xinyin025/jcefbuild
1
0
Fork 0
mirror of https://github.com/jcefmaven/jcefbuild.git synced 2025-09-17 21:06:38 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Switch macos builds from altool to notarytool

Browse Source
This commit is contained in:
FriwiDev 2022-11-01 04:25:27 +01:00
parent fb1f044958
commit 0cae73fa86
6 changed files with 28 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/build-all.yml vendored
View File

@ -222,7 +222,7 @@ jobs:
name: Build
run: |
chmod +x compile_macosx.sh
./compile_macosx.sh amd64 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }} "${{ secrets.APPLE_BUILD_CERTIFICATE_NAME }}" ${{ secrets.APPLE_TEAM_NAME }} ${{ secrets.APPLE_API_KEY_NAME }} ${{ secrets.APPLE_API_KEY_ISSUER }}
./compile_macosx.sh amd64 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }} "${{ secrets.APPLE_BUILD_CERTIFICATE_NAME }}" ${{ secrets.APPLE_TEAM_NAME }} ${{ secrets.APPLE_API_KEY_ID }} "${HOME}/private_keys/AuthKey_${{ secrets.APPLE_API_KEY_NAME }}.p8" ${{ secrets.APPLE_API_KEY_ISSUER }}
- name: Clean up keychain
if: ${{ always() }}
run: |
@ -287,7 +287,7 @@ jobs:
name: Build
run: |
chmod +x compile_macosx.sh
./compile_macosx.sh arm64 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }} "${{ secrets.APPLE_BUILD_CERTIFICATE_NAME }}" ${{ secrets.APPLE_TEAM_NAME }} ${{ secrets.APPLE_API_KEY_NAME }} ${{ secrets.APPLE_API_KEY_ISSUER }}
./compile_macosx.sh arm64 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }} "${{ secrets.APPLE_BUILD_CERTIFICATE_NAME }}" ${{ secrets.APPLE_TEAM_NAME }} ${{ secrets.APPLE_API_KEY_ID }} "${HOME}/private_keys/AuthKey_${{ secrets.APPLE_API_KEY_NAME }}.p8" ${{ secrets.APPLE_API_KEY_ISSUER }}
- name: Clean up keychain
if: ${{ always() }}
run: |

2
.github/workflows/build-macosx-amd64.yml vendored
View File

@ -58,7 +58,7 @@ jobs:
name: Build
run: |
chmod +x compile_macosx.sh
./compile_macosx.sh amd64 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }} "${{ secrets.APPLE_BUILD_CERTIFICATE_NAME }}" ${{ secrets.APPLE_TEAM_NAME }} ${{ secrets.APPLE_API_KEY_NAME }} ${{ secrets.APPLE_API_KEY_ISSUER }}
./compile_macosx.sh amd64 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }} "${{ secrets.APPLE_BUILD_CERTIFICATE_NAME }}" ${{ secrets.APPLE_TEAM_NAME }} ${{ secrets.APPLE_API_KEY_ID }} "${HOME}/private_keys/AuthKey_${{ secrets.APPLE_API_KEY_NAME }}.p8" ${{ secrets.APPLE_API_KEY_ISSUER }}
- name: Clean up keychain
if: ${{ always() }}
run: |

2
.github/workflows/build-macosx-arm64.yml vendored
View File

@ -58,7 +58,7 @@ jobs:
name: Build
run: |
chmod +x compile_macosx.sh
./compile_macosx.sh arm64 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }} "${{ secrets.APPLE_BUILD_CERTIFICATE_NAME }}" ${{ secrets.APPLE_TEAM_NAME }} ${{ secrets.APPLE_API_KEY_NAME }} ${{ secrets.APPLE_API_KEY_ISSUER }}
./compile_macosx.sh arm64 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }} "${{ secrets.APPLE_BUILD_CERTIFICATE_NAME }}" ${{ secrets.APPLE_TEAM_NAME }} ${{ secrets.APPLE_API_KEY_ID }} "${HOME}/private_keys/AuthKey_${{ secrets.APPLE_API_KEY_NAME }}.p8" ${{ secrets.APPLE_API_KEY_ISSUER }}
- name: Clean up keychain
if: ${{ always() }}
run: |

7
compile_macosx.sh
View File

@ -2,7 +2,7 @@
if [ $# -lt 2 ] || [ $# -eq 3 ]
then
echo "Usage: ./compile_macosx.sh <architecture> <buildType> [<gitrepo> <gitref>] [<certname> <teamname> <applekeyid> <applekeyissuer>]"
echo "Usage: ./compile_macosx.sh <architecture> <buildType> [<gitrepo> <gitref>] [<certname> <teamname> <applekeyid> <applekeypath> <applekeyissuer>]"
echo ""
echo "architecture: the target architecture to build for. Architectures are either amd64 or arm64."
echo "buildType: either Release or Debug"
@ -10,7 +10,8 @@ if [ $# -lt 2 ] || [ $# -eq 3 ]
echo "gitref: the git commit id to pull"
echo "certname: the apple signing certificate name. Something like \"Developer ID Application: xxx (yyy)\""
echo "teamname: the apple team name. 10-digit id yyy from the cert name."
echo "applekeyid: your apple api key id"
echo "applekeyid: id of your apple api key"
echo "applekeypath: path to your apple api key"
echo "applekeyissuer: uuid of your apple api key issuer"
exit 1
fi
@ -78,7 +79,7 @@ cd binary_distrib/macosx64
if [ $# -gt 4 ]
then
chmod +x $WORK_DIR/macosx_codesign.sh
bash $WORK_DIR/macosx_codesign.sh $(pwd) "$5" $6 $7 $8
bash $WORK_DIR/macosx_codesign.sh $(pwd) "$5" $6 $7 $8 $9
fi
#Pack binary_distrib

19
macosx_codesign.sh
View File

@ -1,13 +1,14 @@
#!/bin/bash
if [ $# -lt 5 ]
if [ $# -lt 6 ]
then
echo "Usage: ./macosx_codesign.sh <path> <certname> <teamname> <applekeyid> <applekeyissuer>"
echo "Usage: ./macosx_codesign.sh <path> <certname> <teamname> <applekeyid> <applekeypath> <applekeyissuer>"
echo ""
echo "path: the absolute(!) target path"
echo "certname: the apple signing certificate name. Something like \"Developer ID Application: xxx (yyy)\""
echo "teamname: the apple team name. 10-digit id yyy from the cert name."
echo "applekeyid: your apple api key id"
echo "applekeyid: id of your apple api key"
echo "applekeypath: path to your apple api key"
echo "applekeyissuer: uuid of your apple api key issuer"
exit 1
fi
@ -28,13 +29,13 @@ chmod +x macosx_codesign_zip.sh
#Sign helpers
echo "Signing helpers..."
codesign --force --options runtime --entitlements "$ENTITLEMENTS_HELPER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper.app"
bash macosx_notarize.sh "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper.app" "$2" $3 org.jcef.jcef.helper $4 $5
bash macosx_notarize.sh "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper.app" "$2" $3 org.jcef.jcef.helper $4 $5 $6
codesign --force --options runtime --entitlements "$ENTITLEMENTS_HELPER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (GPU).app"
bash macosx_notarize.sh "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (GPU).app" "$2" $3 org.jcef.jcef.helper.gpu $4 $5
bash macosx_notarize.sh "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (GPU).app" "$2" $3 org.jcef.jcef.helper.gpu $4 $5 $6
codesign --force --options runtime --entitlements "$ENTITLEMENTS_HELPER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (Plugin).app"
bash macosx_notarize.sh "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (Plugin).app" "$2" $3 org.jcef.jcef.helper.plugin $4 $5
bash macosx_notarize.sh "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (Plugin).app" "$2" $3 org.jcef.jcef.helper.plugin $4 $5 $6
codesign --force --options runtime --entitlements "$ENTITLEMENTS_HELPER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (Renderer).app"
bash macosx_notarize.sh "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (Renderer).app" "$2" $3 org.jcef.jcef.helper.renderer $4 $5
bash macosx_notarize.sh "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (Renderer).app" "$2" $3 org.jcef.jcef.helper.renderer $4 $5 $6
#Sign libraries and framework
echo "Signing libraries and framework..."
@ -42,7 +43,7 @@ codesign --force --options runtime --entitlements "$ENTITLEMENTS_BROWSER" --sign
codesign --force --options runtime --entitlements "$ENTITLEMENTS_BROWSER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/$FRAMEWORK_NAME/Libraries/libGLESv2.dylib"
codesign --force --options runtime --entitlements "$ENTITLEMENTS_BROWSER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/$FRAMEWORK_NAME/Libraries/libvk_swiftshader.dylib"
codesign --force --options runtime --entitlements "$ENTITLEMENTS_BROWSER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/$FRAMEWORK_NAME"
bash macosx_notarize.sh "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/$FRAMEWORK_NAME" "$2" $3 org.cef.framework $4 $5
bash macosx_notarize.sh "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/$FRAMEWORK_NAME" "$2" $3 org.cef.framework $4 $5 $6
codesign --force --options runtime --entitlements "$ENTITLEMENTS_BROWSER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/Contents/Java/libjcef.dylib"
bash macosx_codesign_zip.sh "$APP_DIR/$APP_NAME/Contents/Java/gluegen-rt-natives-macosx-universal.jar" "natives/macosx-universal/libgluegen_rt.dylib" "$2"
bash macosx_codesign_zip.sh "$APP_DIR/$APP_NAME/Contents/Java/jogl-all-natives-macosx-universal.jar" "natives/macosx-universal/libnativewindow_awt.dylib" "$2"
@ -51,6 +52,6 @@ bash macosx_codesign_zip.sh "$APP_DIR/$APP_NAME/Contents/Java/jogl-all-natives-m
bash macosx_codesign_zip.sh "$APP_DIR/$APP_NAME/Contents/Java/jogl-all-natives-macosx-universal.jar" "natives/macosx-universal/libnewt_head.dylib" "$2"
bash macosx_codesign_zip.sh "$APP_DIR/$APP_NAME/Contents/Java/jogl-all-natives-macosx-universal.jar" "natives/macosx-universal/libjogl_desktop.dylib" "$2"
codesign --force --options runtime --entitlements "$ENTITLEMENTS_BROWSER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME"
bash macosx_notarize.sh "$APP_DIR/$APP_NAME" "$2" $3 org.jcef.jcef $4 $5
bash macosx_notarize.sh "$APP_DIR/$APP_NAME" "$2" $3 org.jcef.jcef $4 $5 $6
echo "Done signing binaries"

55
macosx_notarize.sh
View File

@ -3,15 +3,16 @@
#Contents partly stolen from https://scriptingosx.com/2019/09/notarize-a-command-line-tool/
#Will need updating for XCode 13+
if [ $# -lt 6 ]
if [ $# -lt 7 ]
then
echo "Usage: ./macosx_notarize.sh <path> <certname> <teamname> <bundleid> <applekeyid> <applekeyissuer>"
echo "Usage: ./macosx_notarize.sh <path> <certname> <teamname> <bundleid> <applekeyid> <applekeypath> <applekeyissuer>"
echo ""
echo "path: the absolute(!) target path"
echo "certname: the apple signing certificate name. Something like \"Developer ID Application: xxx (yyy)\""
echo "teamname: the apple team name. 10-digit id yyy from the cert name."
echo "bundleid: the bundle id of the artifact"
echo "applekeyid: your apple api key id"
echo "applekeyid: id of your apple api key"
echo "applekeypath: path to your apple api key"
echo "applekeyissuer: uuid of your apple api key issuer"
exit 1
fi
@ -27,48 +28,12 @@ cd $APP_DIR
echo "Creating zip"
zip -r "$APP_NAME.zip" "$APP_NAME"
echo "Uploading $ZIP_PATH for notarization"
xcRunOutput=$(xcrun altool --notarize-app \
--type macos \
--primary-bundle-id "$4" \
--apiKey "$5" \
--apiIssuer "$6" \
--file "$1.zip" 2>&1 )
echo "xcrun> $xcRunOutput"
requestUUID=$(echo "$xcRunOutput" | awk '/RequestUUID/ { print $NF; }')
echo "Notarization RequestUUID: $requestUUID"
# clean up zip
rm -f "$APP_NAME.zip"
if [[ $requestUUID == "" ]]; then
echo "Could not upload for notarization"
exit 1
fi
# wait for status to be not "in progress" any more
request_status="in progress"
while [[ "$request_status" == "in progress" ]]; do
echo -n "waiting... "
sleep 60
request_status=$(xcrun altool --notarization-info "$requestUUID" \
--apiKey "$5" \
--apiIssuer "$6" 2>&1 \
| awk -F ': ' '/Status:/ { print $2; }' )
echo "$request_status"
done
# print status information
xcrun altool --notarization-info "$requestUUID" \
--apiKey "$5" \
--apiIssuer "$6"
echo
if [[ $request_status != "success" ]]; then
echo "Could not notarize! ($request_status)"
exit 1
fi
echo "Uploading $ZIP_PATH for notarization and waiting for result"
xcrun notarytool submit "$1.zip" \
--key $6 \
--key-id $5 \
--key-issuer $7 \
--wait
# staple
xcrun stapler staple "$1"