jeans/etcher
jeans/etcher
1
0
Fork 0
mirror of https://github.com/balena-io/etcher.git synced 2025-07-23 19:26:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: make code-signing optional in OS X (#939)

Browse Source 
Code-signing in OS X now relies on the presence of a
`CODE_SIGN_IDENTITY` variable. If it doesn't exist, all the builds will
gracefully complete without code-signing.

As a consequence of this change, the `electron-installer-dmg.sh` script
has been divided into `electron-create-readwrite-dmg.sh`,
`electron-create-readwrite-dmg.sh`, and `electron-sign-dmg.sh`.

Signed-off-by: Juan Cruz Viotti <jviotti@openmailbox.org>
This commit is contained in:
Juan Cruz Viotti 2016-12-05 22:21:28 -04:00 committed by GitHub
parent 00b66a9cf7
commit 457ce16722
4 changed files with 182 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
Makefile
View File

@ -2,7 +2,6 @@
# Application configuration # Application configuration
# --------------------------------------------------------------------- # ---------------------------------------------------------------------
SIGN_IDENTITY_OSX = Developer ID Application: Rulemotion Ltd (66H43P8FRG)
ELECTRON_VERSION = $(shell node -e "console.log(require('./package.json').devDependencies['electron-prebuilt'])") ELECTRON_VERSION = $(shell node -e "console.log(require('./package.json').devDependencies['electron-prebuilt'])")
APPLICATION_NAME = $(shell node -e "console.log(require('./package.json').displayName)") APPLICATION_NAME = $(shell node -e "console.log(require('./package.json').displayName)")
APPLICATION_DESCRIPTION=$(shell node -e "console.log(require('./package.json').description)") APPLICATION_DESCRIPTION=$(shell node -e "console.log(require('./package.json').description)")
@ -69,6 +68,16 @@ endif
# #
TARGET_ARCH = $(HOST_ARCH) TARGET_ARCH = $(HOST_ARCH)
# ---------------------------------------------------------------------
# Code signing
# ---------------------------------------------------------------------
ifeq ($(TARGET_PLATFORM),darwin)
ifndef CODE_SIGN_IDENTITY
$(warning No code-sign identity found (CODE_SIGN_IDENTITY is not set))
endif
endif
# --------------------------------------------------------------------- # ---------------------------------------------------------------------
# Extra variables # Extra variables
# --------------------------------------------------------------------- # ---------------------------------------------------------------------
@ -132,19 +141,29 @@ ifeq ($(TARGET_PLATFORM),linux)
-o $@ -o $@
endif endif
release/$(APPLICATION_NAME)-$(TARGET_PLATFORM)-$(TARGET_ARCH)-rw.dmg: \
release/$(APPLICATION_NAME)-darwin-$(TARGET_ARCH)
./scripts/darwin/electron-create-readwrite-dmg.sh -p $< -o $@ \
-n "$(APPLICATION_NAME)" \
-i assets/icon.icns \
-b assets/osx/installer.png
release/out/$(APPLICATION_NAME)-$(APPLICATION_VERSION)-darwin-$(TARGET_ARCH).zip: \ release/out/$(APPLICATION_NAME)-$(APPLICATION_VERSION)-darwin-$(TARGET_ARCH).zip: \
release/$(APPLICATION_NAME)-darwin-$(TARGET_ARCH) release/$(APPLICATION_NAME)-darwin-$(TARGET_ARCH)
./scripts/darwin/electron-sign-app.sh -a $</$(APPLICATION_NAME).app -i "$(SIGN_IDENTITY_OSX)" ifdef CODE_SIGN_IDENTITY
./scripts/darwin/electron-sign-app.sh -a $</$(APPLICATION_NAME).app -i "$(CODE_SIGN_IDENTITY)"
endif
./scripts/darwin/electron-installer-app-zip.sh -a $</$(APPLICATION_NAME).app -o $@ ./scripts/darwin/electron-installer-app-zip.sh -a $</$(APPLICATION_NAME).app -o $@
release/out/$(APPLICATION_NAME)-$(APPLICATION_VERSION)-darwin-$(TARGET_ARCH).dmg: \ release/out/$(APPLICATION_NAME)-$(APPLICATION_VERSION)-darwin-$(TARGET_ARCH).dmg: \
release/$(APPLICATION_NAME)-darwin-$(TARGET_ARCH) release/$(APPLICATION_NAME)-$(TARGET_PLATFORM)-$(TARGET_ARCH)-rw.dmg
./scripts/darwin/electron-installer-dmg.sh -p $< -o $@ \ ifdef CODE_SIGN_IDENTITY
./scripts/darwin/electron-sign-dmg.sh \
-n "$(APPLICATION_NAME)" \ -n "$(APPLICATION_NAME)" \
-v "$(APPLICATION_VERSION)" \ -d $< \
-d "$(SIGN_IDENTITY_OSX)" \ -i "$(CODE_SIGN_IDENTITY)"
-i assets/icon.icns \ endif
-b assets/osx/installer.png ./scripts/darwin/electron-create-readonly-dmg.sh -d $< -o $@
release/out/$(APPLICATION_NAME)-$(APPLICATION_VERSION)-linux-$(TARGET_ARCH).zip: \ release/out/$(APPLICATION_NAME)-$(APPLICATION_VERSION)-linux-$(TARGET_ARCH).zip: \
release/$(APPLICATION_NAME)-linux-$(TARGET_ARCH) release/$(APPLICATION_NAME)-linux-$(TARGET_ARCH)

68
scripts/darwin/electron-create-readonly-dmg.sh Executable file
View File

@ -0,0 +1,68 @@
#!/bin/bash
###
# Copyright 2016 resin.io
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
###
set -u
set -e
function check_dep() {
if ! command -v $1 2>/dev/null 1>&2; then
echo "Dependency missing: $1" 1>&2
exit 1
fi
}
OS=$(uname)
if [[ "$OS" != "Darwin" ]]; then
echo "This script is only meant to be run in OS X" 1>&2
exit 1
fi
check_dep hdiutil
function usage() {
echo "Usage: $0"
echo ""
echo "Options"
echo ""
echo " -d <read-write application dmg>"
echo " -o <output>"
exit 1
}
ARGV_APPLICATION_DMG=""
ARGV_OUTPUT=""
while getopts ":d:o:" option; do
case $option in
d) ARGV_APPLICATION_DMG="$OPTARG" ;;
o) ARGV_OUTPUT="$OPTARG" ;;
*) usage ;;
esac
done
if [ -z "$ARGV_APPLICATION_DMG" ] || [ -z "$ARGV_OUTPUT" ]; then
usage
fi
# Convert temporary DMG image into a production-ready
# compressed and read-only DMG image.
mkdir -p "$(dirname "$ARGV_OUTPUT")"
hdiutil convert "$ARGV_APPLICATION_DMG" \
-format UDZO \
-imagekey zlib-level=9 \
-o "$ARGV_OUTPUT"

29
scripts/darwin/electron-installer-dmg.sh → scripts/darwin/electron-create-readwrite-dmg.sh
View File

@ -44,9 +44,7 @@ function usage() {
echo "Options" echo "Options"
echo "" echo ""
echo " -n <application name>" echo " -n <application name>"
echo " -v <application version>"
echo " -p <application package>" echo " -p <application package>"
echo " -d <identity>"
echo " -i <application icon (.icns)>" echo " -i <application icon (.icns)>"
echo " -b <application background (.png)>" echo " -b <application background (.png)>"
echo " -o <output>" echo " -o <output>"
@ -54,19 +52,15 @@ function usage() {
} }
ARGV_APPLICATION_NAME="" ARGV_APPLICATION_NAME=""
ARGV_VERSION=""
ARGV_PACKAGE="" ARGV_PACKAGE=""
ARGV_IDENTITY=""
ARGV_ICON="" ARGV_ICON=""
ARGV_BACKGROUND="" ARGV_BACKGROUND=""
ARGV_OUTPUT="" ARGV_OUTPUT=""
while getopts ":n:v:p:d:i:b:o:" option; do while getopts ":n:p:i:b:o:" option; do
case $option in case $option in
n) ARGV_APPLICATION_NAME="$OPTARG" ;; n) ARGV_APPLICATION_NAME="$OPTARG" ;;
v) ARGV_VERSION="$OPTARG" ;;
p) ARGV_PACKAGE="$OPTARG" ;; p) ARGV_PACKAGE="$OPTARG" ;;
d) ARGV_IDENTITY="$OPTARG" ;;
i) ARGV_ICON="$OPTARG" ;; i) ARGV_ICON="$OPTARG" ;;
b) ARGV_BACKGROUND="$OPTARG" ;; b) ARGV_BACKGROUND="$OPTARG" ;;
o) ARGV_OUTPUT="$OPTARG" ;; o) ARGV_OUTPUT="$OPTARG" ;;
@ -75,15 +69,14 @@ while getopts ":n:v:p:d:i:b:o:" option; do
done done
if [ -z "$ARGV_APPLICATION_NAME" ] \ if [ -z "$ARGV_APPLICATION_NAME" ] \
|| [ -z "$ARGV_VERSION" ] \ || [ -z "$ARGV_PACKAGE" ] \
|| [ -z "$ARGV_IDENTITY" ] \
|| [ -z "$ARGV_ICON" ] \ || [ -z "$ARGV_ICON" ] \
|| [ -z "$ARGV_BACKGROUND" ] \
|| [ -z "$ARGV_OUTPUT" ] || [ -z "$ARGV_OUTPUT" ]
then then
usage usage
fi fi
TEMPORARY_DMG=$ARGV_PACKAGE.dmg
VOLUME_DIRECTORY=/Volumes/$ARGV_APPLICATION_NAME VOLUME_DIRECTORY=/Volumes/$ARGV_APPLICATION_NAME
VOLUME_APPLICATION=$VOLUME_DIRECTORY/$ARGV_APPLICATION_NAME.app VOLUME_APPLICATION=$VOLUME_DIRECTORY/$ARGV_APPLICATION_NAME.app
@ -91,17 +84,16 @@ VOLUME_APPLICATION=$VOLUME_DIRECTORY/$ARGV_APPLICATION_NAME.app
hdiutil detach "$VOLUME_DIRECTORY" || true hdiutil detach "$VOLUME_DIRECTORY" || true
# Create temporary read-write DMG image # Create temporary read-write DMG image
rm -f "$TEMPORARY_DMG"
hdiutil create \ hdiutil create \
-srcfolder "$ARGV_PACKAGE" \ -srcfolder "$ARGV_PACKAGE" \
-volname "$ARGV_APPLICATION_NAME" \ -volname "$ARGV_APPLICATION_NAME" \
-fs HFS+ \ -fs HFS+ \
-fsargs "-c c=64,a=16,e=16" \ -fsargs "-c c=64,a=16,e=16" \
-format UDRW \ -format UDRW \
-size 600M "$TEMPORARY_DMG" -size 600M "$ARGV_OUTPUT"
# Mount temporary DMG image, so we can modify it # Mount temporary DMG image, so we can modify it
hdiutil attach "$TEMPORARY_DMG" -readwrite -noverify hdiutil attach "$ARGV_OUTPUT" -readwrite -noverify
# Wait for a bit to ensure the image is mounted # Wait for a bit to ensure the image is mounted
sleep 2 sleep 2
@ -159,16 +151,5 @@ sync
# Apply HFS+ compression # Apply HFS+ compression
afsctool -ci -9 "$VOLUME_APPLICATION" afsctool -ci -9 "$VOLUME_APPLICATION"
# TODO: this should be decoupled from this script
./scripts/darwin/electron-sign-app.sh -a "$VOLUME_APPLICATION" -i "$ARGV_IDENTITY"
# Unmount temporary DMG image. # Unmount temporary DMG image.
hdiutil detach "$VOLUME_DIRECTORY" hdiutil detach "$VOLUME_DIRECTORY"
# Convert temporary DMG image into a production-ready
# compressed and read-only DMG image.
mkdir -p "$(dirname "$ARGV_OUTPUT")"
hdiutil convert "$TEMPORARY_DMG" \
-format UDZO \
-imagekey zlib-level=9 \
-o "$ARGV_OUTPUT"

82
scripts/darwin/electron-sign-dmg.sh Executable file
View File

@ -0,0 +1,82 @@
#!/bin/bash
###
# Copyright 2016 resin.io
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
###
set -u
set -e
function check_dep() {
if ! command -v $1 2>/dev/null 1>&2; then
echo "Dependency missing: $1" 1>&2
exit 1
fi
}
OS=$(uname)
if [[ "$OS" != "Darwin" ]]; then
echo "This script is only meant to be run in OS X" 1>&2
exit 1
fi
check_dep hdiutil
function usage() {
echo "Usage: $0"
echo ""
echo "Options"
echo ""
echo " -n <application name>"
echo " -d <application (.dmg)>"
echo " -i <identity>"
exit 1
}
ARGV_APPLICATION_NAME=""
ARGV_APPLICATION_DMG=""
ARGV_IDENTITY=""
while getopts ":n:d:i:" option; do
case $option in
n) ARGV_APPLICATION_NAME="$OPTARG" ;;
d) ARGV_APPLICATION_DMG="$OPTARG" ;;
i) ARGV_IDENTITY="$OPTARG" ;;
*) usage ;;
esac
done
if [ -z "$ARGV_APPLICATION_NAME" ] ||
[ -z "$ARGV_APPLICATION_DMG" ] ||
[ -z "$ARGV_IDENTITY" ]; then
usage
fi
VOLUME_DIRECTORY=/Volumes/$ARGV_APPLICATION_NAME
VOLUME_APPLICATION=$VOLUME_DIRECTORY/$ARGV_APPLICATION_NAME.app
# Make sure any previous DMG was unmounted
hdiutil detach "$VOLUME_DIRECTORY" || true
# Mount temporary DMG image, so we can modify it
hdiutil attach "$ARGV_APPLICATION_DMG" -readwrite -noverify
# Wait for a bit to ensure the image is mounted
sleep 2
./scripts/darwin/electron-sign-app.sh -a "$VOLUME_APPLICATION" -i "$ARGV_IDENTITY"
# Unmount temporary DMG image.
hdiutil detach "$VOLUME_DIRECTORY"