From 3c8f8a9d2467d930c9281c6315f09edc23f5cfba Mon Sep 17 00:00:00 2001 From: Brecht Van Lommel Date: Sat, 22 Jun 2019 15:51:35 +0200 Subject: macOS: tweaks for macOS bundle script * Follow Blender code style a bit more closely * Fix mixed tabs and spaces * Remove old README now that it's part of the script * Make less tied to specific Blender version numbers --- release/darwin/bundle.sh | 226 +++++++++++++++++++++++------------------------ 1 file changed, 110 insertions(+), 116 deletions(-) (limited to 'release/darwin/bundle.sh') diff --git a/release/darwin/bundle.sh b/release/darwin/bundle.sh index 85084e07ee2..73fba0f30e6 100755 --- a/release/darwin/bundle.sh +++ b/release/darwin/bundle.sh @@ -1,71 +1,69 @@ #!/usr/bin/env bash +# +# Script to create a macOS dmg file for Blender builds, including code +# signing and notarization for releases. -# create blender distribution dmg - -# check that we have all needed tools - +# Check that we have all needed tools. for i in osascript git codesign hdiutil xcrun ; do if [ ! -x "$(which ${i})" ]; then - echo "Unable to execute command $i, macOS broken?" - exit 1 + echo "Unable to execute command $i, macOS broken?" + exit 1 fi done -# some defaults settings - -_scriptdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -_volname="Blender" -_tmpdir="$(mktemp -d)" -_tmpdmg="/tmp/blender-tmp.dmg" -BACKGROUND_IMAGE="${_scriptdir}/background.tif" -MOUNT_DIR="/Volumes/${_volname}" - -# handle arguments +# Defaults settings. +_script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +_volume_name="Blender" +_tmp_dir="$(mktemp -d)" +_tmp_dmg="/tmp/blender-tmp.dmg" +_background_image="${_script_dir}/background.tif" +_mount_dir="/Volumes/${_volume_name}" +# Handle arguments. while [[ $# -gt 0 ]]; do key=$1 case $key in - -s|--source) - SRC_DIR="$2" - shift - shift - ;; - -d|--dmg) - DEST_DMG="$2" - shift - shift - ;; - -b|--bundle-id) - N_BUNDLE_ID="$2" - shift - shift - ;; - -u|--username) - N_USERNAME="$2" - shift - shift - ;; - -p|--password) - N_PASSWORD="$2" - shift - shift - ;; - -c|--codesign) - C_CERT="$2" - shift - shift - ;; - -h|--help) - echo "Usage:" - echo " $(basename "$0") --source DIR --dmg IMAGENAME " - echo " optional arguments:" - echo " --codesign " - echo " --username " - echo " --password " - echo " --bundle-id " - echo " Check https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/customizing_the_notarization_workflow " - exit 1 - ;; + -s|--source) + SRC_DIR="$2" + shift + shift + ;; + -d|--dmg) + DEST_DMG="$2" + shift + shift + ;; + -b|--bundle-id) + N_BUNDLE_ID="$2" + shift + shift + ;; + -u|--username) + N_USERNAME="$2" + shift + shift + ;; + -p|--password) + N_PASSWORD="$2" + shift + shift + ;; + -c|--codesign) + C_CERT="$2" + shift + shift + ;; + -h|--help) + echo "Usage:" + echo " $(basename "$0") --source DIR --dmg IMAGENAME " + echo " optional arguments:" + echo " --codesign " + echo " --username " + echo " --password " + echo " --bundle-id " + echo " Check https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/customizing_the_notarization_workflow " + exit 1 + ;; esac done @@ -79,120 +77,116 @@ if [ -z "${DEST_DMG}" ]; then exit 1 fi -# destroy destination dmg if there is any. be warned. - +# Destroy destination dmg if there is any. test -f "${DEST_DMG}" && rm "${DEST_DMG}" -if [ -d "${MOUNT_DIR}" ]; then +if [ -d "${_mount_dir}" ]; then echo -n "Ejecting existing blender volume.." - DEV_FILE=$(mount | grep "${MOUNT_DIR}" | awk '{ print $1 }') + DEV_FILE=$(mount | grep "${_mount_dir}" | awk '{ print $1 }') diskutil eject "${DEV_FILE}" || exit 1 echo fi -# let's go. - +# Copy dmg contents. echo -n "Copying Blender.app..." -cp -r "${SRC_DIR}/Blender.app" "${_tmpdir}/" || exit 1 +cp -r "${SRC_DIR}/Blender.app" "${_tmp_dir}/" || exit 1 echo -# Create the disk image +# Create the disk image. +_directory_size=$(du -sh ${_tmp_dir} | awk -F'[^0-9]*' '$0=$1') +_image_size=$(echo "${_directory_size}" + 200 | bc) # extra 200 need for codesign to work (why on earth?) -_ds=$(du -sh ${_tmpdir} | awk -F'[^0-9]*' '$0=$1') # directory size -_is=$(echo "${_ds}" + 200 | bc) # image size with extra 200 ! (why on earth!) for codesign to work echo -echo -n "Creating disk image of size ${_is}M.." -test -f "${_tmpdmg}" && rm "${_tmpdmg}" -hdiutil create -size "${_is}m" -fs HFS+ -srcfolder "${_tmpdir}" -volname "${_volname}" -format UDRW "${_tmpdmg}" +echo -n "Creating disk image of size ${_image_size}M.." +test -f "${_tmp_dmg}" && rm "${_tmp_dmg}" +hdiutil create -size "${_image_size}m" -fs HFS+ -srcfolder "${_tmp_dir}" -volname "${_volume_name}" -format UDRW "${_tmp_dmg}" echo "Mounting readwrite image..." -hdiutil attach -readwrite -noverify -noautoopen "${_tmpdmg}" +hdiutil attach -readwrite -noverify -noautoopen "${_tmp_dmg}" echo "Setting background picture.." -if ! test -z "${BACKGROUND_IMAGE}"; then +if ! test -z "${_background_image}"; then echo "Copying background image ..." - test -d "${MOUNT_DIR}/.background" || mkdir "${MOUNT_DIR}/.background" - BACKGROUND_IMAGE_NAME=$(basename "${BACKGROUND_IMAGE}") - cp "${BACKGROUND_IMAGE}" "${MOUNT_DIR}/.background/${BACKGROUND_IMAGE_NAME}" + test -d "${_mount_dir}/.background" || mkdir "${_mount_dir}/.background" + _background_image_NAME=$(basename "${_background_image}") + cp "${_background_image}" "${_mount_dir}/.background/${_background_image_NAME}" fi -# echo "Creating link to /Applications ..." -ln -s /Applications "${MOUNT_DIR}/Applications" +echo "Creating link to /Applications ..." +ln -s /Applications "${_mount_dir}/Applications" echo "Renaming Applications to empty string." -mv ${MOUNT_DIR}/Applications "${MOUNT_DIR}/ " +mv ${_mount_dir}/Applications "${_mount_dir}/ " echo "Running applescript to set folder looks ..." -cat "${_scriptdir}/blender.applescript" | osascript +cat "${_script_dir}/blender.applescript" | osascript echo "Waiting after applescript ..." sleep 5 if [ ! -z "${C_CERT}" ]; then - # codesigning seems to be thingie. all libs and binaries need to be - # signed separately. todo: use some find magic to find those + # Codesigning requires all libs and binaries to be signed separately. + # TODO: use find to get the list automatically echo -n "Codesigning..." - codesign --timestamp --options runtime --sign "${C_CERT}" "${MOUNT_DIR}/Blender.app/Contents/Resources/2.80/python/bin/python3.7m" - codesign --timestamp --options runtime --sign "${C_CERT}" "${MOUNT_DIR}/Blender.app/Contents/Resources/2.80/python/lib/python3.7/site-packages/libextern_draco.dylib" - codesign --timestamp --options runtime --sign "${C_CERT}" "${MOUNT_DIR}/Blender.app/Contents/Resources/lib/libomp.dylib" - codesign --timestamp --options runtime --sign "${C_CERT}" "${MOUNT_DIR}/Blender.app" + codesign --timestamp --options runtime --sign "${C_CERT}" "${_mount_dir}/Blender.app/Contents/Resources/*/python/bin/python*" + codesign --timestamp --options runtime --sign "${C_CERT}" "${_mount_dir}/Blender.app/Contents/Resources/*/python/lib/python*/site-packages/libextern_draco.dylib" + codesign --timestamp --options runtime --sign "${C_CERT}" "${_mount_dir}/Blender.app/Contents/Resources/lib/libomp.dylib" + codesign --timestamp --options runtime --sign "${C_CERT}" "${_mount_dir}/Blender.app" echo else echo "No codesigning cert given, skipping..." fi - +# Need to eject dev files to remove /dev files and free .dmg for converting echo "Unmounting rw disk image ..." -# need to eject dev files to remove /dev files and free .dmg for converting -DEV_FILE=$(mount | grep "${MOUNT_DIR}" | awk '{ print $1 }') +DEV_FILE=$(mount | grep "${_mount_dir}" | awk '{ print $1 }') diskutil eject "${DEV_FILE}" sleep 3 echo "Compressing disk image ..." -hdiutil convert "${_tmpdmg}" -format UDZO -o "${DEST_DMG}" - -# codesign the dmg +hdiutil convert "${_tmp_dmg}" -format UDZO -o "${DEST_DMG}" +# Codesign the dmg if [ ! -z "${C_CERT}" ]; then echo -n "Codesigning dmg..." codesign --timestamp --force --sign "${C_CERT}" "${DEST_DMG}" echo fi -# cleanup +# Cleanup +rm -rf "${_tmp_dir}" +rm "${_tmp_dmg}" -rm -rf "${_tmpdir}" -rm "${_tmpdmg}" - -# send notarization +# Notarize if [ ! -z "${N_USERNAME}" ] && [ ! -z "${N_PASSWORD}" ] && [ ! -z "${N_BUNDLE_ID}" ]; then + # Send to Apple echo -n "Sending ${DEST_DMG} for notarization..." _tmpout=$(mktemp) xcrun altool --notarize-app -f "${DEST_DMG}" --primary-bundle-id "${N_BUNDLE_ID}" --username "${N_USERNAME}" --password "${N_PASSWORD}" >${_tmpout} 2>&1 - # check the request uuid - + # Parse request uuid _requuid=$(cat "${_tmpout}" | grep "RequestUUID" | awk '{ print $3 }') echo "RequestUUID: ${_requuid}" if [ ! -z "${_requuid}" ]; then - echo "Waiting for notarization to be complete.." - for c in {20..0};do - sleep 600 - xcrun altool --notarization-info "${_requuid}" --username "${N_USERNAME}" --password "${N_PASSWORD}" >${_tmpout} 2>&1 - _status=$(cat "${_tmpout}" | grep "Status:" | awk '{ print $2 }') - if [ "${_status}" == "invalid" ]; then - echo "Got invalid notarization!" - break; - fi - - if [ "${_status}" == "success" ]; then - echo -n "Notarization successful! Stapling..." - xcrun stapler staple -v "${DEST_DMG}" - break; - fi - echo "Notarization in progress, waiting..." - done + # Wait for Apple to confirm notarization is complete + echo "Waiting for notarization to be complete.." + for c in {20..0};do + sleep 600 + xcrun altool --notarization-info "${_requuid}" --username "${N_USERNAME}" --password "${N_PASSWORD}" >${_tmpout} 2>&1 + _status=$(cat "${_tmpout}" | grep "Status:" | awk '{ print $2 }') + if [ "${_status}" == "invalid" ]; then + echo "Got invalid notarization!" + break; + fi + + if [ "${_status}" == "success" ]; then + echo -n "Notarization successful! Stapling..." + xcrun stapler staple -v "${DEST_DMG}" + break; + fi + echo "Notarization in progress, waiting..." + done else - echo "Error getting RequestUUID, notarization unsuccessful" + echo "Error getting RequestUUID, notarization unsuccessful" fi else echo "No notarization credentials supplied, skipping..." -- cgit v1.2.3