1
0
mirror of https://github.com/cookiengineer/audacity synced 2025-10-10 00:23:32 +02:00

Add targets for packaging DMG and InnoSetup

Fixes configure.sh

Fixes Windows code signing

Fixes an issue with conan cache on windows

Fixes build manual script

Fixes build manual

Remove unused props

Use long options

Yet another manual fix

Fixes iss
This commit is contained in:
Dmitry Vedenko
2021-06-15 16:13:28 +03:00
committed by Dmitry Vedenko
parent d21ee922e1
commit 6da25e1646
17 changed files with 664 additions and 64 deletions

View File

@@ -0,0 +1,22 @@
on run argv
set diskImage to item 1 of argv
tell application "Finder"
tell disk diskImage
open
set current view of container window to icon view
set toolbar visible of container window to false
set statusbar visible of container window to false
set the bounds of container window to {400, 100, 1000, 550}
set theViewOptions to the icon view options of container window
set arrangement of theViewOptions to not arranged
set icon size of theViewOptions to 72
set background picture of theViewOptions to file ".background:background.png"
set position of item "Audacity" of container window to {170, 350}
set position of item "Applications" of container window to {430, 350}
close
open
update without registering applications
end tell
end tell
end run

View File

@@ -0,0 +1,16 @@
set( APPLE_CODESIGN_IDENTITY ${CPACK_APPLE_CODESIGN_IDENTITY} )
set( APPLE_NOTARIZATION_USER_NAME ${CPACK_APPLE_NOTARIZATION_USER_NAME} )
set( APPLE_NOTARIZATION_PASSWORD ${CPACK_APPLE_NOTARIZATION_PASSWORD} )
set( PERFORM_NOTARIZATION ${CPACK_PERFORM_NOTARIZATION} )
set( APP_IDENTIFIER "org.audacityteam.audacity" )
foreach( file ${CPACK_PACKAGE_FILES} )
set( DMG_LOCATION ${CPACK_PACKAGE_FILES} )
include( "${CPACK_APPLE_SIGN_SCRIPTS}/SignMacos.cmake" )
if( PERFORM_NOTARIZATION )
include( "${CPACK_APPLE_SIGN_SCRIPTS}/NotarizeMacos.cmake" )
endif()
endforeach()

View File

@@ -0,0 +1,111 @@
# CMake script to sign macOS build
# Arguments:
# APP_IDENTIFIER - app identifier
# APP_LOCATION - the path to Audacity.app
# DMG_LOCATION - the path to Audaicty dmg package
# APPLE_NOTARIZATION_USER_NAME - notarization user name
# APPLE_NOTARIZATION_PASSWORD - notarization password
# https://cmake.org/cmake/help/latest/policy/CMP0054.html
cmake_policy( SET CMP0054 NEW )
# https://cmake.org/cmake/help/latest/policy/CMP0011.html
cmake_policy( SET CMP0011 NEW )
function( get_plist_value output path key )
execute_process(
COMMAND /usr/libexec/PlistBuddy -c "Print ${key}" "${path}"
OUTPUT_VARIABLE result
)
string( STRIP ${result} result )
set( ${output} ${result} PARENT_SCOPE )
endfunction()
if( APP_LOCATION )
get_filename_component( temp_dir "${APP_LOCATION}/.." ABSOLUTE )
else()
get_filename_component( temp_dir "${DMG_LOCATION}" DIRECTORY )
endif()
set( temp_plist "${temp_dir}/NotarizationResult.plist" )
function( notarize path )
message( STATUS "Notarizing ${path}" )
execute_process(
COMMAND
xcrun altool
--notarize-app
--primary-bundle-id "${APP_IDENTIFIER}"
--file "${path}"
--username "${APPLE_NOTARIZATION_USER_NAME}"
--password "${APPLE_NOTARIZATION_PASSWORD}"
--output-format xml
OUTPUT_VARIABLE
result
)
file( WRITE ${temp_plist} ${result} )
get_plist_value( req_id ${temp_plist} "notarization-upload:RequestUUID" )
message( STATUS "\t Request ID: '${req_id}'" )
set( success Off )
while( NOT success )
execute_process(COMMAND ${CMAKE_COMMAND} -E sleep 15)
execute_process(
COMMAND
xcrun altool
--notarization-info ${req_id}
--username ${APPLE_NOTARIZATION_USER_NAME}
--password ${APPLE_NOTARIZATION_PASSWORD}
--output-format xml
OUTPUT_VARIABLE
result
)
file( WRITE ${temp_plist} ${result} )
get_plist_value( notarization_result ${temp_plist} "notarization-info:Status" )
message( STATUS "\t Status: ${notarization_result}" )
if( NOT "${notarization_result}" STREQUAL "in progress" )
if ( NOT "${notarization_result}" STREQUAL "success" )
message(FATAL_ERROR "Notarization failed:\n${result}\n")
else()
message(STATUS "Notarization successfull")
endif()
break()
endif()
endwhile()
endfunction()
if( DEFINED APP_LOCATION )
get_filename_component( archive "${APP_LOCATION}/../notarization.zip" ABSOLUTE )
execute_process(
COMMAND
xcrun ditto
-c -k --keepParent
${APP_LOCATION}
${archive}
)
notarize( ${archive} )
execute_process( COMMAND stapler staple "${APP_LOCATION}" )
file( REMOVE "${APP_LOCATION}/../notarization.zip" )
endif()
if( DEFINED DMG_LOCATION )
notarize( ${DMG_LOCATION} )
execute_process( COMMAND stapler staple "${DMG_LOCATION}" )
endif()
file( REMOVE ${temp_plist} )

View File

@@ -0,0 +1,54 @@
# CMake script to sign macOS build
# Arguments:
# APP_IDENTIFIER - app identifier
# APP_LOCATION - the path to Audacity.app
# DMG_LOCATION - the path to Audaicty dmg package
# APPLE_CODESIGN_IDENTITY - identity to use
# APPLE_CODESIGN_ENTITLEMENTS - path to the entitlements
function( codesign path deep is_dmg)
message(STATUS "Signing ${path}")
set ( args
--verbose
--timestamp
--identifier "${APP_IDENTIFIER}"
--sign "${APPLE_CODESIGN_IDENTITY}"
)
if( NOT is_dmg )
list( APPEND args
--options runtime
--entitlements "${APPLE_CODESIGN_ENTITLEMENTS}"
)
endif()
if( deep )
list( APPEND args --deep)
endif()
execute_process( COMMAND xcrun codesign ${args} ${path} )
endfunction()
function( sign_modules path )
message(STATUS "\tLooking for modules or plugins in: '${path}'")
file( GLOB_RECURSE modules
LIST_DIRECTORIES Off
"${path}/*.so" "${path}/*.dylib"
)
foreach( module ${modules} )
codesign( ${module} Off Off )
endforeach()
endfunction()
if( DEFINED APP_LOCATION )
sign_modules( "${APP_LOCATION}/Contents/modules" )
sign_modules( "${APP_LOCATION}/Contents/plug-ins" )
codesign( "${APP_LOCATION}" On Off )
endif()
if (DEFINED DMG_LOCATION )
codesign( "${DMG_LOCATION}" Off On)
endif()

View File

@@ -0,0 +1,28 @@
# This is a CMake script that properly calls the PfxSign.ps1
if( DEFINED WINDOWS_CERTIFICATE_PASSWORD )
set( ENV{WINDOWS_CERTIFICATE_PASSWORD} "${WINDOWS_CERTIFICATE_PASSWORD}" )
endif()
if(DEFINED WINDOWS_CERTIFICATE)
execute_process(
COMMAND powershell
-ExecutionPolicy Bypass
-File ${PFX_SIGN_PS_LOCATION}
-Directory ${CMAKE_INSTALL_PREFIX}
-CertFile ${WINDOWS_CERTIFICATE}
)
elseif(DEFINED ENV{WINDOWS_CERTIFICATE})
execute_process(
COMMAND powershell
-ExecutionPolicy Bypass
-File ${PFX_SIGN_PS_LOCATION}
-Directory ${CMAKE_INSTALL_PREFIX}
)
else()
message(FATAL_ERROR [[
Code signing is skipped, as certifacte is missing.
Please, set the path to PFX file using -DWINDOWS_CERTIFICATE=...
or set the environment variable WINDOWS_CERTIFICATE to base64 encoded PFX certifacte.
]])
endif()

View File

@@ -0,0 +1,108 @@
# This script uses Set-AuthenticodeSignature to sign a file
# or exe/dll/msi files in a directory using a pfx file.
# If PFX file is not present, script expects a base64 encode certificate
# in WINDOWS_CERTIFICATE environment variable.
# Password can be passed using WINDOWS_CERTIFICATE_PASSWORD environmnet variable.
# The script only signs previously unsigned files
[CmdletBinding()]
param (
# A path to the certificate file. If missing, env:WINDOWS_CERTIFICATE will be used.
[string]$CertFile,
# A password for the certificate. If missing, env:WINDOWS_CERTIFICATE_PASSWORD will be used.
[string]$Password,
# A file to sign.
[string]$File,
# A directory to sign.
[string]$Directory
)
# Configure the error behavior
$ErrorActionPreference = "Stop"
$PSDefaultParameterValues['*:ErrorAction']='Stop'
# Sign a file, if it was previously unsigned
# We sign using SHA256, as we only support Windows 7+.
function Set-FileSignature {
param (
[String]$InputFile,
$pfxCert
)
if((Get-AuthenticodeSignature $InputFile).Status -ne [System.Management.Automation.SignatureStatus]::Valid) {
Write-Host "Singning file $InputFile"
Set-AuthenticodeSignature `
-FilePath $InputFile `
-Certificate $pfxCert `
-IncludeChain All `
-TimestampServer 'http://timestamp.digicert.com' `
-HashAlgorithm 'sha256' `
-Force
} else {
Write-Host "Skipping file $InputFile as it is already signed"
}
}
# Sanity checks: only allow File or Directory
if ($File -eq "" -and $Directory -eq "") {
Write-Host "-File or -Directory should be provided"
exit 1
} elseif ($File -ne "" -and $Directory -ne "") {
Write-Host "Only one of -File or -Directory should be provided"
exit 1
}
$cleanupPfx = $false
# Check, if we need to retrieve PFX from environment
if($CertFile -eq "") {
Write-Host "Trying to read certificate file from env:WINDOWS_CERTIFICATE"
if(Test-Path "env:WINDOWS_CERTIFICATE") {
$CertFile = "cert.pfx"
[IO.File]::WriteAllBytes($CertFile, [System.Convert]::FromBase64String($env:WINDOWS_CERTIFICATE))
$cleanupPfx = $true
} else {
Write-Host "No certificate is provided"
exit 1
}
}
# Check, if we need to retrieve password from environment
if($Password -eq "") {
if (Test-Path "env:WINDOWS_CERTIFICATE_PASSWORD") {
$Password = $env:WINDOWS_CERTIFICATE_PASSWORD
}
}
$pfx = $null
# Retrieve the actual certificate
if($Password -ne "") {
$securePassword = ConvertTo-SecureString -String $Password -AsPlainText -Force
$pfx = Get-PfxData -FilePath "$CertFile" -Password $securePassword
} else {
$pfx = Get-PfxData -FilePath "$CertFile"
}
$pfxCert = $pfx.EndEntityCertificates[0]
# Perform the code signing.
if ($File -ne "") {
Set-FileSignature -InputFile $File -pfxCert $pfxCert
} else {
Get-ChildItem `
-Path "$Directory" `
-Include *.dll,*.exe,*.msi `
-Recurse `
-File | ForEach-Object {
Set-FileSignature -InputFile $_.FullName -pfxCert $pfxCert
}
}
# Remove PFX file if it was created from environment.
if($cleanupPfx) {
Remove-Item "${CertFile}"
}

View File

@@ -34,5 +34,34 @@ elif [[ "${AUDACITY_CMAKE_GENERATOR}" == Xcode* ]]; then
)
fi
if [[ -n "${APPLE_CODESIGN_IDENTITY}" && "${OSTYPE}" == darwin* ]]; then
cmake_args+=(
-D APPLE_CODESIGN_IDENTITY="${APPLE_CODESIGN_IDENTITY}"
-D audacity_perform_codesign=yes
)
if [[ ${GIT_BRANCH} == release* ]]; then
cmake_args+=(
-D APPLE_NOTARIZATION_USER_NAME="${APPLE_NOTARIZATION_USER_NAME}"
-D APPLE_NOTARIZATION_PASSWORD="${APPLE_NOTARIZATION_PASSWORD}"
-D audacity_perform_notarization=yes
)
fi
elif [[ -n "${WINDOWS_CERTIFICATE}" && "${OSTYPE}" == msys* ]]; then
# Windows certificate will be used from the environment
cmake_args+=(
-D audacity_perform_codesign=yes
)
fi
if [[ ${GIT_BRANCH} == release* ]]; then
cmake_args+=(
-D audacity_package_manual=yes
)
fi
# Configure Audacity
cmake "${cmake_args[@]}"
# Remove build directories and sources to reduce the cache size.
conan remove "*" --src --builds --force

View File

@@ -15,11 +15,10 @@ function gh_export()
repository_root="$(cd "$(dirname "${BASH_SOURCE}")/../.."; echo "${PWD}")"
gh_export CONAN_USER_HOME="${repository_root}/conan-home/"
gh_export CONAN_USER_HOME_SHORT="${repository_root}/conan-home/short"
gh_export GIT_HASH="$(git show -s --format='%H')"
gh_export GIT_HASH_SHORT="$(git show -s --format='%h')"
gh_export AUDACITY_BUILD_TYPE="RelWithDebInfo"
gh_export AUDACITY_INSTALL_PREFIX="${repository_root}/build/install"
gh_export GIT_BRANCH=${GITHUB_REF##*/}

View File

@@ -5,4 +5,12 @@
set -euxo pipefail
cd build
cpack -C "${AUDACITY_BUILD_TYPE}" --verbose
if [[ "${OSTYPE}" == msys* && ${GIT_BRANCH} == release* ]]; then # Windows
cmake --build . --target innosetup --config "${AUDACITY_BUILD_TYPE}"
else
cpack -C "${AUDACITY_BUILD_TYPE}" --verbose
fi
# Remove the temporary directory
rm -Rf package/_CPack_Packages