From d34e54b5e7a3415e9c236435773b29c54bf3b9e1 Mon Sep 17 00:00:00 2001
From: Mehmet Bektas <mbektasgh@outlook.com>
Date: Sun, 21 Jan 2024 22:26:55 -0800
Subject: [PATCH] fix code signing

---
 env_installer/sign-osx-64.txt    | 18 +++++++++
 env_installer/sign-osx-arm64.txt | 18 +++++++++
 scripts/buildutil.js             | 66 +++++++++++++++++++++++++-------
 3 files changed, 88 insertions(+), 14 deletions(-)

diff --git a/env_installer/sign-osx-64.txt b/env_installer/sign-osx-64.txt
index 4324f59b..cc752c40 100644
--- a/env_installer/sign-osx-64.txt
+++ b/env_installer/sign-osx-64.txt
@@ -204,6 +204,7 @@ lib/libyaml-cpp.0.8.0.dylib
 lib/libz.1.2.13.dylib
 lib/libzmq.5.dylib
 lib/libzstd.1.5.5.dylib
+lib/python3.8/config-3.8-darwin/python.o
 lib/python3.8/lib-dynload/_asyncio.cpython-38-darwin.so
 lib/python3.8/lib-dynload/_bisect.cpython-38-darwin.so
 lib/python3.8/lib-dynload/_blake2.cpython-38-darwin.so
@@ -277,12 +278,15 @@ lib/python3.8/lib-dynload/termios.cpython-38-darwin.so
 lib/python3.8/lib-dynload/unicodedata.cpython-38-darwin.so
 lib/python3.8/lib-dynload/xxlimited.cpython-38-darwin.so
 lib/python3.8/lib-dynload/zlib.cpython-38-darwin.so
+lib/python3.8/lib2to3/Grammar3.8.18.final.0.pickle
+lib/python3.8/lib2to3/PatternGrammar3.8.18.final.0.pickle
 lib/python3.8/site-packages/AppKit/_AppKit.cpython-38-darwin.so
 lib/python3.8/site-packages/AppKit/_inlines.cpython-38-darwin.so
 lib/python3.8/site-packages/CoreFoundation/_CoreFoundation.cpython-38-darwin.so
 lib/python3.8/site-packages/CoreFoundation/_inlines.cpython-38-darwin.so
 lib/python3.8/site-packages/Foundation/_Foundation.cpython-38-darwin.so
 lib/python3.8/site-packages/Foundation/_inlines.cpython-38-darwin.so
+lib/python3.8/site-packages/IPython/core/tests/nonascii.py
 lib/python3.8/site-packages/PIL/_imaging.cpython-38-darwin.so
 lib/python3.8/site-packages/PIL/_imagingcms.cpython-38-darwin.so
 lib/python3.8/site-packages/PIL/_imagingft.cpython-38-darwin.so
@@ -298,12 +302,20 @@ lib/python3.8/site-packages/contourpy/_contourpy.cpython-38-darwin.so
 lib/python3.8/site-packages/debugpy/_vendored/pydevd/_pydevd_bundle/pydevd_cython.cpython-38-darwin.so
 lib/python3.8/site-packages/debugpy/_vendored/pydevd/_pydevd_frame_eval/pydevd_frame_evaluator.cpython-38-darwin.so
 lib/python3.8/site-packages/debugpy/_vendored/pydevd/pydevd_attach_to_process/attach_x86_64.dylib
+lib/python3.8/site-packages/debugpy/_vendored/pydevd/tests_python/resources/_pydev_coverage_cyrillic_encoding_py2.py
+lib/python3.8/site-packages/debugpy/_vendored/pydevd/tests_python/resources/_pydev_coverage_cyrillic_encoding_py3.py
+lib/python3.8/site-packages/debugpy/_vendored/pydevd/tests_python/resources/_pydev_coverage_syntax_error.py
 lib/python3.8/site-packages/fontTools/cu2qu/cu2qu.cpython-38-darwin.so
 lib/python3.8/site-packages/fontTools/feaLib/lexer.cpython-38-darwin.so
 lib/python3.8/site-packages/fontTools/misc/bezierTools.cpython-38-darwin.so
 lib/python3.8/site-packages/fontTools/pens/momentsPen.cpython-38-darwin.so
 lib/python3.8/site-packages/fontTools/qu2cu/qu2cu.cpython-38-darwin.so
 lib/python3.8/site-packages/fontTools/varLib/iup.cpython-38-darwin.so
+lib/python3.8/site-packages/importlib_resources/tests/data01/binary.file
+lib/python3.8/site-packages/importlib_resources/tests/data01/subdirectory/binary.file
+lib/python3.8/site-packages/importlib_resources/tests/data01/utf-16.file
+lib/python3.8/site-packages/importlib_resources/tests/namespacedata01/binary.file
+lib/python3.8/site-packages/importlib_resources/tests/namespacedata01/utf-16.file
 lib/python3.8/site-packages/kiwisolver/_cext.cpython-38-darwin.so
 lib/python3.8/site-packages/libmambapy/bindings.cpython-38-darwin.so
 lib/python3.8/site-packages/markupsafe/_speedups.cpython-38-darwin.so
@@ -317,6 +329,10 @@ lib/python3.8/site-packages/matplotlib/backends/_backend_agg.cpython-38-darwin.s
 lib/python3.8/site-packages/matplotlib/backends/_macosx.cpython-38-darwin.so
 lib/python3.8/site-packages/matplotlib/backends/_tkagg.cpython-38-darwin.so
 lib/python3.8/site-packages/matplotlib/ft2font.cpython-38-darwin.so
+lib/python3.8/site-packages/menuinst/data/appkit_launcher_arm64
+lib/python3.8/site-packages/menuinst/data/appkit_launcher_x86_64
+lib/python3.8/site-packages/menuinst/data/osx_launcher_arm64
+lib/python3.8/site-packages/menuinst/data/osx_launcher_x86_64
 lib/python3.8/site-packages/numpy/core/_multiarray_tests.cpython-38-darwin.so
 lib/python3.8/site-packages/numpy/core/_multiarray_umath.cpython-38-darwin.so
 lib/python3.8/site-packages/numpy/core/_operand_flag_tests.cpython-38-darwin.so
@@ -324,6 +340,8 @@ lib/python3.8/site-packages/numpy/core/_rational_tests.cpython-38-darwin.so
 lib/python3.8/site-packages/numpy/core/_simd.cpython-38-darwin.so
 lib/python3.8/site-packages/numpy/core/_struct_ufunc_tests.cpython-38-darwin.so
 lib/python3.8/site-packages/numpy/core/_umath_tests.cpython-38-darwin.so
+lib/python3.8/site-packages/numpy/core/tests/data/recarray_from_file.fits
+lib/python3.8/site-packages/numpy/f2py/tests/src/module_data/mod.mod
 lib/python3.8/site-packages/numpy/fft/_pocketfft_internal.cpython-38-darwin.so
 lib/python3.8/site-packages/numpy/linalg/_umath_linalg.cpython-38-darwin.so
 lib/python3.8/site-packages/numpy/linalg/lapack_lite.cpython-38-darwin.so
diff --git a/env_installer/sign-osx-arm64.txt b/env_installer/sign-osx-arm64.txt
index b3fa1251..02f83eca 100644
--- a/env_installer/sign-osx-arm64.txt
+++ b/env_installer/sign-osx-arm64.txt
@@ -204,6 +204,7 @@ lib/libyaml-cpp.0.8.0.dylib
 lib/libz.1.2.13.dylib
 lib/libzmq.5.dylib
 lib/libzstd.1.5.5.dylib
+lib/python3.8/config-3.8-darwin/python.o
 lib/python3.8/lib-dynload/_asyncio.cpython-38-darwin.so
 lib/python3.8/lib-dynload/_bisect.cpython-38-darwin.so
 lib/python3.8/lib-dynload/_blake2.cpython-38-darwin.so
@@ -277,6 +278,9 @@ lib/python3.8/lib-dynload/termios.cpython-38-darwin.so
 lib/python3.8/lib-dynload/unicodedata.cpython-38-darwin.so
 lib/python3.8/lib-dynload/xxlimited.cpython-38-darwin.so
 lib/python3.8/lib-dynload/zlib.cpython-38-darwin.so
+lib/python3.8/lib2to3/Grammar3.8.18.final.0.pickle
+lib/python3.8/lib2to3/PatternGrammar3.8.18.final.0.pickle
+lib/python3.8/site-packages/IPython/core/tests/nonascii.py
 lib/python3.8/site-packages/PIL/_imaging.cpython-38-darwin.so
 lib/python3.8/site-packages/PIL/_imagingcms.cpython-38-darwin.so
 lib/python3.8/site-packages/PIL/_imagingft.cpython-38-darwin.so
@@ -292,12 +296,20 @@ lib/python3.8/site-packages/contourpy/_contourpy.cpython-38-darwin.so
 lib/python3.8/site-packages/debugpy/_vendored/pydevd/_pydevd_bundle/pydevd_cython.cpython-38-darwin.so
 lib/python3.8/site-packages/debugpy/_vendored/pydevd/_pydevd_frame_eval/pydevd_frame_evaluator.cpython-38-darwin.so
 lib/python3.8/site-packages/debugpy/_vendored/pydevd/pydevd_attach_to_process/attach_linux_amd64.dylib
+lib/python3.8/site-packages/debugpy/_vendored/pydevd/tests_python/resources/_pydev_coverage_cyrillic_encoding_py2.py
+lib/python3.8/site-packages/debugpy/_vendored/pydevd/tests_python/resources/_pydev_coverage_cyrillic_encoding_py3.py
+lib/python3.8/site-packages/debugpy/_vendored/pydevd/tests_python/resources/_pydev_coverage_syntax_error.py
 lib/python3.8/site-packages/fontTools/cu2qu/cu2qu.cpython-38-darwin.so
 lib/python3.8/site-packages/fontTools/feaLib/lexer.cpython-38-darwin.so
 lib/python3.8/site-packages/fontTools/misc/bezierTools.cpython-38-darwin.so
 lib/python3.8/site-packages/fontTools/pens/momentsPen.cpython-38-darwin.so
 lib/python3.8/site-packages/fontTools/qu2cu/qu2cu.cpython-38-darwin.so
 lib/python3.8/site-packages/fontTools/varLib/iup.cpython-38-darwin.so
+lib/python3.8/site-packages/importlib_resources/tests/data01/binary.file
+lib/python3.8/site-packages/importlib_resources/tests/data01/subdirectory/binary.file
+lib/python3.8/site-packages/importlib_resources/tests/data01/utf-16.file
+lib/python3.8/site-packages/importlib_resources/tests/namespacedata01/binary.file
+lib/python3.8/site-packages/importlib_resources/tests/namespacedata01/utf-16.file
 lib/python3.8/site-packages/kiwisolver/_cext.cpython-38-darwin.so
 lib/python3.8/site-packages/libmambapy/bindings.cpython-38-darwin.so
 lib/python3.8/site-packages/markupsafe/_speedups.cpython-38-darwin.so
@@ -311,6 +323,10 @@ lib/python3.8/site-packages/matplotlib/backends/_backend_agg.cpython-38-darwin.s
 lib/python3.8/site-packages/matplotlib/backends/_macosx.cpython-38-darwin.so
 lib/python3.8/site-packages/matplotlib/backends/_tkagg.cpython-38-darwin.so
 lib/python3.8/site-packages/matplotlib/ft2font.cpython-38-darwin.so
+lib/python3.8/site-packages/menuinst/data/appkit_launcher_arm64
+lib/python3.8/site-packages/menuinst/data/appkit_launcher_x86_64
+lib/python3.8/site-packages/menuinst/data/osx_launcher_arm64
+lib/python3.8/site-packages/menuinst/data/osx_launcher_x86_64
 lib/python3.8/site-packages/numpy/core/_multiarray_tests.cpython-38-darwin.so
 lib/python3.8/site-packages/numpy/core/_multiarray_umath.cpython-38-darwin.so
 lib/python3.8/site-packages/numpy/core/_operand_flag_tests.cpython-38-darwin.so
@@ -318,6 +334,8 @@ lib/python3.8/site-packages/numpy/core/_rational_tests.cpython-38-darwin.so
 lib/python3.8/site-packages/numpy/core/_simd.cpython-38-darwin.so
 lib/python3.8/site-packages/numpy/core/_struct_ufunc_tests.cpython-38-darwin.so
 lib/python3.8/site-packages/numpy/core/_umath_tests.cpython-38-darwin.so
+lib/python3.8/site-packages/numpy/core/tests/data/recarray_from_file.fits
+lib/python3.8/site-packages/numpy/f2py/tests/src/module_data/mod.mod
 lib/python3.8/site-packages/numpy/fft/_pocketfft_internal.cpython-38-darwin.so
 lib/python3.8/site-packages/numpy/linalg/_umath_linalg.cpython-38-darwin.so
 lib/python3.8/site-packages/numpy/linalg/lapack_lite.cpython-38-darwin.so
diff --git a/scripts/buildutil.js b/scripts/buildutil.js
index 49a80483..6b1e6b3d 100644
--- a/scripts/buildutil.js
+++ b/scripts/buildutil.js
@@ -93,24 +93,62 @@ if (cli.flags.checkVersionMatch) {
 if (cli.flags.updateBinarySignList) {
   const { isBinary } = require('istextorbinary');
   const envInstallerDir = path.resolve('env_installer', 'jlab_server');
-  const envBinDir = path.join(envInstallerDir, 'bin');
-  const envSbinDir = path.join(envInstallerDir, 'sbin');
-  const envLibexecDir = path.join(envInstallerDir, 'libexec');
 
+  const getFileExtension = filePath => {
+    const lastDot = filePath.lastIndexOf('.');
+    if (lastDot !== -1) {
+      return filePath.substring(lastDot + 1);
+    }
+  };
+
+  const skipExtensions = new Set([
+    'a',
+    'bz2',
+    'dat',
+    'eot',
+    'exe',
+    'gif',
+    'gz',
+    'jpg',
+    'icns',
+    'ico',
+    'mo',
+    'npy',
+    'npz',
+    'parquet',
+    'pdf',
+    'pkl',
+    'png',
+    'ppm',
+    'pyc',
+    'testcase',
+    'tiff',
+    'ttf',
+    'wav',
+    'whl',
+    'woff',
+    'woff2',
+    'xz',
+    'zip'
+  ]);
+
+  const skipPathComponents = [
+    '/pytz/zoneinfo/',
+    '/tzdata/zoneinfo/',
+    'share/terminfo/'
+  ];
+
+  // sign binary files except for certain extensions and certain directories
   const needsSigning = filePath => {
-    // consider bin, libexec, sbin directories, and .so, .dylib files in other directories
-    if (
-      filePath.startsWith(envBinDir) ||
-      filePath.startsWith(envLibexecDir) ||
-      filePath.startsWith(envSbinDir) ||
-      filePath.endsWith('.so') ||
-      filePath.endsWith('.dylib')
-    ) {
-      // check for binary content
-      return isBinary(null, fs.readFileSync(filePath));
+    const skippedPath = skipPathComponents.find(component => {
+      return filePath.includes(component);
+    });
+
+    if (skippedPath || skipExtensions.has(getFileExtension(filePath))) {
+      return false;
     }
 
-    return false;
+    return isBinary(null, fs.readFileSync(filePath));
   };
 
   const findBinariesInDirectory = dirPath => {