Mercurial > hg > sonic-visualiser

annotate deploy/osx/deploy.sh @ 2265:d33dff02b39b sandbox-notarize

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Work on sandboxing (possibly) and using the hardened runtime for notarization. Supply appropriate bundle ID for helpers as well as main application, and request inherited sandbox entitlements. Currently works with sandboxing (apparently) but not yet with the hardened runtime, where we can't load plugins signed by third parties even with the com.apple.security.cs.disable-library-validation entitlement because their team IDs don't match the host. Possibly that exception is supposed to be requested some other way?
author Chris Cannam
date Thu, 25 Apr 2019 16:46:02 +0100
parents 23be8dccb855
children
rev   line source
Chris@409 1 #!/bin/bash
Chris@409 2
Chris@1077 3 set -e
Chris@1077 4
Chris@409 5 # Execute this from the top-level directory of the project (the one
Chris@409 6 # that contains the .app bundle). Supply the name of the .app bundle
Chris@409 7 # as argument (the target will use $app.app regardless, but we need
Chris@409 8 # to know the source)
Chris@409 9
Chris@409 10 source="$1"
Chris@409 11 dmg="$2"
Chris@409 12 if [ -z "$source" ] || [ ! -d "$source" ] || [ -z "$dmg" ]; then
Chris@409 13 echo "Usage: $0 <source.app> <target-dmg-basename>"
Chris@463 14 echo " e.g. $0 MyApplication.app MyApplication"
Chris@463 15 echo " Version number and .dmg will be appended automatically,"
Chris@463 16 echo " but the .app name must include .app"
Chris@409 17 exit 2
Chris@409 18 fi
Chris@409 19 app=`basename "$source" .app`
Chris@409 20
Chris@1077 21 set -u
Chris@1077 22
Chris@409 23 version=`perl -p -e 's/^[^"]*"([^"]*)".*$/$1/' version.h`
Chris@1055 24 stem=${version%%-*}
cannam@1648 25 stem=${stem%%pre*}
Chris@1055 26 case "$stem" in
cannam@1648 27 [0-9].[0-9]) bundleVersion="$stem".0 ;;
cannam@1648 28 [0-9].[0-9].[0-9]) bundleVersion="$stem" ;;
Chris@1055 29 *) echo "Error: Version stem $stem (of version $version) is neither two- nor three-part number" ;;
Chris@409 30 esac
Chris@409 31
Chris@409 32 echo
Chris@745 33 echo "Copying in frameworks and plugins from Qt installation directory."
Chris@745 34
Chris@745 35 deploy/osx/copy-qt.sh "$app" || exit 2
Chris@745 36
Chris@745 37 echo
Chris@514 38 echo "Fixing up paths."
Chris@514 39
Chris@514 40 deploy/osx/paths.sh "$app"
Chris@514 41
Chris@514 42 echo
Chris@1077 43 echo "Copying in qt.conf to set local-only plugin paths."
Chris@1077 44 echo "Make sure all necessary Qt plugins are in $source/Contents/plugins/*"
Chris@1077 45 echo "You probably want platforms/, accessible/ and imageformats/ subdirectories."
Chris@1077 46 cp deploy/osx/qt.conf "$source"/Contents/Resources/qt.conf
Chris@1077 47
Chris@1077 48 echo
Chris@1499 49 echo "Copying in plugin load checker."
Chris@2265 50 cp checker/vamp-plugin-load-checker "$source"/Contents/Resources/
cannam@1286 51
cannam@1286 52 echo
cannam@1286 53 echo "Copying in plugin server."
Chris@2265 54 cp piper-vamp-simple-server "$source"/Contents/Resources/
Chris@1153 55
Chris@1153 56 echo
Chris@1077 57 echo "Writing version $bundleVersion in to bundle."
Chris@1077 58 echo "(This should be a three-part number: major.minor.point)"
Chris@1077 59
Chris@1077 60 perl -p -e "s/SV_VERSION/$bundleVersion/" deploy/osx/Info.plist \
Chris@1077 61 > "$source"/Contents/Info.plist
Chris@1077 62
Chris@1077 63 echo "Done: check $source/Contents/Info.plist for sanity please"
Chris@1077 64
Chris@1077 65 echo
Chris@2170 66 echo "Copying in lproj directories containing InfoPlist.strings translation files."
Chris@2170 67 cp -r i18n/*.lproj "$source"/Contents/Resources/
Chris@2170 68
Chris@2170 69 echo
Chris@409 70 echo "Making target tree."
Chris@409 71
Chris@409 72 volume="$app"-"$version"
Chris@409 73 target="$volume"/"$app".app
Chris@409 74 dmg="$dmg"-"$version".dmg
Chris@409 75
Chris@409 76 mkdir "$volume" || exit 1
Chris@409 77
Chris@409 78 ln -s /Applications "$volume"/Applications
Chris@1764 79 cp README.md "$volume/README.txt"
Chris@1764 80 cp README.OSC "$volume/README-OSC.txt"
Chris@1764 81 cp COPYING "$volume/COPYING.txt"
Chris@1764 82 cp CHANGELOG "$volume/CHANGELOG.txt"
Chris@1764 83 cp CITATION "$volume/CITATION.txt"
Chris@409 84 cp -rp "$source" "$target"
Chris@409 85
cannam@1714 86 # update file timestamps so as to make the build date apparent
cannam@1714 87 find "$volume" -exec touch \{\} \;
cannam@1714 88
Chris@409 89 echo "Done"
Chris@409 90
cannam@1286 91 echo
cannam@1286 92 echo "Code-signing volume..."
cannam@1286 93
Chris@510 94 deploy/osx/sign.sh "$volume" || exit 1
Chris@510 95
cannam@1286 96 echo "Done"
cannam@1286 97
Chris@409 98 echo
Chris@409 99 echo "Making dmg..."
Chris@409 100
cannam@1947 101 hdiutil create -srcfolder "$volume" "$dmg" -volname "$volume" -fs HFS+ &&
Chris@409 102 rm -r "$volume"
Chris@409 103
Chris@2068 104 echo
Chris@2068 105 echo "Signing dmg..."
Chris@2068 106
Chris@2265 107 codesign -s "Developer ID Application: Chris Cannam" -fv "$dmg" -i "org.sonicvisualiser.SonicVisualiser"
Chris@2068 108
Chris@409 109 echo "Done"