mirror of
https://github.com/cookiengineer/audacity
synced 2025-10-10 00:23:32 +02:00
Add targets for packaging DMG and InnoSetup
Fixes configure.sh Fixes Windows code signing Fixes an issue with conan cache on windows Fixes build manual script Fixes build manual Remove unused props Use long options Yet another manual fix Fixes iss
This commit is contained in:
committed by
Dmitry Vedenko
parent
d21ee922e1
commit
6da25e1646
22
scripts/build/macOS/DMGSetup.scpt
Normal file
22
scripts/build/macOS/DMGSetup.scpt
Normal file
@@ -0,0 +1,22 @@
|
||||
on run argv
|
||||
set diskImage to item 1 of argv
|
||||
|
||||
tell application "Finder"
|
||||
tell disk diskImage
|
||||
open
|
||||
set current view of container window to icon view
|
||||
set toolbar visible of container window to false
|
||||
set statusbar visible of container window to false
|
||||
set the bounds of container window to {400, 100, 1000, 550}
|
||||
set theViewOptions to the icon view options of container window
|
||||
set arrangement of theViewOptions to not arranged
|
||||
set icon size of theViewOptions to 72
|
||||
set background picture of theViewOptions to file ".background:background.png"
|
||||
set position of item "Audacity" of container window to {170, 350}
|
||||
set position of item "Applications" of container window to {430, 350}
|
||||
close
|
||||
open
|
||||
update without registering applications
|
||||
end tell
|
||||
end tell
|
||||
end run
|
16
scripts/build/macOS/DMGSign.cmake
Normal file
16
scripts/build/macOS/DMGSign.cmake
Normal file
@@ -0,0 +1,16 @@
|
||||
|
||||
set( APPLE_CODESIGN_IDENTITY ${CPACK_APPLE_CODESIGN_IDENTITY} )
|
||||
set( APPLE_NOTARIZATION_USER_NAME ${CPACK_APPLE_NOTARIZATION_USER_NAME} )
|
||||
set( APPLE_NOTARIZATION_PASSWORD ${CPACK_APPLE_NOTARIZATION_PASSWORD} )
|
||||
set( PERFORM_NOTARIZATION ${CPACK_PERFORM_NOTARIZATION} )
|
||||
set( APP_IDENTIFIER "org.audacityteam.audacity" )
|
||||
|
||||
foreach( file ${CPACK_PACKAGE_FILES} )
|
||||
set( DMG_LOCATION ${CPACK_PACKAGE_FILES} )
|
||||
|
||||
include( "${CPACK_APPLE_SIGN_SCRIPTS}/SignMacos.cmake" )
|
||||
|
||||
if( PERFORM_NOTARIZATION )
|
||||
include( "${CPACK_APPLE_SIGN_SCRIPTS}/NotarizeMacos.cmake" )
|
||||
endif()
|
||||
endforeach()
|
111
scripts/build/macOS/NotarizeMacos.cmake
Normal file
111
scripts/build/macOS/NotarizeMacos.cmake
Normal file
@@ -0,0 +1,111 @@
|
||||
# CMake script to sign macOS build
|
||||
# Arguments:
|
||||
# APP_IDENTIFIER - app identifier
|
||||
# APP_LOCATION - the path to Audacity.app
|
||||
# DMG_LOCATION - the path to Audaicty dmg package
|
||||
# APPLE_NOTARIZATION_USER_NAME - notarization user name
|
||||
# APPLE_NOTARIZATION_PASSWORD - notarization password
|
||||
|
||||
# https://cmake.org/cmake/help/latest/policy/CMP0054.html
|
||||
cmake_policy( SET CMP0054 NEW )
|
||||
# https://cmake.org/cmake/help/latest/policy/CMP0011.html
|
||||
cmake_policy( SET CMP0011 NEW )
|
||||
|
||||
function( get_plist_value output path key )
|
||||
execute_process(
|
||||
COMMAND /usr/libexec/PlistBuddy -c "Print ${key}" "${path}"
|
||||
OUTPUT_VARIABLE result
|
||||
)
|
||||
|
||||
string( STRIP ${result} result )
|
||||
|
||||
set( ${output} ${result} PARENT_SCOPE )
|
||||
endfunction()
|
||||
|
||||
if( APP_LOCATION )
|
||||
get_filename_component( temp_dir "${APP_LOCATION}/.." ABSOLUTE )
|
||||
else()
|
||||
get_filename_component( temp_dir "${DMG_LOCATION}" DIRECTORY )
|
||||
endif()
|
||||
|
||||
set( temp_plist "${temp_dir}/NotarizationResult.plist" )
|
||||
|
||||
function( notarize path )
|
||||
message( STATUS "Notarizing ${path}" )
|
||||
|
||||
execute_process(
|
||||
COMMAND
|
||||
xcrun altool
|
||||
--notarize-app
|
||||
--primary-bundle-id "${APP_IDENTIFIER}"
|
||||
--file "${path}"
|
||||
--username "${APPLE_NOTARIZATION_USER_NAME}"
|
||||
--password "${APPLE_NOTARIZATION_PASSWORD}"
|
||||
--output-format xml
|
||||
OUTPUT_VARIABLE
|
||||
result
|
||||
)
|
||||
|
||||
file( WRITE ${temp_plist} ${result} )
|
||||
|
||||
get_plist_value( req_id ${temp_plist} "notarization-upload:RequestUUID" )
|
||||
|
||||
message( STATUS "\t Request ID: '${req_id}'" )
|
||||
|
||||
set( success Off )
|
||||
|
||||
while( NOT success )
|
||||
execute_process(COMMAND ${CMAKE_COMMAND} -E sleep 15)
|
||||
|
||||
execute_process(
|
||||
COMMAND
|
||||
xcrun altool
|
||||
--notarization-info ${req_id}
|
||||
--username ${APPLE_NOTARIZATION_USER_NAME}
|
||||
--password ${APPLE_NOTARIZATION_PASSWORD}
|
||||
--output-format xml
|
||||
OUTPUT_VARIABLE
|
||||
result
|
||||
)
|
||||
|
||||
file( WRITE ${temp_plist} ${result} )
|
||||
|
||||
get_plist_value( notarization_result ${temp_plist} "notarization-info:Status" )
|
||||
|
||||
message( STATUS "\t Status: ${notarization_result}" )
|
||||
|
||||
if( NOT "${notarization_result}" STREQUAL "in progress" )
|
||||
if ( NOT "${notarization_result}" STREQUAL "success" )
|
||||
message(FATAL_ERROR "Notarization failed:\n${result}\n")
|
||||
else()
|
||||
message(STATUS "Notarization successfull")
|
||||
endif()
|
||||
|
||||
break()
|
||||
endif()
|
||||
endwhile()
|
||||
endfunction()
|
||||
|
||||
if( DEFINED APP_LOCATION )
|
||||
get_filename_component( archive "${APP_LOCATION}/../notarization.zip" ABSOLUTE )
|
||||
|
||||
execute_process(
|
||||
COMMAND
|
||||
xcrun ditto
|
||||
-c -k --keepParent
|
||||
${APP_LOCATION}
|
||||
${archive}
|
||||
)
|
||||
|
||||
notarize( ${archive} )
|
||||
execute_process( COMMAND stapler staple "${APP_LOCATION}" )
|
||||
|
||||
file( REMOVE "${APP_LOCATION}/../notarization.zip" )
|
||||
endif()
|
||||
|
||||
if( DEFINED DMG_LOCATION )
|
||||
notarize( ${DMG_LOCATION} )
|
||||
execute_process( COMMAND stapler staple "${DMG_LOCATION}" )
|
||||
endif()
|
||||
|
||||
file( REMOVE ${temp_plist} )
|
54
scripts/build/macOS/SignMacos.cmake
Normal file
54
scripts/build/macOS/SignMacos.cmake
Normal file
@@ -0,0 +1,54 @@
|
||||
# CMake script to sign macOS build
|
||||
# Arguments:
|
||||
# APP_IDENTIFIER - app identifier
|
||||
# APP_LOCATION - the path to Audacity.app
|
||||
# DMG_LOCATION - the path to Audaicty dmg package
|
||||
# APPLE_CODESIGN_IDENTITY - identity to use
|
||||
# APPLE_CODESIGN_ENTITLEMENTS - path to the entitlements
|
||||
|
||||
function( codesign path deep is_dmg)
|
||||
message(STATUS "Signing ${path}")
|
||||
|
||||
set ( args
|
||||
--verbose
|
||||
--timestamp
|
||||
--identifier "${APP_IDENTIFIER}"
|
||||
--sign "${APPLE_CODESIGN_IDENTITY}"
|
||||
)
|
||||
|
||||
if( NOT is_dmg )
|
||||
list( APPEND args
|
||||
--options runtime
|
||||
--entitlements "${APPLE_CODESIGN_ENTITLEMENTS}"
|
||||
)
|
||||
endif()
|
||||
|
||||
if( deep )
|
||||
list( APPEND args --deep)
|
||||
endif()
|
||||
|
||||
execute_process( COMMAND xcrun codesign ${args} ${path} )
|
||||
endfunction()
|
||||
|
||||
function( sign_modules path )
|
||||
message(STATUS "\tLooking for modules or plugins in: '${path}'")
|
||||
|
||||
file( GLOB_RECURSE modules
|
||||
LIST_DIRECTORIES Off
|
||||
"${path}/*.so" "${path}/*.dylib"
|
||||
)
|
||||
|
||||
foreach( module ${modules} )
|
||||
codesign( ${module} Off Off )
|
||||
endforeach()
|
||||
endfunction()
|
||||
|
||||
if( DEFINED APP_LOCATION )
|
||||
sign_modules( "${APP_LOCATION}/Contents/modules" )
|
||||
sign_modules( "${APP_LOCATION}/Contents/plug-ins" )
|
||||
codesign( "${APP_LOCATION}" On Off )
|
||||
endif()
|
||||
|
||||
if (DEFINED DMG_LOCATION )
|
||||
codesign( "${DMG_LOCATION}" Off On)
|
||||
endif()
|
28
scripts/build/windows/PfxSign.cmake
Normal file
28
scripts/build/windows/PfxSign.cmake
Normal file
@@ -0,0 +1,28 @@
|
||||
# This is a CMake script that properly calls the PfxSign.ps1
|
||||
|
||||
if( DEFINED WINDOWS_CERTIFICATE_PASSWORD )
|
||||
set( ENV{WINDOWS_CERTIFICATE_PASSWORD} "${WINDOWS_CERTIFICATE_PASSWORD}" )
|
||||
endif()
|
||||
|
||||
if(DEFINED WINDOWS_CERTIFICATE)
|
||||
execute_process(
|
||||
COMMAND powershell
|
||||
-ExecutionPolicy Bypass
|
||||
-File ${PFX_SIGN_PS_LOCATION}
|
||||
-Directory ${CMAKE_INSTALL_PREFIX}
|
||||
-CertFile ${WINDOWS_CERTIFICATE}
|
||||
)
|
||||
elseif(DEFINED ENV{WINDOWS_CERTIFICATE})
|
||||
execute_process(
|
||||
COMMAND powershell
|
||||
-ExecutionPolicy Bypass
|
||||
-File ${PFX_SIGN_PS_LOCATION}
|
||||
-Directory ${CMAKE_INSTALL_PREFIX}
|
||||
)
|
||||
else()
|
||||
message(FATAL_ERROR [[
|
||||
Code signing is skipped, as certifacte is missing.
|
||||
Please, set the path to PFX file using -DWINDOWS_CERTIFICATE=...
|
||||
or set the environment variable WINDOWS_CERTIFICATE to base64 encoded PFX certifacte.
|
||||
]])
|
||||
endif()
|
108
scripts/build/windows/PfxSign.ps1
Normal file
108
scripts/build/windows/PfxSign.ps1
Normal file
@@ -0,0 +1,108 @@
|
||||
# This script uses Set-AuthenticodeSignature to sign a file
|
||||
# or exe/dll/msi files in a directory using a pfx file.
|
||||
# If PFX file is not present, script expects a base64 encode certificate
|
||||
# in WINDOWS_CERTIFICATE environment variable.
|
||||
# Password can be passed using WINDOWS_CERTIFICATE_PASSWORD environmnet variable.
|
||||
# The script only signs previously unsigned files
|
||||
|
||||
[CmdletBinding()]
|
||||
param (
|
||||
# A path to the certificate file. If missing, env:WINDOWS_CERTIFICATE will be used.
|
||||
[string]$CertFile,
|
||||
# A password for the certificate. If missing, env:WINDOWS_CERTIFICATE_PASSWORD will be used.
|
||||
[string]$Password,
|
||||
# A file to sign.
|
||||
[string]$File,
|
||||
# A directory to sign.
|
||||
[string]$Directory
|
||||
)
|
||||
|
||||
# Configure the error behavior
|
||||
$ErrorActionPreference = "Stop"
|
||||
$PSDefaultParameterValues['*:ErrorAction']='Stop'
|
||||
|
||||
# Sign a file, if it was previously unsigned
|
||||
# We sign using SHA256, as we only support Windows 7+.
|
||||
function Set-FileSignature {
|
||||
param (
|
||||
[String]$InputFile,
|
||||
$pfxCert
|
||||
)
|
||||
if((Get-AuthenticodeSignature $InputFile).Status -ne [System.Management.Automation.SignatureStatus]::Valid) {
|
||||
Write-Host "Singning file $InputFile"
|
||||
|
||||
Set-AuthenticodeSignature `
|
||||
-FilePath $InputFile `
|
||||
-Certificate $pfxCert `
|
||||
-IncludeChain All `
|
||||
-TimestampServer 'http://timestamp.digicert.com' `
|
||||
-HashAlgorithm 'sha256' `
|
||||
-Force
|
||||
} else {
|
||||
Write-Host "Skipping file $InputFile as it is already signed"
|
||||
}
|
||||
}
|
||||
|
||||
# Sanity checks: only allow File or Directory
|
||||
if ($File -eq "" -and $Directory -eq "") {
|
||||
Write-Host "-File or -Directory should be provided"
|
||||
exit 1
|
||||
} elseif ($File -ne "" -and $Directory -ne "") {
|
||||
Write-Host "Only one of -File or -Directory should be provided"
|
||||
exit 1
|
||||
}
|
||||
|
||||
$cleanupPfx = $false
|
||||
|
||||
# Check, if we need to retrieve PFX from environment
|
||||
if($CertFile -eq "") {
|
||||
Write-Host "Trying to read certificate file from env:WINDOWS_CERTIFICATE"
|
||||
|
||||
if(Test-Path "env:WINDOWS_CERTIFICATE") {
|
||||
$CertFile = "cert.pfx"
|
||||
|
||||
[IO.File]::WriteAllBytes($CertFile, [System.Convert]::FromBase64String($env:WINDOWS_CERTIFICATE))
|
||||
|
||||
$cleanupPfx = $true
|
||||
} else {
|
||||
Write-Host "No certificate is provided"
|
||||
exit 1
|
||||
}
|
||||
}
|
||||
|
||||
# Check, if we need to retrieve password from environment
|
||||
if($Password -eq "") {
|
||||
if (Test-Path "env:WINDOWS_CERTIFICATE_PASSWORD") {
|
||||
$Password = $env:WINDOWS_CERTIFICATE_PASSWORD
|
||||
}
|
||||
}
|
||||
|
||||
$pfx = $null
|
||||
|
||||
# Retrieve the actual certificate
|
||||
if($Password -ne "") {
|
||||
$securePassword = ConvertTo-SecureString -String $Password -AsPlainText -Force
|
||||
$pfx = Get-PfxData -FilePath "$CertFile" -Password $securePassword
|
||||
} else {
|
||||
$pfx = Get-PfxData -FilePath "$CertFile"
|
||||
}
|
||||
|
||||
$pfxCert = $pfx.EndEntityCertificates[0]
|
||||
|
||||
# Perform the code signing.
|
||||
if ($File -ne "") {
|
||||
Set-FileSignature -InputFile $File -pfxCert $pfxCert
|
||||
} else {
|
||||
Get-ChildItem `
|
||||
-Path "$Directory" `
|
||||
-Include *.dll,*.exe,*.msi `
|
||||
-Recurse `
|
||||
-File | ForEach-Object {
|
||||
Set-FileSignature -InputFile $_.FullName -pfxCert $pfxCert
|
||||
}
|
||||
}
|
||||
|
||||
# Remove PFX file if it was created from environment.
|
||||
if($cleanupPfx) {
|
||||
Remove-Item "${CertFile}"
|
||||
}
|
@@ -34,5 +34,34 @@ elif [[ "${AUDACITY_CMAKE_GENERATOR}" == Xcode* ]]; then
|
||||
)
|
||||
fi
|
||||
|
||||
if [[ -n "${APPLE_CODESIGN_IDENTITY}" && "${OSTYPE}" == darwin* ]]; then
|
||||
cmake_args+=(
|
||||
-D APPLE_CODESIGN_IDENTITY="${APPLE_CODESIGN_IDENTITY}"
|
||||
-D audacity_perform_codesign=yes
|
||||
)
|
||||
|
||||
if [[ ${GIT_BRANCH} == release* ]]; then
|
||||
cmake_args+=(
|
||||
-D APPLE_NOTARIZATION_USER_NAME="${APPLE_NOTARIZATION_USER_NAME}"
|
||||
-D APPLE_NOTARIZATION_PASSWORD="${APPLE_NOTARIZATION_PASSWORD}"
|
||||
-D audacity_perform_notarization=yes
|
||||
)
|
||||
fi
|
||||
elif [[ -n "${WINDOWS_CERTIFICATE}" && "${OSTYPE}" == msys* ]]; then
|
||||
# Windows certificate will be used from the environment
|
||||
cmake_args+=(
|
||||
-D audacity_perform_codesign=yes
|
||||
)
|
||||
fi
|
||||
|
||||
if [[ ${GIT_BRANCH} == release* ]]; then
|
||||
cmake_args+=(
|
||||
-D audacity_package_manual=yes
|
||||
)
|
||||
fi
|
||||
|
||||
# Configure Audacity
|
||||
cmake "${cmake_args[@]}"
|
||||
|
||||
# Remove build directories and sources to reduce the cache size.
|
||||
conan remove "*" --src --builds --force
|
||||
|
@@ -15,11 +15,10 @@ function gh_export()
|
||||
|
||||
repository_root="$(cd "$(dirname "${BASH_SOURCE}")/../.."; echo "${PWD}")"
|
||||
|
||||
gh_export CONAN_USER_HOME="${repository_root}/conan-home/"
|
||||
gh_export CONAN_USER_HOME_SHORT="${repository_root}/conan-home/short"
|
||||
|
||||
gh_export GIT_HASH="$(git show -s --format='%H')"
|
||||
gh_export GIT_HASH_SHORT="$(git show -s --format='%h')"
|
||||
|
||||
gh_export AUDACITY_BUILD_TYPE="RelWithDebInfo"
|
||||
gh_export AUDACITY_INSTALL_PREFIX="${repository_root}/build/install"
|
||||
|
||||
gh_export GIT_BRANCH=${GITHUB_REF##*/}
|
||||
|
@@ -5,4 +5,12 @@
|
||||
set -euxo pipefail
|
||||
|
||||
cd build
|
||||
cpack -C "${AUDACITY_BUILD_TYPE}" --verbose
|
||||
|
||||
if [[ "${OSTYPE}" == msys* && ${GIT_BRANCH} == release* ]]; then # Windows
|
||||
cmake --build . --target innosetup --config "${AUDACITY_BUILD_TYPE}"
|
||||
else
|
||||
cpack -C "${AUDACITY_BUILD_TYPE}" --verbose
|
||||
fi
|
||||
|
||||
# Remove the temporary directory
|
||||
rm -Rf package/_CPack_Packages
|
||||
|
Reference in New Issue
Block a user