Mercurial > hg > vamp-plugin-pack
changeset 62:3fd66c30eb28
Mac notarization logic
| author | Chris Cannam |
|---|---|
| date | Mon, 10 Feb 2020 15:16:10 +0000 |
| parents | 48f3eb79fdd0 |
| children | 58e766558fac |
| files | deploy/osx/build-and-package.sh deploy/osx/deploy-and-package.sh deploy/osx/notarize.sh deploy/osx/sign.sh |
| diffstat | 4 files changed, 154 insertions(+), 130 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/osx/build-and-package.sh Mon Feb 10 15:16:10 2020 +0000 @@ -0,0 +1,146 @@ +#!/bin/bash + +# Run this from the project root, without arguments, or with the +# single argument --no-notarization to skip the notarize step + +set -e + +notarize=yes +if [ "$1" = "--no-notarization" ]; then + notarize=no +elif [ -n "$1" ]; then + echo "Usage: $0 [--no-notarization]" + exit 2 +fi + +set -u + +app="Vamp Plugin Pack Installer" +identity="Developer ID Application: Chris Cannam" + +version=`perl -p -e 's/^[^"]*"([^"]*)".*$/$1/' version.h` + +qmake=$(grep '^# Command: ' Makefile | awk '{ print $3; }') + +echo "Proceed to rebuild, package, and sign version $version using" +echo -n "qmake path \"$qmake\" [Yn] ? " +read yn +case "$yn" in "") ;; [Yy]) ;; *) exit 3;; esac +echo "Proceeding" + +source="$app.app" +volume="$app"-"$version" +target="$volume"/"$app".app +dmg="$volume".dmg + +if [ -d "$volume" ]; then + echo "Target directory $volume already exists, not overwriting" + exit 2 +fi + +if [ -f "$dmg" ]; then + echo "Target disc image $dmg already exists, not overwriting" + exit 2 +fi + +if [ "$notarize" = no ]; then + echo + echo "Note: The --no-notarization flag is set: won't be submitting for notarization" +fi + +rm -rf "$app.app" +rm -rf "$volume" +rm -f "$dmg" + +./repoint install +rm -rf .qmake.stash +"$qmake" -r +make clean +rm -rf out + +echo +echo "Building plugins..." +make -j3 -f Makefile.plugins +echo "Done" + +echo +echo "Signing plugins..." +codesign -s "$identity" -fv --timestamp --options runtime out/*.dylib +echo "Done" + +if [ "$notarize" = no ]; then + echo + echo "The --no-notarization flag was set: not submitting for notarization" +else + echo + echo "Notarizing plugins..." + rm -f plugins.zip + ditto -c -k out plugins.zip + deploy/osx/notarize.sh plugins.zip + echo "Done" + +## No, it doesn't seem to be possible to pass a dylib to stapler +# echo +# echo "Stapling plugins..." +# xcrun stapler staple out/*.dylib +# echo "Done" +fi + +echo +echo "Building installer..." +make -j3 -f Makefile.installer +echo "Done" + +echo +echo "Deploying installer..." +deploy/osx/deploy.sh "$app" || exit 1 +echo "Done" + +echo +echo "Making target tree..." +mkdir "$volume" || exit 1 + +#cp README.md "$volume/README.txt" +#cp README.OSC "$volume/README-OSC.txt" +#cp COPYING "$volume/COPYING.txt" +#cp CHANGELOG "$volume/CHANGELOG.txt" +#cp CITATION "$volume/CITATION.txt" +cp -rp "$source" "$target" + +# update file timestamps so as to make the build date apparent +find "$volume" -exec touch \{\} \; +echo "Done" + +echo +echo "Signing installer..." +codesign -s "$identity" -fv --deep --timestamp --options runtime "$volume" +echo "Done" + +echo +echo "Making dmg..." +rm -f "$dmg" +hdiutil create -srcfolder "$volume" "$dmg" -volname "$volume" -fs HFS+ && + rm -r "$volume" +echo "Done" + +echo +echo "Signing dmg..." +codesign -s "$identity" -fv --timestamp "$dmg" +echo "Done" + +if [ "$notarize" = no ]; then + echo + echo "The --no-notarization flag was set: not submitting for notarization" +else + echo + echo "Submitting disk image for notarization..." + deploy/osx/notarize.sh "$dmg" + echo "Done" + + echo + echo "Stapling disk image..." + xcrun stapler staple "$dmg" + echo "Done" +fi + +echo "Done"
--- a/deploy/osx/deploy-and-package.sh Fri Feb 07 11:52:40 2020 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,97 +0,0 @@ -#!/bin/bash - -# Run this from the project root, without arguments, or with the -# single argument --no-notarization to skip the notarize step - -set -e - -notarize=yes -if [ "$1" = "--no-notarization" ]; then - notarize=no -elif [ -n "$1" ]; then - echo "Usage: $0 [--no-notarization]" - exit 2 -fi - -set -u - -app="Vamp Plugin Pack Installer" - -version=`perl -p -e 's/^[^"]*"([^"]*)".*$/$1/' version.h` - -source="$app.app" -volume="$app"-"$version" -target="$volume"/"$app".app -dmg="$volume".dmg - -if [ -d "$volume" ]; then - echo "Target directory $volume already exists, not overwriting" - exit 2 -fi - -if [ -f "$dmg" ]; then - echo "Target disc image $dmg already exists, not overwriting" - exit 2 -fi - -if [ "$notarize" = no ]; then - echo - echo "Note: The --no-notarization flag is set: won't be submitting for notarization" -fi - -echo -echo "(Re-)running deploy script..." - -deploy/osx/deploy.sh "$app" || exit 1 - -echo -echo "Making target tree." - -mkdir "$volume" || exit 1 - -ln -s /Applications "$volume"/Applications -#cp README.md "$volume/README.txt" -#cp README.OSC "$volume/README-OSC.txt" -#cp COPYING "$volume/COPYING.txt" -#cp CHANGELOG "$volume/CHANGELOG.txt" -#cp CITATION "$volume/CITATION.txt" -cp -rp "$source" "$target" - -# update file timestamps so as to make the build date apparent -find "$volume" -exec touch \{\} \; - -echo "Done" - -echo -echo "Code-signing volume..." - -deploy/osx/sign.sh "$volume" || exit 1 - -echo "Done" - -echo -echo "Making dmg..." - -rm -f "$dmg" - -hdiutil create -srcfolder "$volume" "$dmg" -volname "$volume" -fs HFS+ && - rm -r "$volume" - -echo "Done" - -echo -echo "Signing dmg..." - -codesign -s "Developer ID Application: Chris Cannam" -fv "$dmg" - -if [ "$notarize" = no ]; then - echo - echo "The --no-notarization flag was set: not submitting for notarization" -else - echo - echo "Submitting dmg for notarization..." - - deploy/osx/notarize.sh "$dmg" || exit 1 -fi - -echo "Done"
--- a/deploy/osx/notarize.sh Fri Feb 07 11:52:40 2020 +0000 +++ b/deploy/osx/notarize.sh Mon Feb 10 15:16:10 2020 +0000 @@ -14,11 +14,11 @@ set -e -dmg="$1" +target="$1" -if [ ! -f "$dmg" ] || [ -n "$2" ]; then - echo "Usage: $0 <dmg>" - echo " e.g. $0 MyApplication-1.0.dmg" +if [ ! -f "$target" ] || [ -n "$2" ]; then + echo "Usage: $0 <target>" + echo " e.g. $0 MyApplication-1.0.target" exit 2 fi @@ -32,7 +32,7 @@ rm -f "$uuidfile" "$statfile" xcrun altool --notarize-app \ - -f "$dmg" \ + -f "$target" \ --primary-bundle-id "$bundleid" \ -u "$user" \ -p @keychain:altool 2>&1 | tee "$uuidfile" @@ -77,7 +77,7 @@ done echo -echo "Stapling to package..." +echo "Done, don't forget to staple the target or its contents" +echo "(e.g. xcrun stapler staple '$target')" +exit 0 -xcrun stapler staple "$dmg" || exit 1 -
--- a/deploy/osx/sign.sh Fri Feb 07 11:52:40 2020 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,25 +0,0 @@ -#!/bin/bash - -set -eu - -# Execute this from the top-level directory of the project (the one -# that contains the .app bundle). Supply the name of the .app bundle -# as argument -dir="$1" -if [ -z "$dir" ] || [ ! -d "$dir" ]; then - echo "Usage: $0 <pkgdir>" - echo "Where pkgdir is the directory containing <MyApplication>.app" - echo "All .app bundles in pkgdir will be signed" - exit 2 -fi - -entitlements=deploy/osx/Entitlements.plist - -for app in "$dir"/*.app; do - find "$app" -name \*.dylib -print | while read fr; do - codesign -s "Developer ID Application: Chris Cannam" -fv --deep --options runtime "$fr" - done - codesign -s "Developer ID Application: Chris Cannam" -fv --deep --options runtime --entitlements "$entitlements" "$app/Contents/MacOS/Vamp Plugin Pack Installer" - codesign -s "Developer ID Application: Chris Cannam" -fv --deep --options runtime --entitlements "$entitlements" "$app" -done -