdentifier = 'merchant.com.taw.hifastvpn'; + await Stripe.instance.applySettings(); // 初始化 Hive await KRSecureStorage().kr_initHive(); + // 初始化主题 await KRThemeService().init(); diff --git a/macos/Podfile.lock b/macos/Podfile.lock index 8accd04..e73a911 100644 --- a/macos/Podfile.lock +++ b/macos/Podfile.lock @@ -11,6 +11,9 @@ PODS: - FlutterMacOS - SAMKeychain - FlutterMacOS (1.0.0) + - in_app_purchase_storekit (0.0.1): + - Flutter + - FlutterMacOS - OrderedSet (6.0.3) - package_info_plus (0.0.1): - FlutterMacOS @@ -39,6 +42,7 @@ DEPENDENCIES: - flutter_inappwebview_macos (from `Flutter/ephemeral/.symlinks/plugins/flutter_inappwebview_macos/macos`) - flutter_udid (from `Flutter/ephemeral/.symlinks/plugins/flutter_udid/macos`) - FlutterMacOS (from `Flutter/ephemeral`) + - in_app_purchase_storekit (from `Flutter/ephemeral/.symlinks/plugins/in_app_purchase_storekit/darwin`) - package_info_plus (from `Flutter/ephemeral/.symlinks/plugins/package_info_plus/macos`) - path_provider_foundation (from `Flutter/ephemeral/.symlinks/plugins/path_provider_foundation/darwin`) - screen_retriever_macos (from `Flutter/ephemeral/.symlinks/plugins/screen_retriever_macos/macos`) @@ -65,6 +69,8 @@ EXTERNAL SOURCES: :path: Flutter/ephemeral/.symlinks/plugins/flutter_udid/macos FlutterMacOS: :path: Flutter/ephemeral + in_app_purchase_storekit: + :path: Flutter/ephemeral/.symlinks/plugins/in_app_purchase_storekit/darwin package_info_plus: :path: Flutter/ephemeral/.symlinks/plugins/package_info_plus/macos path_provider_foundation: @@ -88,6 +94,7 @@ SPEC CHECKSUMS: flutter_inappwebview_macos: bdf207b8f4ebd58e86ae06cd96b147de99a67c9b flutter_udid: 2e7b3da4b5fdfba86a396b97898f5fe8f4ec1a52 FlutterMacOS: 8f6f14fa908a6fb3fba0cd85dbd81ec4b251fb24 + in_app_purchase_storekit: a1ce04056e23eecc666b086040239da7619cd783 OrderedSet: e539b66b644ff081c73a262d24ad552a69be3a94 package_info_plus: 12f1c5c2cfe8727ca46cbd0b26677728972d9a5b path_provider_foundation: 2b6b4c569c0fb62ec74538f866245ac84301af46 diff --git a/macos/Runner.xcodeproj/project.pbxproj b/macos/Runner.xcodeproj/project.pbxproj old mode 100755 new mode 100644 index 6d96a80..c1fbe4b --- a/macos/Runner.xcodeproj/project.pbxproj +++ b/macos/Runner.xcodeproj/project.pbxproj @@ -21,6 +21,7 @@ /* End PBXAggregateTarget section */ /* Begin PBXBuildFile section */ + 1B50E024F09C0847B322E7A5 /* Pods_Runner.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 89F6149C36E7AFE5A3ABB11E /* Pods_Runner.framework */; }; 27D5969F2A92B6AB00E2BE2B /* libcore.dylib in Bundle Framework */ = {isa = PBXBuildFile; fileRef = 27D5969E2A92B6AB00E2BE2B /* libcore.dylib */; settings = {ATTRIBUTES = (CodeSignOnCopy, ); }; }; 331C80D8294CF71000263BE5 /* RunnerTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 331C80D7294CF71000263BE5 /* RunnerTests.swift */; }; 335BBD1B22A9A15E00E9071D /* GeneratedPluginRegistrant.swift in Sources */ = {isa = PBXBuildFile; fileRef = 335BBD1A22A9A15E00E9071D /* GeneratedPluginRegistrant.swift */; }; @@ -28,8 +29,7 @@ 33CC10F32044A3C60003C045 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 33CC10F22044A3C60003C045 /* Assets.xcassets */; }; 33CC10F62044A3C60003C045 /* MainMenu.xib in Resources */ = {isa = PBXBuildFile; fileRef = 33CC10F42044A3C60003C045 /* MainMenu.xib */; }; 33CC11132044BFA00003C045 /* MainFlutterWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 33CC11122044BFA00003C045 /* MainFlutterWindow.swift */; }; - C2CEC907B854CCA50E3CB29E /* Pods_RunnerTests.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 7774D5331C4F7054E7047DF2 /* Pods_RunnerTests.framework */; }; - FEE8413B259D2FDED8BE933A /* Pods_Runner.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 1A1027315C9B3E3F83410A09 /* Pods_Runner.framework */; }; + 735847C11F818DB2659EAEBB /* Pods_RunnerTests.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CC0A1864A66B0EBDB3650093 /* Pods_RunnerTests.framework */; }; /* End PBXBuildFile section */ /* Begin PBXContainerItemProxy section */ @@ -64,8 +64,7 @@ /* End PBXCopyFilesBuildPhase section */ /* Begin PBXFileReference section */ - 1A1027315C9B3E3F83410A09 /* Pods_Runner.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Pods_Runner.framework; sourceTree = BUILT_PRODUCTS_DIR; }; - 1C05D6984C93FE0E5C9038D0 /* Pods-RunnerTests.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-RunnerTests.release.xcconfig"; path = "Target Support Files/Pods-RunnerTests/Pods-RunnerTests.release.xcconfig"; sourceTree = ""; }; + 0E9F7018ADFB388D1A0119C2 /* Pods-Runner.profile.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-Runner.profile.xcconfig"; path = "Target Support Files/Pods-Runner/Pods-Runner.profile.xcconfig"; sourceTree = ""; }; 27D5969E2A92B6AB00E2BE2B /* libcore.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libcore.dylib; path = ../libcore/bin/libcore.dylib; sourceTree = ""; }; 331C80D5294CF71000263BE5 /* RunnerTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = RunnerTests.xctest; sourceTree = BUILT_PRODUCTS_DIR; }; 331C80D7294CF71000263BE5 /* RunnerTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = RunnerTests.swift; sourceTree = ""; }; @@ -83,14 +82,15 @@ 33E51913231747F40026EE4D /* DebugProfile.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = DebugProfile.entitlements; sourceTree = ""; }; 33E51914231749380026EE4D /* Release.entitlements */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.entitlements; path = Release.entitlements; sourceTree = ""; }; 33E5194F232828860026EE4D /* AppInfo.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = AppInfo.xcconfig; sourceTree = ""; }; - 3E235443DDCB73D48BD2341C /* Pods-Runner.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-Runner.debug.xcconfig"; path = "Target Support Files/Pods-Runner/Pods-Runner.debug.xcconfig"; sourceTree = ""; }; - 49CD96905E177C4420930499 /* Pods-Runner.profile.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-Runner.profile.xcconfig"; path = "Target Support Files/Pods-Runner/Pods-Runner.profile.xcconfig"; sourceTree = ""; }; - 7774D5331C4F7054E7047DF2 /* Pods_RunnerTests.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Pods_RunnerTests.framework; sourceTree = BUILT_PRODUCTS_DIR; }; + 5204411A9795E11DF5FEF8FA /* Pods-RunnerTests.profile.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-RunnerTests.profile.xcconfig"; path = "Target Support Files/Pods-RunnerTests/Pods-RunnerTests.profile.xcconfig"; sourceTree = ""; }; 7AFA3C8E1D35360C0083082E /* Release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = Release.xcconfig; sourceTree = ""; }; - 7C0B4F177A93E89661E9B0CB /* Pods-RunnerTests.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-RunnerTests.debug.xcconfig"; path = "Target Support Files/Pods-RunnerTests/Pods-RunnerTests.debug.xcconfig"; sourceTree = ""; }; + 7C48389468CADEF5153B6C38 /* Pods-RunnerTests.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-RunnerTests.release.xcconfig"; path = "Target Support Files/Pods-RunnerTests/Pods-RunnerTests.release.xcconfig"; sourceTree = ""; }; + 89F6149C36E7AFE5A3ABB11E /* Pods_Runner.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Pods_Runner.framework; sourceTree = BUILT_PRODUCTS_DIR; }; 9740EEB21CF90195004384FC /* Debug.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = Debug.xcconfig; sourceTree = ""; }; - D96FD811DCD14FAF8EC1F071 /* Pods-RunnerTests.profile.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-RunnerTests.profile.xcconfig"; path = "Target Support Files/Pods-RunnerTests/Pods-RunnerTests.profile.xcconfig"; sourceTree = ""; }; - DBFB795F5E72237D66B9D391 /* Pods-Runner.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-Runner.release.xcconfig"; path = "Target Support Files/Pods-Runner/Pods-Runner.release.xcconfig"; sourceTree = ""; }; + AD61A6C2536BCECF39E38B5A /* Pods-Runner.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-Runner.debug.xcconfig"; path = "Target Support Files/Pods-Runner/Pods-Runner.debug.xcconfig"; sourceTree = ""; }; + CC0A1864A66B0EBDB3650093 /* Pods_RunnerTests.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Pods_RunnerTests.framework; sourceTree = BUILT_PRODUCTS_DIR; }; + CF623D4C3CE0EB191363F491 /* Pods-Runner.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-Runner.release.xcconfig"; path = "Target Support Files/Pods-Runner/Pods-Runner.release.xcconfig"; sourceTree = ""; }; + E21A6DACEC73D25BDC109FA6 /* Pods-RunnerTests.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-RunnerTests.debug.xcconfig"; path = "Target Support Files/Pods-RunnerTests/Pods-RunnerTests.debug.xcconfig"; sourceTree = ""; }; /* End PBXFileReference section */ /* Begin PBXFrameworksBuildPhase section */ @@ -98,7 +98,7 @@ isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( - C2CEC907B854CCA50E3CB29E /* Pods_RunnerTests.framework in Frameworks */, + 735847C11F818DB2659EAEBB /* Pods_RunnerTests.framework in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -106,7 +106,7 @@ isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( - FEE8413B259D2FDED8BE933A /* Pods_Runner.framework in Frameworks */, + 1B50E024F09C0847B322E7A5 /* Pods_Runner.framework in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -116,12 +116,12 @@ 0B357514C188DFB6739B421A /* Pods */ = { isa = PBXGroup; children = ( - 3E235443DDCB73D48BD2341C /* Pods-Runner.debug.xcconfig */, - DBFB795F5E72237D66B9D391 /* Pods-Runner.release.xcconfig */, - 49CD96905E177C4420930499 /* Pods-Runner.profile.xcconfig */, - 7C0B4F177A93E89661E9B0CB /* Pods-RunnerTests.debug.xcconfig */, - 1C05D6984C93FE0E5C9038D0 /* Pods-RunnerTests.release.xcconfig */, - D96FD811DCD14FAF8EC1F071 /* Pods-RunnerTests.profile.xcconfig */, + AD61A6C2536BCECF39E38B5A /* Pods-Runner.debug.xcconfig */, + CF623D4C3CE0EB191363F491 /* Pods-Runner.release.xcconfig */, + 0E9F7018ADFB388D1A0119C2 /* Pods-Runner.profile.xcconfig */, + E21A6DACEC73D25BDC109FA6 /* Pods-RunnerTests.debug.xcconfig */, + 7C48389468CADEF5153B6C38 /* Pods-RunnerTests.release.xcconfig */, + 5204411A9795E11DF5FEF8FA /* Pods-RunnerTests.profile.xcconfig */, ); path = Pods; sourceTree = ""; @@ -153,8 +153,8 @@ 33CEB47122A05771004F2AC0 /* Flutter */, 331C80D6294CF71000263BE5 /* RunnerTests */, 33CC10EE2044A3C60003C045 /* Products */, - D73912EC22F37F3D000D13A0 /* Frameworks */, 0B357514C188DFB6739B421A /* Pods */, + E047C3A4031E4DE5BC5E27C2 /* Frameworks */, ); sourceTree = ""; }; @@ -202,11 +202,11 @@ path = Runner; sourceTree = ""; }; - D73912EC22F37F3D000D13A0 /* Frameworks */ = { + E047C3A4031E4DE5BC5E27C2 /* Frameworks */ = { isa = PBXGroup; children = ( - 1A1027315C9B3E3F83410A09 /* Pods_Runner.framework */, - 7774D5331C4F7054E7047DF2 /* Pods_RunnerTests.framework */, + 89F6149C36E7AFE5A3ABB11E /* Pods_Runner.framework */, + CC0A1864A66B0EBDB3650093 /* Pods_RunnerTests.framework */, ); name = Frameworks; sourceTree = ""; @@ -218,7 +218,7 @@ isa = PBXNativeTarget; buildConfigurationList = 331C80DE294CF71000263BE5 /* Build configuration list for PBXNativeTarget "RunnerTests" */; buildPhases = ( - 33C54E5BCA15F9B3C8DDCCD2 /* [CP] Check Pods Manifest.lock */, + 4F52B9FF0CECBBDA5E76144D /* [CP] Check Pods Manifest.lock */, 331C80D1294CF70F00263BE5 /* Sources */, 331C80D2294CF70F00263BE5 /* Frameworks */, 331C80D3294CF70F00263BE5 /* Resources */, @@ -237,13 +237,13 @@ isa = PBXNativeTarget; buildConfigurationList = 33CC10FB2044A3C60003C045 /* Build configuration list for PBXNativeTarget "Runner" */; buildPhases = ( - 40CB9C5051F17943B75EF3A9 /* [CP] Check Pods Manifest.lock */, + 7E02E54BFA9F182BD91FA4B4 /* [CP] Check Pods Manifest.lock */, 33CC10E92044A3C60003C045 /* Sources */, 33CC10EA2044A3C60003C045 /* Frameworks */, 33CC10EB2044A3C60003C045 /* Resources */, 33CC110E2044A8840003C045 /* Bundle Framework */, 3399D490228B24CF009A79C7 /* ShellScript */, - DDB714AFDEF721265C0C3AF7 /* [CP] Embed Pods Frameworks */, + B6717AA3293389E8D76FAF29 /* [CP] Embed Pods Frameworks */, ); buildRules = ( ); @@ -342,7 +342,27 @@ shellPath = /bin/sh; shellScript = "echo \"$PRODUCT_NAME.app\" > \"$PROJECT_DIR\"/Flutter/ephemeral/.app_filename && \"$FLUTTER_ROOT\"/packages/flutter_tools/bin/macos_assemble.sh embed\n"; }; - 33C54E5BCA15F9B3C8DDCCD2 /* [CP] Check Pods Manifest.lock */ = { + 33CC111E2044C6BF0003C045 /* ShellScript */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputFileListPaths = ( + Flutter/ephemeral/FlutterInputs.xcfilelist, + ); + inputPaths = ( + Flutter/ephemeral/tripwire, + ); + outputFileListPaths = ( + Flutter/ephemeral/FlutterOutputs.xcfilelist, + ); + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "\"$FLUTTER_ROOT\"/packages/flutter_tools/bin/macos_assemble.sh && touch Flutter/ephemeral/tripwire"; + }; + 4F52B9FF0CECBBDA5E76144D /* [CP] Check Pods Manifest.lock */ = { isa = PBXShellScriptBuildPhase; buildActionMask = 2147483647; files = ( @@ -364,27 +384,7 @@ shellScript = "diff \"${PODS_PODFILE_DIR_PATH}/Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n# This output is used by Xcode 'outputs' to avoid re-running this script phase.\necho \"SUCCESS\" > \"${SCRIPT_OUTPUT_FILE_0}\"\n"; showEnvVarsInLog = 0; }; - 33CC111E2044C6BF0003C045 /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputFileListPaths = ( - Flutter/ephemeral/FlutterInputs.xcfilelist, - ); - inputPaths = ( - Flutter/ephemeral/tripwire, - ); - outputFileListPaths = ( - Flutter/ephemeral/FlutterOutputs.xcfilelist, - ); - outputPaths = ( - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "\"$FLUTTER_ROOT\"/packages/flutter_tools/bin/macos_assemble.sh && touch Flutter/ephemeral/tripwire"; - }; - 40CB9C5051F17943B75EF3A9 /* [CP] Check Pods Manifest.lock */ = { + 7E02E54BFA9F182BD91FA4B4 /* [CP] Check Pods Manifest.lock */ = { isa = PBXShellScriptBuildPhase; buildActionMask = 2147483647; files = ( @@ -406,7 +406,7 @@ shellScript = "diff \"${PODS_PODFILE_DIR_PATH}/Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n# This output is used by Xcode 'outputs' to avoid re-running this script phase.\necho \"SUCCESS\" > \"${SCRIPT_OUTPUT_FILE_0}\"\n"; showEnvVarsInLog = 0; }; - DDB714AFDEF721265C0C3AF7 /* [CP] Embed Pods Frameworks */ = { + B6717AA3293389E8D76FAF29 /* [CP] Embed Pods Frameworks */ = { isa = PBXShellScriptBuildPhase; buildActionMask = 2147483647; files = ( @@ -474,7 +474,7 @@ /* Begin XCBuildConfiguration section */ 331C80DB294CF71000263BE5 /* Debug */ = { isa = XCBuildConfiguration; - baseConfigurationReference = 7C0B4F177A93E89661E9B0CB /* Pods-RunnerTests.debug.xcconfig */; + baseConfigurationReference = E21A6DACEC73D25BDC109FA6 /* Pods-RunnerTests.debug.xcconfig */; buildSettings = { BUNDLE_LOADER = "$(TEST_HOST)"; CURRENT_PROJECT_VERSION = 1; @@ -489,7 +489,7 @@ }; 331C80DC294CF71000263BE5 /* Release */ = { isa = XCBuildConfiguration; - baseConfigurationReference = 1C05D6984C93FE0E5C9038D0 /* Pods-RunnerTests.release.xcconfig */; + baseConfigurationReference = 7C48389468CADEF5153B6C38 /* Pods-RunnerTests.release.xcconfig */; buildSettings = { BUNDLE_LOADER = "$(TEST_HOST)"; CURRENT_PROJECT_VERSION = 1; @@ -504,7 +504,7 @@ }; 331C80DD294CF71000263BE5 /* Profile */ = { isa = XCBuildConfiguration; - baseConfigurationReference = D96FD811DCD14FAF8EC1F071 /* Pods-RunnerTests.profile.xcconfig */; + baseConfigurationReference = 5204411A9795E11DF5FEF8FA /* Pods-RunnerTests.profile.xcconfig */; buildSettings = { BUNDLE_LOADER = "$(TEST_HOST)"; CURRENT_PROJECT_VERSION = 1; @@ -571,7 +571,7 @@ CLANG_ENABLE_MODULES = YES; CODE_SIGN_ENTITLEMENTS = Runner/DebugProfile.entitlements; CODE_SIGN_IDENTITY = "Apple Development"; - "CODE_SIGN_IDENTITY[sdk=macosx*]" = "Apple Distribution"; + "CODE_SIGN_IDENTITY[sdk=macosx*]" = "Developer ID Application"; CODE_SIGN_STYLE = Manual; COMBINE_HIDPI_IMAGES = YES; DEVELOPMENT_TEAM = ""; @@ -586,6 +586,7 @@ MACOSX_DEPLOYMENT_TARGET = 10.15; PRODUCT_BUNDLE_IDENTIFIER = com.taw.hifastvpn.mac; PROVISIONING_PROFILE_SPECIFIER = ""; + "PROVISIONING_PROFILE_SPECIFIER[sdk=macosx*]" = "HiFastVPN-Mac-Pord"; SWIFT_VERSION = 5.0; }; name = Profile; @@ -705,7 +706,7 @@ CLANG_ENABLE_MODULES = YES; CODE_SIGN_ENTITLEMENTS = Runner/DebugProfile.entitlements; CODE_SIGN_IDENTITY = "Apple Development"; - "CODE_SIGN_IDENTITY[sdk=macosx*]" = "Apple Distribution"; + "CODE_SIGN_IDENTITY[sdk=macosx*]" = "Developer ID Application"; CODE_SIGN_STYLE = Manual; COMBINE_HIDPI_IMAGES = YES; DEVELOPMENT_TEAM = ""; @@ -720,6 +721,7 @@ MACOSX_DEPLOYMENT_TARGET = 10.15; PRODUCT_BUNDLE_IDENTIFIER = com.taw.hifastvpn.mac; PROVISIONING_PROFILE_SPECIFIER = ""; + "PROVISIONING_PROFILE_SPECIFIER[sdk=macosx*]" = "HiFastVPN-Mac-Pord"; SWIFT_OPTIMIZATION_LEVEL = "-Onone"; SWIFT_VERSION = 5.0; }; @@ -733,7 +735,7 @@ CLANG_ENABLE_MODULES = YES; CODE_SIGN_ENTITLEMENTS = Runner/Release.entitlements; CODE_SIGN_IDENTITY = "Apple Development"; - "CODE_SIGN_IDENTITY[sdk=macosx*]" = "Apple Distribution"; + "CODE_SIGN_IDENTITY[sdk=macosx*]" = "Developer ID Application"; CODE_SIGN_STYLE = Manual; COMBINE_HIDPI_IMAGES = YES; DEVELOPMENT_TEAM = ""; @@ -748,6 +750,7 @@ MACOSX_DEPLOYMENT_TARGET = 10.15; PRODUCT_BUNDLE_IDENTIFIER = com.taw.hifastvpn.mac; PROVISIONING_PROFILE_SPECIFIER = ""; + "PROVISIONING_PROFILE_SPECIFIER[sdk=macosx*]" = "HiFastVPN-Mac-Pord"; SWIFT_VERSION = 5.0; }; name = Release; diff --git a/macos/Runner/DebugProfile.entitlements b/macos/Runner/DebugProfile.entitlements index edaa5ae..4dc9bb8 100755 --- a/macos/Runner/DebugProfile.entitlements +++ b/macos/Runner/DebugProfile.entitlements @@ -2,8 +2,6 @@ - com.apple.developer.networking.networkextension - com.apple.security.app-sandbox com.apple.security.application-groups @@ -13,6 +11,6 @@ com.apple.security.network.client com.apple.security.network.server - + ß diff --git a/macos/Runner/Info.plist b/macos/Runner/Info.plist index 14929ec..36d7668 100755 --- a/macos/Runner/Info.plist +++ b/macos/Runner/Info.plist @@ -2,40 +2,78 @@ + + CFBundleIdentifier + $(PRODUCT_BUNDLE_IDENTIFIER) + + CFBundleDevelopmentRegion $(DEVELOPMENT_LANGUAGE) + CFBundleDisplayName + HiFastVPN + CFBundleName + HiFastVPN CFBundleExecutable $(EXECUTABLE_NAME) CFBundleIconFile - - CFBundleIdentifier - $(PRODUCT_BUNDLE_IDENTIFIER) + AppIcon CFBundleInfoDictionaryVersion 6.0 - CFBundleName - $(PRODUCT_NAME) CFBundlePackageType APPL + + CFBundleShortVersionString $(FLUTTER_BUILD_NAME) CFBundleVersion $(FLUTTER_BUILD_NUMBER) + + LSMinimumSystemVersion $(MACOSX_DEPLOYMENT_TARGET) + + + NSPrincipalClass + NSApplication + NSMainNibFile + MainMenu + + + NSHighResolutionCapable + + + + LSArchitecturePriority + + arm64 + x86_64 + + + NSAppTransportSecurity NSAllowsArbitraryLoads + + NSAppleEventsUsageDescription - 需要访问系统事件以管理窗口 - NSHumanReadableCopyright - $(PRODUCT_COPYRIGHT) - NSMainNibFile - MainMenu - NSPrincipalClass - NSApplication + HiFastVPN needs access to system events to manage windows and system proxy settings. NSUserNotificationUsageDescription - 需要发送通知以提醒用户 + HiFastVPN needs permission to send notifications about VPN connection status. + NSSystemAdministrationUsageDescription + HiFastVPN needs administrator privileges to configure system proxy settings. + + + NSHumanReadableCopyright + Copyright © 2024 HiFastVPN. All rights reserved. + + + LSApplicationCategoryType + public.app-category.utilities + + + LSUIElement + diff --git a/macos/Runner/Release.entitlements b/macos/Runner/Release.entitlements index edaa5ae..9da9a23 100755 --- a/macos/Runner/Release.entitlements +++ b/macos/Runner/Release.entitlements @@ -2,17 +2,28 @@ - com.apple.developer.networking.networkextension - + com.apple.security.app-sandbox - com.apple.security.application-groups - - $(TeamIdentifierPrefix) - + + com.apple.security.network.client com.apple.security.network.server + + + com.apple.security.cs.allow-unsigned-executable-memory + + com.apple.security.cs.disable-library-validation + + com.apple.security.cs.allow-dyld-environment-variables + + com.apple.security.cs.allow-jit + + + + com.apple.security.files.user-selected.read-write + diff --git a/sign_and_notarize.sh b/sign_and_notarize.sh index 648343c..d005499 100755 --- a/sign_and_notarize.sh +++ b/sign_and_notarize.sh @@ -1,294 +1,233 @@ #!/bin/bash - -# BearVPN macOS 签名、公证和打包脚本 -# 作者: AI Assistant -# 日期: $(date) - set -e -# 配置变量 -APP_NAME="BearVPN" -APP_VERSION="1.0.0" -DMG_NAME="${APP_NAME}-${APP_VERSION}-macOS-Signed" -APP_PATH="build/macos/Build/Products/Release/${APP_NAME}.app" -DMG_PATH="build/macos/Build/Products/Release/${DMG_NAME}.dmg" +# ╔═══════════════════════════════════════════════════════════════════════════╗ +# ║ HiFastVPN macOS 签名和公证脚本 ║ +# ║ ║ +# ║ 使用方法: ║ +# ║ 1. 修改下面的配置变量 ║ +# ║ 2. chmod +x sign_and_notarize.sh ║ +# ║ 3. ./sign_and_notarize.sh ║ +# ╚═══════════════════════════════════════════════════════════════════════════╝ -# 签名配置 -DEVELOPER_ID="Developer ID Application: Civil Rights Corps (3UR892FAP3)" -TEAM_ID="3UR892FAP3" -APPLE_ID="kieran@newlifeephrata.us" -APPLE_PASSWORD="Asd112211@" +# ======================== 配置变量(请修改这里)======================== +SIGNING_IDENTITY="Developer ID Application: TAW TRADERS SDN. BHD. (NJRRF427XB)" +APPLE_ID="speakeloudest@gmail.com" +APP_PASSWORD="lvry-umfn-pqgz-lnwk" # App-specific password +TEAM_ID="NJRRF427XB" -# 颜色输出 -RED='\033[0;31m' -GREEN='\033[0;32m' -YELLOW='\033[1;33m' -BLUE='\033[0;34m' -NC='\033[0m' # No Color +# 路径配置 +SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" +PROJECT_DIR="$(dirname "$SCRIPT_DIR")" +APP_PATH="${PROJECT_DIR}/hi-client/build/macos/Build/Products/Release/HiFastVPN.app" +ENTITLEMENTS="${PROJECT_DIR}/hi-client/macos/Runner/Release.entitlements" +OUTPUT_DIR="${PROJECT_DIR}/dist" +# ===================================================================== -# 日志函数 -log_info() { - echo -e "${BLUE}[INFO]${NC} $1" -} +echo "╔═══════════════════════════════════════════════════════════════════╗" +echo "║ HiFastVPN macOS 签名和公证脚本 ║" +echo "╚═══════════════════════════════════════════════════════════════════╝" +echo "" +echo "📁 项目目录: ${PROJECT_DIR}" +echo "📦 应用路径: ${APP_PATH}" +echo "📄 Entitlements: ${ENTITLEMENTS}" +echo "" -log_success() { - echo -e "${GREEN}[SUCCESS]${NC} $1" -} +# 检查 .app 是否存在 +if [ ! -d "${APP_PATH}" ]; then + echo "❌ 错误: ${APP_PATH} 不存在" + echo "请先运行: flutter build macos --release" + exit 1 +fi -log_warning() { - echo -e "${YELLOW}[WARNING]${NC} $1" -} +# 检查 entitlements 是否存在 +if [ ! -f "${ENTITLEMENTS}" ]; then + echo "❌ 错误: ${ENTITLEMENTS} 不存在" + exit 1 +fi -log_error() { - echo -e "${RED}[ERROR]${NC} $1" -} +# 创建输出目录 +mkdir -p "${OUTPUT_DIR}" -# 检查证书 -check_certificates() { - log_info "检查开发者证书..." - - # 检查证书是否存在 - if ! security find-certificate -a -c "Civil Rights Corps" > /dev/null 2>&1; then - log_error "未找到 Developer ID Application 证书" - log_info "请确保已安装有效的开发者证书" - exit 1 +# ======================== Step 1: 清理 ======================== +echo "" +echo "🧹 Step 1: 清理多余文件..." + +# 删除 .DS_Store +find "${APP_PATH}" -name ".DS_Store" -delete 2>/dev/null || true +find "${APP_PATH}" -name "*.bak" -delete 2>/dev/null || true + +# 删除 Headers 目录和符号链接 +find "${APP_PATH}/Contents/Frameworks" -type l -name "Headers" -delete 2>/dev/null || true +find "${APP_PATH}/Contents/Frameworks" -type d -name "Headers" -exec rm -rf {} + 2>/dev/null || true + +# 删除 Modules 目录 +find "${APP_PATH}/Contents/Frameworks" -type d -name "Modules" -exec rm -rf {} + 2>/dev/null || true + +# 删除 PrivateHeaders +find "${APP_PATH}/Contents/Frameworks" -name "PrivateHeaders" -exec rm -rf {} + 2>/dev/null || true + +echo " ✅ 清理完成" + +# ======================== Step 2: 移除现有签名 ======================== +echo "" +echo "🗑️ Step 2: 移除现有签名..." + +# 移除所有签名(忽略错误) +find "${APP_PATH}" -name "*.dylib" -exec codesign --remove-signature {} \; 2>/dev/null || true +find "${APP_PATH}" -name "*.framework" -exec codesign --remove-signature {} \; 2>/dev/null || true +codesign --remove-signature "${APP_PATH}" 2>/dev/null || true + +echo " ✅ 移除签名完成" + +# ======================== Step 3: 签名 dylib 文件 ======================== +echo "" +echo "🔐 Step 3: 签名 dylib 文件..." + +find "${APP_PATH}" -name "*.dylib" -print0 | while IFS= read -r -d '' dylib; do + echo " → $(basename "$dylib")" + codesign --force --sign "${SIGNING_IDENTITY}" \ + --options runtime \ + --timestamp \ + "$dylib" +done + +echo " ✅ dylib 签名完成" + +# ======================== Step 4: 签名 Framework ======================== +echo "" +echo "🔐 Step 4: 签名 Framework..." + +# 签名所有 framework(使用 --deep 确保内部资源被正确处理) +for fw in "${APP_PATH}"/Contents/Frameworks/*.framework; do + if [ -d "$fw" ]; then + fw_name=$(basename "$fw") + echo " → ${fw_name}" + + # 使用 --deep 签名 framework,这样会自动处理内部的资源 + codesign --force --sign "${SIGNING_IDENTITY}" \ + --options runtime \ + --timestamp \ + "$fw" fi - - log_success "找到 Developer ID Application 证书" -} +done -# 清理旧文件 -cleanup() { - log_info "清理旧的构建文件..." - rm -rf build/macos/Build/Products/Release/* - log_success "清理完成" -} +echo " ✅ Framework 签名完成" -# 构建应用 -build_app() { - log_info "开始构建 macOS 应用..." - - flutter build macos --release - - if [ ! -d "$APP_PATH" ]; then - log_error "应用构建失败" - exit 1 - fi - - log_success "应用构建完成" -} +# ======================== Step 5: 签名主应用 ======================== +echo "" +echo "🔐 Step 5: 签名主应用..." -# 签名应用 -sign_app() { - log_info "开始签名应用..." - - # 签名应用 - codesign --force --deep --sign "$DEVELOPER_ID" "$APP_PATH" - - if [ $? -eq 0 ]; then - log_success "应用签名成功" - else - log_error "应用签名失败" - exit 1 - fi - - # 验证签名 - log_info "验证应用签名..." - codesign --verify --verbose "$APP_PATH" - - if [ $? -eq 0 ]; then - log_success "应用签名验证通过" - else - log_error "应用签名验证失败" - exit 1 - fi -} +codesign --force --sign "${SIGNING_IDENTITY}" \ + --options runtime \ + --entitlements "${ENTITLEMENTS}" \ + --timestamp \ + "${APP_PATH}" -# 创建 DMG -create_dmg() { - log_info "开始创建 DMG 文件..." - - # 使用 create-dmg 创建 DMG - create-dmg \ - --volname "$APP_NAME" \ - --volicon "macos/Runner/Assets.xcassets/AppIcon.appiconset/icon-256@2x.png" \ - --window-pos 200 120 \ - --window-size 600 400 \ - --icon-size 100 \ - --icon "$APP_NAME.app" 175 190 \ - --hide-extension "$APP_NAME.app" \ - --app-drop-link 425 190 \ - --no-internet-enable \ - "$DMG_PATH" \ - "$APP_PATH" - - if [ $? -eq 0 ]; then - log_success "DMG 文件创建成功: $DMG_PATH" - else - log_error "DMG 文件创建失败" - exit 1 - fi -} +echo " ✅ 主应用签名完成" + +# ======================== Step 6: 验证签名 ======================== +echo "" +echo "✅ Step 6: 验证签名..." + +if codesign --verify --deep --strict --verbose=2 "${APP_PATH}" 2>&1; then + echo " ✅ 签名验证通过!" +else + echo " ❌ 签名验证失败!" + echo "" + echo "详细错误信息:" + codesign --verify --deep --strict --verbose=4 "${APP_PATH}" 2>&1 + exit 1 +fi + +# ======================== Step 7: 创建 ZIP ======================== +echo "" +echo "📦 Step 7: 创建 ZIP..." + +ZIP_PATH="${OUTPUT_DIR}/HiFastVPN.zip" +rm -f "${ZIP_PATH}" +ditto -c -k --keepParent "${APP_PATH}" "${ZIP_PATH}" + +echo " ✅ ZIP 创建完成: ${ZIP_PATH}" + +# ======================== Step 8: 公证 ======================== +echo "" +echo "📤 Step 8: 提交公证..." +echo " (这可能需要几分钟时间...)" + +xcrun notarytool submit "${ZIP_PATH}" \ + --apple-id "${APPLE_ID}" \ + --password "${APP_PASSWORD}" \ + --team-id "${TEAM_ID}" \ + --wait + +echo " ✅ 公证完成" + +# ======================== Step 9: Staple ======================== +echo "" +echo "📎 Step 9: Staple..." + +xcrun stapler staple "${APP_PATH}" + +echo " ✅ Staple 完成" + +# ======================== Step 10: 最终验证 ======================== +echo "" +echo "🔍 Step 10: 最终验证..." + +echo "" +echo "--- codesign --verify ---" +codesign --verify --deep --strict "${APP_PATH}" && echo "✅ codesign 验证通过" + +echo "" +echo "--- xcrun stapler validate ---" +xcrun stapler validate "${APP_PATH}" + +echo "" +echo "--- spctl -a -t execute ---" +spctl -a -t execute -vv "${APP_PATH}" + +# ======================== Step 11: 创建 DMG ======================== +echo "" +echo "💿 Step 11: 创建 DMG..." + +DMG_PATH="${OUTPUT_DIR}/HiFastVPN.dmg" +rm -f "${DMG_PATH}" + +# 使用 hdiutil 创建简单的 DMG +hdiutil create -volname "HiFastVPN" -srcfolder "${APP_PATH}" -ov -format UDZO "${DMG_PATH}" # 签名 DMG -sign_dmg() { - log_info "开始签名 DMG 文件..." - - # 签名 DMG - codesign --force --sign "$DEVELOPER_ID" "$DMG_PATH" - - if [ $? -eq 0 ]; then - log_success "DMG 签名成功" - else - log_error "DMG 签名失败" - exit 1 - fi - - # 验证 DMG 签名 - log_info "验证 DMG 签名..." - codesign --verify --verbose "$DMG_PATH" - - if [ $? -eq 0 ]; then - log_success "DMG 签名验证通过" - else - log_error "DMG 签名验证失败" - exit 1 - fi -} - -# 公证应用 -notarize_app() { - log_info "开始公证应用..." - - # 创建 ZIP 文件用于公证 - ZIP_PATH="build/macos/Build/Products/Release/${APP_NAME}-${APP_VERSION}.zip" - ditto -c -k --keepParent "$APP_PATH" "$ZIP_PATH" - - log_info "上传应用进行公证..." - log_warning "请确保您已生成应用专用密码:" - log_warning "1. 访问 https://appleid.apple.com" - log_warning "2. 登录您的 Apple ID" - log_warning "3. 在'安全'部分生成应用专用密码" - log_warning "4. 使用该密码进行公证" - - # 上传进行公证 - xcrun notarytool submit "$ZIP_PATH" \ - --apple-id "$APPLE_ID" \ - --team-id "$TEAM_ID" \ - --wait - - if [ $? -eq 0 ]; then - log_success "应用公证成功" - - # 装订公证票据 - log_info "装订公证票据到应用..." - xcrun stapler staple "$APP_PATH" - - if [ $? -eq 0 ]; then - log_success "公证票据装订成功" - else - log_warning "公证票据装订失败,但应用已公证" - fi - else - log_error "应用公证失败" - log_info "请检查 Apple ID 和应用专用密码是否正确" - exit 1 - fi - - # 清理 ZIP 文件 - rm -f "$ZIP_PATH" -} +# echo " 签名 DMG..." +# codesign --force --sign "${SIGNING_IDENTITY}" --timestamp "${DMG_PATH}" # 公证 DMG -notarize_dmg() { - log_info "开始公证 DMG..." - - # 上传 DMG 进行公证 - xcrun notarytool submit "$DMG_PATH" \ - --apple-id "$APPLE_ID" \ - --team-id "$TEAM_ID" \ - --wait - - if [ $? -eq 0 ]; then - log_success "DMG 公证成功" - - # 装订公证票据 - log_info "装订公证票据到 DMG..." - xcrun stapler staple "$DMG_PATH" - - if [ $? -eq 0 ]; then - log_success "DMG 公证票据装订成功" - else - log_warning "DMG 公证票据装订失败,但 DMG 已公证" - fi - else - log_error "DMG 公证失败" - log_info "请检查 Apple ID 和应用专用密码是否正确" - exit 1 - fi -} +echo " 公证 DMG..." +xcrun notarytool submit "${DMG_PATH}" \ + --apple-id "${APPLE_ID}" \ + --password "${APP_PASSWORD}" \ + --team-id "${TEAM_ID}" \ + --wait -# 验证最终结果 -verify_final() { - log_info "验证最终结果..." - - # 检查文件大小 - APP_SIZE=$(du -h "$APP_PATH" | cut -f1) - DMG_SIZE=$(du -h "$DMG_PATH" | cut -f1) - - log_info "应用大小: $APP_SIZE" - log_info "DMG 大小: $DMG_SIZE" - - # 检查签名状态 - log_info "应用签名状态:" - codesign -dv "$APP_PATH" 2>&1 | grep -E "(Authority|TeamIdentifier|BundleId)" - - log_info "DMG 签名状态:" - codesign -dv "$DMG_PATH" 2>&1 | grep -E "(Authority|TeamIdentifier)" - - # 检查公证状态 - log_info "应用公证状态:" - xcrun stapler validate "$APP_PATH" - - log_info "DMG 公证状态:" - xcrun stapler validate "$DMG_PATH" -} +# Staple DMG +echo " Staple DMG..." +xcrun stapler staple "${DMG_PATH}" -# 显示结果 -show_result() { - log_success "==========================================" - log_success "签名、公证和打包完成!" - log_success "==========================================" - log_info "应用名称: $APP_NAME" - log_info "版本: $APP_VERSION" - log_info "签名应用: $APP_PATH" - log_info "签名 DMG: $DMG_PATH" - log_info "开发者: $DEVELOPER_ID" - log_success "==========================================" - log_info "现在可以安全地分发给用户" - log_info "用户安装时不会看到安全警告" - log_info "应用已通过 Apple 公证,可在任何 Mac 上运行" - log_success "==========================================" -} +echo " ✅ DMG 创建完成: ${DMG_PATH}" -# 主函数 -main() { - log_info "开始 BearVPN macOS 签名、公证和打包流程..." - log_info "==========================================" - - check_certificates - cleanup - build_app - sign_app - notarize_app - create_dmg - sign_dmg - notarize_dmg - verify_final - show_result - - log_success "所有操作完成!" -} +# ======================== 完成 ======================== +echo "" +echo "╔═══════════════════════════════════════════════════════════════════╗" +echo "║ 🎉 全部完成! ║" +echo "╚═══════════════════════════════════════════════════════════════════╝" +echo "" +echo "输出文件:" +echo " 📦 ${APP_PATH}" +echo " 📦 ${ZIP_PATH}" +echo " 💿 ${DMG_PATH}" +echo "" +echo "⚠️ 重要提示:" +echo " 发给用户的应该是 DMG 文件,不是 ZIP 或 .app" +echo " DMG 已经签名和公证,用户打开后不会被 Gatekeeper 拦截" +echo "" -# 运行主函数 -main "$@"