forked from blender/blender
Brecht Van Lommel
908ed661ee
The change from D6462 caused a permission prompt. Setting the user and group UID appears unnecessary to fix the issue, so leave just the mode.
213 lines
7.0 KiB
Bash
Executable File
213 lines
7.0 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
#
|
|
# Script to create a macOS dmg file for Blender builds, including code
|
|
# signing and notarization for releases.
|
|
|
|
# Check that we have all needed tools.
|
|
for i in osascript git codesign hdiutil xcrun ; do
|
|
if [ ! -x "$(which ${i})" ]; then
|
|
echo "Unable to execute command $i, macOS broken?"
|
|
exit 1
|
|
fi
|
|
done
|
|
|
|
# Defaults settings.
|
|
_script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
|
|
_volume_name="Blender"
|
|
_tmp_dir="$(mktemp -d)"
|
|
_tmp_dmg="/tmp/blender-tmp.dmg"
|
|
_background_image="${_script_dir}/background.tif"
|
|
_mount_dir="/Volumes/${_volume_name}"
|
|
_entitlements="${_script_dir}/entitlements.plist"
|
|
|
|
# Handle arguments.
|
|
while [[ $# -gt 0 ]]; do
|
|
key=$1
|
|
case $key in
|
|
-s|--source)
|
|
SRC_DIR="$2"
|
|
shift
|
|
shift
|
|
;;
|
|
-d|--dmg)
|
|
DEST_DMG="$2"
|
|
shift
|
|
shift
|
|
;;
|
|
-b|--bundle-id)
|
|
N_BUNDLE_ID="$2"
|
|
shift
|
|
shift
|
|
;;
|
|
-u|--username)
|
|
N_USERNAME="$2"
|
|
shift
|
|
shift
|
|
;;
|
|
-p|--password)
|
|
N_PASSWORD="$2"
|
|
shift
|
|
shift
|
|
;;
|
|
-c|--codesign)
|
|
C_CERT="$2"
|
|
shift
|
|
shift
|
|
;;
|
|
--background-image)
|
|
_background_image="$2"
|
|
shift
|
|
shift
|
|
;;
|
|
-h|--help)
|
|
echo "Usage:"
|
|
echo " $(basename "$0") --source DIR --dmg IMAGENAME "
|
|
echo " optional arguments:"
|
|
echo " --codesign <certname>"
|
|
echo " --username <username>"
|
|
echo " --password <password>"
|
|
echo " --bundle-id <bundleid>"
|
|
echo " Check https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/customizing_the_notarization_workflow "
|
|
exit 1
|
|
;;
|
|
esac
|
|
done
|
|
|
|
if [ ! -d "${SRC_DIR}/Blender.app" ]; then
|
|
echo "use --source parameter to set source directory where Blender.app can be found"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -z "${DEST_DMG}" ]; then
|
|
echo "use --dmg parameter to set output dmg name"
|
|
exit 1
|
|
fi
|
|
|
|
# Destroy destination dmg if there is any.
|
|
test -f "${DEST_DMG}" && rm "${DEST_DMG}"
|
|
if [ -d "${_mount_dir}" ]; then
|
|
echo -n "Ejecting existing blender volume.."
|
|
DEV_FILE=$(mount | grep "${_mount_dir}" | awk '{ print $1 }')
|
|
diskutil eject "${DEV_FILE}" || exit 1
|
|
echo
|
|
fi
|
|
|
|
# Copy dmg contents.
|
|
echo -n "Copying Blender.app..."
|
|
cp -r "${SRC_DIR}/Blender.app" "${_tmp_dir}/" || exit 1
|
|
echo
|
|
|
|
# Create the disk image.
|
|
_directory_size=$(du -sh ${_tmp_dir} | awk -F'[^0-9]*' '$0=$1')
|
|
_image_size=$(echo "${_directory_size}" + 400 | bc) # extra 400 need for codesign to work (why on earth?)
|
|
|
|
echo
|
|
echo -n "Creating disk image of size ${_image_size}M.."
|
|
test -f "${_tmp_dmg}" && rm "${_tmp_dmg}"
|
|
hdiutil create -size "${_image_size}m" -fs HFS+ -srcfolder "${_tmp_dir}" -volname "${_volume_name}" -format UDRW "${_tmp_dmg}" -mode 755
|
|
|
|
echo "Mounting readwrite image..."
|
|
hdiutil attach -readwrite -noverify -noautoopen "${_tmp_dmg}"
|
|
|
|
echo "Setting background picture.."
|
|
if ! test -z "${_background_image}"; then
|
|
echo "Copying background image ..."
|
|
test -d "${_mount_dir}/.background" || mkdir "${_mount_dir}/.background"
|
|
_background_image_NAME=$(basename "${_background_image}")
|
|
cp "${_background_image}" "${_mount_dir}/.background/${_background_image_NAME}"
|
|
fi
|
|
|
|
echo "Creating link to /Applications ..."
|
|
ln -s /Applications "${_mount_dir}/Applications"
|
|
echo "Renaming Applications to empty string."
|
|
mv ${_mount_dir}/Applications "${_mount_dir}/ "
|
|
|
|
echo "Running applescript to set folder looks ..."
|
|
cat "${_script_dir}/blender.applescript" | osascript
|
|
|
|
echo "Waiting after applescript ..."
|
|
sleep 5
|
|
|
|
if [ ! -z "${C_CERT}" ]; then
|
|
# Codesigning requires all libs and binaries to be signed separately.
|
|
echo -n "Codesigning Python"
|
|
for f in $(find "${_mount_dir}/Blender.app/Contents/Resources" -name "python*"); do
|
|
if [ -x ${f} ] && [ ! -d ${f} ]; then
|
|
codesign --remove-signature "${f}"
|
|
codesign --timestamp --options runtime --entitlements="${_entitlements}" --sign "${C_CERT}" "${f}"
|
|
fi
|
|
done
|
|
echo ; echo -n "Codesigning .dylib and .so libraries"
|
|
for f in $(find "${_mount_dir}/Blender.app" -name "*.dylib" -o -name "*.so"); do
|
|
codesign --remove-signature "${f}"
|
|
codesign --timestamp --options runtime --entitlements="${_entitlements}" --sign "${C_CERT}" "${f}"
|
|
done
|
|
echo ; echo -n "Codesigning Blender.app"
|
|
codesign --remove-signature "${_mount_dir}/Blender.app"
|
|
codesign --timestamp --options runtime --entitlements="${_entitlements}" --sign "${C_CERT}" "${_mount_dir}/Blender.app"
|
|
echo
|
|
else
|
|
echo "No codesigning cert given, skipping..."
|
|
fi
|
|
|
|
# Need to eject dev files to remove /dev files and free .dmg for converting
|
|
echo "Unmounting rw disk image ..."
|
|
DEV_FILE=$(mount | grep "${_mount_dir}" | awk '{ print $1 }')
|
|
diskutil eject "${DEV_FILE}"
|
|
|
|
sleep 3
|
|
|
|
echo "Compressing disk image ..."
|
|
hdiutil convert "${_tmp_dmg}" -format UDZO -o "${DEST_DMG}"
|
|
|
|
# Codesign the dmg
|
|
if [ ! -z "${C_CERT}" ]; then
|
|
echo -n "Codesigning dmg..."
|
|
codesign --timestamp --force --sign "${C_CERT}" "${DEST_DMG}"
|
|
echo
|
|
fi
|
|
|
|
# Cleanup
|
|
rm -rf "${_tmp_dir}"
|
|
rm "${_tmp_dmg}"
|
|
|
|
# Notarize
|
|
if [ ! -z "${N_USERNAME}" ] && [ ! -z "${N_PASSWORD}" ] && [ ! -z "${N_BUNDLE_ID}" ]; then
|
|
# Send to Apple
|
|
echo "Sending ${DEST_DMG} for notarization..."
|
|
_tmpout=$(mktemp)
|
|
echo xcrun altool --notarize-app --verbose -f "${DEST_DMG}" --primary-bundle-id "${N_BUNDLE_ID}" --username "${N_USERNAME}" --password "${N_PASSWORD}"
|
|
xcrun altool --notarize-app --verbose -f "${DEST_DMG}" --primary-bundle-id "${N_BUNDLE_ID}" --username "${N_USERNAME}" --password "${N_PASSWORD}" >${_tmpout} 2>&1
|
|
|
|
# Parse request uuid
|
|
_requuid=$(cat "${_tmpout}" | grep "RequestUUID" | awk '{ print $3 }')
|
|
echo "RequestUUID: ${_requuid}"
|
|
if [ ! -z "${_requuid}" ]; then
|
|
# Wait for Apple to confirm notarization is complete
|
|
echo "Waiting for notarization to be complete.."
|
|
for c in {20..0};do
|
|
sleep 600
|
|
xcrun altool --notarization-info "${_requuid}" --username "${N_USERNAME}" --password "${N_PASSWORD}" >${_tmpout} 2>&1
|
|
_status=$(cat "${_tmpout}" | grep "Status:" | awk '{ print $2 }')
|
|
if [ "${_status}" == "invalid" ]; then
|
|
echo "Got invalid notarization!"
|
|
break;
|
|
fi
|
|
|
|
if [ "${_status}" == "success" ]; then
|
|
echo -n "Notarization successful! Stapling..."
|
|
xcrun stapler staple -v "${DEST_DMG}"
|
|
break;
|
|
fi
|
|
echo "Notarization in progress, waiting..."
|
|
done
|
|
else
|
|
cat ${_tmpout}
|
|
echo "Error getting RequestUUID, notarization unsuccessful"
|
|
fi
|
|
else
|
|
echo "No notarization credentials supplied, skipping..."
|
|
fi
|
|
|
|
echo "..done. You should have ${DEST_DMG} ready to upload"
|