Browse Source

Merge pull request #4869 from cculianu/add_macos_codesign

[macOS] Added optional code signing capability to the OSX build scripts.
3.3.3.1
ThomasV 6 years ago
committed by GitHub
parent
commit
fc2972e977
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 23
      contrib/build-osx/base.sh
  2. 29
      contrib/build-osx/make_osx

23
contrib/build-osx/base.sh

@ -2,6 +2,7 @@
RED='\033[0;31m' RED='\033[0;31m'
BLUE='\033[0,34m' BLUE='\033[0,34m'
YELLOW='\033[0;33m'
NC='\033[0m' # No Color NC='\033[0m' # No Color
function info { function info {
printf "\r💬 ${BLUE}INFO:${NC} ${1}\n" printf "\r💬 ${BLUE}INFO:${NC} ${1}\n"
@ -10,3 +11,25 @@ function fail {
printf "\r🗯 ${RED}ERROR:${NC} ${1}\n" printf "\r🗯 ${RED}ERROR:${NC} ${1}\n"
exit 1 exit 1
} }
function warn {
printf "\r⚠️ ${YELLOW}WARNING:${NC} ${1}\n"
}
function DoCodeSignMaybe { # ARGS: infoName fileOrDirName codesignIdentity
infoName="$1"
file="$2"
identity="$3"
deep=""
if [ -z "$identity" ]; then
# we are ok with them not passing anything -- master script calls us always even if no identity is specified
return
fi
if [ -d "$file" ]; then
deep="--deep"
fi
if [ -z "$infoName" ] || [ -z "$file" ] || [ -z "$identity" ] || [ ! -e "$file" ]; then
fail "Argument error to internal function DoCodeSignMaybe()"
fi
info "Code signing ${infoName}..."
codesign -f -v $deep -s "$identity" "$file" || fail "Could not code sign ${infoName}"
}

29
contrib/build-osx/make_osx

@ -17,6 +17,24 @@ VERSION=`git describe --tags --dirty --always`
which brew > /dev/null 2>&1 || fail "Please install brew from https://brew.sh/ to continue" which brew > /dev/null 2>&1 || fail "Please install brew from https://brew.sh/ to continue"
# Code Signing: See https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html
APP_SIGN=""
if [ -n "$1" ]; then
# Test the identity is valid for signing by doing this hack. There is no other way to do this.
cp -f /bin/ls ./CODESIGN_TEST
codesign -s "$1" --dryrun -f ./CODESIGN_TEST > /dev/null 2>&1
res=$?
rm -f ./CODESIGN_TEST
if ((res)); then
fail "Code signing identity \"$1\" appears to be invalid."
fi
unset res
APP_SIGN="$1"
info "Code signing enabled using identity \"$APP_SIGN\""
else
warn "Code signing DISABLED. Specify a valid macOS Developer identity installed on the system as the first argument to this script to enable signing."
fi
info "Installing Python $PYTHON_VERSION" info "Installing Python $PYTHON_VERSION"
export PATH="~/.pyenv/bin:~/.pyenv/shims:~/Library/Python/3.6/bin:$PATH" export PATH="~/.pyenv/bin:~/.pyenv/shims:~/Library/Python/3.6/bin:$PATH"
if [ -d "~/.pyenv" ]; then if [ -d "~/.pyenv" ]; then
@ -54,6 +72,7 @@ info "Downloading libusb..."
curl https://homebrew.bintray.com/bottles/libusb-1.0.22.el_capitan.bottle.tar.gz | \ curl https://homebrew.bintray.com/bottles/libusb-1.0.22.el_capitan.bottle.tar.gz | \
tar xz --directory $BUILDDIR tar xz --directory $BUILDDIR
cp $BUILDDIR/libusb/1.0.22/lib/libusb-1.0.dylib contrib/build-osx cp $BUILDDIR/libusb/1.0.22/lib/libusb-1.0.dylib contrib/build-osx
DoCodeSignMaybe "libusb" "contrib/build-osx/libusb-1.0.dylib" "$APP_SIGN" # If APP_SIGN is empty will be a noop
info "Building libsecp256k1" info "Building libsecp256k1"
brew install autoconf automake libtool brew install autoconf automake libtool
@ -66,6 +85,7 @@ git clean -f -x -q
make make
popd popd
cp $BUILDDIR/secp256k1/.libs/libsecp256k1.0.dylib contrib/build-osx cp $BUILDDIR/secp256k1/.libs/libsecp256k1.0.dylib contrib/build-osx
DoCodeSignMaybe "libsecp256k1" "contrib/build-osx/libsecp256k1.0.dylib" "$APP_SIGN" # If APP_SIGN is empty will be a noop
info "Installing requirements..." info "Installing requirements..."
@ -96,5 +116,14 @@ plutil -insert 'CFBundleURLTypes' \
-- dist/$PACKAGE.app/Contents/Info.plist \ -- dist/$PACKAGE.app/Contents/Info.plist \
|| fail "Could not add keys to Info.plist. Make sure the program 'plutil' exists and is installed." || fail "Could not add keys to Info.plist. Make sure the program 'plutil' exists and is installed."
DoCodeSignMaybe "app bundle" "dist/${PACKAGE}.app" "$APP_SIGN" # If APP_SIGN is empty will be a noop
info "Creating .DMG" info "Creating .DMG"
hdiutil create -fs HFS+ -volname $PACKAGE -srcfolder dist/$PACKAGE.app dist/electrum-$VERSION.dmg || fail "Could not create .DMG" hdiutil create -fs HFS+ -volname $PACKAGE -srcfolder dist/$PACKAGE.app dist/electrum-$VERSION.dmg || fail "Could not create .DMG"
DoCodeSignMaybe ".DMG" "dist/electrum-${VERSION}.dmg" "$APP_SIGN" # If APP_SIGN is empty will be a noop
if [ -z "$APP_SIGN" ]; then
warn "App was built successfully but was not code signed. Users may get security warnings from macOS."
warn "Specify a valid code signing identity as the first argument to this script to enable code signing."
fi

Loading…
Cancel
Save