macOS: static-link, drop SDL2_image, ad-hoc sign — no more Gatekeeper prompts#3
Merged
Merged
Conversation
Kills the Gatekeeper 'Apple cannot verify libSDL2_image…' prompt that
fired once per bundled dylib (22 times) on first launch of a downloaded
macOS build.
Root cause: the bundle shipped 22 third-party dylibs (SDL2_image and its
whole avif/jxl/webp/tiff/lcms/… transitive tree), none signed/notarized,
each quarantined.
Changes:
- src/png_to_sdl_surface.{c,h}: load PNG via LVGL's bundled lodepng instead
of SDL2_image. The emulator only ever loaded one PNG (the device skin)
and only IMG_INIT_PNG, so SDL2_image was pure overhead. APPLaunch icons
already decode through LVGL's LV_USE_LODEPNG, untouched.
- src/main.cpp / main_web.cpp: use load_png_as_sdl_surface(), drop SDL_image.
- CMakeLists.txt: remove SDL2_image entirely. Add EMU_MACOS_STATIC_DEPS=ON
(default) — statically link libSDL2.a + libfreetype.a + libpng16.a with the
Cocoa/CoreAudio/etc frameworks SDL2 needs. Result: cardputer-emu has zero
third-party dylib references (verified via otool -L in CI).
- build.yml macos job: install sdl2/freetype/libpng (no sdl2_image), build
static, ad-hoc codesign every Mach-O (cardputer-emu + our two app dylibs),
strip the quarantine xattr, and produce BOTH a green zip and a DMG.
Bundle size dropped ~40% (10.8MB → 6.2MB). Windows / Linux / Web unchanged.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Downloading a macOS build and launching it fired the Gatekeeper prompt 22 times — once per bundled dylib ("Apple 无法验证 libSDL2_image…"). The bundle carried 22 third-party dylibs (SDL2_image + its avif/jxl/webp/tiff/lcms/aom/dav1d/… transitive tree), none signed/notarized, each quarantined.
Fix — stop shipping third-party dylibs on macOS
src/png_to_sdl_surface.{c,h}loads PNG via LVGL's bundled lodepng. Emulator only loaded one PNG (device skin); APPLaunch icons already useLV_USE_LODEPNG.EMU_MACOS_STATIC_DEPS=ON).otool -Lshows zero homebrew refs — CI asserts it.Result
Local:
otool -Lclean, signed static binary runs + renders skin; sign+zip+dmg flow exercised end-to-end.