bin/create-dmg-from-merged-app-bundle | 77 ++++++++++++++++++++++++++++++++--
solenv/bin/macosx-codesign-app-bundle | 10 ++--
2 files changed, 79 insertions(+), 8 deletions(-)
New commits:
commit b355f4e88998cc953b135933f554d773964badc2
Author: Patrick Luby <patrick.l...@collabora.com>
AuthorDate: Wed Mar 8 14:59:59 2023 -0500
Commit: Patrick Luby <plub...@neooffice.org>
CommitDate: Tue Mar 14 20:04:59 2023 +0000
Improve scripts that codesign and create a .dmg from a Universal bundle
This change adds the following:
- The solenv/bin/macosx-codesign-app-bundle script now uses
"--timestamp" wherever "--options runtime" is used in order to
pass Apple's notarization process.
- A second, required argument has been added to the
bin/create-dmg-from-merged-app-bundle script that specifies one
of the following types: "release", "dev", or "collabora". Only
the .DS_Store is different for each as no product set a volume
icon currently.
- Upon success, the bin/create-dmg-from-merged-app-bundle script
will print a warning that the .dmg is not notarized as well as
the commands to use to manually notarize the .dmg.
Change-Id: I7c3f2d60dbb16b25bd6088b7e0af8c82284702d9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/148490
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
Reviewed-by: Patrick Luby <plub...@neooffice.org>
Reviewed-by: Andras Timar <andras.ti...@collabora.com>
(cherry picked from commit 86e612db56be2d1934275de021b3213875e9301d)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/148508
Tested-by: Jenkins
diff --git a/bin/create-dmg-from-merged-app-bundle
b/bin/create-dmg-from-merged-app-bundle
index 8f32e4d24b3e..483b1298d7c9 100755
--- a/bin/create-dmg-from-merged-app-bundle
+++ b/bin/create-dmg-from-merged-app-bundle
@@ -20,8 +20,9 @@ if [ `uname` != Darwin ]; then
exit 1
fi
-if [ $# != 1 ]; then
- echo Usage: $0 signed-app-bundle
+if [ $# != 2 ]; then
+ echo Usage: $0 signed-app-bundle type
+ echo " where type is 'release', 'dev', or 'collabora'"
exit 1
fi
@@ -35,12 +36,29 @@ if [[ "$1" != *.app ]]; then
exit 1
fi
+DSSTOREFILE=
+VOLUMEICON=
+if [ "$2" = "release" ];then
+ DSSTOREFILE=DS_Store
+elif [ "$2" = "dev" ];then
+ DSSTOREFILE=DS_Store_Dev
+elif [ "$2" = "collabora" ];then
+ DSSTOREFILE=DS_Store
+ # Collabora is not currently using a volume icon
+ #VOLUMEICON=main.icns
+else
+ echo "type argument $2 is not equal to 'release', 'dev', or 'collabora'"
>&2
+ exit 1
+fi
+
IN=$(cd "$1" && /bin/pwd)
INAPP=$(basename "$IN")
INDIR=$(dirname "$IN")
OUTVOLUME=$(basename "$IN" .app)
+OUTVOLUMEMOUNT=/Volumes/"$OUTVOLUME"
OUTTMPDIR=$(dirname "$IN")/"$OUTVOLUME"
OUTFILE="$OUTTMPDIR".dmg
+OUTFILETMP="$OUTTMPDIR".tmp.dmg
SRCDIR=$(cd `dirname "$0"`/.. && /bin/pwd)
# Create $OUTTMPDIR directory in the same directory as the output .dmg and
@@ -56,6 +74,16 @@ if [ -d "$OUTFILE" ]; then
exit 1
fi
+if [ -f "$OUTFILETMP" ]; then
+ echo The file $OUTFILETMP exists already >&2
+ exit 1
+fi
+
+if [ -d "$OUTFILETMP" ]; then
+ echo $OUTFILETMP exists and is a directory >&2
+ exit 1
+fi
+
if [ -d "$OUTTMPDIR" ]; then
echo The directory $OUTTMPDIR exists already >&2
exit 1
@@ -66,16 +94,59 @@ if [ -f "$OUTTMPDIR" ]; then
exit 1
fi
+if [ -d "$OUTVOLUMEMOUNT" ]; then
+ echo The directory $OUTVOLUMEMOUNT exists already >&2
+ exit 1
+fi
+
+if [ -f "$OUTVOLUMEMOUNT" ]; then
+ echo $OUTVOLUMEMOUNT exists and is a file >&2
+ exit 1
+fi
+
mkdir "$OUTTMPDIR"
mkdir "$OUTTMPDIR"/.background
tar cf - "$INAPP" -C "$INDIR" | tar xvpf - -C "$OUTTMPDIR"
ln -s /Applications "$OUTTMPDIR"/Applications
cp "$SRCDIR"/setup_native/source/packinfo/DS_Store "$OUTTMPDIR"/.DS_Store
-cp "$SRCDIR"/setup_native/source/packinfo/VolumeIcon.icns
"$OUTTMPDIR"/.VolumeIcon.icns
+if [ ! -z "$VOLUMEICON" ]; then
+ cp "$SRCDIR"/sysui/desktop/icons/"$VOLUMEICON"
"$OUTTMPDIR"/.VolumeIcon.icns
+fi
cp "$SRCDIR"/setup_native/source/packinfo/osxdndinstall.png
"$OUTTMPDIR"/.background/background.png
# Create and mount empty .dmg
+sync
+
+if [ -z "$VOLUMEICON" ]; then
# Copied and adapted to bash from solenv/bin/modules/installer/simplepackage.pm
# tdf#151341 Use lzfse compression instead of bzip2
hdiutil create -srcfolder "$OUTTMPDIR" "$OUTFILE" -ov -fs HFS+ -volname
"$OUTVOLUME" -format ULFO
+else
+# To set a volume icon, we need to create a writable .dmg, mount it, set the
+# volume icon, unmount it, and then convert it to a read-only .dmg
+hdiutil create -srcfolder "$OUTTMPDIR" "$OUTFILETMP" -ov -fs HFS+ -volname
"$OUTVOLUME" -format UDRW
+sync
+hdiutil attach "$OUTFILETMP"
+if [ -f "$OUTVOLUMEMOUNT"/.VolumeIcon.icns ]; then
+ # TODO: SetFile is deprecated so we will eventually need to find another
+ # way to set the volume icon or stop trying to set the volume icon
+ SetFile -a C "$OUTVOLUMEMOUNT"
+fi
+hdiutil detach "$OUTVOLUMEMOUNT"
+sync
+hdiutil convert "$OUTFILETMP" -format ULFO -o "$OUTFILE"
+fi
+
+sync
+
+# Print warning about notarization
+echo "Successfully created '$OUTFILE'"
+echo
+echo "Warning: the .dmg is NOT notarized!"
+echo
+echo "You can manually notarize the .dmg using the following commands:"
+echo " xcrun notarytool submit '$OUTFILE' ... [--wait]"
+echo " xcrun stapler staple '$OUTFILE'"
+echo " xcrun stapler validate '$OUTFILE'"
+exit 0
diff --git a/solenv/bin/macosx-codesign-app-bundle
b/solenv/bin/macosx-codesign-app-bundle
index e569aef24333..b1b17dbf7393 100755
--- a/solenv/bin/macosx-codesign-app-bundle
+++ b/solenv/bin/macosx-codesign-app-bundle
@@ -75,8 +75,8 @@ done
find "$APP_BUNDLE"/Contents -name '*.app' -type d |
while read app; do
# Assume the app has a XML (and not binary) Info.plist
- id=`grep -A 1 '<key>CFBundleIdentifier</key>' $app/Contents/Info.plist |
tail -1 | sed -e 's,.*<string>,,' -e 's,</string>.*,,'`
- codesign --options=runtime --force --identifier=$id --sign
"$MACOSX_CODESIGNING_IDENTITY" $entitlements "$app" || exit 1
+ id=`grep -A 1 '<key>CFBundleIdentifier</key>' "$app/Contents/Info.plist" |
tail -1 | sed -e 's,.*<string>,,' -e 's,</string>.*,,'`
+ codesign --timestamp --options=runtime --force --identifier=$id --sign
"$MACOSX_CODESIGNING_IDENTITY" $entitlements "$app" || exit 1
done
# Then .framework ones. Again, be generic just for kicks.
@@ -90,7 +90,7 @@ while read framework; do
if test -d $version/bin; then
# files in bin are not covered by signing the framework...
for scriptorexecutable in $(find $version/bin/ -type f); do
- codesign --options=runtime --force --identifier=$id --sign
"$MACOSX_CODESIGNING_IDENTITY" "$scriptorexecutable" || exit 1
+ codesign --timestamp --options=runtime --force
--identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$scriptorexecutable" ||
exit 1
done
fi
codesign --force --identifier=$id --sign
"$MACOSX_CODESIGNING_IDENTITY" "$version" || exit 1
@@ -114,7 +114,7 @@ while read file; do
;;
*)
id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'`
- codesign --force --options=runtime
--identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign
"$MACOSX_CODESIGNING_IDENTITY" $entitlements "$file" || exit 1
+ codesign --force --timestamp --options=runtime
--identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign
"$MACOSX_CODESIGNING_IDENTITY" $entitlements "$file" || exit 1
;;
esac
done
@@ -130,6 +130,6 @@ if test -n "$ENABLE_MACOSX_SANDBOX" && test -n
"$application_identifier"; then
# testflight/beta-testing won't work if that key is used when signing the
other executables
/usr/libexec/PlistBuddy -c "add com.apple.application-identifier string
$application_identifier" $BUILDDIR/lo.xcent
fi
-codesign --force --options=runtime --identifier="${MACOSX_BUNDLE_IDENTIFIER}"
--sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$APP_BUNDLE" || exit 1
+codesign --force --timestamp --options=runtime
--identifier="${MACOSX_BUNDLE_IDENTIFIER}" --sign
"$MACOSX_CODESIGNING_IDENTITY" $entitlements "$APP_BUNDLE" || exit 1
exit 0
