mirror of
https://github.com/balena-io/etcher.git
synced 2025-07-23 19:26:33 +00:00
chore: make code-signing optional in OS X (#939)
Code-signing in OS X now relies on the presence of a `CODE_SIGN_IDENTITY` variable. If it doesn't exist, all the builds will gracefully complete without code-signing. As a consequence of this change, the `electron-installer-dmg.sh` script has been divided into `electron-create-readwrite-dmg.sh`, `electron-create-readwrite-dmg.sh`, and `electron-sign-dmg.sh`. Signed-off-by: Juan Cruz Viotti <jviotti@openmailbox.org>
This commit is contained in:
parent
00b66a9cf7
commit
457ce16722
35
Makefile
35
Makefile
@ -2,7 +2,6 @@
|
|||||||
# Application configuration
|
# Application configuration
|
||||||
# ---------------------------------------------------------------------
|
# ---------------------------------------------------------------------
|
||||||
|
|
||||||
SIGN_IDENTITY_OSX = Developer ID Application: Rulemotion Ltd (66H43P8FRG)
|
|
||||||
ELECTRON_VERSION = $(shell node -e "console.log(require('./package.json').devDependencies['electron-prebuilt'])")
|
ELECTRON_VERSION = $(shell node -e "console.log(require('./package.json').devDependencies['electron-prebuilt'])")
|
||||||
APPLICATION_NAME = $(shell node -e "console.log(require('./package.json').displayName)")
|
APPLICATION_NAME = $(shell node -e "console.log(require('./package.json').displayName)")
|
||||||
APPLICATION_DESCRIPTION=$(shell node -e "console.log(require('./package.json').description)")
|
APPLICATION_DESCRIPTION=$(shell node -e "console.log(require('./package.json').description)")
|
||||||
@ -69,6 +68,16 @@ endif
|
|||||||
#
|
#
|
||||||
TARGET_ARCH = $(HOST_ARCH)
|
TARGET_ARCH = $(HOST_ARCH)
|
||||||
|
|
||||||
|
# ---------------------------------------------------------------------
|
||||||
|
# Code signing
|
||||||
|
# ---------------------------------------------------------------------
|
||||||
|
|
||||||
|
ifeq ($(TARGET_PLATFORM),darwin)
|
||||||
|
ifndef CODE_SIGN_IDENTITY
|
||||||
|
$(warning No code-sign identity found (CODE_SIGN_IDENTITY is not set))
|
||||||
|
endif
|
||||||
|
endif
|
||||||
|
|
||||||
# ---------------------------------------------------------------------
|
# ---------------------------------------------------------------------
|
||||||
# Extra variables
|
# Extra variables
|
||||||
# ---------------------------------------------------------------------
|
# ---------------------------------------------------------------------
|
||||||
@ -132,19 +141,29 @@ ifeq ($(TARGET_PLATFORM),linux)
|
|||||||
-o $@
|
-o $@
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
release/$(APPLICATION_NAME)-$(TARGET_PLATFORM)-$(TARGET_ARCH)-rw.dmg: \
|
||||||
|
release/$(APPLICATION_NAME)-darwin-$(TARGET_ARCH)
|
||||||
|
./scripts/darwin/electron-create-readwrite-dmg.sh -p $< -o $@ \
|
||||||
|
-n "$(APPLICATION_NAME)" \
|
||||||
|
-i assets/icon.icns \
|
||||||
|
-b assets/osx/installer.png
|
||||||
|
|
||||||
release/out/$(APPLICATION_NAME)-$(APPLICATION_VERSION)-darwin-$(TARGET_ARCH).zip: \
|
release/out/$(APPLICATION_NAME)-$(APPLICATION_VERSION)-darwin-$(TARGET_ARCH).zip: \
|
||||||
release/$(APPLICATION_NAME)-darwin-$(TARGET_ARCH)
|
release/$(APPLICATION_NAME)-darwin-$(TARGET_ARCH)
|
||||||
./scripts/darwin/electron-sign-app.sh -a $</$(APPLICATION_NAME).app -i "$(SIGN_IDENTITY_OSX)"
|
ifdef CODE_SIGN_IDENTITY
|
||||||
|
./scripts/darwin/electron-sign-app.sh -a $</$(APPLICATION_NAME).app -i "$(CODE_SIGN_IDENTITY)"
|
||||||
|
endif
|
||||||
./scripts/darwin/electron-installer-app-zip.sh -a $</$(APPLICATION_NAME).app -o $@
|
./scripts/darwin/electron-installer-app-zip.sh -a $</$(APPLICATION_NAME).app -o $@
|
||||||
|
|
||||||
release/out/$(APPLICATION_NAME)-$(APPLICATION_VERSION)-darwin-$(TARGET_ARCH).dmg: \
|
release/out/$(APPLICATION_NAME)-$(APPLICATION_VERSION)-darwin-$(TARGET_ARCH).dmg: \
|
||||||
release/$(APPLICATION_NAME)-darwin-$(TARGET_ARCH)
|
release/$(APPLICATION_NAME)-$(TARGET_PLATFORM)-$(TARGET_ARCH)-rw.dmg
|
||||||
./scripts/darwin/electron-installer-dmg.sh -p $< -o $@ \
|
ifdef CODE_SIGN_IDENTITY
|
||||||
|
./scripts/darwin/electron-sign-dmg.sh \
|
||||||
-n "$(APPLICATION_NAME)" \
|
-n "$(APPLICATION_NAME)" \
|
||||||
-v "$(APPLICATION_VERSION)" \
|
-d $< \
|
||||||
-d "$(SIGN_IDENTITY_OSX)" \
|
-i "$(CODE_SIGN_IDENTITY)"
|
||||||
-i assets/icon.icns \
|
endif
|
||||||
-b assets/osx/installer.png
|
./scripts/darwin/electron-create-readonly-dmg.sh -d $< -o $@
|
||||||
|
|
||||||
release/out/$(APPLICATION_NAME)-$(APPLICATION_VERSION)-linux-$(TARGET_ARCH).zip: \
|
release/out/$(APPLICATION_NAME)-$(APPLICATION_VERSION)-linux-$(TARGET_ARCH).zip: \
|
||||||
release/$(APPLICATION_NAME)-linux-$(TARGET_ARCH)
|
release/$(APPLICATION_NAME)-linux-$(TARGET_ARCH)
|
||||||
|
68
scripts/darwin/electron-create-readonly-dmg.sh
Executable file
68
scripts/darwin/electron-create-readonly-dmg.sh
Executable file
@ -0,0 +1,68 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
###
|
||||||
|
# Copyright 2016 resin.io
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
###
|
||||||
|
|
||||||
|
set -u
|
||||||
|
set -e
|
||||||
|
|
||||||
|
function check_dep() {
|
||||||
|
if ! command -v $1 2>/dev/null 1>&2; then
|
||||||
|
echo "Dependency missing: $1" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
OS=$(uname)
|
||||||
|
if [[ "$OS" != "Darwin" ]]; then
|
||||||
|
echo "This script is only meant to be run in OS X" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
check_dep hdiutil
|
||||||
|
|
||||||
|
function usage() {
|
||||||
|
echo "Usage: $0"
|
||||||
|
echo ""
|
||||||
|
echo "Options"
|
||||||
|
echo ""
|
||||||
|
echo " -d <read-write application dmg>"
|
||||||
|
echo " -o <output>"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
ARGV_APPLICATION_DMG=""
|
||||||
|
ARGV_OUTPUT=""
|
||||||
|
|
||||||
|
while getopts ":d:o:" option; do
|
||||||
|
case $option in
|
||||||
|
d) ARGV_APPLICATION_DMG="$OPTARG" ;;
|
||||||
|
o) ARGV_OUTPUT="$OPTARG" ;;
|
||||||
|
*) usage ;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ -z "$ARGV_APPLICATION_DMG" ] || [ -z "$ARGV_OUTPUT" ]; then
|
||||||
|
usage
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Convert temporary DMG image into a production-ready
|
||||||
|
# compressed and read-only DMG image.
|
||||||
|
mkdir -p "$(dirname "$ARGV_OUTPUT")"
|
||||||
|
hdiutil convert "$ARGV_APPLICATION_DMG" \
|
||||||
|
-format UDZO \
|
||||||
|
-imagekey zlib-level=9 \
|
||||||
|
-o "$ARGV_OUTPUT"
|
@ -44,9 +44,7 @@ function usage() {
|
|||||||
echo "Options"
|
echo "Options"
|
||||||
echo ""
|
echo ""
|
||||||
echo " -n <application name>"
|
echo " -n <application name>"
|
||||||
echo " -v <application version>"
|
|
||||||
echo " -p <application package>"
|
echo " -p <application package>"
|
||||||
echo " -d <identity>"
|
|
||||||
echo " -i <application icon (.icns)>"
|
echo " -i <application icon (.icns)>"
|
||||||
echo " -b <application background (.png)>"
|
echo " -b <application background (.png)>"
|
||||||
echo " -o <output>"
|
echo " -o <output>"
|
||||||
@ -54,19 +52,15 @@ function usage() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
ARGV_APPLICATION_NAME=""
|
ARGV_APPLICATION_NAME=""
|
||||||
ARGV_VERSION=""
|
|
||||||
ARGV_PACKAGE=""
|
ARGV_PACKAGE=""
|
||||||
ARGV_IDENTITY=""
|
|
||||||
ARGV_ICON=""
|
ARGV_ICON=""
|
||||||
ARGV_BACKGROUND=""
|
ARGV_BACKGROUND=""
|
||||||
ARGV_OUTPUT=""
|
ARGV_OUTPUT=""
|
||||||
|
|
||||||
while getopts ":n:v:p:d:i:b:o:" option; do
|
while getopts ":n:p:i:b:o:" option; do
|
||||||
case $option in
|
case $option in
|
||||||
n) ARGV_APPLICATION_NAME="$OPTARG" ;;
|
n) ARGV_APPLICATION_NAME="$OPTARG" ;;
|
||||||
v) ARGV_VERSION="$OPTARG" ;;
|
|
||||||
p) ARGV_PACKAGE="$OPTARG" ;;
|
p) ARGV_PACKAGE="$OPTARG" ;;
|
||||||
d) ARGV_IDENTITY="$OPTARG" ;;
|
|
||||||
i) ARGV_ICON="$OPTARG" ;;
|
i) ARGV_ICON="$OPTARG" ;;
|
||||||
b) ARGV_BACKGROUND="$OPTARG" ;;
|
b) ARGV_BACKGROUND="$OPTARG" ;;
|
||||||
o) ARGV_OUTPUT="$OPTARG" ;;
|
o) ARGV_OUTPUT="$OPTARG" ;;
|
||||||
@ -75,15 +69,14 @@ while getopts ":n:v:p:d:i:b:o:" option; do
|
|||||||
done
|
done
|
||||||
|
|
||||||
if [ -z "$ARGV_APPLICATION_NAME" ] \
|
if [ -z "$ARGV_APPLICATION_NAME" ] \
|
||||||
|| [ -z "$ARGV_VERSION" ] \
|
|| [ -z "$ARGV_PACKAGE" ] \
|
||||||
|| [ -z "$ARGV_IDENTITY" ] \
|
|
||||||
|| [ -z "$ARGV_ICON" ] \
|
|| [ -z "$ARGV_ICON" ] \
|
||||||
|
|| [ -z "$ARGV_BACKGROUND" ] \
|
||||||
|| [ -z "$ARGV_OUTPUT" ]
|
|| [ -z "$ARGV_OUTPUT" ]
|
||||||
then
|
then
|
||||||
usage
|
usage
|
||||||
fi
|
fi
|
||||||
|
|
||||||
TEMPORARY_DMG=$ARGV_PACKAGE.dmg
|
|
||||||
VOLUME_DIRECTORY=/Volumes/$ARGV_APPLICATION_NAME
|
VOLUME_DIRECTORY=/Volumes/$ARGV_APPLICATION_NAME
|
||||||
VOLUME_APPLICATION=$VOLUME_DIRECTORY/$ARGV_APPLICATION_NAME.app
|
VOLUME_APPLICATION=$VOLUME_DIRECTORY/$ARGV_APPLICATION_NAME.app
|
||||||
|
|
||||||
@ -91,17 +84,16 @@ VOLUME_APPLICATION=$VOLUME_DIRECTORY/$ARGV_APPLICATION_NAME.app
|
|||||||
hdiutil detach "$VOLUME_DIRECTORY" || true
|
hdiutil detach "$VOLUME_DIRECTORY" || true
|
||||||
|
|
||||||
# Create temporary read-write DMG image
|
# Create temporary read-write DMG image
|
||||||
rm -f "$TEMPORARY_DMG"
|
|
||||||
hdiutil create \
|
hdiutil create \
|
||||||
-srcfolder "$ARGV_PACKAGE" \
|
-srcfolder "$ARGV_PACKAGE" \
|
||||||
-volname "$ARGV_APPLICATION_NAME" \
|
-volname "$ARGV_APPLICATION_NAME" \
|
||||||
-fs HFS+ \
|
-fs HFS+ \
|
||||||
-fsargs "-c c=64,a=16,e=16" \
|
-fsargs "-c c=64,a=16,e=16" \
|
||||||
-format UDRW \
|
-format UDRW \
|
||||||
-size 600M "$TEMPORARY_DMG"
|
-size 600M "$ARGV_OUTPUT"
|
||||||
|
|
||||||
# Mount temporary DMG image, so we can modify it
|
# Mount temporary DMG image, so we can modify it
|
||||||
hdiutil attach "$TEMPORARY_DMG" -readwrite -noverify
|
hdiutil attach "$ARGV_OUTPUT" -readwrite -noverify
|
||||||
|
|
||||||
# Wait for a bit to ensure the image is mounted
|
# Wait for a bit to ensure the image is mounted
|
||||||
sleep 2
|
sleep 2
|
||||||
@ -159,16 +151,5 @@ sync
|
|||||||
# Apply HFS+ compression
|
# Apply HFS+ compression
|
||||||
afsctool -ci -9 "$VOLUME_APPLICATION"
|
afsctool -ci -9 "$VOLUME_APPLICATION"
|
||||||
|
|
||||||
# TODO: this should be decoupled from this script
|
|
||||||
./scripts/darwin/electron-sign-app.sh -a "$VOLUME_APPLICATION" -i "$ARGV_IDENTITY"
|
|
||||||
|
|
||||||
# Unmount temporary DMG image.
|
# Unmount temporary DMG image.
|
||||||
hdiutil detach "$VOLUME_DIRECTORY"
|
hdiutil detach "$VOLUME_DIRECTORY"
|
||||||
|
|
||||||
# Convert temporary DMG image into a production-ready
|
|
||||||
# compressed and read-only DMG image.
|
|
||||||
mkdir -p "$(dirname "$ARGV_OUTPUT")"
|
|
||||||
hdiutil convert "$TEMPORARY_DMG" \
|
|
||||||
-format UDZO \
|
|
||||||
-imagekey zlib-level=9 \
|
|
||||||
-o "$ARGV_OUTPUT"
|
|
82
scripts/darwin/electron-sign-dmg.sh
Executable file
82
scripts/darwin/electron-sign-dmg.sh
Executable file
@ -0,0 +1,82 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
###
|
||||||
|
# Copyright 2016 resin.io
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
###
|
||||||
|
|
||||||
|
set -u
|
||||||
|
set -e
|
||||||
|
|
||||||
|
function check_dep() {
|
||||||
|
if ! command -v $1 2>/dev/null 1>&2; then
|
||||||
|
echo "Dependency missing: $1" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
OS=$(uname)
|
||||||
|
if [[ "$OS" != "Darwin" ]]; then
|
||||||
|
echo "This script is only meant to be run in OS X" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
check_dep hdiutil
|
||||||
|
|
||||||
|
function usage() {
|
||||||
|
echo "Usage: $0"
|
||||||
|
echo ""
|
||||||
|
echo "Options"
|
||||||
|
echo ""
|
||||||
|
echo " -n <application name>"
|
||||||
|
echo " -d <application (.dmg)>"
|
||||||
|
echo " -i <identity>"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
ARGV_APPLICATION_NAME=""
|
||||||
|
ARGV_APPLICATION_DMG=""
|
||||||
|
ARGV_IDENTITY=""
|
||||||
|
|
||||||
|
while getopts ":n:d:i:" option; do
|
||||||
|
case $option in
|
||||||
|
n) ARGV_APPLICATION_NAME="$OPTARG" ;;
|
||||||
|
d) ARGV_APPLICATION_DMG="$OPTARG" ;;
|
||||||
|
i) ARGV_IDENTITY="$OPTARG" ;;
|
||||||
|
*) usage ;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ -z "$ARGV_APPLICATION_NAME" ] ||
|
||||||
|
[ -z "$ARGV_APPLICATION_DMG" ] ||
|
||||||
|
[ -z "$ARGV_IDENTITY" ]; then
|
||||||
|
usage
|
||||||
|
fi
|
||||||
|
|
||||||
|
VOLUME_DIRECTORY=/Volumes/$ARGV_APPLICATION_NAME
|
||||||
|
VOLUME_APPLICATION=$VOLUME_DIRECTORY/$ARGV_APPLICATION_NAME.app
|
||||||
|
|
||||||
|
# Make sure any previous DMG was unmounted
|
||||||
|
hdiutil detach "$VOLUME_DIRECTORY" || true
|
||||||
|
|
||||||
|
# Mount temporary DMG image, so we can modify it
|
||||||
|
hdiutil attach "$ARGV_APPLICATION_DMG" -readwrite -noverify
|
||||||
|
|
||||||
|
# Wait for a bit to ensure the image is mounted
|
||||||
|
sleep 2
|
||||||
|
|
||||||
|
./scripts/darwin/electron-sign-app.sh -a "$VOLUME_APPLICATION" -i "$ARGV_IDENTITY"
|
||||||
|
|
||||||
|
# Unmount temporary DMG image.
|
||||||
|
hdiutil detach "$VOLUME_DIRECTORY"
|
Loading…
x
Reference in New Issue
Block a user