CLEANUP=0
GITENTITLEMENTSPATH="utils/osx_signing/entitlements.txt"
NOCODESIGNING=0
+STAPLE=0
NOVOLUMEICON=0
VOLUMEICONPATH="utils/channels/release/images/jalview-VolumeIcon.icns"
DEFAULTVOLUMEICONFILE=".VolumeIcon.icns"
+HDIUTILV="-quiet"
usage() {
- echo "Usage: $( basename $0 ) [-h] [[-g gitdir] | [-e entfile]] [-d devid] [[-a appname] [-v appver ] [-j arch] [-w jver] | [-i dmgfile]] [-O] [-o outputdmg] [-t tmpdir] [-s signingdmg] [-S] [-z icnsfile] [-Z] [-y] [-C]"
+ echo "Usage: $( basename $0 ) [-h] [[-g gitdir] | [-e entfile]] [-d devid] [[-a appname] [-v appver ] [-j arch] [-w jver] | [-i dmgfile]] [-O] [-o outputdmg] [-t tmpdir] [-s signingdmg] [-S] [-p] [-z icnsfile] [-Z] [-y] [-C] [-v]"
echo " "
echo " This script is used in the signing process of DMG disk image files for macOS."
echo " Either -g GITDIR or -e ENTFILE should be given."
echo " -w jver Assume java version jver (also uses JVER env variable. Defaults to '1.8')."
echo " -i dmgfile Sign DMGFILE (also uses DMGFILE env variable. Defaults to a combination of GITDIR, APPNAME, APPVER, ARCH and JVER)."
echo " -t tmpdir Use temp directory tmpdir (default '/tmp')."
- echo " -s signingdmg Use signingdmg as the temporary signing folder name (default 'signingDMG')."
- echo " -S Don't perform any code signing."
+ echo " -s signingdmg Use signingdmg as the temporary signing folder name in the temporary directory (default 'signingDMG')."
+ echo " -S Don't perform any code signing (default is to codesign)."
+ echo " -p Run stapling on the APP bundle (default is to NOT staple)."
echo " -z icnsfile Use icnsfile as the volume icon file (defaults to using existing '$DEFAULTVOLUMEICONFILE' file or 'GITDIR/${VOLUMEICONPATH}'."
echo " -Z Don't set the volume icon, even if it already exists."
echo " -O Overwrite the output DMG file if it already exists."
echo " -o outputdmg Output DMG file (defaults to existing dmgfile in a 'signed' sub-directory)."
echo " -y Assume 'yes' to all confirmation requests."
echo " -C Cleanup temporary folders for the given dmgfile (Prevents all other activities. Cleanup can be narrowed down with either -i or some/all of -a -v -j -w."
+ echo " -v Allow tools such as hdiutil to be more verbose."
+ echo " "
+ echo " EXAMPLE:"
+ echo " $( basename $0 ) -g ~/work/git/jalview -i build/install4j/11/Jalview_Develop-2_11_4_0-d20240816-macos-aarch64-java_11.dmg -t -z utils/channels/develop/images/jalview_develop-VolumeIcon.icns"
+ echo " will use entitlements.txt from the gitdir (-g), and output a signed and stapled (-t) DMG file in build/install4j/11/stapled with a volume icon for Jalview Develop (-z)."
}
-while getopts "hg:e:d:a:v:j:w:i:t:s:Sz:ZyCOo:" opt; do
+while getopts "hg:e:d:a:v:j:w:i:t:s:Spz:ZyCOo:v" opt; do
case ${opt} in
h)
usage
S)
NOCODESIGNING=1
;;
+ p)
+ STAPLE=1
+ ;;
z)
VOLUMEICON="${OPTARG}"
;;
C)
CLEANUP=1
;;
+ v)
+ HDIUTILV=""
+ ;;
*)
echo "Unrecognised option. Run with -h for help."
exit 1
CODE=$2
if [ ! -z "$VOLDIR" ]; then
echo "* First detaching '${VOLDIR}'"
- hdiutil detach "$VOLDIR"
+ hdiutil detach $HDIUTILV "$VOLDIR"
fi
echo "$MSG"
exit $CODE
MOUNT=$( hdiutil info | grep "Apple_HFS" | grep "$REALPATH" 2>/dev/null | head -1 | sed -e 's/^[^[:space:]]*[[:space:]]*Apple_HFS[[:space:]]*//' )
if [ ! -z "$MOUNT" -a -d "$MOUNT" ]; then
echo "* First detaching '${MOUNT}'"
- hdiutil detach "$MOUNT"
+ hdiutil detach $HDIUTILV "$MOUNT"
fi
rm -Rf "${REMOVE}"
mkdir -p "$MOUNTROOT"
echo "* Mounting disk image '${DMGFILE}' in '${MOUNTROOT}'"
-echo "hdiutil attach -mountroot \"${MOUNTROOT}\" \"${DMGFILE}\""
-hdiutil attach -mountroot "${MOUNTROOT}" "${DMGFILE}" || myexit "Could not mount '${DMGFILE}' in '${MOUNTROOT}'. Aborting." 10
+hdiutil attach $HDIUTILV -mountroot "${MOUNTROOT}" "${DMGFILE}" || myexit "Could not mount '${DMGFILE}' in '${MOUNTROOT}'. Aborting." 10
VOLDIR=$(ls -1d "${MOUNTROOT%/}"/* | head -1)
VOLDIR="${VOLDIR%/}" # remove trailing slash
if [ -z "$VOLDIR" ]; then
ditto "$VOLDIR" "$TEMPDMGDIR"
echo "* Unmounting '${VOLDIR}' and removing '${TEMPDIR}/Volume'"
-hdiutil detach "$VOLDIR"
+hdiutil detach $HDIUTILV "$VOLDIR"
rmdir "${TEMPDIR}/Volume"
TRUE=""
-RUNNING="RUNNING: "
+RUNNING="RUNNING:"
if [ "$NOCODESIGNING" = 1 ]; then
echo "* NO actual code signing due to -S flag"
TRUE="true"
- RUNNING="NOT RUNNING: "
+ RUNNING="NOT RUNNING:"
fi
FILE="${TEMPDMGDIR}/${APPNAME}.app/Contents/Resources/app/jre/Contents/MacOS/libjli.dylib"
echo "* + '$FILE'"
-echo "${RUNNING}codesign --remove-signature --force --deep -vvvv -s \"$DEVELOPERID\" --options runtime --entitlements \"$ENTITLEMENTSFILE\" \"$FILE\""
+echo "${RUNNING} codesign --remove-signature --force --deep -vvvv -s \"$DEVELOPERID\" --options runtime --entitlements \"$ENTITLEMENTSFILE\" \"$FILE\""
$TRUE codesign --remove-signature --force --deep -vvvv -s "$DEVELOPERID" --options runtime --entitlements "$ENTITLEMENTSFILE" "$FILE"
-echo "${RUNNING}codesign --verify --deep -v \"$FILE\""
+echo "${RUNNING} codesign --verify --deep -v \"$FILE\""
$TRUE codesign --verify --deep -v "$FILE"
-
-FILE="${TEMPDMGDIR}/${APPNAME}.app/Contents/MacOS/JavaApplicationStub"
+APPPATH="${TEMPDMGDIR}/${APPNAME}.app"
+FILE="${APPPATH}/Contents/MacOS/JavaApplicationStub"
echo "* + '$FILE'"
-echo "${RUNNING}codesign --remove-signature --force --deep -vvvv -s \"$DEVELOPERID\" --options runtime --entitlements \"$ENTITLEMENTSFILE\" \"$FILE\""
+echo "${RUNNING} codesign --remove-signature --force --deep -vvvv -s \"$DEVELOPERID\" --options runtime --entitlements \"$ENTITLEMENTSFILE\" \"$FILE\""
$TRUE codesign --remove-signature --force --deep -vvvv -s "$DEVELOPERID" --options runtime --entitlements "$ENTITLEMENTSFILE" "$FILE"
+# stapling
+SIGNEDDIRNAME="signed"
+if [ "$STAPLE" = 1 ]; then
+
+ SIGNEDDIRNAME="stapled"
+
+ echo "* Stapling '${APPNAME}.app'"
+
+ echo "${RUNNING} xcrun stapler staple \"${APPPATH}\""
+ $TRUE xcrun stapler staple "${APPPATH}"
+
+fi
if [ ! -z "$OUTPUTDMGFILE" ]; then
NEWDMGFILE="$OUTPUTDMGFILE"
else
- SIGNEDDIR="${DMGDIR%/}/signed"
+ SIGNEDDIR="${DMGDIR%/}/${SIGNEDDIRNAME}"
NEWDMGFILE="${SIGNEDDIR}/${DMGNAME}"
echo "* Creating folder '${SIGNEDDIR}' for new DMG file '${DMGNAME}'"
mkdir -p "$SIGNEDDIR"
if [ "$NOVOLUMEICON" = 1 ]; then
+
echo "* NOT setting a volume icon"
# without volume icon
echo "* Creating new DMG file '${NEWDMGFILE}' to sign"
- echo "hdiutil create -megabytes 260 -srcfolder \"$TEMPDMGDIR\" -volname \"$VOLNAME\" \"$NEWDMGFILE\""
- hdiutil create -megabytes 260 -srcfolder "$TEMPDMGDIR" -volname "$VOLNAME" "$NEWDMGFILE" || mydetachexit "Could not create new DMG file '${NEWDMGFILE}'" 15
+ echo "hdiutil create $HDIUTILV -megabytes 260 -srcfolder \"$TEMPDMGDIR\" -volname \"$VOLNAME\" \"$NEWDMGFILE\""
+ hdiutil create $HDIUTILV -megabytes 260 -srcfolder "$TEMPDMGDIR" -volname "$VOLNAME" "$NEWDMGFILE" || mydetachexit "Could not create new DMG file '${NEWDMGFILE}'" 15
else
TEMPMOUNTDIR="${TEMP_RW_BASE}_mount"
- echo "* Creating temporary RW DMG file '${TMPDMGFILE}' to sign"
+ echo "* Creating temporary RW DMG file '${TEMPDMGFILE}' to sign"
- echo "hdiutil create -format UDRW -megabytes 260 -srcfolder \"$TEMPDMGDIR\" -volname \"$VOLNAME\" \"$TEMPDMGFILE\""
- hdiutil create -format UDRW -megabytes 260 -srcfolder "$TEMPDMGDIR" -volname "$VOLNAME" "$TEMPDMGFILE" || mydetachexit "Could not create temporary DMG file '${TEMPDMGFILE}'" 15
+ echo "hdiutil create $HDIUTILV -format UDRW -megabytes 260 -srcfolder \"$TEMPDMGDIR\" -volname \"$VOLNAME\" \"$TEMPDMGFILE\""
+ hdiutil create $HDIUTILV -format UDRW -megabytes 260 -srcfolder "$TEMPDMGDIR" -volname "$VOLNAME" "$TEMPDMGFILE" || mydetachexit "Could not create temporary DMG file '${TEMPDMGFILE}'" 15
echo "* Mounting temporary disk image '${TEMPDMGFILE}' on '${TEMPMOUNTDIR}'"
- echo "hdiutil attach -mountpoint \"${TEMPMOUNTDIR}\" \"${TEMPDMGFILE}\""
- hdiutil attach -mountpoint "${TEMPMOUNTDIR}" "${TEMPDMGFILE}" || myexit "Could not mount '${TEMPDMGFILE}' on '${TEMPMOUNTDIR}'. Aborting." 16
+ echo "hdiutil attach $HDIUTILV -mountpoint \"${TEMPMOUNTDIR}\" \"${TEMPDMGFILE}\""
+ hdiutil attach $HDIUTILV -mountpoint "${TEMPMOUNTDIR}" "${TEMPDMGFILE}" || myexit "Could not mount '${TEMPDMGFILE}' on '${TEMPMOUNTDIR}'. Aborting." 16
VOLDIR="$TEMPMOUNTDIR" # for mydetachexit
echo "* Unmounting '${TEMPMOUNTDIR}'"
- echo "hdiutil detach \"$TEMPMOUNTDIR\""
- hdiutil detach "$TEMPMOUNTDIR"
+ echo "hdiutil detach $HDIUTILV \"$TEMPMOUNTDIR\""
+ hdiutil detach $HDIUTILV "$TEMPMOUNTDIR"
echo "* Converting temporary DMG file to new DMG file '${NEWDMGFILE}' to sign"
- echo "hdiutil convert \"$TEMPDMGFILE\" -format UDZO -o \"$NEWDMGFILE\""
- hdiutil convert "$TEMPDMGFILE" -format UDZO -o "$NEWDMGFILE" || mydetachexit "Could not convert to new DMG file '${NEWDMGFILE}'" 17
+ echo "hdiutil convert $HDIUTILV \"$TEMPDMGFILE\" -format UDZO -o \"$NEWDMGFILE\""
+ hdiutil convert $HDIUTILV "$TEMPDMGFILE" -format UDZO -o "$NEWDMGFILE" || mydetachexit "Could not convert to new DMG file '${NEWDMGFILE}'" 17
echo "* Removing temporary DMG file '${TEMPDMGFILE}'"
echo "* Code signing '${NEWDMGFILE}'"
-echo "${RUNNING}codesign --force --deep -vvvv -s \"$DEVELOPERID\" --options runtime --entitlements \"$ENTITLEMENTSFILE\" \"$NEWDMGFILE\""
+echo "${RUNNING} codesign --force --deep -vvvv -s \"$DEVELOPERID\" --options runtime --entitlements \"$ENTITLEMENTSFILE\" \"$NEWDMGFILE\""
$TRUE codesign --force --deep -vvvv -s "$DEVELOPERID" --options runtime --entitlements "$ENTITLEMENTSFILE" "$NEWDMGFILE"
-echo "${RUNNING}codesign --deep -vvvv \"$NEWDMGFILE\""
+echo "${RUNNING} codesign --deep -vvvv \"$NEWDMGFILE\""
$TRUE codesign --deep -vvvv "$NEWDMGFILE"
echo "* Removing TEMPDIR '${TEMPDIR}'"
myparanoidrm "${TEMPDIR}"
-echo "*** Signed DMG file at '${NEWDMGFILE}'"
+[ "$STAPLED" = 1 ] && ANDSTAPLED=" and stapled"
+echo "*** Signed${ANDSTAPLED} DMG file at '${NEWDMGFILE}'"
git://source.jalview.org / jalview.git / commitdiff