From e35caad676b34cfae336e60846c539ecba0a7dc7 Mon Sep 17 00:00:00 2001 From: kali Date: Sat, 21 Nov 2020 21:12:47 +0100 Subject: [pkg] add notarization steps for installer in osx --- Makefile | 36 +++++++++++++++++++++--- bitmask.pro | 2 ++ branding/templates/qtinstaller/config/config.xml | 1 + branding/templates/qtinstaller/installer.pro | 3 ++ 4 files changed, 38 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 97f1e97..2759704 100644 --- a/Makefile +++ b/Makefile @@ -13,6 +13,8 @@ TARGET ?= $(shell VENDOR_PATH=${VENDOR_PATH} branding/scripts/getparam binname | PROVIDER ?= $(shell grep ^'provider =' ${VENDOR_PATH}/vendor.conf | cut -d '=' -f 2 | tr -d "[:space:]") VERSION ?= $(shell git describe) WINCERTPASS ?= pass +OSXAPPPASS ?= pass +OSXMORDORUID ?= uid # go paths GOPATH = $(shell go env GOPATH) @@ -30,9 +32,8 @@ endif QTBUILD = build/qt INSTALLER = build/installer INST_DATA = ${INSTALLER}/packages/bitmaskvpn/data/ -OSX_CERT="Developer ID Installer: LEAP Encryption Access Project" -MACDEPLOYQT_OPTS = -appstore-compliant -qmldir=gui/qml -always-overwrite -# XXX expired cert -codesign="${OSX_CERT}" +OSX_CERT="Developer ID Application: LEAP Encryption Access Project" +MACDEPLOYQT_OPTS = -appstore-compliant -qmldir=gui/qml -always-overwrite -codesign="${OSX_CERT}" SCRIPTS = branding/scripts TEMPLATES = branding/templates @@ -67,7 +68,7 @@ dependsLinux: @# debian needs also: snap install snapcraft --classic; snap install multipass --beta --classic dependsDarwin: - @brew install python3 golang make pkg-config curl + @brew install python3 golang make pkg-config curl create-dmg @brew install --default-names gnu-sed dependsCYGWIN_NT-10.0: @@ -214,6 +215,33 @@ ifeq (${PLATFORM}, windows) # TODO add flag to skip signing for regular builds "c:\windows\system32\signtool.exe" sign -f "z:\leap\LEAP.pfx" -p ${WINCERTPASS} build/installer/${APPNAME}-installer-${VERSION}.exe endif +ifeq (${PLATFORM}, darwin) + gsed -i "s/com.yourcompany.installerbase/se.leap.bitmask.${TARGET}/g" build/installer/${APPNAME}-installer-${VERSION}.app/Contents/Info.plist + codesign -s ${OSX_CERT} --options "runtime" build/installer/${APPNAME}-installer-${VERSION}.app + ditto -ck --rsrc --sequesterRsrc build/installer/${APPNAME}-installer-${VERSION}.app build/installer/${APPNAME}-installer-${VERSION}.zip +endif + +notarize_installer: +# courtesy of https://skyronic.com/2019/07/app-notarization-for-qt-applications/ +ifeq (${PLATFORM}, darwin) + xcrun altool --notarize-app -t osx -f build/installer/${APPNAME}-installer-${VERSION}.zip --primary-bundle-id="se.leap.bitmask.${TARGET}" -u "info@leap.se" -p ${OSXAPPPASS} +endif + +notarize_check: +ifeq (${PLATFORM}, darwin) + xcrun altool --notarization-info ${OSXMORDORUID} -u "info@leap.se" -p ${OSXAPPPASS} +endif + +notarize_staple: +ifeq (${PLATFORM}, darwin) + xcrun stapler staple build/installer/${APPNAME}-installer-${VERSION}.app +endif + +create_dmg: +ifeq (${PLATFORM}, darwin) + @create-dmg deploy/${APPNAME}-${VERSION}.dmg build/installer/${APPNAME}-installer-${VERSION}.app +endif + check_qtifw: ifdef HAS_QTIFW diff --git a/bitmask.pro b/bitmask.pro index e9b40db..32c701d 100644 --- a/bitmask.pro +++ b/bitmask.pro @@ -5,6 +5,8 @@ windows:CONFIG -= console unix:DEBUG:CONFIG += debug lessThan(QT_MAJOR_VERSION, 5): error("requires Qt 5") QMAKE_MACOSX_DEPLOYMENT_TARGET = 10.11 +QMAKE_TARGET_BUNDLE_PREFIX = se.leap +QMAKE_BUNDLE = $$TARGET !defined(VENDOR_PATH, var):VENDOR_PATH="providers/riseup" diff --git a/branding/templates/qtinstaller/config/config.xml b/branding/templates/qtinstaller/config/config.xml index df7b6d4..0de8db9 100644 --- a/branding/templates/qtinstaller/config/config.xml +++ b/branding/templates/qtinstaller/config/config.xml @@ -4,6 +4,7 @@ $VERSION $APPNAME Installer ($VERSION) LEAP Encryption Access Project + https://leap.se false installer-logo.png installer-icon diff --git a/branding/templates/qtinstaller/installer.pro b/branding/templates/qtinstaller/installer.pro index 3d65334..6aab843 100644 --- a/branding/templates/qtinstaller/installer.pro +++ b/branding/templates/qtinstaller/installer.pro @@ -1,4 +1,5 @@ !defined(INSTALLER, var):INSTALLER= "BitmaskVPN-Installer-git" +!defined(TARGET, var):TARGET= "bitmask-vpn" TEMPLATE = aux CONFIG -= debug_and_release @@ -8,6 +9,8 @@ inst.output = $$INSTALLER inst.commands = binarycreator --ignore-translations -c $$PWD/config/config.xml -p $$PWD/packages ${QMAKE_FILE_OUT} inst.CONFIG += target_predeps no_link combine +QMAKE_TARGET_BUNDLE_PREFIX = se.leap +QMAKE_BUNDLE = $$TARGET QMAKE_EXTRA_COMPILERS += inst OTHER_FILES += \ -- cgit v1.2.3