-
Notifications
You must be signed in to change notification settings - Fork 44
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
build, sign, notarize, and upload macos installer pkg
- Loading branch information
1 parent
d610bc4
commit d7b59d0
Showing
80 changed files
with
749 additions
and
192 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,149 @@ | ||
#!/usr/bin/env bash | ||
############################################################################## | ||
# Build a macOS installer package containing a weep universal binary | ||
# Author: Patrick Sanders <psanders@netflix.com> | ||
############################################################################## | ||
set -euo pipefail | ||
|
||
BASE_DIR="build/package/macos" | ||
APP_DIR="$BASE_DIR/application" | ||
BIN_DIR="$APP_DIR/bin" | ||
BUILD_DIR="$BASE_DIR/tmp" | ||
PKG_DIR="$BUILD_DIR/darwinpkg" | ||
OUT_DIR="dist/macos" | ||
VERSION=${VERSION:=dev} | ||
FINAL_PACKAGE="$OUT_DIR/weep-installer-macos-$VERSION.pkg" | ||
|
||
rm -rf "$BIN_DIR" | ||
rm -rf "$BUILD_DIR" | ||
mkdir -p "$BIN_DIR" | ||
mkdir -p "$OUT_DIR" | ||
mkdir -p "$PKG_DIR" | ||
|
||
cp -r "$BASE_DIR/darwin" "$BUILD_DIR/" | ||
chmod -R 755 "$BUILD_DIR/darwin/scripts" | ||
chmod 755 "$BUILD_DIR/darwin/Distribution.xml" | ||
|
||
printf "🟢 starting build for %s\n" "$FINAL_PACKAGE" | ||
|
||
function prep_package() { | ||
# Prepare package structure | ||
mkdir -p "$BUILD_DIR/darwinpkg/Library/weep" | ||
cp -a "$APP_DIR/." "$BUILD_DIR/darwinpkg/Library/weep" | ||
chmod -R 755 "$BUILD_DIR/darwinpkg/Library/weep" | ||
|
||
# Replace tokens in package files | ||
sed -i '' -e "s/__VERSION__/$VERSION/g" ${BUILD_DIR}/darwin/Resources/*.html | ||
} | ||
|
||
function combine_binaries() { | ||
printf "🦾 creating universal binary..." | ||
output=$1 | ||
bin1=$2 | ||
bin2=$3 | ||
lipo -create -output "$output" "$bin1" "$bin2" | ||
printf " done ✅ \n" | ||
} | ||
|
||
function sign_binary() { | ||
printf "🔏 signing binary..." | ||
binary=$1 | ||
codesign \ | ||
--options runtime \ | ||
--sign "Developer ID Application: Netflix, Inc." \ | ||
--force \ | ||
--timestamp=http://timestamp.apple.com/ts01 \ | ||
"$binary" > /dev/null 2>&1 | ||
printf " done ✅ \n" | ||
} | ||
|
||
function build_package() { | ||
printf "📦 building package..." | ||
pkgbuild --identifier "com.netflix.weep" \ | ||
--version "$VERSION" \ | ||
--scripts "$BUILD_DIR/darwin/scripts" \ | ||
--root "$BUILD_DIR/darwinpkg" \ | ||
weep.pkg > /dev/null 2>&1 | ||
|
||
productbuild --distribution "$BUILD_DIR/darwin/Distribution.xml" \ | ||
--resources "$BUILD_DIR/darwin/Resources" \ | ||
--package-path "$BUILD_DIR/package" \ | ||
"$OUT_DIR/weep-$VERSION-unsigned.pkg" > /dev/null 2>&1 | ||
printf " done ✅ \n" | ||
} | ||
|
||
function sign_package() { | ||
printf "🔏 signing package..." | ||
productsign --sign "Developer ID Installer: Netflix, Inc." \ | ||
"$OUT_DIR/weep-$VERSION-unsigned.pkg" \ | ||
"$FINAL_PACKAGE" > /dev/null 2>&1 | ||
|
||
pkgutil --check-signature "$FINAL_PACKAGE" > /dev/null 2>&1 | ||
printf " done ✅ \n" | ||
} | ||
|
||
function notarize() { | ||
printf "🔐 notarizing package..." | ||
output=$(xcrun altool \ | ||
--notarize-app \ | ||
--primary-bundle-id "com.netflix.weep" \ | ||
--username "psanders@netflix.com" \ | ||
--password "$AC_PASSWORD" \ | ||
--file "$FINAL_PACKAGE") | ||
printf " done ✅ \n" | ||
request_id=$(echo "$output" | grep RequestUUID | awk '{ print $3 }') | ||
printf "💡 notarize request id is %s\n" "$request_id" | ||
# give the server side a few seconds to sort things out | ||
sleep 3 | ||
while true; do | ||
status=$(check_notarize_status "$request_id") | ||
printf "👀 current status \"%s\"" "$status" | ||
case "$status" in | ||
"success") | ||
printf ", done ✅ \n" | ||
break | ||
;; | ||
"failure") | ||
printf ", exiting! 🔴\n" | ||
exit 1 | ||
;; | ||
*) | ||
printf ", not ready yet 😴\n" | ||
sleep 5 | ||
;; | ||
esac | ||
done | ||
} | ||
|
||
function check_notarize_status() { | ||
request_id=$1 | ||
output=$(xcrun altool \ | ||
--notarization-info "$request_id" \ | ||
--username "psanders@netflix.com" \ | ||
--password "$AC_PASSWORD") | ||
status=$(echo "$output" | grep "Status:" | awk '{ for (i=2; i<=NF; i++) printf("%s ", $i) }' | awk '{$1=$1;print}') | ||
echo "$status" | ||
} | ||
|
||
function staple() { | ||
printf "📎 stapling..." | ||
xcrun stapler staple "$FINAL_PACKAGE" > /dev/null 2>&1 | ||
printf " done ✅ \n" | ||
} | ||
|
||
function cleanup() { | ||
rm dist/macos/*-unsigned.pkg | ||
} | ||
|
||
combine_binaries "$BIN_DIR/weep-universal" \ | ||
dist/bin/darwin_amd64/weep \ | ||
dist/bin/darwin_arm64/weep | ||
sign_binary "$BIN_DIR/weep-universal" | ||
prep_package | ||
build_package | ||
sign_package | ||
notarize | ||
staple | ||
cleanup | ||
|
||
printf "🙌 successfully built and notarized %s 🎉 \n" "$FINAL_PACKAGE" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
#!/bin/bash | ||
|
||
#Check running user | ||
if (( $EUID != 0 )); then | ||
echo "Please run as root." | ||
exit | ||
fi | ||
|
||
echo "Welcome to the Weep Uninstaller" | ||
echo "The following packages will be REMOVED:" | ||
echo " weep" | ||
while true; do | ||
read -p "Do you wish to continue [Y/n]?" answer | ||
[[ $answer == "y" || $answer == "Y" || $answer == "" ]] && break | ||
[[ $answer == "n" || $answer == "N" ]] && exit 0 | ||
echo "Please answer with 'y' or 'n'" | ||
done | ||
|
||
|
||
echo "Uninstalling Weep" | ||
# remove binary symlink | ||
if rm -rf "/usr/local/bin/weep" | ||
then | ||
echo "[1/3] [DONE] Successfully deleted shortcut links" | ||
else | ||
echo "[1/3] [ERROR] Could not delete shortcut links" >&2 | ||
fi | ||
|
||
#forget from pkgutil | ||
if pkgutil --forget "com.netflix.weep" > /dev/null 2>&1 | ||
then | ||
echo "[2/3] [DONE] Successfully deleted application information" | ||
else | ||
echo "[2/3] [ERROR] Could not delete application information" >&2 | ||
fi | ||
|
||
#remove application source distribution | ||
if rm -rf "/Library/weep" | ||
then | ||
echo "[3/3] [DONE] Successfully deleted application" | ||
else | ||
echo "[3/3] [ERROR] Could not delete application" >&2 | ||
fi | ||
|
||
echo "Application uninstall process finished" | ||
exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
<?xml version="1.0" encoding="utf-8" standalone="no"?> | ||
<installer-script minSpecVersion="1.000000"> | ||
<title>Weep</title> | ||
<background mime-type="image/png" alignment="bottomleft" file="banner.png" scaling="proportional"/> | ||
<welcome file="welcome.html" mime-type="text/html" /> | ||
<conclusion file="conclusion.html" mime-type="text/html" /> | ||
<license file="LICENSE"/> | ||
<options customize="never" allow-external-scripts="no"/> | ||
<domains enable_localSystem="true" /> | ||
<installation-check script="installCheck();"/> | ||
<script> | ||
function installCheck() { | ||
if(system.files.fileExistsAtPath('/Library/weep/')) { | ||
my.result.title = 'Previous Installation Detected'; | ||
my.result.message = 'A previous installation of Weep exists at /Library/weep. This installer will remove the previous installation prior to installing.'; | ||
my.result.type = 'Warning'; | ||
return false; | ||
} | ||
return true; | ||
} | ||
</script> | ||
<choices-outline> | ||
<line choice="Weep"/> | ||
</choices-outline> | ||
<choice id="Weep" title="Weep"> | ||
<pkg-ref id="weep.pkg"/> | ||
</choice> | ||
<pkg-ref id="weep.pkg" auth="Root">weep.pkg</pkg-ref> | ||
</installer-script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../../../../../LICENSE |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Oops, something went wrong.