annotate deploy/linux/docker/build.sh @ 2265:d33dff02b39b sandbox-notarize

Work on sandboxing (possibly) and using the hardened runtime for notarization. Supply appropriate bundle ID for helpers as well as main application, and request inherited sandbox entitlements. Currently works with sandboxing (apparently) but not yet with the hardened runtime, where we can't load plugins signed by third parties even with the com.apple.security.cs.disable-library-validation entitlement because their team IDs don't match the host. Possibly that exception is supposed to be requested some other way?
author Chris Cannam
date Thu, 25 Apr 2019 16:46:02 +0100
parents 12b96d6b1d66
children
rev   line source
Chris@1539 1 #!/bin/bash
Chris@1539 2
Chris@1539 3 version=$(perl -p -e 's/^[^"]*"([^"]*)".*$/$1/' version.h | sed 's/-//g')
Chris@1539 4
Chris@1539 5 dockerdir=./deploy/linux/docker
Chris@1539 6 if [ ! -d "$dockerdir" ]; then
Chris@1539 7 echo "Run this script from the build root"
Chris@1539 8 exit 2
Chris@1539 9 fi
Chris@1539 10
Chris@1539 11 platform="$1"
Chris@1539 12
Chris@1539 13 if [ -z "$platform" ] || [ -n "$2" ]; then
Chris@1539 14 echo "Usage: $0 <platform>"
Chris@1539 15 echo "where <platform> matches the suffix of the Docker file, e.g. ubuntu1604"
Chris@1539 16 exit 2
Chris@1539 17 fi
Chris@1539 18
Chris@1539 19 set -eu
Chris@1539 20
Chris@1539 21 echo "Building for version $version, platform $platform"
Chris@1539 22 dockerfile="Dockerfile_v${version}_${platform}"
Chris@1539 23
Chris@1539 24 if [ ! -f "$dockerdir/$dockerfile" ]; then
Chris@1909 25 echo "No matching docker file $dockerfile found in $dockerdir, trying again without version"
Chris@1909 26 dockerfile="Dockerfile_${platform}"
Chris@1909 27 if [ ! -f "$dockerdir/$dockerfile" ]; then
Chris@1909 28 echo "No matching docker file $dockerfile found in $dockerdir either"
Chris@1909 29 exit 1
Chris@1909 30 fi
Chris@1539 31 fi
Chris@1539 32
Chris@1539 33 dockertag="cannam/sonic-visualiser-$platform"
Chris@1539 34
Chris@1539 35 sudo docker build -t "$dockertag" -f "$dockerdir/$dockerfile" "$dockerdir"
Chris@1539 36
Chris@1539 37 outdir="$dockerdir/output"
Chris@1539 38 mkdir -p "$outdir"
Chris@1539 39
Chris@1539 40 container=$(sudo docker create "$dockertag")
Chris@1539 41 sudo docker cp "$container":output.tar "$outdir"
Chris@1539 42 sudo docker rm "$container"
Chris@1539 43
Chris@1539 44 ( cd "$outdir" ; tar xf output.tar && rm -f output.tar )
Chris@1539 45
Chris@1539 46 echo
Chris@1539 47 echo "Done, output directory contains:"
Chris@1539 48 ls -ltr "$outdir"