Fix signature problem on macosx and highdpi definition

- sign osx bundle without --deep option and remove entitlements
- made osx bundle like Apple recommendation
- fix highdpi

(cherry picked from commit 13f82fe)

# Conflicts:
#	azure-pipelines.yml
#	osx/launcher.entitlements

Brewfile

@@ -2,5 +2,6 @@ brew '[email protected]'
 brew 'ninja'
 brew 'cmake'
 brew 'ccache'
+brew 'python3'
 brew 'imagemagick'
 brew 'p7zip'

aseba/launcher/src/tdmsupervisor.cpp

@@ -6,7 +6,7 @@
 
 namespace mobsya {
 
-static const auto tdm_program_name = QByteArrayLiteral("thymio-device-manager");
+static const auto tdm_program_name = QByteArrayLiteral("../Helpers/thymio-device-manager");
 static const auto max_launch_count = 10;
 
 TDMSupervisor::TDMSupervisor(const Launcher& launcher, QObject* parent)

azure-pipelines.yml

@@ -216,11 +216,7 @@ jobs:
   #workaround until devops deploy
   - script: |
       brew uninstall [email protected]
-      brew uninstall [email protected]
       brew untap local/openssl
-      brew untap local/python2
-      brew update
-      brew unlink [email protected]
       brew bundle
     displayName: 'Install dependencies with HomeBrew'
     
@@ -236,17 +232,17 @@ jobs:
     displayName: 'Clone submodules'
     
   - script: |
-      sudo xcode-select -s /Applications/Xcode_10.1.app/Contents/Developer
+      sudo xcode-select -s /Applications/Xcode_11.3.1.app/Contents/Developer
       (mkdir build && cd build &&  cmake .. -GNinja -DBoost_DEBUG=OFF -DOPENSSL_LIBRARIES=/usr/local/Cellar/[email protected]/1.0.2t/lib -DOPENSSL_INCLUDE_DIR=/usr/local/Cellar/[email protected]/1.0.2t/include -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DCMAKE_PREFIX_PATH="`pwd`/../Qt/5.13.2/clang_64/" && ninja)
     displayName: 'Build with cmake'
 
   - script: |
-      osx/createbundle.sh $(Build.ArtifactStagingDirectory)/ThymioSuite-$(packet_version)-OsX-13-14.dmg build/bin '$(APPLE_CERTIFICATE_SIGNING_IDENTITY)'
+      osx/createbundle.sh $(Build.ArtifactStagingDirectory)/ThymioSuite-$(packet_version)-OsX-12-15.dmg build/bin '$(APPLE_CERTIFICATE_SIGNING_IDENTITY)'
     displayName: 'Signing and create dmg'
     condition: ne(variables['Build.Reason'], 'PullRequest')
 
   - script: |
-      osx/createbundle.sh $(Build.ArtifactStagingDirectory)/ThymioSuite-$(packet_version)-OsX-13-14.dmg build/bin
+      osx/createbundle.sh $(Build.ArtifactStagingDirectory)/ThymioSuite-$(packet_version)-OsX-12-15.dmg build/bin
     displayName: 'Create Unsigned DMG'
     condition: eq(variables['Build.Reason'], 'PullRequest')
 
@@ -255,66 +251,6 @@ jobs:
       pathtoPublish: '$(Build.ArtifactStagingDirectory)'
       artifactName: 'ThymioSuite.dmg'
 
-- job: BuildOnOsX2
-  pool:
-    vmImage: 'macOS-10.14'
-  steps:
-  - task: NodeTool@0
-    inputs:
-      versionSpec: '9.x'
-
-  - task: InstallAppleCertificate@2
-    inputs:
-      certSecureFile: 'Mobsya.p12'
-      certPwd: $(mobsya-mac-p12)
-
-  - script: |
-      curl -sL $(blockly_url) | tar xzf - -C .
-      curl -sL $(scratch_url) | tar xzf - -C .
-      curl -sL $(vpl3_url) | tar xzf - -C .
-    displayName: 'Extract scratch, blockly and vpl3' 
-  - script: |
-      curl -sL https://github.com/Mobsya/ci-data/releases/download/data/qt-5.13.2-mac.7z --output mac.7z
-      7z x mac.7z
-    displayName: 'Setting Qt version to 5.13.2'
-    
-  #workaround until devops deploy
-  - script: |
-      brew uninstall [email protected]
-      brew uninstall [email protected]
-      brew untap local/openssl
-      brew untap local/python2
-      brew update
-      brew unlink [email protected]
-      brew bundle
-    displayName: 'Install dependencies with HomeBrew'
-    
-  - script: |
-      brew tap mobsya/brewqt https://github.com/mobsya/brewqt
-      brew extract --version=1.0.2t openssl mobsya/brewqt
-      brew install mobsya/brewqt/[email protected]
-      brew info openssl
-    displayName: 'Setting openssl version to 1.0.0'
-  - script: |
-      git submodule update --init --recursive
-    displayName: 'Clone submodules'
-  - script: |
-      sudo xcode-select -s /Applications/Xcode_11.3.1.app/Contents/Developer
-      (mkdir build && cd build &&  cmake .. -GNinja -DBoost_DEBUG=OFF -DOPENSSL_LIBRARIES=/usr/local/Cellar/[email protected]/1.0.2t/lib -DOPENSSL_INCLUDE_DIR=/usr/local/Cellar/[email protected]/1.0.2t/include -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DCMAKE_PREFIX_PATH="`pwd`/../Qt/5.13.2/clang_64/" && ninja)
-    displayName: 'Build with cmake'
-  - script: |
-      osx/createbundle.sh $(Build.ArtifactStagingDirectory)/ThymioSuite-$(packet_version)-OsX-15+.dmg build/bin '$(APPLE_CERTIFICATE_SIGNING_IDENTITY)'
-    displayName: 'Signing and create dmg'
-    condition: ne(variables['Build.Reason'], 'PullRequest')
-  - script: |
-      osx/createbundle.sh $(Build.ArtifactStagingDirectory)/ThymioSuite-$(packet_version)-OsX-15+.dmg build/bin
-    displayName: 'Create Unsigned DMG'
-    condition: eq(variables['Build.Reason'], 'PullRequest')
-  - task: PublishBuildArtifacts@1
-    inputs:
-      pathtoPublish: '$(Build.ArtifactStagingDirectory)'
-      artifactName: 'ThymioSuite.dmg'
-
 
 - job: BuildForIOs
   pool:
@@ -345,11 +281,7 @@ jobs:
     #workaround until devops deploy
   - script: |
       brew uninstall [email protected]
-      brew uninstall [email protected]
       brew untap local/openssl
-      brew untap local/python2
-      brew update
-      brew unlink [email protected]
       brew bundle
     displayName: 'Install dependencies with HomeBrew'
 

osx/createbundle.sh

@@ -43,20 +43,21 @@ sign() {
     if [ -z "$IDENTITY" ]; then
         echo "Identity not provided, not signing"
     else
-        codesign --verify --options=runtime --verbose -f -s "$IDENTITY" "$@"
+        codesign --verify --verbose --timestamp -f -s "$IDENTITY" "$@"
     fi
 }
 
-#Make sure the launcher is retina ready
 defaults write $(realpath "$DEST/Contents/Info.plist") NSPrincipalClass -string NSApplication
 defaults write $(realpath "$DEST/Contents/Info.plist") NSHighResolutionCapable -string True
 add_to_group $(realpath "$DEST/Contents/Info.plist")
 chmod 644 $(realpath "$DEST/Contents/Info.plist")
 
 APPS_DIR="$DEST/Contents/Applications"
-BINUTILS_DIR="$DEST/Contents/MacOs"
+BINUTILS_DIR="$DEST/Contents/Helpers"
+MAIN_DIR="$DEST/Contents/MacOS"
 
 #Copy the binaries we need
+mkdir -p "$MAIN_DIR"
 mkdir -p "$BINUTILS_DIR"
 for binary in "thymio-device-manager" "thymio2-firmware-upgrader"
 do
@@ -130,29 +131,42 @@ done
 for app in "AsebaStudio" "AsebaPlayground" "ThymioVPLClassic"
 do
     echo "Signing $APPS_DIR/$app.app/ with $DIR/inherited.entitlements"
-    sign --deep $(realpath "$APPS_DIR/$app.app/") --entitlements "$DIR/$app.entitlements"
+
+	for fw in $(ls "$APPS_DIR/$app.app/Contents/Frameworks")
+		do
+			echo "Signing $DEST/Contents/Frameworks/$fw"
+			sign $(realpath "$APPS_DIR/$app.app/Contents/Frameworks/$fw")
+		done
+
+	for plugin in $(find $APPS_DIR/$app.app/Contents/PlugIns -name '*.dylib')
+		do
+			echo "Signing $plugin"
+			sign $(realpath "$plugin")
+		done
+
+    sign --options=runtime $(realpath "$APPS_DIR/$app.app/")
 done
 
 for fw in $(ls "$DEST/Contents/Frameworks")
 do
     echo "Signing $DEST/Contents/Frameworks/$fw"
-    sign --deep $(realpath "$DEST/Contents/Frameworks/$fw")
+    sign $(realpath "$DEST/Contents/Frameworks/$fw")
 done
 
 for plugin in $(find $DEST/Contents/PlugIns -name '*.dylib')
 do
     echo "Signing $plugin"
-    sign --deep $(realpath "$plugin")
+    sign $(realpath "$plugin")
 done
 
 for binary in "thymio-device-manager" "thymio2-firmware-upgrader"
 do
     echo "Signing $BINUTILS_DIR/$binary with $DIR/inherited.entitlements"
-    sign --deep $(realpath "$BINUTILS_DIR/$binary") --entitlements "$DIR/inherited.entitlements"
+    sign -i org.mobsya.ThymioLauncher.$binary --options=runtime $(realpath "$BINUTILS_DIR/$binary")
 done
 
 echo "Signing $DEST with $DIR/launcher.entitlements"
-sign $(realpath "$BINUTILS_DIR/thymio-launcher") --entitlements "$DIR/launcher.entitlements"
+sign --options=runtime $(realpath "$MAIN_DIR/thymio-launcher")
 
 if [ -n "$DMG" ]; then
     test -f "$1" && rm "$DMG"

osx/launcher.entitlements

@@ -10,5 +10,7 @@
         <true/>
         <key>com.apple.security.network.server</key>
         <true/>
+		<key>com.apple.security.cs.allow-dyld-environment-variables</key>
+		<true/>
     </dict>
 </plist>