From 6a557425761f494f2536ba725889acad54840215 Mon Sep 17 00:00:00 2001 From: Michael Bonani Date: Fri, 29 Jan 2021 16:28:38 +0100 Subject: [PATCH] Fix signature problem on macosx and highdpi definition - sign osx bundle without --deep option and remove entitlements - made osx bundle like Apple recommendation - fix highdpi (cherry picked from commit 13f82fe9ad095069cef1027be00de46e7b2e5267) # Conflicts: # azure-pipelines.yml # osx/launcher.entitlements --- Brewfile | 1 + aseba/launcher/src/tdmsupervisor.cpp | 2 +- azure-pipelines.yml | 74 ++-------------------------- osx/createbundle.sh | 30 ++++++++--- osx/launcher.entitlements | 2 + 5 files changed, 29 insertions(+), 80 deletions(-) diff --git a/Brewfile b/Brewfile index f88ed7f80..7bdddeefa 100644 --- a/Brewfile +++ b/Brewfile @@ -2,5 +2,6 @@ brew 'python@3.9' brew 'ninja' brew 'cmake' brew 'ccache' +brew 'python3' brew 'imagemagick' brew 'p7zip' diff --git a/aseba/launcher/src/tdmsupervisor.cpp b/aseba/launcher/src/tdmsupervisor.cpp index 2322137b4..3e7e2df3c 100644 --- a/aseba/launcher/src/tdmsupervisor.cpp +++ b/aseba/launcher/src/tdmsupervisor.cpp @@ -6,7 +6,7 @@ namespace mobsya { -static const auto tdm_program_name = QByteArrayLiteral("thymio-device-manager"); +static const auto tdm_program_name = QByteArrayLiteral("../Helpers/thymio-device-manager"); static const auto max_launch_count = 10; TDMSupervisor::TDMSupervisor(const Launcher& launcher, QObject* parent) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index a688fd911..9c34bf63a 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -216,11 +216,7 @@ jobs: #workaround until devops deploy - script: | brew uninstall openssl@1.0.2t - brew uninstall python@2.7.17 brew untap local/openssl - brew untap local/python2 - brew update - brew unlink python@3.8 brew bundle displayName: 'Install dependencies with HomeBrew' @@ -236,17 +232,17 @@ jobs: displayName: 'Clone submodules' - script: | - sudo xcode-select -s /Applications/Xcode_10.1.app/Contents/Developer + sudo xcode-select -s /Applications/Xcode_11.3.1.app/Contents/Developer (mkdir build && cd build && cmake .. -GNinja -DBoost_DEBUG=OFF -DOPENSSL_LIBRARIES=/usr/local/Cellar/openssl@1.0.2t/1.0.2t/lib -DOPENSSL_INCLUDE_DIR=/usr/local/Cellar/openssl@1.0.2t/1.0.2t/include -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DCMAKE_PREFIX_PATH="`pwd`/../Qt/5.13.2/clang_64/" && ninja) displayName: 'Build with cmake' - script: | - osx/createbundle.sh $(Build.ArtifactStagingDirectory)/ThymioSuite-$(packet_version)-OsX-13-14.dmg build/bin '$(APPLE_CERTIFICATE_SIGNING_IDENTITY)' + osx/createbundle.sh $(Build.ArtifactStagingDirectory)/ThymioSuite-$(packet_version)-OsX-12-15.dmg build/bin '$(APPLE_CERTIFICATE_SIGNING_IDENTITY)' displayName: 'Signing and create dmg' condition: ne(variables['Build.Reason'], 'PullRequest') - script: | - osx/createbundle.sh $(Build.ArtifactStagingDirectory)/ThymioSuite-$(packet_version)-OsX-13-14.dmg build/bin + osx/createbundle.sh $(Build.ArtifactStagingDirectory)/ThymioSuite-$(packet_version)-OsX-12-15.dmg build/bin displayName: 'Create Unsigned DMG' condition: eq(variables['Build.Reason'], 'PullRequest') @@ -255,66 +251,6 @@ jobs: pathtoPublish: '$(Build.ArtifactStagingDirectory)' artifactName: 'ThymioSuite.dmg' -- job: BuildOnOsX2 - pool: - vmImage: 'macOS-10.14' - steps: - - task: NodeTool@0 - inputs: - versionSpec: '9.x' - - - task: InstallAppleCertificate@2 - inputs: - certSecureFile: 'Mobsya.p12' - certPwd: $(mobsya-mac-p12) - - - script: | - curl -sL $(blockly_url) | tar xzf - -C . - curl -sL $(scratch_url) | tar xzf - -C . - curl -sL $(vpl3_url) | tar xzf - -C . - displayName: 'Extract scratch, blockly and vpl3' - - script: | - curl -sL https://github.com/Mobsya/ci-data/releases/download/data/qt-5.13.2-mac.7z --output mac.7z - 7z x mac.7z - displayName: 'Setting Qt version to 5.13.2' - - #workaround until devops deploy - - script: | - brew uninstall openssl@1.0.2t - brew uninstall python@2.7.17 - brew untap local/openssl - brew untap local/python2 - brew update - brew unlink python@3.8 - brew bundle - displayName: 'Install dependencies with HomeBrew' - - - script: | - brew tap mobsya/brewqt https://github.com/mobsya/brewqt - brew extract --version=1.0.2t openssl mobsya/brewqt - brew install mobsya/brewqt/openssl@1.0.2t - brew info openssl - displayName: 'Setting openssl version to 1.0.0' - - script: | - git submodule update --init --recursive - displayName: 'Clone submodules' - - script: | - sudo xcode-select -s /Applications/Xcode_11.3.1.app/Contents/Developer - (mkdir build && cd build && cmake .. -GNinja -DBoost_DEBUG=OFF -DOPENSSL_LIBRARIES=/usr/local/Cellar/openssl@1.0.2t/1.0.2t/lib -DOPENSSL_INCLUDE_DIR=/usr/local/Cellar/openssl@1.0.2t/1.0.2t/include -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DCMAKE_PREFIX_PATH="`pwd`/../Qt/5.13.2/clang_64/" && ninja) - displayName: 'Build with cmake' - - script: | - osx/createbundle.sh $(Build.ArtifactStagingDirectory)/ThymioSuite-$(packet_version)-OsX-15+.dmg build/bin '$(APPLE_CERTIFICATE_SIGNING_IDENTITY)' - displayName: 'Signing and create dmg' - condition: ne(variables['Build.Reason'], 'PullRequest') - - script: | - osx/createbundle.sh $(Build.ArtifactStagingDirectory)/ThymioSuite-$(packet_version)-OsX-15+.dmg build/bin - displayName: 'Create Unsigned DMG' - condition: eq(variables['Build.Reason'], 'PullRequest') - - task: PublishBuildArtifacts@1 - inputs: - pathtoPublish: '$(Build.ArtifactStagingDirectory)' - artifactName: 'ThymioSuite.dmg' - - job: BuildForIOs pool: @@ -345,11 +281,7 @@ jobs: #workaround until devops deploy - script: | brew uninstall openssl@1.0.2t - brew uninstall python@2.7.17 brew untap local/openssl - brew untap local/python2 - brew update - brew unlink python@3.8 brew bundle displayName: 'Install dependencies with HomeBrew' diff --git a/osx/createbundle.sh b/osx/createbundle.sh index e1821d43f..b90053089 100755 --- a/osx/createbundle.sh +++ b/osx/createbundle.sh @@ -43,20 +43,21 @@ sign() { if [ -z "$IDENTITY" ]; then echo "Identity not provided, not signing" else - codesign --verify --options=runtime --verbose -f -s "$IDENTITY" "$@" + codesign --verify --verbose --timestamp -f -s "$IDENTITY" "$@" fi } -#Make sure the launcher is retina ready defaults write $(realpath "$DEST/Contents/Info.plist") NSPrincipalClass -string NSApplication defaults write $(realpath "$DEST/Contents/Info.plist") NSHighResolutionCapable -string True add_to_group $(realpath "$DEST/Contents/Info.plist") chmod 644 $(realpath "$DEST/Contents/Info.plist") APPS_DIR="$DEST/Contents/Applications" -BINUTILS_DIR="$DEST/Contents/MacOs" +BINUTILS_DIR="$DEST/Contents/Helpers" +MAIN_DIR="$DEST/Contents/MacOS" #Copy the binaries we need +mkdir -p "$MAIN_DIR" mkdir -p "$BINUTILS_DIR" for binary in "thymio-device-manager" "thymio2-firmware-upgrader" do @@ -130,29 +131,42 @@ done for app in "AsebaStudio" "AsebaPlayground" "ThymioVPLClassic" do echo "Signing $APPS_DIR/$app.app/ with $DIR/inherited.entitlements" - sign --deep $(realpath "$APPS_DIR/$app.app/") --entitlements "$DIR/$app.entitlements" + + for fw in $(ls "$APPS_DIR/$app.app/Contents/Frameworks") + do + echo "Signing $DEST/Contents/Frameworks/$fw" + sign $(realpath "$APPS_DIR/$app.app/Contents/Frameworks/$fw") + done + + for plugin in $(find $APPS_DIR/$app.app/Contents/PlugIns -name '*.dylib') + do + echo "Signing $plugin" + sign $(realpath "$plugin") + done + + sign --options=runtime $(realpath "$APPS_DIR/$app.app/") done for fw in $(ls "$DEST/Contents/Frameworks") do echo "Signing $DEST/Contents/Frameworks/$fw" - sign --deep $(realpath "$DEST/Contents/Frameworks/$fw") + sign $(realpath "$DEST/Contents/Frameworks/$fw") done for plugin in $(find $DEST/Contents/PlugIns -name '*.dylib') do echo "Signing $plugin" - sign --deep $(realpath "$plugin") + sign $(realpath "$plugin") done for binary in "thymio-device-manager" "thymio2-firmware-upgrader" do echo "Signing $BINUTILS_DIR/$binary with $DIR/inherited.entitlements" - sign --deep $(realpath "$BINUTILS_DIR/$binary") --entitlements "$DIR/inherited.entitlements" + sign -i org.mobsya.ThymioLauncher.$binary --options=runtime $(realpath "$BINUTILS_DIR/$binary") done echo "Signing $DEST with $DIR/launcher.entitlements" -sign $(realpath "$BINUTILS_DIR/thymio-launcher") --entitlements "$DIR/launcher.entitlements" +sign --options=runtime $(realpath "$MAIN_DIR/thymio-launcher") if [ -n "$DMG" ]; then test -f "$1" && rm "$DMG" diff --git a/osx/launcher.entitlements b/osx/launcher.entitlements index 0fac46f2f..31bf6992b 100644 --- a/osx/launcher.entitlements +++ b/osx/launcher.entitlements @@ -10,5 +10,7 @@ com.apple.security.network.server + com.apple.security.cs.allow-dyld-environment-variables + \ No newline at end of file