chore: make code-signing optional in OS X (#939)

Code-signing in OS X now relies on the presence of a `CODE_SIGN_IDENTITY` variable. If it doesn't exist, all the builds will gracefully complete without code-signing. As a consequence of this change, the `electron-installer-dmg.sh` script has been divided into `electron-create-readwrite-dmg.sh`, `electron-create-readwrite-dmg.sh`, and `electron-sign-dmg.sh`. Signed-off-by: Juan Cruz Viotti <jviotti@openmailbox.org>
2025-04-24 07:17:18 +00:00 · 2016-12-05 22:21:28 -04:00 · 2016-12-05 22:21:28 -04:00 · 457ce16722
commit 457ce16722
parent 00b66a9cf7
4 changed files with 182 additions and 32 deletions
--- a/35
+++ b/35
@ -2,7 +2,6 @@
 # Application configuration
 # ---------------------------------------------------------------------

-SIGN_IDENTITY_OSX = Developer ID Application: Rulemotion Ltd (66H43P8FRG)
 ELECTRON_VERSION = $(shell node -e "console.log(require('./package.json').devDependencies['electron-prebuilt'])")
 APPLICATION_NAME = $(shell node -e "console.log(require('./package.json').displayName)")
 APPLICATION_DESCRIPTION=$(shell node -e "console.log(require('./package.json').description)")
@ -69,6 +68,16 @@ endif
 #
 TARGET_ARCH = $(HOST_ARCH)

+# ---------------------------------------------------------------------
+# Code signing
+# ---------------------------------------------------------------------
+
+ifeq ($(TARGET_PLATFORM),darwin)
+ifndef CODE_SIGN_IDENTITY
+$(warning No code-sign identity found (CODE_SIGN_IDENTITY is not set))
+endif
+endif
+
 # ---------------------------------------------------------------------
 # Extra variables
 # ---------------------------------------------------------------------
@ -132,19 +141,29 @@ ifeq ($(TARGET_PLATFORM),linux)
 		-o $@
 endif

+release/$(APPLICATION_NAME)-$(TARGET_PLATFORM)-$(TARGET_ARCH)-rw.dmg: \
+	release/$(APPLICATION_NAME)-darwin-$(TARGET_ARCH)
+	./scripts/darwin/electron-create-readwrite-dmg.sh -p $< -o $@ \
+		-n "$(APPLICATION_NAME)" \
+		-i assets/icon.icns \
+		-b assets/osx/installer.png
+
 release/out/$(APPLICATION_NAME)-$(APPLICATION_VERSION)-darwin-$(TARGET_ARCH).zip: \
 	release/$(APPLICATION_NAME)-darwin-$(TARGET_ARCH)
-	./scripts/darwin/electron-sign-app.sh -a $</$(APPLICATION_NAME).app -i "$(SIGN_IDENTITY_OSX)"
+ifdef CODE_SIGN_IDENTITY
+	./scripts/darwin/electron-sign-app.sh -a $</$(APPLICATION_NAME).app -i "$(CODE_SIGN_IDENTITY)"
+endif
 	./scripts/darwin/electron-installer-app-zip.sh -a $</$(APPLICATION_NAME).app -o $@

 release/out/$(APPLICATION_NAME)-$(APPLICATION_VERSION)-darwin-$(TARGET_ARCH).dmg: \
-	release/$(APPLICATION_NAME)-darwin-$(TARGET_ARCH)
-	./scripts/darwin/electron-installer-dmg.sh -p $< -o $@ \
+	release/$(APPLICATION_NAME)-$(TARGET_PLATFORM)-$(TARGET_ARCH)-rw.dmg
+ifdef CODE_SIGN_IDENTITY
+	./scripts/darwin/electron-sign-dmg.sh \
 		-n "$(APPLICATION_NAME)" \
-		-v "$(APPLICATION_VERSION)" \
-		-d "$(SIGN_IDENTITY_OSX)" \
-		-i assets/icon.icns \
-		-b assets/osx/installer.png
+		-d $< \
+		-i "$(CODE_SIGN_IDENTITY)"
+endif
+	./scripts/darwin/electron-create-readonly-dmg.sh -d $< -o $@

 release/out/$(APPLICATION_NAME)-$(APPLICATION_VERSION)-linux-$(TARGET_ARCH).zip: \
 	release/$(APPLICATION_NAME)-linux-$(TARGET_ARCH)
--- a/scripts/darwin/electron-create-readonly-dmg.sh
+++ b/scripts/darwin/electron-create-readonly-dmg.sh
@ -0,0 +1,68 @@
+#!/bin/bash
+
+###
+# Copyright 2016 resin.io
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+###
+
+set -u
+set -e
+
+function check_dep() {
+  if ! command -v $1 2>/dev/null 1>&2; then
+    echo "Dependency missing: $1" 1>&2
+    exit 1
+  fi
+}
+
+OS=$(uname)
+if [[ "$OS" != "Darwin" ]]; then
+  echo "This script is only meant to be run in OS X" 1>&2
+  exit 1
+fi
+
+check_dep hdiutil
+
+function usage() {
+  echo "Usage: $0"
+  echo ""
+  echo "Options"
+  echo ""
+  echo "    -d <read-write application dmg>"
+  echo "    -o <output>"
+  exit 1
+}
+
+ARGV_APPLICATION_DMG=""
+ARGV_OUTPUT=""
+
+while getopts ":d:o:" option; do
+  case $option in
+    d) ARGV_APPLICATION_DMG="$OPTARG" ;;
+    o) ARGV_OUTPUT="$OPTARG" ;;
+    *) usage ;;
+  esac
+done
+
+if [ -z "$ARGV_APPLICATION_DMG" ] || [ -z "$ARGV_OUTPUT" ]; then
+  usage
+fi
+
+# Convert temporary DMG image into a production-ready
+# compressed and read-only DMG image.
+mkdir -p "$(dirname "$ARGV_OUTPUT")"
+hdiutil convert "$ARGV_APPLICATION_DMG" \
+  -format UDZO \
+  -imagekey zlib-level=9 \
+  -o "$ARGV_OUTPUT"
--- a/scripts/darwin/electron-create-readwrite-dmg.sh
+++ b/scripts/darwin/electron-create-readwrite-dmg.sh
@ -44,9 +44,7 @@ function usage() {
  echo "Options"
  echo ""
  echo "    -n <application name>"
-  echo "    -v <application version>"
  echo "    -p <application package>"
-  echo "    -d <identity>"
  echo "    -i <application icon (.icns)>"
  echo "    -b <application background (.png)>"
  echo "    -o <output>"
@ -54,19 +52,15 @@ function usage() {
 }

 ARGV_APPLICATION_NAME=""
-ARGV_VERSION=""
 ARGV_PACKAGE=""
-ARGV_IDENTITY=""
 ARGV_ICON=""
 ARGV_BACKGROUND=""
 ARGV_OUTPUT=""

-while getopts ":n:v:p:d:i:b:o:" option; do
+while getopts ":n:p:i:b:o:" option; do
  case $option in
    n) ARGV_APPLICATION_NAME="$OPTARG" ;;
-    v) ARGV_VERSION="$OPTARG" ;;
    p) ARGV_PACKAGE="$OPTARG" ;;
-    d) ARGV_IDENTITY="$OPTARG" ;;
    i) ARGV_ICON="$OPTARG" ;;
    b) ARGV_BACKGROUND="$OPTARG" ;;
    o) ARGV_OUTPUT="$OPTARG" ;;
@ -75,15 +69,14 @@ while getopts ":n:v:p:d:i:b:o:" option; do
 done

 if [ -z "$ARGV_APPLICATION_NAME" ] \
-  || [ -z "$ARGV_VERSION" ] \
-  || [ -z "$ARGV_IDENTITY" ] \
+  || [ -z "$ARGV_PACKAGE" ] \
  || [ -z "$ARGV_ICON" ] \
+  || [ -z "$ARGV_BACKGROUND" ] \
  || [ -z "$ARGV_OUTPUT" ]
 then
  usage
 fi

-TEMPORARY_DMG=$ARGV_PACKAGE.dmg
 VOLUME_DIRECTORY=/Volumes/$ARGV_APPLICATION_NAME
 VOLUME_APPLICATION=$VOLUME_DIRECTORY/$ARGV_APPLICATION_NAME.app

@ -91,17 +84,16 @@ VOLUME_APPLICATION=$VOLUME_DIRECTORY/$ARGV_APPLICATION_NAME.app
 hdiutil detach "$VOLUME_DIRECTORY" || true

 # Create temporary read-write DMG image
-rm -f "$TEMPORARY_DMG"
 hdiutil create \
  -srcfolder "$ARGV_PACKAGE" \
  -volname "$ARGV_APPLICATION_NAME" \
  -fs HFS+ \
  -fsargs "-c c=64,a=16,e=16" \
  -format UDRW \
-  -size 600M "$TEMPORARY_DMG"
+  -size 600M "$ARGV_OUTPUT"

 # Mount temporary DMG image, so we can modify it
-hdiutil attach "$TEMPORARY_DMG" -readwrite -noverify
+hdiutil attach "$ARGV_OUTPUT" -readwrite -noverify

 # Wait for a bit to ensure the image is mounted
 sleep 2
@ -159,16 +151,5 @@ sync
 # Apply HFS+ compression
 afsctool -ci -9 "$VOLUME_APPLICATION"

-# TODO: this should be decoupled from this script
-./scripts/darwin/electron-sign-app.sh -a "$VOLUME_APPLICATION" -i "$ARGV_IDENTITY"
-
 # Unmount temporary DMG image.
 hdiutil detach "$VOLUME_DIRECTORY"
-
-# Convert temporary DMG image into a production-ready
-# compressed and read-only DMG image.
-mkdir -p "$(dirname "$ARGV_OUTPUT")"
-hdiutil convert "$TEMPORARY_DMG" \
-  -format UDZO \
-  -imagekey zlib-level=9 \
-  -o "$ARGV_OUTPUT"
--- a/scripts/darwin/electron-sign-dmg.sh
+++ b/scripts/darwin/electron-sign-dmg.sh
@ -0,0 +1,82 @@
+#!/bin/bash
+
+###
+# Copyright 2016 resin.io
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+###
+
+set -u
+set -e
+
+function check_dep() {
+  if ! command -v $1 2>/dev/null 1>&2; then
+    echo "Dependency missing: $1" 1>&2
+    exit 1
+  fi
+}
+
+OS=$(uname)
+if [[ "$OS" != "Darwin" ]]; then
+  echo "This script is only meant to be run in OS X" 1>&2
+  exit 1
+fi
+
+check_dep hdiutil
+
+function usage() {
+  echo "Usage: $0"
+  echo ""
+  echo "Options"
+  echo ""
+  echo "    -n <application name>"
+  echo "    -d <application (.dmg)>"
+  echo "    -i <identity>"
+  exit 1
+}
+
+ARGV_APPLICATION_NAME=""
+ARGV_APPLICATION_DMG=""
+ARGV_IDENTITY=""
+
+while getopts ":n:d:i:" option; do
+  case $option in
+    n) ARGV_APPLICATION_NAME="$OPTARG" ;;
+    d) ARGV_APPLICATION_DMG="$OPTARG" ;;
+    i) ARGV_IDENTITY="$OPTARG" ;;
+    *) usage ;;
+  esac
+done
+
+if [ -z "$ARGV_APPLICATION_NAME" ] ||
+   [ -z "$ARGV_APPLICATION_DMG" ] ||
+   [ -z "$ARGV_IDENTITY" ]; then
+  usage
+fi
+
+VOLUME_DIRECTORY=/Volumes/$ARGV_APPLICATION_NAME
+VOLUME_APPLICATION=$VOLUME_DIRECTORY/$ARGV_APPLICATION_NAME.app
+
+# Make sure any previous DMG was unmounted
+hdiutil detach "$VOLUME_DIRECTORY" || true
+
+# Mount temporary DMG image, so we can modify it
+hdiutil attach "$ARGV_APPLICATION_DMG" -readwrite -noverify
+
+# Wait for a bit to ensure the image is mounted
+sleep 2
+
+./scripts/darwin/electron-sign-app.sh -a "$VOLUME_APPLICATION" -i "$ARGV_IDENTITY"
+
+# Unmount temporary DMG image.
+hdiutil detach "$VOLUME_DIRECTORY"