Mercurial > hg > sonic-visualiser

annotate deploy/linux/docker/Dockerfile_appimage.in @ 2265:d33dff02b39b sandbox-notarize

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Work on sandboxing (possibly) and using the hardened runtime for notarization. Supply appropriate bundle ID for helpers as well as main application, and request inherited sandbox entitlements. Currently works with sandboxing (apparently) but not yet with the hardened runtime, where we can't load plugins signed by third parties even with the com.apple.security.cs.disable-library-validation entitlement because their team IDs don't match the host. Possibly that exception is supposed to be requested some other way?
author Chris Cannam
date Thu, 25 Apr 2019 16:46:02 +0100
parents 3f3ad6701482
children 1d87a709fe1a
rev   line source
Chris@1910 1 FROM ubuntu:14.04
Chris@1910 2 MAINTAINER Chris Cannam <cannam@all-day-breakfast.com>
Chris@1910 3 RUN apt-get update && \
Chris@1910 4 apt-get install -y \
Chris@1910 5 software-properties-common \
Chris@1910 6 build-essential \
Chris@1910 7 libbz2-dev \
Chris@1910 8 libfftw3-dev \
Chris@1910 9 libfishsound1-dev \
Chris@1910 10 libid3tag0-dev \
Chris@1910 11 liblo-dev \
Chris@1910 12 liblrdf0-dev \
Chris@1910 13 libmad0-dev \
Chris@1910 14 liboggz2-dev \
Chris@1910 15 libpulse-dev \
Chris@1922 16 libasound2-dev \
Chris@1931 17 libjack-dev \
Chris@1910 18 libsamplerate-dev \
Chris@1910 19 libsndfile-dev \
Chris@1910 20 libsord-dev \
Chris@1910 21 libxml2-utils \
Chris@1910 22 libgl1-mesa-dev \
Chris@1910 23 raptor-utils \
Chris@1910 24 librubberband-dev \
Chris@1910 25 git \
Chris@1910 26 mercurial \
Chris@1910 27 curl wget \
Chris@1910 28 mlton \
Chris@1910 29 autoconf automake libtool lintian
Chris@1921 30
Chris@1931 31 # NB we do not install portaudio. We don't want to end up including it
Chris@1931 32 # in the bundle, because it comes with a dependency on the JACK
Chris@1931 33 # library which we don't want to bundle and can't assume people will
Chris@1931 34 # have. However, we do install JACK because the Dynamic JACK mechanism
Chris@1931 35 # should ensure we can detect, configure, and use that without
Chris@1931 36 # actually linking against it. We also have Pulse as the default I/O.
Chris@1921 37
Chris@1910 38 RUN apt-add-repository -y ppa:beineri/opt-qt-5.10.1-trusty
Chris@1910 39 RUN apt-get update && \
Chris@1910 40 apt-get install -y \
Chris@1910 41 qt510base \
Chris@1910 42 qt510svg
Chris@1910 43 RUN apt-get clean && rm -rf /var/lib/apt/lists/*
Chris@1971 44
Chris@1910 45 RUN locale-gen en_US.UTF-8
Chris@1910 46 ENV LANG en_US.UTF-8
Chris@1910 47 ENV LANGUAGE en_US:en
Chris@1910 48 ENV LC_ALL en_US.UTF-8
Chris@1971 49
Chris@1924 50 RUN hg clone -r[[REVISION]] https://code.soundsoftware.ac.uk/hg/sonic-visualiser
Chris@1971 51
Chris@1910 52 RUN git clone https://github.com/sandstorm-io/capnproto
Chris@1953 53 WORKDIR capnproto
Chris@1977 54 RUN git checkout v0.6.1
Chris@1953 55 WORKDIR c++
Chris@1971 56 RUN autoreconf -i && ./configure && make -j3 && make install
Chris@1971 57
Chris@2144 58 WORKDIR /root
Chris@2144 59
Chris@2144 60 COPY id_dsa_build .ssh/id_dsa_build
Chris@2144 61 COPY known_hosts .ssh/known_hosts
Chris@2144 62 RUN chmod 600 .ssh/id_dsa_build .ssh/known_hosts
Chris@2144 63 RUN echo '{"accounts": {"bitbucket": "cannam"}}' > .repoint.json
Chris@2144 64 RUN ( echo '[ui]' ; echo 'ssh = ssh -i /root/.ssh/id_dsa_build' ) > .hgrc
Chris@2144 65
Chris@2144 66 WORKDIR /sonic-visualiser
Chris@1910 67 ENV QTDIR /opt/qt510
Chris@1910 68 ENV PATH /opt/qt510/bin:$PATH
Chris@1910 69 RUN ./configure
Chris@1910 70 RUN make -j3
Chris@1971 71
Chris@1910 72 RUN deploy/linux/deploy-appimage.sh
Chris@2116 73 RUN tar cvf output-appimage.tar *.AppImage && cp output-appimage.tar ..