Mercurial > hg > sonic-visualiser
annotate deploy/linux/build-and-test-appimage.sh @ 2265:d33dff02b39b sandbox-notarize
Work on sandboxing (possibly) and using the hardened runtime for notarization. Supply appropriate bundle ID for helpers as well as main application, and request inherited sandbox entitlements. Currently works with sandboxing (apparently) but not yet with the hardened runtime, where we can't load plugins signed by third parties even with the com.apple.security.cs.disable-library-validation entitlement because their team IDs don't match the host. Possibly that exception is supposed to be requested some other way?
| author | Chris Cannam |
|---|---|
| date | Thu, 25 Apr 2019 16:46:02 +0100 |
| parents | 3a4202cae7fe |
| children | 6845d7dafebf |
| rev | line source |
|---|---|
| Chris@1924 | 1 #!/bin/bash |
| Chris@1924 | 2 # |
| Chris@1924 | 3 # Docker required |
| Chris@1924 | 4 |
| Chris@1924 | 5 set -eu |
| Chris@1924 | 6 |
| Chris@1924 | 7 current=$(hg id | awk '{ print $1; }') |
| Chris@1924 | 8 |
| Chris@1924 | 9 case "$current" in |
| Chris@1924 | 10 *+) echo "ERROR: Current working copy has been modified - unmodified copy required so we know we can check it out separately and obtain the same contents"; exit 2;; |
| Chris@1924 | 11 *);; |
| Chris@1924 | 12 esac |
| Chris@1924 | 13 |
| Chris@1924 | 14 echo |
| Chris@1926 | 15 echo "Building appimage from revision $current..." |
| Chris@1924 | 16 |
| Chris@1924 | 17 dockerdir=deploy/linux/docker |
| Chris@1924 | 18 |
| Chris@1924 | 19 cat "$dockerdir"/Dockerfile_appimage.in | \ |
| Chris@1924 | 20 perl -p -e "s/\[\[REVISION\]\]/$current/g" > \ |
| Chris@1924 | 21 "$dockerdir"/Dockerfile_appimage.gen |
| Chris@1924 | 22 |
| Chris@1924 | 23 cat "$dockerdir"/Dockerfile_test_appimage.in | \ |
| Chris@1924 | 24 perl -p -e "s/\[\[REVISION\]\]/$current/g" > \ |
| Chris@1924 | 25 "$dockerdir"/Dockerfile_test_appimage.gen |
| Chris@1924 | 26 |
| Chris@2144 | 27 grep '^bitbucket.org' ~/.ssh/known_hosts > "$dockerdir"/known_hosts |
| Chris@2144 | 28 cp ~/.ssh/id_dsa_build "$dockerdir"/id_dsa_build |
| Chris@2144 | 29 chmod 600 "$dockerdir"/known_hosts "$dockerdir"/id_dsa_build |
| Chris@2144 | 30 trap "rm $dockerdir/known_hosts $dockerdir/id_dsa_build" 0 |
| Chris@2144 | 31 |
| Chris@1925 | 32 dockertag="cannam/sonic-visualiser-appimage-$current" |
| Chris@1925 | 33 |
| Chris@1925 | 34 sudo docker build -t "$dockertag" -f "$dockerdir"/Dockerfile_appimage.gen "$dockerdir" |
| Chris@1925 | 35 |
| Chris@1925 | 36 outdir="$dockerdir/output" |
| Chris@1925 | 37 mkdir -p "$outdir" |
| Chris@1925 | 38 |
| Chris@1925 | 39 container=$(sudo docker create "$dockertag") |
| Chris@1925 | 40 |
| Chris@2116 | 41 sudo docker cp "$container":output-appimage.tar "$outdir" |
| Chris@1925 | 42 sudo docker rm "$container" |
| Chris@1925 | 43 |
| Chris@2116 | 44 ( cd "$outdir" ; tar xf output-appimage.tar && rm -f output-appimage.tar ) |
| Chris@1924 | 45 |
| Chris@1924 | 46 sudo docker build -f "$dockerdir"/Dockerfile_test_appimage.gen "$dockerdir" |