bundle.sh (1904B)
1 #!/usr/bin/env bash 2 # bundle.sh — assemble and code-sign Hydra.app around the daemon. 3 # 4 # CoreAudio process taps require a TCC-authorizable identity: a bundle with an 5 # Info.plist (NSAudioCaptureUsageDescription) signed with the audio-input entitlement. 6 # A bare `cargo run` binary can't be authorized, so the daemon must run from this bundle. 7 # 8 # ./scripts/bundle.sh [debug|release] (default: release) 9 # 10 # Produces dist/Hydra.app. Sign ad-hoc by default; set HYDRA_SIGN_ID to a real identity 11 # (e.g. "Apple Development: you@example.com") for a stable identity that doesn't churn 12 # the TCC grant on every rebuild. 13 set -euo pipefail 14 15 PROFILE="${1:-release}" 16 ROOT="$(cd "$(dirname "$0")/.." && pwd)" 17 SIGN_ID="${HYDRA_SIGN_ID:--}" # '-' = ad-hoc 18 APP="$ROOT/dist/Hydra.app" 19 20 # Build BOTH binaries: the daemon (bundled into the app) and the TUI (what the `hydra` 21 # launcher symlinks to). Building only hydrad here once left a stale TUI on PATH. 22 echo "• building hydra + hydrad ($PROFILE)" 23 if [ "$PROFILE" = "release" ]; then 24 cargo build --manifest-path "$ROOT/Cargo.toml" -p hydrad -p hydra --release 25 BIN="$ROOT/target/release/hydrad" 26 else 27 cargo build --manifest-path "$ROOT/Cargo.toml" -p hydrad -p hydra 28 BIN="$ROOT/target/debug/hydrad" 29 fi 30 31 echo "• assembling $APP" 32 rm -rf "$APP" 33 mkdir -p "$APP/Contents/MacOS" 34 cp "$BIN" "$APP/Contents/MacOS/hydrad" 35 cp "$ROOT/scripts/Info.plist" "$APP/Contents/Info.plist" 36 37 echo "• signing (identity: $SIGN_ID)" 38 codesign --force --options runtime \ 39 --sign "$SIGN_ID" \ 40 --identifier com.ganten.hydra \ 41 --entitlements "$ROOT/scripts/hydrad.entitlements" \ 42 "$APP" 43 44 echo "• verifying" 45 codesign --verify --verbose "$APP" 46 echo 47 echo "✓ built $APP" 48 echo " daemon executable: $APP/Contents/MacOS/hydrad" 49 echo " install as a LaunchAgent: ./scripts/install-agent.sh" 50 echo " or run directly: '$APP/Contents/MacOS/hydrad'"