nextcloud
diff --git a/‎admin/osx/mac-crafter/README.md‎
Lines changed: 6 additions & 137 deletions b/‎admin/osx/mac-crafter/README.md‎
Lines changed: 6 additions & 137 deletions
diff --git a/‎admin/osx/mac-crafter/Sources/Commands/Build.swift‎
Lines changed: 70 additions & 35 deletions b/‎admin/osx/mac-crafter/Sources/Commands/Build.swift‎
Lines changed: 70 additions & 35 deletions
diff --git a/‎admin/osx/mac-crafter/Sources/Commands/Codesign.swift‎
Lines changed: 22 additions & 2 deletions b/‎admin/osx/mac-crafter/Sources/Commands/Codesign.swift‎
Lines changed: 22 additions & 2 deletions
@@ -2,15 +2,15 @@
   - SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
   - SPDX-License-Identifier: GPL-2.0-or-later
 -->
-# mac-crafter
+# Mac Crafter
 
 mac-crafter is a tool to easily build a fully functional Nextcloud Desktop Client for macOS.
-It automates cloning, configuring, crafting, codesigning, packaging, and even DMG creation of the client.
-The tool is built with Swift’s ArgumentParser and it drives the KDE Craft build system along with some Python scripts and shell commands.
+It automates cloning, configuring, crafting, codesigning, packaging, and even disk image creation of the client.
+The tool is built with Apple’s ArgumentParser and it drives the KDE Craft build system along with some Python scripts and shell commands.
 
 ## System Requirements
 
-- macOS 11 Big Sur or newer
+- macOS 12 Monterey or newer
 - Xcode
 - Python3
 - Homebrew (for installing additional tools like `inkscape`, `pyenv`, and `create-dmg`)
@@ -28,139 +28,8 @@ The script will also clone the KDE Craft repository if it is not already present
 
 ## Usage
 
-mac-crafter comes with several subcommands:
-
-### Build
-
-This is the default command and it handles:
-- Configuring and/or cloning KDE Craft (using the CraftMaster repository)
-- Adding the Nextcloud Desktop Client blueprints
-- Crafting KDE Craft projects and installing dependencies
-- Building the client with options for a full rebuild, offline mode, and more
-
-**Usage Example:**
-
-```
-swift run mac-crafter [options]
-```
-
-**Common Options:**
-
-- **Repository and Build Paths:**
-  - `--repo-root-dir`: Path to the Nextcloud Desktop Client git repository (default is `../../../` relative to the current directory).
-  - `--build-path`: Directory where build files are written.
-  - `--product-path`: Directory where the final product (app bundle) will be placed.
-
-- **Build Settings:**
-  - `--arch`: Architecture to build for (e.g. `arm64`, `x86_64`).
-  - `--build-type`: Build type (e.g. `Release`, `RelWithDebInfo`, `Debug`).
-  - `--craft-blueprint-name`: Blueprint name for Nextcloud Desktop Client (default is `"nextcloud-client"`).
-  - `--full-rebuild`: Forces a full rebuild by wiping existing build artifacts.
-  - `--offline`: Run the build offline (do not update craft).
-
-- **Code Signing & Notarisation:**
-  - `--code-sign-identity (-c)`: Code signing identity for the client and libraries.
-  - `--apple-id`, `--apple-password`, `--apple-team-id`: Credentials for notarisation.
-  - `--package-signing-id`: Identifier used for package signing.
-
-- **Advanced Options:**
-  - `--disable-autoupdater`: Build without the Sparkle auto-updater.
-  - `--build-tests`: Optionally build the test suite.
-  - `--build-file-provider-module`: Build the File Provider Module.
-  - `--dev`: Build in developer mode which, for example, appends "Dev" to the app name and sets a dev flag in the craft options.
-  - `--override-server-url` and `--force-override-server-url`: Override server URL settings for the client.
-
-The build process automatically ensures necessary tools (like git, inkscape, python3) are installed—invoking installation commands on missing dependencies.
-
-### Codesign
-
-Use this subcommand to codesign an existing Nextcloud Desktop Client app bundle.
-
-**Usage Example:**
-
-```
-swift run mac-crafter codesign -c "Apple Development: <certificate common name>" <path-to-app-bundle>
-```
-
-- **Options:**
-  - `appBundlePath`: Path to the app bundle.
-  - `--code-sign-identity (-c)`: Code signing identity to use.
-
-### Package
-
-This command is used to package the client after building. It prepares the app bundle and can also perform package signing and notarisation.
-
-**Usage Example:**
-
-```
-swift run mac-crafter package [options]
-```
-
-- **Options:**
-  - `--arch`: Target architecture.
-  - `--build-path`, `--product-path`: Build and product directories.
-  - `--craft-blueprint-name`: Blueprint name.
-  - `--app-name`: The branded name of the application.
-  - Various notarisation options (`--apple-id`, `--apple-password`, `--apple-team-id`).
-  - Signing options such as `--package-signing-id` and `--sparkle-package-sign-key`.
-
-### CreateDMG
-
-This subcommand creates a DMG (disk image) for the client app bundle.
-
-**Usage Example:**
-
-```
-swift run mac-crafter createDMG <path-to-app-bundle> [options]
-```
-
-- **Options:**
-  - `appBundlePath`: The app bundle’s path.
-  - `--product-path`: Where the final DMG and product will be placed.
-  - `--build-path`: Directory for temporary build files.
-  - `--app-name`: Application's name.
-  - Notarisation and signing options similar to the Package command.
-
-## How It Works
-
-1. **Tooling Configuration:**
-   The build command checks for necessary tools (like `codesign`, `git`, `brew`, `inkscape`, and `python3`) and auto-installs missing dependencies if needed.  
-2. **KDE Craft Configuration:**
-   - If KDE Craft isn’t already cloned or if a reconfiguration is triggered, the tool clones the CraftMaster repository and configures it using a provided INI file.
-   - Next, it adds the Nextcloud Desktop Client blueprints, then crafts KDE Craft and installs the required dependencies.
-3. **Craft Options Setup:**
-   The build process assembles a set of options including source directory, architecture, build tests, auto-updater settings, and more.  
-4. **Building, Codesigning, and Packaging:**
-   The tool then builds the client, optionally performs a full rebuild, and if a codesign identity is provided, signs the final app bundle. Finally, it copies the finished app bundle to the product directory.
-5. **Optional DMG Creation:**
-   Use the CreateDMG subcommand to bundle the built client into a DMG for distribution.
-
-## Quick Start
-
-For a basic build and codesigning:
-```
-swift run mac-crafter -c "Apple Development: MyCertificate"
-```
-
-For a full rebuild on a specific architecture:
-```
-swift run mac-crafter --arch arm64 --full-rebuild -c "Apple Development: MyCertificate"
-```
-
-To package the app:
-```
-swift run mac-crafter package -c "Apple Development: MyCertificate" --arch arm64
-```
-
-To create a DMG:
-```
-swift run mac-crafter createDMG /path/to/Nextcloud.app --app-name Nextcloud
-```
-
-For more details on all available options, run:
-```
-swift run mac-crafter --help
-```
+mac-crafter comes with several subcommands.
+To see a full reference, run `mac-crafter --help` or `mac-crafter <subcommand> --help` for further specific information about the command.
 
 ## Additional Information
 
 
@@ -145,20 +145,18 @@ struct Build: AsyncParsableCommand {
         print("Build dependencies are installed.")
 
         let fm = FileManager.default
-        let craftMasterDir = "\(buildPath)/craftmaster"
-        let craftMasterIni = "\(repoRootDir)/craftmaster.ini"
-        let craftMasterPy = "\(craftMasterDir)/CraftMaster.py"
+        let buildURL = URL(fileURLWithPath: buildPath).standardized
+        let repoRootURL = URL(fileURLWithPath: repoRootDir).standardized
+        let craftMasterDir = buildURL.appendingPathComponent("craftmaster")
+        let craftMasterIni = repoRootURL.appendingPathComponent("craftmaster.ini")
+        let craftMasterPy = craftMasterDir.appendingPathComponent("CraftMaster.py")
         let craftTarget = archToCraftTarget(arch)
-        let craftCommand =
-        "python3 \(craftMasterPy) --config \(craftMasterIni) --target \(craftTarget) -c"
-        
-        if !fm.fileExists(atPath: craftMasterDir) || reconfigureCraft {
-            print("Configuring KDE Craft.")
-            
-            print("Configuring KDE Craft...")
+        let craftCommand = "python3 \(craftMasterPy.path) --config \(craftMasterIni.path) --target \(craftTarget) -c"
+
+        if !fm.fileExists(atPath: craftMasterDir.path) || reconfigureCraft {
             stopwatch.record("KDE Craft Setup")
 
-            if fm.fileExists(atPath: craftMasterDir) {
+            if fm.fileExists(atPath: craftMasterDir.path) {
                 print("KDE Craft is already cloned.")
             } else {
                 print("Cloning KDE Craft...")
@@ -168,36 +166,35 @@ struct Build: AsyncParsableCommand {
             }
 
             print("Configuring required KDE Craft blueprint repositories...")
-            guard await shell("\(craftCommand) --add-blueprint-repository '\(kdeBlueprintsGitUrl)|\(kdeBlueprintsGitRef)|'") == 0 else {
             stopwatch.record("Craft Blueprints Configuration")
 
+            guard await shell("\(craftCommand) --add-blueprint-repository '\(kdeBlueprintsGitUrl)|\(kdeBlueprintsGitRef)|'") == 0 else {
                 throw MacCrafterError.craftError("Error adding KDE blueprint repository.")
             }
-            guard await shell("\(craftCommand) --add-blueprint-repository '\(clientBlueprintsGitUrl)|\(clientBlueprintsGitRef)|'") == 0 else {
 
+            guard await shell("\(craftCommand) --add-blueprint-repository '\(clientBlueprintsGitUrl)|\(clientBlueprintsGitRef)|'") == 0 else {
                 throw MacCrafterError.craftError("Error adding Nextcloud Client blueprint repository.")
             }
 
             print("Crafting KDE Craft...")
-            guard await shell("\(craftCommand) craft") == 0 else {
             stopwatch.record("Craft Crafting")
 
+            guard await shell("\(craftCommand) craft") == 0 else {
                 throw MacCrafterError.craftError("Error crafting KDE Craft.")
             }
 
             print("Crafting Nextcloud Desktop Client dependencies...")
-            guard await shell("\(craftCommand) --install-deps \(craftBlueprintName)") == 0 else {
             stopwatch.record("Nextcloud Client Dependencies Crafting")
 
+            guard await shell("\(craftCommand) --install-deps \(craftBlueprintName)") == 0 else {
                 throw MacCrafterError.craftError("Error installing dependencies.")
             }
         } else {
             print("Skipping KDE Craft configuration because it is already and no reconfiguration was requested.")
         }
-        
 
         var craftOptions = [
-            "\(craftBlueprintName).srcDir=\(repoRootDir)",
+            "\(craftBlueprintName).srcDir=\(repoRootURL.path)",
             "\(craftBlueprintName).osxArchs=\(arch)",
             "\(craftBlueprintName).buildTests=\(buildTests ? "True" : "False")",
             "\(craftBlueprintName).buildMacOSBundle=\(disableAppBundle ? "False" : "True")",
@@ -231,28 +228,39 @@ struct Build: AsyncParsableCommand {
             craftOptions.append("\(craftBlueprintName).sparkleLibPath=\(buildPath)/Sparkle.framework")
         }
 
-        let clientBuildDir = "\(buildPath)/\(craftTarget)/build/\(craftBlueprintName)"
+        let clientBuildURL = buildURL
+            .appendingPathComponent(craftTarget)
+            .appendingPathComponent("build")
+            .appendingPathComponent(craftBlueprintName)
+
         print("Crafting \(appName) Desktop Client...")
         stopwatch.record("Desktop Client Crafting")
 
         if fullRebuild {
             do {
-                try fm.removeItem(atPath: clientBuildDir)
+                try fm.removeItem(atPath: clientBuildURL.path)
             } catch let error {
-                print("WARNING! Error removing build directory: \(error)")
+                print("ERROR: Error removing build directory: \(error)")
+                throw MacCrafterError.craftError("Failed to remove existing build directory!")
             }
         } else {
             // HACK: When building the client we often run into issues with the shell integration
             // component -- particularly the FileProviderExt part. So we wipe out the build
             // artifacts so this part gets build first. Let's first check if we have an existing
             // build in the folder we expect
-            let shellIntegrationDir = "\(clientBuildDir)/work/build/shell_integration/MacOSX"
-            if fm.fileExists(atPath: shellIntegrationDir) {
+            let shellIntegrationURL = clientBuildURL
+                .appendingPathComponent("work")
+                .appendingPathComponent("build")
+                .appendingPathComponent("shell_integration")
+                .appendingPathComponent("MacOSX")
+
+            if fm.fileExists(atPath: shellIntegrationURL.path) {
                 print("Removing existing shell integration build artifacts...")
                 do {
-                    try fm.removeItem(atPath: shellIntegrationDir)
+                    try fm.removeItem(atPath: shellIntegrationURL.path)
                 } catch let error {
-                    print("WARNING! Error removing shell integration build directory: \(error)")
+                    print("ERROR: Error removing shell integration build directory: \(error)")
+                    throw MacCrafterError.craftError("Failed to remove existing shell integration build directory!")
                 }
             }
         }
@@ -261,35 +269,62 @@ struct Build: AsyncParsableCommand {
         let offlineMode = offline ? "--offline" : ""
         let allOptionsString = craftOptions.map({ "--options \"\($0)\"" }).joined(separator: " ")
 
-        guard await shell(
-            "\(craftCommand) --buildtype \(buildType) \(buildMode) \(offlineMode) \(allOptionsString) \(craftBlueprintName)"
-        ) == 0 else {
+        guard await shell("\(craftCommand) --buildtype \(buildType) \(buildMode) \(offlineMode) \(allOptionsString) \(craftBlueprintName)") == 0 else {
             // Troubleshooting: This can happen because a CraftMaster repository was cloned which does not contain the commit defined in craftmaster.ini of this project due to use of customized forks.
             throw MacCrafterError.craftError("Error crafting Nextcloud Desktop Client.")
         }
 
-        let clientAppDir = "\(clientBuildDir)/image-\(buildType)-master/\(appName).app"
+        let clientAppURL = clientBuildURL
+            .appendingPathComponent("image-\(buildType)-master")
+            .appendingPathComponent("\(appName).app")
 
         if let codeSignIdentity {
-            print("Code-signing Nextcloud Desktop Client libraries and frameworks...")
+            print("Signing Nextcloud Desktop Client libraries and frameworks...")
             stopwatch.record("Code Signing")
 
-            try await Signer.signMainBundle(at: URL(fileURLWithPath: clientAppDir), codeSignIdentity: codeSignIdentity, developerBuild: dev)
+            let appEntitlements = clientBuildURL
+                .appendingPathComponent("work")
+                .appendingPathComponent("build")
+                .appendingPathComponent("admin")
+                .appendingPathComponent("osx")
+                .appendingPathComponent("macosx.entitlements")
+
+            let entitlementsDirectory = clientBuildURL
+                .appendingPathComponent("work")
+                .appendingPathComponent("build")
+                .appendingPathComponent("shell_integration")
+                .appendingPathComponent("MacOSX")
+
+            let entitlements: [String: URL] = [
+                "\(appName).app": appEntitlements,
+                "FileProviderExt.appex": entitlementsDirectory.appendingPathComponent("FileProviderExt.entitlements"),
+                "FileProviderUIExt.appex": entitlementsDirectory.appendingPathComponent("FileProviderUIExt.entitlements"),
+                "FinderSyncExt.appex": entitlementsDirectory.appendingPathComponent("FinderSyncExt.entitlements"),
+            ]
+
+            for file in entitlements.values {
+                if FileManager.default.fileExists(atPath: file.path) {
+                    print("Using entitlement manifest: \(file.path)")
+                } else {
+                    print("ERROR: Entitlement manifest does not exist: \(file.path)")
+                }
+            }
+
+            try await Signer.signMainBundle(at: clientAppURL, codeSignIdentity: codeSignIdentity, entitlements: entitlements, developerBuild: dev)
         }
 
         print("Placing Nextcloud Desktop Client in \(productPath)...")
 
         if !fm.fileExists(atPath: productPath) {
-            try fm.createDirectory(
-                atPath: productPath, withIntermediateDirectories: true, attributes: nil
-            )
+            try fm.createDirectory(atPath: productPath, withIntermediateDirectories: true, attributes: nil)
         }
+
         if fm.fileExists(atPath: "\(productPath)/\(appName).app") {
             try fm.removeItem(atPath: "\(productPath)/\(appName).app")
         }
 
-        try fm.copyItem(atPath: clientAppDir, toPath: "\(productPath)/\(appName).app")
-        
+        try fm.copyItem(atPath: clientAppURL.path, toPath: "\(productPath)/\(appName).app")
+
         if package {
             stopwatch.record("Packaging App Bundle")
 
 
@@ -17,10 +17,30 @@ struct Codesign: AsyncParsableCommand {
 
     @Flag(help: "Produce a developer build.")
     var developerBuild = false
-    
+
+    @Argument(help: "Location of the entitlements manifest for the app.")
+    var appEntitlements: String
+
+    @Argument(help: "Location of the entitlements manifest for the file provider extension.")
+    var fileProviderEntitlements: String
+
+    @Argument(help: "Location of the entitlements manifest for the file provider UI extension.")
+    var fileProviderUIEntitlements: String
+
+    @Argument(help: "Location of the entitlements manifest for the Finder sync extension.")
+    var finderSyncEntitlements: String
+
     mutating func run() async throws {
         let absolutePath = appBundlePath.hasPrefix("/") ? appBundlePath : "\(FileManager.default.currentDirectoryPath)/\(appBundlePath)"
         let url = URL(fileURLWithPath: absolutePath)
-        try await Signer.signMainBundle(at: url, codeSignIdentity: codeSignIdentity, developerBuild: developerBuild)
+
+        let entitlements = [
+            url.lastPathComponent: URL(fileURLWithPath: appEntitlements),
+            "FileProviderExt.appex": URL(fileURLWithPath: fileProviderEntitlements),
+            "FileProviderUIExt.appex": URL(fileURLWithPath: fileProviderUIEntitlements),
+            "FinderSyncExt.appex": URL(fileURLWithPath: finderSyncEntitlements),
+        ]
+
+        try await Signer.signMainBundle(at: url, codeSignIdentity: codeSignIdentity, entitlements: entitlements, developerBuild: developerBuild)
     }
 }