From 7e3f2901f39ef45ca0bc9f2eb841f47df693ecac Mon Sep 17 00:00:00 2001 From: borgmanJeremy <46930769+borgmanJeremy@users.noreply.github.com> Date: Mon, 23 Jun 2025 20:04:25 -0500 Subject: [PATCH] Fix macos signing and clean up CI (#4020) * Fix macos signing and clean up CI * Get version on mac similar to windows --- .github/workflows/MacOS-pack.yml | 53 ++++------------ CMakeLists.txt | 2 - packaging/macos/Info.plist | 24 -------- packaging/macos/create_dmg.sh | 96 +++++++++++++++++++++++++++++ packaging/macos/create_keychain.sh | 33 ---------- packaging/macos/flameshot.icns | Bin 8507 -> 0 bytes packaging/macos/sign_qtapp.sh | 80 ------------------------ packaging/macos/update_package.sh | 55 ----------------- src/CMakeLists.txt | 84 +++++++++++++++++++------ 9 files changed, 172 insertions(+), 255 deletions(-) delete mode 100644 packaging/macos/Info.plist create mode 100755 packaging/macos/create_dmg.sh delete mode 100755 packaging/macos/create_keychain.sh delete mode 100644 packaging/macos/flameshot.icns delete mode 100755 packaging/macos/sign_qtapp.sh delete mode 100755 packaging/macos/update_package.sh diff --git a/.github/workflows/MacOS-pack.yml b/.github/workflows/MacOS-pack.yml index 38a37bc9..cb51bd8a 100644 --- a/.github/workflows/MacOS-pack.yml +++ b/.github/workflows/MacOS-pack.yml @@ -4,7 +4,6 @@ on: push: branches: - master - - fix* paths-ignore: - 'README.md' - 'LICENSE' @@ -36,25 +35,7 @@ jobs: runs-on: ${{ matrix.dist.os }} env: APP_NAME: flameshot - DIR_BULD: build - DIR_PKG: build/src - HELPERS_SCRIPTS_PATH: ../../packaging/macos - # Apple developer identity, example: "Developer ID Application: (code)" - # Note: no signing and notarization will be proceed if this variable is not set - APPLE_DEV_IDENTITY: ${{ secrets.APPLE_DEV_IDENTITY }} - # Apple ID user - APPLE_DEV_USER: ${{ secrets.APPLE_DEV_USER }} - # Apple ID user password - APPLE_DEV_PASS: ${{ secrets.APPLE_DEV_PASS }} - # Apple certificate with private and public keys in base64 format - APPLE_DEVELOPER_ID_APPLICATION_CERT_DATA: ${{ secrets.APPLE_DEVELOPER_ID_APPLICATION_CERT_DATA }} - # Apple certificate password - APPLE_DEVELOPER_ID_APPLICATION_CERT_PASS: ${{ secrets.APPLE_DEVELOPER_ID_APPLICATION_CERT_PASS }} - # Any temporary password for keychain, which will be created on github actions CI - APPLE_TEMP_CI_KEYCHAIN_PASS: ${{ secrets.APPLE_TEMP_CI_KEYCHAIN_PASS }} - # Temporary variable for internal use, it will be set on the "Build dmg" step - NOTARIZATION_CHECK: false - + DIR_BUILD: build steps: - name: Checkout Source code if: github.event_name == 'push' @@ -83,6 +64,9 @@ jobs: echo ${last_committed_tag:1} echo "Details: ${ver_info}" echo "================================" + # This will allow to build pre-preleases without git tag + # echo "VERSION=${last_committed_tag:1}" >> $GITHUB_ENV + echo "VERSION=$(cat CMakeLists.txt |grep 'set.*(.*FLAMESHOT_VERSION' | sed 's/[^0-9.]*//' |sed 's/)//g')" >> $GITHUB_ENV echo "VER_INFO=${ver_info}" >> $GITHUB_ENV - name: Install Qt @@ -90,36 +74,21 @@ jobs: - name: Configure run: | - rm -rf "${DIR_BULD}"/src/flameshot.dmg "${DIR_BULD}"/src/flameshot.app/ - cmake -S . -B "${DIR_BULD}" -DQt6_DIR=$(brew --prefix qt6)/lib/cmake/Qt6 -DUSE_MONOCHROME_ICON=True + rm -rf "${DIR_BUILD}"/src/flameshot.dmg "${DIR_BUILD}"/src/flameshot.app/ + cmake -GNinja -S . -B "${DIR_BUILD}" -DQt6_DIR=$(brew --prefix qt6)/lib/cmake/Qt6 -DUSE_MONOCHROME_ICON=True - name: Compile run: | - cmake --build "${DIR_BULD}" - - - name: Create key-chain and import certificate - run: | - cd "${DIR_PKG}" - ${HELPERS_SCRIPTS_PATH}/create_keychain.sh flameshot + cmake --build "${DIR_BUILD}" - name: Build dmg package run: | - cd "${DIR_PKG}" - ${HELPERS_SCRIPTS_PATH}/sign_qtapp.sh flameshot + cd "${DIR_BUILD}" + ninja create_dmg - name: Artifact Upload uses: actions/upload-artifact@v4 with: name: ${{ env.PRODUCT }}-${{ env.VER_INFO }}-artifact-macos-${{ matrix.dist.arch }} - path: ${{ github.workspace }}/build/src/flameshot.dmg - overwrite: true - - - name: Notarization status - shell: bash - run: | - if [[ "${NOTARIZATION_CHECK}" == "true" ]]; then - echo "Notarization check succeed" - else - echo "::warning Notarization check failed" - # exit 1 - fi + path: ${{ github.workspace }}/build/src/Flameshot-${{ env.VERSION }}.dmg + overwrite: true \ No newline at end of file diff --git a/CMakeLists.txt b/CMakeLists.txt index 51801c60..f90e62c1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -80,8 +80,6 @@ if(WIN32) add_definitions(-DFLAMESHOT_VERSION_STRING="${PROJECT_VERSION}") elseif(APPLE) set(Qt6_DIR "$(brew --prefix qt6)/lib/cmake/Qt6/" CACHE PATH "directory where Qt6Config.cmake exists.") - set(CMAKE_MACOSX_BUNDLE ON) - set(CMAKE_MACOSX_RPATH ON) endif() set(RUN_IN_PLACE ${DEFAULT_RUN_IN_PLACE} diff --git a/packaging/macos/Info.plist b/packaging/macos/Info.plist deleted file mode 100644 index 1ae6106a..00000000 --- a/packaging/macos/Info.plist +++ /dev/null @@ -1,24 +0,0 @@ - - - - - CFBundleExecutable - Flameshot - CFBundleIconFile - flameshot - CFBundleIdentifier - com.Flameshot.flameshot - CFBundlePackageType - APPL - CFBundleSignature - ???? - LSMinimumSystemVersion - 10.13 - NOTE - This file was generated by Qt/QMake. - NSPrincipalClass - NSApplication - NSSupportsAutomaticGraphicsSwitching - - - diff --git a/packaging/macos/create_dmg.sh b/packaging/macos/create_dmg.sh new file mode 100755 index 00000000..3c53eb20 --- /dev/null +++ b/packaging/macos/create_dmg.sh @@ -0,0 +1,96 @@ +#!/bin/bash + +# Script to create and optionally sign a DMG file +# Usage: create_dmg.sh +# If signing identities are empty, DMG will be created unsigned + +APP_PATH="$1" +DMG_PATH="$2" +APP_SIGN_IDENTITY="$3" +DMG_SIGN_IDENTITY="$4" + +if [ $# -ne 4 ]; then + echo "Usage: create_dmg.sh " + echo "Note: Leave signing identities empty to create unsigned DMG" + exit 1 +fi + +echo "Creating DMG from: $APP_PATH" +echo "Output DMG: $DMG_PATH" + +rm -f "$DMG_PATH" + +TEMP_DIR=$(mktemp -d) +echo "Using temp directory: $TEMP_DIR" + +cp -R "$APP_PATH" "$TEMP_DIR/" + +# Create Applications symlink +ln -s /Applications "$TEMP_DIR/Applications" + +# Calculate size needed for DMG (in KB) +SIZE=$(du -sk "$TEMP_DIR" | cut -f1) +SIZE=$((SIZE + 1000)) # Add some padding + +echo "Creating DMG with size: ${SIZE}k" + +# Create DMG +hdiutil create -srcfolder "$TEMP_DIR" \ + -volname "Flameshot" \ + -fs HFS+ \ + -fsargs "-c c=64,a=16,e=16" \ + -format UDZO \ + -size ${SIZE}k \ + "$DMG_PATH" + +if [ $? -ne 0 ]; then + echo "Failed to create DMG" + rm -rf "$TEMP_DIR" + exit 1 +fi + +echo "DMG created successfully" + +# Sign the DMG (either with identity or ad hoc) +if [ -n "$DMG_SIGN_IDENTITY" ] && [ "$DMG_SIGN_IDENTITY" != "" ]; then + echo "Signing DMG with identity: $DMG_SIGN_IDENTITY" + codesign --force --sign "$DMG_SIGN_IDENTITY" --timestamp "$DMG_PATH" + + if [ $? -eq 0 ]; then + echo "DMG signed with Developer ID" + # Verify signature + echo "Verifying DMG signature..." + codesign --verify --verbose "$DMG_PATH" + else + echo "Failed to sign DMG with identity" + rm -rf "$TEMP_DIR" + exit 1 + fi +else + echo "Signing DMG with ad hoc signature (no identity required)" + codesign --force --sign - "$DMG_PATH" + + if [ $? -eq 0 ]; then + echo "DMG signed with ad hoc signature" + else + echo "Failed to ad hoc sign DMG" + rm -rf "$TEMP_DIR" + exit 1 + fi +fi + +# Clean up +rm -rf "$TEMP_DIR" + +echo "DMG creation complete: $DMG_PATH" + +if [ -z "$DMG_SIGN_IDENTITY" ] || [ "$DMG_SIGN_IDENTITY" = "" ]; then + echo "" + echo "NOTE: This DMG uses ad hoc signing (no Developer ID required)." + echo "Users will see a security warning but can still run the app by:" + echo "1. Right-clicking the app and selecting 'Open'" + echo "2. Or going to System Preferences > Security & Privacy and clicking 'Open Anyway'" + echo "3. The warning only appears on first launch" + echo "" + echo "The app and DMG are properly signed for Apple Silicon requirements." +fi diff --git a/packaging/macos/create_keychain.sh b/packaging/macos/create_keychain.sh deleted file mode 100755 index fb4ca17a..00000000 --- a/packaging/macos/create_keychain.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -# Inspired by -# https://localazy.com/blog/how-to-automatically-sign-macos-apps-using-github-actions - -TEMP_CI_CERT_FILENAME="temp_ci_appleDistribution.p12" - -# Get the following variables from MacOS-pack.yaml: -# APP_NAME -# APPLE_DEV_IDENTITY -# APPLE_DEVELOPER_ID_APPLICATION_CERT_PASS -# APPLE_DEVELOPER_ID_APPLICATION_CERT_DATA -# APPLE_TEMP_CI_KEYCHAIN_PASS - -# For the Community (if no Apple Developer ID available) -if [[ "${APPLE_DEV_IDENTITY}" == "" ]]; then - echo "WARNING: No credentials for signing found" - echo "WARNING: Cannot create keychain for signing" - echo "WARNING: dmg package won't be signed and notarized" - exit 0 -fi - -# create keychain -security create-keychain -p "${APPLE_TEMP_CI_KEYCHAIN_PASS}" build.keychain -security default-keychain -s build.keychain -security unlock-keychain -p "${APPLE_TEMP_CI_KEYCHAIN_PASS}" build.keychain - -# import certificate -[ -r "${TEMP_CI_CERT_FILENAME}" ] && rm "${TEMP_CI_CERT_FILENAME}" -echo "${APPLE_DEVELOPER_ID_APPLICATION_CERT_DATA}" | base64 --decode > "${TEMP_CI_CERT_FILENAME}" -security import "${TEMP_CI_CERT_FILENAME}" -P "${APPLE_DEVELOPER_ID_APPLICATION_CERT_PASS}" -k build.keychain -T /usr/bin/codesign -[ -r "${TEMP_CI_CERT_FILENAME}" ] && rm "${TEMP_CI_CERT_FILENAME}" -security find-identity -v -security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${APPLE_TEMP_CI_KEYCHAIN_PASS}" build.keychain diff --git a/packaging/macos/flameshot.icns b/packaging/macos/flameshot.icns deleted file mode 100644 index b8db080fc200fc45e55c3ff6c92b6165af6dbbc1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8507 zcmeHtS5y>B+iuScLl_1SBnLssC`eENksuNTC8GpI1Vlh34s1aMX2>cML{X3^Nf9N? zkTXaS5JW(NWRM&tkzx98_P5V}{)=;S);bsGV)t6zRqs=8yi39cOEU zyGBNU3{+R zKWyyXu;=IiS6gjtIj`DtBN3H|I66TQEqIt5;Unke*SXnT+4oLzU3;Hzc`IOI*S;gS4TgdD8|ZLbHe94?reuf~GEXWUymsT95oeI&)r^{scjaQ*X@ z^?$}OJ*rzN>+1Dt#%8^;mp@wOXV=!&o`}Cph>3|AuS=FmEXXCo@3bYqd$;V}P#!D}8!I@I1V| z2US5YcT2XVqqB1`F)?xc`M#{UxcG~}z`#%E>|Gf$EV&-|Cw@shnwy*Zsvf!X@T!T4 zr#1erkvQ5Lm`*YPP*RUr24Ai}t_{`q(`S8%at^()-!8{La`+&@_gdg=jLlo|(O+{M-?k z^gssz#QUvG{DEq#p~cn((|3(to|Mc-{1Tb<-j?3}q;m15)Z1y2zic~bhYnH^jb7GE z=`}PQy{hl>l}C4&UdTz~Zi5%YAlS;p^eXkcA!~s5!LA?9L*2*Lbr}<3AP&C@sY)nfSG1A~JJ}o%UG1L_!pnWu%;J z`Mu>ij}c;C`fYxGzN43)6hlVX<9bwSL(JK5x+c%&JO?56XK^;?RaC4)do?Bch4Vh& z6v+siFYf5*m`hGhrdyXgl{)sJg%~m>sXG-!jS?0>-DdT z-^)gnV_xFYllG`ifj>Ubh4;u+QANA}E#!79EaH#y zRG`;YgexLG@ZuIX=Z^F#qI<^o_U|1CEKxY^VQ#dzEK#TdW{joXPpQL8t`L;r2IHm~h?Z$o=o_#YK;j z0wPI%CcF$oR-zd8^Gc=N-hKrf6QOVXw5+VGxIP3)8Z!D` zc3#PEKcvVMvNqhG-DO7)8w%X{(>Jr|dE8X*(@`ri?K(#vpOTc%7OCqlZvwESkOI~& z?1PXfe%2+R^VX&In|6zzu9{+|`-teHZ}3a}`+}LS?GtSnQ5ks!`rps(!otrso#2~O zi|}k2PV6}idoUo;vOP%m{kB(G(itv%3_0C z0{i9Z(>3;h%83@gvn6OJk7jnKo5eP&E_X-*o;B@cbpm8_fStU&-6uQN zbJH$X+v5h3uTX0?JL&@;mJshar@LmNBxRb`i#KNQN-edy3&5m6a&<#>3~m7_X+)hcIdjZVLT zoBY^0?qB(&Lrv3gE|6zRS7E1)KIc=>aEMe$6g9I+1W^coRdy6*GYedJu$^pS(zpi3 zN6BBAqWhWyJM|LHAPpot5Ae6|gzp7NRjPbpuz7PiXR0}pO;V_)9d_a9)iX5aq81ae zCVx$bEZKp5zV8Dni~ZW;{JWHihzcjOahH7tCnu-ABnQf-1m|CW#wctJFNo%>)1+s! z^PgN0W^FE#A}ceZqN0KAGHqDx69D^1Jkjlr?S~xcW#HDr$fFA6IGX^Ine+jvX);6* zYy3V~khmf*sZoX@?-x9_+&27Sr)v(`2E!J`BKZelyXVWru5xgFy z&IW?Ru;|o3YSSF7Qg=7h1H0``d0gscWPS36{ZeJ?$>Rvi>yOgnZPvzF^d%(tfr3*? zMv_@FsHyt?Gnv822JP8`U8Hm~&-ZXatH)7{+dLC!QD(J;feoU@w!YUmMs*x{B04>6 z%t>@TnD;_gnR5TwSRfCp{L2$ZBdRw7bZZ)vD>Wi2e zbj0qJ=MdXG;WV{!+vbd*6#Hi!D}w@Y*DmvaZ2NsRn7lKe9-C!yZc9mK5nz+=0zXV8 z$2*VPpS|gJ?L4Qeg5I4p_{L7lk{(BPT1(Qg0v+9;7wO{g@mAtyPPCP`5RuC|PCD#r zzryt{Ckf{WIV+}}bFFP^YHEW%vP*@{SZ!3gcXWN2TrizZ;jEIev-;dK!Mjp!UmiEa z=`7kx_|SYrG{F`cCG#{0*ah`d6Dvghs|3*jS63VKMW$v)lqCr0q^&G2N;|fc zE0po^$#^6Q@T<&QemmDS(?iwwCu&d#&Ki$Ogt%`m0GeoRH6Wbjr26Xm<`>#azw_(a z?C6c>9`x9gZC=6LC!4(Ld2W)-U*$@_9SvfL_eFTwslM)%R4-(>%}EiK{4JAmH>{Qy$r;tkfkdJfN@_mtcdCE|C^k%QUlQ4$+P zy8#ppwP(ztlk|eyoovk#Z|`t^nLeLdUI}MfHuHaWB%P0+UncAG-2q*{dF>u?gt(Q? z&@zll44cPvE10eOgNT&3a-(#E~poqsu>)lbYQzM z^NoCu{a!XL#^Sd;ji*OrZ-sa8d4BC5i9wiWV`Ae;p7Al=p4ps_Mq$q zksjsZT6ewUIE8YPT+c>XJ^QaeJ`vZC{3V#W8!M=)7=sAm5>e&T%U{aY#tv-T z^a@?cnYiUMK7HNOamTL*p&2-fcWDkzLLFRWJKWH#ooQhm8%IgkT4TVcc{KQ|A6r$; zH=bKfAWfGeMi1!^l|}bPR3*Rrh|3vz_EB zmkukKI;bFD`63XY&ZyRjKQFi<6YscS*a9f~8 zXdL0f)ZB*FKjuHA3g?dYvc+=|%30sKT%aH6X^vD@s0yVC`vk|3vO1=gyZX|e#On>3 zB>rU8vcZ^}dS5G1O*0FB=!gw`CNG7X$_fJ?3C2sijRh$xUf|qdE_mUx-YA@+;yvBb z)O{q}-)= z(#Jk?)+5B5W5G=`#4QEO{KNrLnf5~=U@V5O_ za>)ayqxEvMtXs1sALKH9lF(x;L`}-oWo<8RmA!gfErLWFak|*onJ=7YzNa5IlPhRb zzT$j~fp=2}x3MdH8)P(#qZWQTuX(z)T85IZB0S5%O6)9(aqrR8h$it21~% z0PMD0B!D=3fQ7vP-~kn=2mlcYmNP=ev%N>*0G;9*xNJSPb^1&gYPyoqP4ubni z5OymBKr*(2peq~)z~~aNAnf2;H~_Qy0O9frAlS!;1>p3dyEqW=4FllDtItCK*ex0s zL>fVgH-0w+1VTdqIwp@b&<={g`WXiz(gB6qFc65w0`y43Y7pF$hFWwsaUgsKw-62@ zaR8@d*&cMOZVoJT)6XFwY_~5Qq&s*X*}nxDiS!Vx3x$Slw}peS{km`vu!11oj?jM~ z%AYV0HYW{X;Rg`5`vY?8+6e=ZrAPoczXCN97s5a|<=0*)h}?Yu036kjM<*>5gzx_( zhJkc_0ss&c4#F4aXdxhccXSErLc50rfKjO1&cGH98qG@g3=M*t(Ga`~_1x=UhLW3} z=-q^3Eok5XU^NtE9GeG0+EULPDFTFV-+)2rw-AtlI0Ax{p`qsh**S22a1RQ3r&mvp^z2)B!<=I;0H}_yWL!5OK&f^2A{kqRj@G zN}h!%k{=4-K!`ISX^TuDLI6Gl2nBHfJxHQZ$Ydf!7yRE47C?ZcO)8EI5v91S6+5COstF*vD$5Q2x7;|YI5 zRB9+0wlx)or>n+y0YD_=L=7P$s2j~CA$U3hq4;lXj}!t0+ZrQ4UFpj3c;GM^?LUrl zrD1p&q2w?cYU?oPtqtOEDIpXO|7R$uUCIWTvOyecC_Y5Xpb37Im>)-K^8kz$5$Q^?GP-D)D$|K8ozI4S;4UVUR+Vd~2O7vMWS;;7&fk`AO$%bnO!L@W>x5U@JM-PuW(*)U~r5c|iEMY4V(7?zpW z<$7y|4r37{+oy(pbJw#eUT9v}$459Xu~tUnSf`m^mNFX}?f)r1zfRBPx_N>A&jS|z z#-jx{c!Q>NvwCfpXiR!?4qqicS{Z~mfY_?RZgb3nyT5Sejq=)Bbz5$L{yxlC(Xh~* z=YnQTIz2@-<`!q0?R-0z_H}9mb#rrsUqGNIA&IS_T=Css(D7~ja|ux7l}Iw|w(Rx1 ze~P<08Y8?l*7C_p%u=~Mhh5p(Bz4*5@lbN#gZTC(02*6I`&Z<|Mc$4;wHl% zC9^tYhyd5Sk^9@n_WHO4zbP#rY1Y#TxVpT&oRD2L&L|1f3a%Ji!=8Et0Ge$hd26~E zmu^goU8xdF{k}MpY1+{PMn$VsIfDxhp{lxB-D7`Qg>S z-0JKr*(dHPIGWz#%<7(KX%vH1sJN*=vLItZdrHr)r{qFg8uhC6YPxr5{s$_TS#LCLb zKC46T*_RycesS~VQBmh2C};3Lce=b&BJy%`XQ{FH!o-u}I6gCt)$+!mg87?NG3;{m zPhd71%osXVn(NWoc-t!=D2T@B?gi8>B&PBw-7)Y8J25ji3g1H-Jv1`=u@iqR&Sc#v z!cLT}ZN{6qn~kz@Ly(WpMp7VlszIjvntsW3hANH$87EX_jn82G!Dw%9annd#KL;A; ze>S!w?z%6Y;RA`hu&{vYHgW7fAo8miSwe2MW>WqGMwj+P{9>r$}$mm>HBC(TxI|{ueq`l|ax+QG|MQ zhCYjH#>TC{OXWf(f#9qC2-`O%lJQAJSRyA}Ux#x&@fFan4X?L%TtVNLWX-~0Fp^W^ zOmh~7B(C)Cp|SIQeO5{$r9w?pXXnbVTUmW_trJ11udc3!K6i>|OXP|G75{HsA0+L;*Z~$O~ zWS_eXwAA;Pg#;l}zb#ZP{RmYbgCRJ8#}@kdIKC|b+}{B+0Dvwe4FHU3U}QWNWX_?} zuLaEjL@fv|;lLwptu$~=5U`^`<_;u6SFs?v3?}ghTBI&R*ct^3!mWW;NE)qEz`f-a zC_+0E0C{dM@2@OuKr7ufWdQgLX|B!1ZOE6_qlE>S&+Tq5t$}MbPn|SSkTQW4l9xt2 zgdu4oH=N4%41irc@)Uqlp+dR_0HIVU6lnY)2#tS+O8s9|3P`~LaA@U^1DOHR);<{k z>Isku4dH-9rS4Me38hu|!`59gg}gmk2w7#2iP|HP$(tRegi1WLK1Xds`d|rC5EX<& zR~mV9bH1+RP_!JH8=G_Ogc3q!Y3X5Hrd{$6e0gO_f1G+5nJj%gJ$V`! zbXX*o-qORt-P!&KH`L_p>*V0;@W9hW*2np-vyZcfle49plc&dFOaVdej0`OOPhpYc zCv5){>9C{qf2z)yo5mJ8Zce^XA`U(Q?~jXG8(WzCod6>{znHY5vcXj|iyIEEUXMe< oBcDdc#Jzk|R9aJ8*U<7~c<%7$2Iznt{>pH8i2bMd?<@Jg0Q3~fH2?qr diff --git a/packaging/macos/sign_qtapp.sh b/packaging/macos/sign_qtapp.sh deleted file mode 100755 index be49af0f..00000000 --- a/packaging/macos/sign_qtapp.sh +++ /dev/null @@ -1,80 +0,0 @@ -#!/bin/bash -# Inspired by -# https://localazy.com/blog/how-to-automatically-sign-macos-apps-using-github-actions -# https://forum.qt.io/topic/96652/how-to-notarize-qt-application-on-macos/18 - -# Get the following variables from the MacOS-pack.yaml: -# APP_NAME -# APPLE_DEV_IDENTITY -# APPLE_DEV_USER -# APPLE_DEV_PASS - -# For the Community (if no Apple Developer ID available) -if [[ "${APPLE_DEV_IDENTITY}" == "" ]]; then - echo "WARNING: No credentials for signing found" - echo "WARNING: dmg package won't be signed and notarized" - echo "--> Start packaging process" - "$(brew --prefix qt6)/bin/macdeployqt" "${APP_NAME}.app" -dmg - echo "--> Update dmg package links" - "./${HELPERS_SCRIPTS_PATH}/update_package.sh" - exit 0 -fi - -echo "--> Start application signing process" -codesign --sign "${APPLE_DEV_IDENTITY}" --verbose --deep "${APP_NAME}.app" - -echo "--> Start packaging process" -"$(brew --prefix qt6)/bin/macdeployqt" "${APP_NAME}.app" -dmg -sign-for-notarization="${APPLE_DEV_IDENTITY}" - -echo "--> Update dmg package links" -"./${HELPERS_SCRIPTS_PATH}/update_package.sh" - -echo "--> Start dmg signing process" -codesign --sign "${APPLE_DEV_IDENTITY}" --verbose --deep "${APP_NAME}.dmg" - -echo "--> Start Notarization process" -response=$(xcrun altool -t osx -f "${APP_NAME}.dmg" --primary-bundle-id "org.namecheap.${APP_NAME}" --notarize-app -u "${APPLE_DEV_USER}" -p "${APPLE_DEV_PASS}") -requestUUID=$(echo "${response}" | tr ' ' '\n' | tail -1) - -for ((ATTEMPT=5; ATTEMPT>=1; ATTEMPT--)) -do - echo "--> Checking notarization status" - statusCheckResponse=$(xcrun altool --notarization-info "${requestUUID}" -u "${APPLE_DEV_USER}" -p "${APPLE_DEV_PASS}") - - isSuccess=$(echo "${statusCheckResponse}" | grep "success") - isFailure=$(echo "${statusCheckResponse}" | grep "invalid") - - if [[ "${isSuccess}" != "" ]]; then - echo "Notarization done!" - xcrun stapler staple "${APP_NAME}.dmg" - EXIT_CODE=$? - if [ ${EXIT_CODE} -ne 0 ]; then - echo "Stapler failed!" - exit ${EXIT_CODE} - fi - echo "Stapler done!" - break - fi - if [[ "${isFailure}" != "" ]]; then - echo "${statusCheckResponse}" - echo "Notarization failed" - exit 1 - fi - - echo "Notarization not finished yet, sleep 2m then check again..." - for num in {1..12} - do - sleep 10 - echo "Elapsed: ${num}0 sec" - done -done - -if [[ "${ATTEMPT}" == 0 ]]; then - export NOTARIZATION_CHECK="false" - echo "::warning Notarization check failed" -else - export NOTARIZATION_CHECK="true" -fi - -echo "--> Start verify signing process" -codesign -dv --verbose=4 "${APP_NAME}.dmg" diff --git a/packaging/macos/update_package.sh b/packaging/macos/update_package.sh deleted file mode 100755 index 24736d4d..00000000 --- a/packaging/macos/update_package.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash - -echo "Change the permission of .dmg file" -hdiutil convert "flameshot.dmg" -format UDRW -o "flameshot_rw.dmg" - -echo "Mount it and save the device" -DEVICE=$(hdiutil attach -readwrite -noverify "flameshot_rw.dmg" | grep -E '^/dev/' | sed 1q | awk '{print $1}') -sleep 5 - -echo "Create the sysmbolic link to application folder" -PATH_AT_VOLUME="/Volumes/flameshot/" -CURRENT_PATH="$(pwd)" -cd "${PATH_AT_VOLUME}" -ln -s /Applications -cd "${CURRENT_PATH}" - -# TODO - add background and icon location. -# https://forum.qt.io/topic/94987/how-can-i-add-symbolic-link-application-and-background-image-in-dmg-package/3 -#echo "copy the background image in to package" -#mkdir -p "${PATH_AT_VOLUME}".background/ -#cp backgroundImage.png "${PATH_AT_VOLUME}".background/ -#echo "done" -# -## tell the Finder to resize the window, set the background, -## change the icon size, place the icons in the right position, etc. -#echo ' -# tell application "Finder" -# tell disk "/Volumes/src:flameshot" -# open -# set current view of container window to icon view -# set toolbar visible of container window to false -# set statusbar visible of container window to false -# set the bounds of container window to {400, 100, 1110, 645} -# set viewOptions to the icon view options of container window -# set arrangement of viewOptions to not arranged -# set icon size of viewOptions to 72 -# set background picture of viewOptions to file ".background:backgroundImage.png" -# set position of item "flameshot.app" of container window to {160, 325} -# set position of item "Applications" of container window to {560, 320} -# close -# open -# update without registering applications -# delay 2 -# end tell -# end tell -#' | osascript -# -#sync - -# unmount it -hdiutil detach "${DEVICE}" -rm -f "flameshot.dmg" - -hdiutil convert "flameshot_rw.dmg" -format UDZO -o "flameshot.dmg" -rm -f "flameshot_rw.dmg" diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index f408314c..1ae2e268 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -229,12 +229,14 @@ if (USE_WAYLAND_CLIPBOARD) endif() if (APPLE) - set(MACOSX_BUNDLE_IDENTIFIER "org.flameshot") - set_target_properties( - flameshot - PROPERTIES - XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER ${MACOSX_BUNDLE_IDENTIFIER} - ) + set_target_properties(flameshot PROPERTIES + MACOSX_BUNDLE TRUE + MACOSX_BUNDLE_BUNDLE_NAME "Flameshot" + MACOSX_BUNDLE_BUNDLE_VERSION ${PROJECT_VERSION} + MACOSX_BUNDLE_SHORT_VERSION_STRING ${PROJECT_VERSION} + MACOSX_BUNDLE_IDENTIFIER "org.flameshot.Flameshot" + MACOSX_BUNDLE_GUI_IDENTIFIER "org.flameshot.Flameshot" + ) target_link_libraries( flameshot qhotkey @@ -443,18 +445,62 @@ endif () # macdeployqt if (APPLE) - set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/Modules/") - execute_process(COMMAND brew --prefix qt5 OUTPUT_VARIABLE QTDIR) - string(REGEX REPLACE "\n$" "" QTDIR "${QTDIR}") - set(MAC_DEPLOY_QT ${QTDIR}/bin/macdeployqt) - if (EXISTS ${MAC_DEPLOY_QT}) - set_source_files_properties(resources/icon.icns PROPERTIES - MACOSX_PACKAGE_LOCATION Resources) +# Code signing settings - optional, set to empty string to skip signing + set(CODE_SIGN_IDENTITY "" CACHE STRING "Code signing identity (leave empty to skip signing)") + set(DMG_SIGN_IDENTITY "" CACHE STRING "DMG signing identity (leave empty to skip signing)") + # Custom target to create DMG (signed or unsigned) + add_custom_target(create_dmg + COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/../packaging/macos/create_dmg.sh + "${CMAKE_CURRENT_BINARY_DIR}/Flameshot.app" + "${CMAKE_CURRENT_BINARY_DIR}/Flameshot-${PROJECT_VERSION}.dmg" + "${CODE_SIGN_IDENTITY}" + "${DMG_SIGN_IDENTITY}" + DEPENDS flameshot + WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} + COMMENT "Creating DMG" + VERBATIM + ) + +# Always sign the app bundle (either with identity or ad hoc) + if(CODE_SIGN_IDENTITY AND NOT CODE_SIGN_IDENTITY STREQUAL "") + # Identity-based signing (requires Developer ID) + add_custom_command(TARGET flameshot POST_BUILD + COMMAND codesign --force --deep --sign "${CODE_SIGN_IDENTITY}" + --options runtime --timestamp "$" + COMMENT "Code signing app bundle with ${CODE_SIGN_IDENTITY}" + ) + else() + # Ad hoc signing + add_custom_command(TARGET flameshot POST_BUILD + COMMAND codesign --force --deep --sign - "$" + COMMENT "Ad hoc code signing app bundle (no identity required)" + ) + endif() + # Deploy Qt libraries and dependencies + find_program(MACDEPLOYQT_EXECUTABLE macdeployqt HINTS ${Qt6_DIR}/../../../bin) + + if(MACDEPLOYQT_EXECUTABLE) + add_custom_command(TARGET flameshot POST_BUILD + COMMAND ${MACDEPLOYQT_EXECUTABLE} "$" -verbose=2 + COMMENT "Deploying Qt libraries" + ) + + # Re-sign after macdeployqt (it modifies the bundle) + if(CODE_SIGN_IDENTITY AND NOT CODE_SIGN_IDENTITY STREQUAL "") + add_custom_command(TARGET flameshot POST_BUILD + COMMAND codesign --force --deep --sign "${CODE_SIGN_IDENTITY}" + --options runtime --timestamp "$" + COMMENT "Re-signing app bundle after Qt deployment" + ) + else() + add_custom_command(TARGET flameshot POST_BUILD + COMMAND codesign --force --deep --sign - "$" + COMMENT "Re-signing app bundle after Qt deployment (ad hoc)" + ) + endif() + else() + message(WARNING "macdeployqt not found. App may not run on systems without Qt installed.") + endif() + - set_target_properties(${target} PROPERTIES - MACOSX_BUNDLE TRUE - ) - else () - message("Unable to find executable ${MAC_DEPLOY_QT}.") - endif () endif ()