From 692c7a2c22c697f18e2b17add3b177bb689a254a Mon Sep 17 00:00:00 2001 From: Christian Beier Date: Mon, 11 Nov 2024 21:07:49 +0100 Subject: [PATCH] macos: script build sign validate upload re #222 --- macos/.gitignore | 1 + macos/README.md | 23 ++---------- macos/build-sign-validate-upload.sh | 58 +++++++++++++++++++++++++++++ 3 files changed, 62 insertions(+), 20 deletions(-) create mode 100644 macos/.gitignore create mode 100755 macos/build-sign-validate-upload.sh diff --git a/macos/.gitignore b/macos/.gitignore new file mode 100644 index 00000000..84c048a7 --- /dev/null +++ b/macos/.gitignore @@ -0,0 +1 @@ +/build/ diff --git a/macos/README.md b/macos/README.md index 0a187fcb..ca3bcca5 100644 --- a/macos/README.md +++ b/macos/README.md @@ -4,23 +4,6 @@ For the time being, we're building an Intel binary only. Universal builds to com - Install build tools: `brew install cmake gettext` - Install build dependencies: `brew install wxwidgets jpeg-turbo openssl` -- Build release app bundle: -``` - mkdir build - cd build - MACOSX_DEPLOYMENT_TARGET=10.15 cmake .. -DCMAKE_BUILD_TYPE=Release - cmake --build . - cmake --install . --prefix . -``` -- [Sign the app](https://developer.apple.com/documentation/xcode/creating-distribution-signed-code-for-the-mac): - - Get distribution codesigning identity: `security find-identity -p codesigning -v` - - Sign embedded libs: `codesign -s -f -i net.christianbeier.MultiVNC.libs MultiVNC.app/Contents/Frameworks/*` - - Sign app: `codesign -s --entitlements ../macos/MultiVNC.entitlements MultiVNC.app` - - Verify: `codesign -d -vv MultiVNC.app` -- [Build an installer package for App Store distribution](https://developer.apple.com/documentation/xcode/packaging-mac-software-for-distribution): - - Get Mac Installer Distribution signing identity: `security find-identity -v` - - `productbuild --sign --component MultiVNC.app /Applications MultiVNC.pkg` -- [Validate and upload package](https://help.apple.com/asc/appsaltool) - - Might need an app-specific password if using 2FA. - - Need to create app in https://appstoreconnect.apple.com/apps first. - - Validate: `xcrun altool --validate-app -f MultiVNC.pkg -t osx -u -p --output-format xml` +- Building a release app bundle, [signing the app](https://developer.apple.com/documentation/xcode/creating-distribution-signed-code-for-the-mac), + [building an installer package for App Store distribution](https://developer.apple.com/documentation/xcode/packaging-mac-software-for-distribution) as well as + [validating and uploading the package](https://help.apple.com/asc/appsaltool) is all done by the `build-sign-validate-upload.sh` script. diff --git a/macos/build-sign-validate-upload.sh b/macos/build-sign-validate-upload.sh new file mode 100755 index 00000000..b99b1461 --- /dev/null +++ b/macos/build-sign-validate-upload.sh @@ -0,0 +1,58 @@ +#!/bin/sh + +[ -z "$CODESIGN_ID_DISTRIBUTION" ] && { + echo "Please set CODESIGN_ID_DISTRIBUTION env var. You can get it via 'security find-identity -p codesigning -v'" + exit 1 +} + +[ -z "$CODESIGN_ID_INSTALLER" ] && { + echo "Please set CODESIGN_ID_INSTALLER env var. You can get it via 'security find-identity -v'" + exit 1 +} + +[ -z "$APPLE_ID_EMAIL" ] && { + echo "Please set APPLE_ID_EMAIL env var." + exit 1 +} + +[ -z "$APPLE_ID_PASSWORD" ] && { + echo "Please set APPLE_ID_PASSWORD env var. Might need an app-specific password if using 2FA, which you can create at https://appstoreconnect.apple.com/apps" + exit 1 +} + +set -e + +echo +echo "Build release app bundle" +echo +mkdir -p build +cd build +MACOSX_DEPLOYMENT_TARGET=10.15 cmake ../.. -DCMAKE_BUILD_TYPE=Release +make -j +cmake --install . --prefix . + +echo +echo "Sign embedded libs" +echo +codesign -s $CODESIGN_ID_DISTRIBUTION -f -i net.christianbeier.MultiVNC.libs MultiVNC.app/Contents/Frameworks/* + +echo +echo "Sign app" +echo +codesign -s $CODESIGN_ID_DISTRIBUTION --entitlements ../MultiVNC.entitlements MultiVNC.app + + +echo +echo "Verify signing" +echo +codesign -d -vv MultiVNC.app + +echo +echo "Build an installer package for App Store distribution" +echo +productbuild --sign $CODESIGN_ID_INSTALLER --component MultiVNC.app /Applications MultiVNC.pkg + +echo +echo "Validate package" +echo +xcrun altool --validate-app -f MultiVNC.pkg -t osx -u $APPLE_ID_EMAIL -p $APPLE_ID_PASSWORD --output-format xml