Remove linux 386 due to dropped support in chromium 104 and upwards

.github/workflows/build-all.yml

@@ -85,34 +85,6 @@ jobs:
           asset_content_type: application/octet-stream
 
 
-  build-linux-i386:
-    runs-on: ubuntu-latest
-    needs: create-release
-    steps:
-      - uses: actions/checkout@v1
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@master
-        with:
-          platforms: all
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      -
-        name: Build
-        run: |
-          chmod +x compile_linux.sh
-          ./compile_linux.sh 386 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }}
-      - name: Export distribution
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ needs.create-release.outputs.upload_url }}
-          asset_path: out/binary_distrib.tar.gz
-          asset_name: linux-i386.tar.gz
-          asset_content_type: application/octet-stream
-
-
   build-linux-arm64:
     runs-on: ubuntu-latest
     needs: create-release
@@ -242,11 +214,43 @@ jobs:
         run: |
           chmod +x scripts/install_macos_dependencies.sh
           ./scripts/install_macos_dependencies.sh
+      - name: Install Apple certificate
+        env:
+          BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_BUILD_CERTIFICATE_BASE64 }}
+          P12_PASSWORD: ${{ secrets.APPLE_P12_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
+          APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
+          APPLE_API_KEY_NAME: ${{ secrets.APPLE_API_KEY_NAME }}
+        run: |
+          # create variables
+          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+
+          # import certificate from secrets
+          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
+
+          # create temporary keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+          # import certificate to keychain
+          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH -T /usr/bin/codesign
+          security list-keychain -d user -s $KEYCHAIN_PATH
+          
+          # import api key from secrets
+          mkdir "${HOME}/private_keys"
+          echo -n "$APPLE_API_KEY_BASE64" | base64 --decode --output "${HOME}/private_keys/AuthKey_$APPLE_API_KEY_NAME.p8"
       -
         name: Build
         run: |
           chmod +x compile_macosx.sh
-          ./compile_macosx.sh amd64 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }}
+          ./compile_macosx.sh amd64 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }} "${{ secrets.APPLE_BUILD_CERTIFICATE_NAME }}" ${{ secrets.APPLE_TEAM_NAME }} ${{ secrets.APPLE_API_KEY_NAME }} ${{ secrets.APPLE_API_KEY_ISSUER }}
+      - name: Clean up keychain
+        if: ${{ always() }}
+        run: |
+          security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
+          rm -rf "${HOME}/private_keys"
       - name: Export distribution
         uses: actions/upload-release-asset@v1
         env:
@@ -277,11 +281,43 @@ jobs:
         run: |
           chmod +x scripts/install_macos_dependencies.sh
           ./scripts/install_macos_dependencies.sh
+      - name: Install Apple certificate
+        env:
+          BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_BUILD_CERTIFICATE_BASE64 }}
+          P12_PASSWORD: ${{ secrets.APPLE_P12_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
+          APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
+          APPLE_API_KEY_NAME: ${{ secrets.APPLE_API_KEY_NAME }}
+        run: |
+          # create variables
+          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+
+          # import certificate from secrets
+          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
+
+          # create temporary keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+          # import certificate to keychain
+          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH -T /usr/bin/codesign
+          security list-keychain -d user -s $KEYCHAIN_PATH
+          
+          # import api key from secrets
+          mkdir "${HOME}/private_keys"
+          echo -n "$APPLE_API_KEY_BASE64" | base64 --decode --output "${HOME}/private_keys/AuthKey_$APPLE_API_KEY_NAME.p8"
       -
         name: Build
         run: |
           chmod +x compile_macosx.sh
-          ./compile_macosx.sh arm64 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }}
+          ./compile_macosx.sh arm64 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }} "${{ secrets.APPLE_BUILD_CERTIFICATE_NAME }}" ${{ secrets.APPLE_TEAM_NAME }} ${{ secrets.APPLE_API_KEY_NAME }} ${{ secrets.APPLE_API_KEY_ISSUER }}
+      - name: Clean up keychain
+        if: ${{ always() }}
+        run: |
+          security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
+          rm -rf "${HOME}/private_keys"
       - name: Export distribution
         uses: actions/upload-release-asset@v1
         env:

.github/workflows/build-linux-i386.yml

@@ -1,37 +0,0 @@
-name: build-linux-i386
-
-on:
-  workflow_dispatch:
-    inputs:
-      repo:
-        description: 'Git repository to clone'
-        required: true
-        default: 'https://bitbucket.org/chromiumembedded/java-cef.git'
-      ref:
-        description: 'Git commit id to checkout'
-        required: true
-        default: 'master'
-
-jobs:
-  build-linux-i386:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v1
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@master
-        with:
-          platforms: all
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      -
-        name: Build
-        run: |
-          chmod +x compile_linux.sh
-          ./compile_linux.sh 386 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }}
-      -
-        name: Export artifacts
-        uses: actions/upload-artifact@v2
-        with:
-          name: linux-i386.tar.gz
-          path: out/binary_distrib.tar.gz

.github/workflows/build-macosx-amd64.yml

@@ -22,11 +22,43 @@ jobs:
         run: |
           chmod +x scripts/install_macos_dependencies.sh
           ./scripts/install_macos_dependencies.sh
+      - name: Install Apple certificate
+        env:
+          BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_BUILD_CERTIFICATE_BASE64 }}
+          P12_PASSWORD: ${{ secrets.APPLE_P12_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
+          APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
+          APPLE_API_KEY_NAME: ${{ secrets.APPLE_API_KEY_NAME }}
+        run: |
+          # create variables
+          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+
+          # import certificate from secrets
+          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
+
+          # create temporary keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+          # import certificate to keychain
+          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH -T /usr/bin/codesign
+          security list-keychain -d user -s $KEYCHAIN_PATH
+          
+          # import api key from secrets
+          mkdir "${HOME}/private_keys"
+          echo -n "$APPLE_API_KEY_BASE64" | base64 --decode --output "${HOME}/private_keys/AuthKey_$APPLE_API_KEY_NAME.p8"
       -
         name: Build
         run: |
           chmod +x compile_macosx.sh
-          ./compile_macosx.sh amd64 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }}
+          ./compile_macosx.sh amd64 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }} "${{ secrets.APPLE_BUILD_CERTIFICATE_NAME }}" ${{ secrets.APPLE_TEAM_NAME }} ${{ secrets.APPLE_API_KEY_NAME }} ${{ secrets.APPLE_API_KEY_ISSUER }}
+      - name: Clean up keychain
+        if: ${{ always() }}
+        run: |
+          security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
+          rm -rf "${HOME}/private_keys"
       -
         name: Export artifacts
         uses: actions/upload-artifact@v2

.github/workflows/build-macosx-arm64.yml

@@ -22,11 +22,43 @@ jobs:
         run: |
           chmod +x scripts/install_macos_dependencies.sh
           ./scripts/install_macos_dependencies.sh
+      - name: Install Apple certificate
+        env:
+          BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_BUILD_CERTIFICATE_BASE64 }}
+          P12_PASSWORD: ${{ secrets.APPLE_P12_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
+          APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
+          APPLE_API_KEY_NAME: ${{ secrets.APPLE_API_KEY_NAME }}
+        run: |
+          # create variables
+          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+
+          # import certificate from secrets
+          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
+
+          # create temporary keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+          # import certificate to keychain
+          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH -T /usr/bin/codesign
+          security list-keychain -d user -s $KEYCHAIN_PATH
+          
+          # import api key from secrets
+          mkdir "${HOME}/private_keys"
+          echo -n "$APPLE_API_KEY_BASE64" | base64 --decode --output "${HOME}/private_keys/AuthKey_$APPLE_API_KEY_NAME.p8"
       -
         name: Build
         run: |
           chmod +x compile_macosx.sh
-          ./compile_macosx.sh arm64 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }}
+          ./compile_macosx.sh arm64 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }} "${{ secrets.APPLE_BUILD_CERTIFICATE_NAME }}" ${{ secrets.APPLE_TEAM_NAME }} ${{ secrets.APPLE_API_KEY_NAME }} ${{ secrets.APPLE_API_KEY_ISSUER }}
+      - name: Clean up keychain
+        if: ${{ always() }}
+        run: |
+          security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
+          rm -rf "${HOME}/private_keys"
       -
         name: Export artifacts
         uses: actions/upload-artifact@v2

.gitignore

@@ -1,3 +1,4 @@
+jcef
 out
 release_gen/*.txt
 release_gen/*.md

DockerfileLinux

@@ -1,5 +1,7 @@
 FROM friwidev/jcefdocker:linux-latest AS stage
 
+LABEL jcefbuild=true
+
 #Declare build type argument (Release or Debug)
 ARG BUILD_TYPE
 
@@ -30,5 +32,7 @@ RUN ./run_linux.sh
 #Export built files
 FROM scratch AS export-stage
 COPY --from=stage /jcef/binary_distrib.tar.gz .
-
-
+COPY --from=stage /jcef/target target
+COPY --from=stage /jcef/third_party third_party
+COPY --from=stage /jcef/buildtools buildtools
+COPY --from=stage /jcef/jcef_build jcef_build

DockerfileLinuxARMPrebuild

@@ -3,6 +3,8 @@
 
 FROM friwidev/jcefdocker:linux-latest AS stage
 
+LABEL jcefbuild=true
+
 #Declare build type argument (Release or Debug)
 ARG BUILD_TYPE
 

README.md

@@ -12,10 +12,10 @@
 <table>
   <tr>
     <td width="12%"></td>
-    <td width="22%"><img src="https://simpleicons.org/icons/linux.svg" alt="linux" width="32" height="32"><br/><b>amd64, arm64, i386 & arm</b></td>
-    <td width="22%"><img src="https://simpleicons.org/icons/windows.svg" alt="windows" width="32" height="32"><br/><b>amd64 & i386</b></td>
-    <td width="22%"><img src="https://simpleicons.org/icons/windows.svg" alt="windows" width="32" height="32"><br/><b>arm64</b></td>
-    <td width="22%"><img src="https://simpleicons.org/icons/apple.svg" alt="apple" width="32" height="32"><br/><b>amd64 & arm64</b></td>
+    <td width="22%"><a href="#"><img src="https://simpleicons.org/icons/linux.svg" alt="linux" width="32" height="32"></a><br/><b>amd64, arm64 & arm</b></td>
+    <td width="22%"><a href="#"><img src="https://simpleicons.org/icons/windows.svg" alt="windows" width="32" height="32"></a><br/><b>amd64 & i386</b></td>
+    <td width="22%"><a href="#"><img src="https://simpleicons.org/icons/windows.svg" alt="windows" width="32" height="32"></a><br/><b>arm64</b></td>
+    <td width="22%"><a href="#"><img src="https://simpleicons.org/icons/apple.svg" alt="apple" width="32" height="32"></a><br/><b>amd64 & arm64</b></td>
   </tr>
   <tr>
     <td><b>Java</b></td>
@@ -61,11 +61,23 @@ You have multiple options to build your own project using this repository. They
 To build another git repo, simply fork this repository. Then go to the "Actions" tab of your forked repository,
 activate the workflows and manually run the `build-all` (or `build-<platform>`) workflow with your repository and commit id/branch specified.
 This will trigger a build of your desired repository and platforms.
+To produce a build for MacOS, you will need to specify your code signing information or remove the signing and notarization steps from the action workflows.
+
+Required Actions Secrets for signing and notarization:
+
++`APPLE_API_KEY_BASE64`: Your API key to access the Apple Notarization Service (in base64)
++`APPLE_API_KEY_ISSUER`: UUID of issuer (can be found along with your generated key in Apple Dev Console)
++`APPLE_API_KEY_NAME`: The name to be used for your API key on the runner (can be random)
++`APPLE_BUILD_CERTIFICATE_BASE64`: Base64 encoded pkcs12 certificate file from Apple to use for signing
++`APPLE_BUILD_CERTIFICATE_NAME`: Your certificate name (usually starts with `Developer ID Application`)
++`APPLE_P12_PASSWORD`: Password of your pkcs12 certificate file
++`APPLE_KEYCHAIN_PASSWORD`: A random password to use for the keychain on the runner
++`APPLE_TEAM_NAME`: Your apple team name, part of the certificate name (10 digit id in brackets)`
+
 
 ### Building locally
 To build locally, put your sources in the `jcef` directory of this repository, or leave it empty to clone a repository.
-On Windows and Linux, make sure you installed docker (NOT the Snap version!).
-On MacOS, make sure you installed the build dependencies specified
+On Windows and Linux, make sure you installed docker (NOT the Snap version!). On MacOS, make sure you installed the build dependencies specified
 [here](https://bitbucket.org/chromiumembedded/java-cef/wiki/BranchesAndBuilding) and `ninja`.
 
 Then execute `compile-<os>.<sh|bat> <arch> <buildType> [<gitrepo> <gitref>]`.

compile_linux.sh

@@ -4,7 +4,7 @@ if [ $# -lt 2 ] || [ $# -eq 3 ]
   then
     echo "Usage: ./compile_linux.sh <architecture> <buildType> [<gitrepo> <gitref>]"
     echo ""
-    echo "architecture: the target architecture to build for. Architectures are either arm64, arm/v6, 386 or amd64."
+    echo "architecture: the target architecture to build for. Architectures are either arm64, arm/v6 or amd64."
     echo "buildType: either Release or Debug"
     echo "gitrepo: git repository url to clone"
     echo "gitref: the git commit id to pull"
@@ -19,20 +19,60 @@ mkdir out
 mkdir out/linux32
 touch out/linux32/prebuilt.txt
 
+#Remove binary distribution if there was one built before (saves transfer of it to docker context)
+rm -rf jcef/binary_distrib
+
+#Cache build image to not download it again each time (speedup for local builds)
+docker pull friwidev/jcefdocker:linux-latest
+
 #Execute buildx with linux dockerfile and output to current directory
 if [ $# -eq 2 ]
   then
     if [ $1 == "arm/v6" ]
       then
         rm -rf out/linux32
-        docker buildx build --platform=linux/386 --build-arg TARGETARCH=386 --build-arg BUILD_TYPE=$2 --build-arg REPO=https://bitbucket.org/chromiumembedded/java-cef.git --build-arg REF=master --file DockerfileLinuxARMPrebuild --output out .
+        docker buildx build --no-cache --progress=plain --platform=linux/386 --build-arg TARGETARCH=386 --build-arg BUILD_TYPE=$2 --build-arg REPO=https://bitbucket.org/chromiumembedded/java-cef.git --build-arg REF=master --file DockerfileLinuxARMPrebuild --output out .
     fi
-    docker buildx build --platform=linux/$1 --build-arg TARGETARCH=$1 --build-arg BUILD_TYPE=$2 --build-arg REPO=https://bitbucket.org/chromiumembedded/java-cef.git --build-arg REF=master --file DockerfileLinux --output out .
+    docker buildx build --no-cache --progress=plain --platform=linux/$1 --build-arg TARGETARCH=$1 --build-arg BUILD_TYPE=$2 --build-arg REPO=https://bitbucket.org/chromiumembedded/java-cef.git --build-arg REF=master --file DockerfileLinux --output out .
 else
     if [ $1 == "arm/v6" ]
       then
         rm -rf out/linux32
-        docker buildx build --platform=linux/386 --build-arg TARGETARCH=386 --build-arg BUILD_TYPE=$2 --build-arg REPO=$3 --build-arg REF=$4 --file DockerfileLinuxARMPrebuild --output out .
+        docker buildx build --no-cache --progress=plain --platform=linux/386 --build-arg TARGETARCH=386 --build-arg BUILD_TYPE=$2 --build-arg REPO=$3 --build-arg REF=$4 --file DockerfileLinuxARMPrebuild --output out .
     fi
-    docker buildx build --platform=linux/$1 --build-arg TARGETARCH=$1 --build-arg BUILD_TYPE=$2 --build-arg REPO=$3 --build-arg REF=$4 --file DockerfileLinux --output out .
+    docker buildx build --no-cache --progress=plain --platform=linux/$1 --build-arg TARGETARCH=$1 --build-arg BUILD_TYPE=$2 --build-arg REPO=$3 --build-arg REF=$4 --file DockerfileLinux --output out .
 fi
+docker builder prune -f --filter "label=jcefbuild=true"
+
+#Cleanup output dir
+rm -rf out/linux32
+rm -f out/third_party/cef/*.bz2 out/third_party/cef/*.sha1
+
+# Check if the cef download was performed. If so, move third_party dir to jcef dir
+export downloaded=0
+for f in out/third_party/cef/cef_binary_*; do
+    test -d "$f" || continue
+    #We found a matching dir
+    export downloaded=1
+    break
+done
+if [ "$downloaded" -eq "1" ]; then
+    rm -rf jcef/third_party
+    mv out/third_party jcef
+else
+    rm -rf out/third_party
+fi
+
+# Check if the clang download was performed. If so, move it to jcef dir
+if [ -f "out/buildtools/clang-format" ]; then
+    rm -rf jcef/tools/buildtools/linux64
+    mv out/buildtools jcef/tools/buildtools/linux64
+fi
+
+#Move jcef_build
+rm -rf jcef/jcef_build
+mv out/jcef_build jcef/jcef_build
+
+#Move target to binary_distrib
+rm -rf jcef/binary_distrib
+mv out/target jcef/binary_distrib

compile_macosx.sh

@@ -2,16 +2,21 @@
 
 if [ $# -lt 2 ] || [ $# -eq 3 ]
   then
-    echo "Usage: ./compile_macosx.sh <architecture> <buildType> [<gitrepo> <gitref>]"
+    echo "Usage: ./compile_macosx.sh <architecture> <buildType> [<gitrepo> <gitref>] [<certname> <teamname> <applekeyid> <applekeyissuer>]"
     echo ""
     echo "architecture: the target architecture to build for. Architectures are either amd64 or arm64."
     echo "buildType: either Release or Debug"
     echo "gitrepo: git repository url to clone"
     echo "gitref: the git commit id to pull"
+    echo "certname: the apple signing certificate name. Something like \"Developer ID Application: xxx (yyy)\""
+    echo "teamname: the apple team name. 10-digit id yyy from the cert name."
+    echo "applekeyid: your apple api key id"
+    echo "applekeyissuer: uuid of your apple api key issuer"
     exit 1
 fi
 
 cd "$( dirname "$0" )"
+WORK_DIR=$(pwd)
 
 TARGETARCH=$1
 BUILD_TYPE=$2
@@ -42,7 +47,10 @@ fi
 # Create and enter the `jcef_build` directory.
 # The `jcef_build` directory name is required by other JCEF tooling
 # and should not be changed.
-mkdir jcef_build && cd jcef_build
+if [ ! -d "jcef_build" ]; then
+    mkdir jcef_build
+fi
+cd jcef_build
 
 # MacOS: Generate amd64/arm64 Makefiles.
 if [ ${TARGETARCH} == 'amd64' ]; then
@@ -57,9 +65,17 @@ ninja -j4
 cd ../tools
 chmod +x make_distrib.sh
 ./make_distrib.sh macosx64
+cd ..
+
+#Perform code signing
+cd binary_distrib/macosx64
+if [ $# -gt 4 ]
+  then
+    chmod +x $WORK_DIR/macosx_codesign.sh
+    bash $WORK_DIR/macosx_codesign.sh $(pwd) "$5" $6 $7 $8
+fi
 
 #Pack binary_distrib
-cd ../binary_distrib/macosx64
 rm -rf ../../../out
 mkdir ../../../out
 tar -czvf ../../../out/binary_distrib.tar.gz *

entitlements/entitlements-browser.plist

@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+    <dict>
+         <key>com.apple.security.inherit</key>
+                <true/>
+                <key>com.apple.security.network.client</key>
+                <true/>
+                <key>com.apple.security.files.user-selected.read-write</key>
+                <true/>
+                <key>com.apple.security.files.bookmarks.app-scope</key>
+                <true/>
+                <key>com.apple.security.cs.allow-jit</key>
+                <true/>
+                <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+                <true/>
+                <key>com.apple.security.cs.disable-library-validation</key>
+                <true/>
+                <key>com.apple.security.cs.disable-executable-page-protection</key>
+                <true/>
+                <key>com.apple.security.cs.allow-dyld-environment-variables</key>
+                <true/>
+                <key>com.apple.security.device.audio-input</key>
+                <true/>
+                <key>com.apple.security.device.camera</key>
+                <true/>
+                <key>com.apple.security.personal-information.location</key>
+                <true/>
+                <key>com.apple.security.personal-information.addressbook</key>
+                <true/>
+                <key>com.apple.security.personal-information.calendars</key>
+                <true/>
+                <key>com.apple.security.personal-information.photos-library</key>
+                <true/>
+                <key>com.apple.security.automation.apple-events</key>
+                <true/>
+    </dict>
+</plist>

entitlements/entitlements-helper.plist

@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+    <dict>
+         <key>com.apple.security.inherit</key>
+                <true/>
+                <key>com.apple.security.network.client</key>
+                <true/>
+                <key>com.apple.security.files.user-selected.read-write</key>
+                <true/>
+                <key>com.apple.security.files.bookmarks.app-scope</key>
+                <true/>
+                <key>com.apple.security.cs.allow-jit</key>
+                <true/>
+                <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+                <true/>
+                <key>com.apple.security.cs.disable-library-validation</key>
+                <true/>
+                <key>com.apple.security.cs.disable-executable-page-protection</key>
+                <true/>
+                <key>com.apple.security.cs.allow-dyld-environment-variables</key>
+                <true/>
+                <key>com.apple.security.device.audio-input</key>
+                <true/>
+                <key>com.apple.security.device.camera</key>
+                <true/>
+                <key>com.apple.security.personal-information.location</key>
+                <true/>
+                <key>com.apple.security.personal-information.addressbook</key>
+                <true/>
+                <key>com.apple.security.personal-information.calendars</key>
+                <true/>
+                <key>com.apple.security.personal-information.photos-library</key>
+                <true/>
+                <key>com.apple.security.automation.apple-events</key>
+                <true/>
+    </dict>
+</plist>

macosx_codesign.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+
+if [ $# -lt 5 ]
+  then
+    echo "Usage: ./macosx_codesign.sh <path> <certname> <teamname> <applekeyid> <applekeyissuer>"
+    echo ""
+    echo "path: the absolute(!) target path"
+    echo "certname: the apple signing certificate name. Something like \"Developer ID Application: xxx (yyy)\""
+    echo "teamname: the apple team name. 10-digit id yyy from the cert name."
+    echo "applekeyid: your apple api key id"
+    echo "applekeyissuer: uuid of your apple api key issuer"
+    exit 1
+fi
+
+#Set workdir local (for plist files)
+cd "$( dirname "$0" )"
+APP_DIR=$1/bin
+APP_NAME=jcef_app.app
+FRAMEWORKS_DIR=Contents/Frameworks
+FRAMEWORK_NAME=Chromium\ Embedded\ Framework.framework
+ENTITLEMENTS_HELPER=entitlements/entitlements-helper.plist
+ENTITLEMENTS_BROWSER=entitlements/entitlements-browser.plist
+
+chmod -R 777 $APP_DIR/$APP_NAME
+chmod +x macosx_notarize.sh
+chmod +x macosx_codesign_zip.sh
+
+#Sign helpers
+echo "Signing helpers..."
+codesign --force --options runtime --entitlements "$ENTITLEMENTS_HELPER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper.app"
+bash macosx_notarize.sh "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper.app" "$2" $3 org.jcef.jcef.helper $4 $5
+codesign --force --options runtime --entitlements "$ENTITLEMENTS_HELPER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (GPU).app"
+bash macosx_notarize.sh "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (GPU).app" "$2" $3 org.jcef.jcef.helper.gpu $4 $5
+codesign --force --options runtime --entitlements "$ENTITLEMENTS_HELPER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (Plugin).app"
+bash macosx_notarize.sh "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (Plugin).app" "$2" $3 org.jcef.jcef.helper.plugin $4 $5
+codesign --force --options runtime --entitlements "$ENTITLEMENTS_HELPER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (Renderer).app"
+bash macosx_notarize.sh "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (Renderer).app" "$2" $3 org.jcef.jcef.helper.renderer $4 $5
+
+#Sign libraries and framework
+echo "Signing libraries and framework..."
+codesign --force --options runtime --entitlements "$ENTITLEMENTS_BROWSER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/$FRAMEWORK_NAME/Libraries/libEGL.dylib"
+codesign --force --options runtime --entitlements "$ENTITLEMENTS_BROWSER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/$FRAMEWORK_NAME/Libraries/libGLESv2.dylib"
+codesign --force --options runtime --entitlements "$ENTITLEMENTS_BROWSER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/$FRAMEWORK_NAME/Libraries/libswiftshader_libEGL.dylib"
+codesign --force --options runtime --entitlements "$ENTITLEMENTS_BROWSER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/$FRAMEWORK_NAME/Libraries/libswiftshader_libGLESv2.dylib"
+codesign --force --options runtime --entitlements "$ENTITLEMENTS_BROWSER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/$FRAMEWORK_NAME/Libraries/libvk_swiftshader.dylib"
+codesign --force --options runtime --entitlements "$ENTITLEMENTS_BROWSER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/$FRAMEWORK_NAME"
+bash macosx_notarize.sh "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/$FRAMEWORK_NAME" "$2" $3 org.cef.framework $4 $5
+codesign --force --options runtime --entitlements "$ENTITLEMENTS_BROWSER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/Contents/Java/libjcef.dylib"
+bash macosx_codesign_zip.sh "$APP_DIR/$APP_NAME/Contents/Java/gluegen-rt-natives-macosx-universal.jar" "natives/macosx-universal/libgluegen_rt.dylib" "$2"
+bash macosx_codesign_zip.sh "$APP_DIR/$APP_NAME/Contents/Java/jogl-all-natives-macosx-universal.jar" "natives/macosx-universal/libnativewindow_awt.dylib" "$2"
+bash macosx_codesign_zip.sh "$APP_DIR/$APP_NAME/Contents/Java/jogl-all-natives-macosx-universal.jar" "natives/macosx-universal/libnativewindow_macosx.dylib" "$2"
+bash macosx_codesign_zip.sh "$APP_DIR/$APP_NAME/Contents/Java/jogl-all-natives-macosx-universal.jar" "natives/macosx-universal/libjogl_mobile.dylib" "$2"
+bash macosx_codesign_zip.sh "$APP_DIR/$APP_NAME/Contents/Java/jogl-all-natives-macosx-universal.jar" "natives/macosx-universal/libnewt_head.dylib" "$2"
+bash macosx_codesign_zip.sh "$APP_DIR/$APP_NAME/Contents/Java/jogl-all-natives-macosx-universal.jar" "natives/macosx-universal/libjogl_desktop.dylib" "$2"
+codesign --force --options runtime --entitlements "$ENTITLEMENTS_BROWSER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME"
+bash macosx_notarize.sh "$APP_DIR/$APP_NAME" "$2" $3 org.jcef.jcef $4 $5
+
+echo "Done signing binaries"

macosx_codesign_zip.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+if [ $# -lt 3 ]
+  then
+    echo "Usage: ./macosx_codesign_zip.sh <path> <zippath> <certname>"
+    echo ""
+    echo "path: the absolute(!) target path"
+    echo "zippath: the path inside the zip"
+    echo "certname: the apple signing certificate name. Something like \"Developer ID Application: xxx (yyy)\""
+    exit 1
+fi
+
+#Set workdir local
+cd "$( dirname "$0" )"
+ENTITLEMENTS_BROWSER=entitlements/entitlements-browser.plist
+
+mkdir tmp
+unzip "$1" "$2" -d tmp
+codesign --force --options runtime --entitlements "$ENTITLEMENTS_BROWSER" --sign "$3" --timestamp --verbose "tmp/$2"
+cd tmp
+zip --update "$1" "$2"
+cd ..
+rm -rf tmp

macosx_notarize.sh

@@ -0,0 +1,76 @@
+#!/bin/bash
+
+#Contents partly stolen from https://scriptingosx.com/2019/09/notarize-a-command-line-tool/
+#Will need updating for XCode 13+
+
+if [ $# -lt 6 ]
+  then
+    echo "Usage: ./macosx_notarize.sh <path> <certname> <teamname> <bundleid> <applekeyid> <applekeyissuer>"
+    echo ""
+    echo "path: the absolute(!) target path"
+    echo "certname: the apple signing certificate name. Something like \"Developer ID Application: xxx (yyy)\""
+    echo "teamname: the apple team name. 10-digit id yyy from the cert name."
+    echo "bundleid: the bundle id of the artifact"
+    echo "applekeyid: your apple api key id"
+    echo "applekeyissuer: uuid of your apple api key issuer"
+    exit 1
+fi
+
+echo "##########################################################"
+echo "Notarizing $1... This may take a while."
+
+APP_DIR="$( dirname "$1" )"
+APP_NAME="$( basename "$1" )"
+ZIP_PATH=$1.zip
+
+cd $APP_DIR
+echo "Creating zip"
+zip -r "$APP_NAME.zip" "$APP_NAME"
+
+echo "Uploading $ZIP_PATH for notarization"
+requestUUID=$(xcrun altool --notarize-app \
+                           --type macos \
+                           --primary-bundle-id "$4" \
+                           --apiKey "$5" \
+                           --apiIssuer "$6" \
+                           --file "$1.zip" 2>&1 \
+                  | awk '/RequestUUID/ { print $NF; }')
+#                          --asc-provider "$3" \
+
+echo "Notarization RequestUUID: $requestUUID"
+
+# clean up zip
+rm -f "$APP_NAME.zip"
+
+if [[ $requestUUID == "" ]]; then 
+        echo "Could not upload for notarization"
+        exit 1
+fi
+
+# wait for status to be not "in progress" any more
+request_status="in progress"
+while [[ "$request_status" == "in progress" ]]; do
+    echo -n "waiting... "
+    sleep 60
+    request_status=$(xcrun altool --notarization-info "$requestUUID" \
+                              --apiKey "$5" \
+                              --apiIssuer "$6" 2>&1 \
+                 | awk -F ': ' '/Status:/ { print $2; }' )
+    echo "$request_status"
+done
+
+# print status information
+xcrun altool --notarization-info "$requestUUID" \
+             --apiKey "$5" \
+             --apiIssuer "$6"
+echo
+
+if [[ $request_status != "success" ]]; then
+    echo "Could not notarize!"
+    exit 1
+fi
+
+# staple
+xcrun stapler staple "$1"
+
+echo "##########################################################"

release_gen/create_release_info.sh

@@ -76,7 +76,6 @@ mv LICENSE.txt ../LICENSE
   echo "  \"actions_url\": \"$3\", "
   echo "  \"actions_number\": \"$4\", "
   echo "  \"filename_linux_amd64\": \"linux-amd64.tar.gz\", "
-  echo "  \"filename_linux_i386\": \"linux-i386.tar.gz\", "
   echo "  \"filename_linux_arm64\": \"linux-arm64.tar.gz\", "
   echo "  \"filename_linux_arm\": \"linux-arm.tar.gz\", "
   echo "  \"filename_windows_amd64\": \"windows-amd64.tar.gz\", "
@@ -88,7 +87,6 @@ mv LICENSE.txt ../LICENSE
   echo "  \"release_tag\": \"$real_release_tag\","
   echo "  \"release_url\": \"https://github.com/$5/releases/tag/$release_tag\", "
   echo "  \"download_url_linux_amd64\": \"https://github.com/$5/releases/download/$release_tag/linux-amd64.tar.gz\", "
-  echo "  \"download_url_linux_i386\": \"https://github.com/$5/releases/download/$release_tag/linux-i386.tar.gz\", "
   echo "  \"download_url_linux_arm64\": \"https://github.com/$5/releases/download/$release_tag/linux-arm64.tar.gz\", "
   echo "  \"download_url_linux_arm\": \"https://github.com/$5/releases/download/$release_tag/linux-arm.tar.gz\", "
   echo "  \"download_url_windows_amd64\": \"https://github.com/$5/releases/download/$release_tag/windows-amd64.tar.gz\", "

scripts/run_linux.sh

@@ -26,7 +26,7 @@ if [ ! -f "/jcef/README.md" ]; then
 else
     echo "Found existing files to build"
     cd /jcef
-fi
+fi  
 
 #CMakeLists patching
 python3 /builder/patch_cmake.py CMakeLists.txt /builder/CMakeLists.txt.patch
@@ -34,7 +34,19 @@ python3 /builder/patch_cmake.py CMakeLists.txt /builder/CMakeLists.txt.patch
 # Create and enter the `jcef_build` directory.
 # The `jcef_build` directory name is required by other JCEF tooling
 # and should not be changed.
-mkdir jcef_build && cd jcef_build
+if [ ! -d "jcef_build" ]; then
+    mkdir jcef_build
+fi
+cd jcef_build
+
+# Check if the download was already performed. If so, we wont send it outside of the container at the end
+export already_downloaded=0
+for f in ../third_party/cef/cef_binary_*; do
+    test -d "$f" || continue
+    #We found a matching dir
+    export already_downloaded=1
+    break
+done
 
 # Linux: Generate 32/64-bit Unix Makefiles.
 cmake -G "Ninja" -DPROJECT_ARCH=${TARGETARCH} -DCMAKE_BUILD_TYPE=${BUILD_TYPE} ..
@@ -47,7 +59,8 @@ chmod +x compile.sh
 if [ ${TARGETARCH} == 'amd64' ] || [ ${TARGETARCH} == 'arm64' ]; then
     ./compile.sh linux64
 elif [ ${TARGETARCH} == '386' ]; then
-    ./compile.sh linux32
+    echo "386 is no longer supported since chromium 104"
+    exit 1
 else
     echo "Can not compile java classes under arm/v6 currently. So we copy from prebuild directory."
     mkdir -p /jcef/out/linux32
@@ -77,4 +90,16 @@ else
     #Replace natives on armv6
     if [ ${TARGETARCH} == 'arm/v6' ]; then (rm bin/gluegen-rt-natives* && rm bin/jogl-all-natives* && cp /natives/gluegen-rt-natives-linux-armv6hf.jar bin && cp /natives/jogl-all-natives-linux-armv6hf.jar bin) fi
 fi
+
+#Export binaries
 tar -czvf ../../binary_distrib.tar.gz *
+mkdir ../../target
+mv * ../../target
+
+#Do not export third_party if already exported (it is quite large)
+if [ "$already_downloaded" -eq "1" ]; then
+    rm -rf ../../third_party/*
+fi
+
+#Export clang
+mv ../../tools/buildtools/linux64 ../../buildtools

scripts/run_linux_prebuild.sh

@@ -28,7 +28,10 @@ fi
 # Create and enter the `jcef_build` directory.
 # The `jcef_build` directory name is required by other JCEF tooling
 # and should not be changed.
-mkdir jcef_build && cd jcef_build
+if [ ! -d "jcef_build" ]; then
+    mkdir jcef_build
+fi
+cd jcef_build
 
 #Compile JCEF java classes
 cd ../tools