diff --git a/.gitignore b/.gitignore index ea2f6a73c..22b7f3f35 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,7 @@ +appledev.p12 build build.cfg +dist .pydevproject .project .idea diff --git a/scripts/appledev.p12.enc b/scripts/appledev.p12.enc new file mode 100644 index 000000000..7a819fd49 Binary files /dev/null and b/scripts/appledev.p12.enc differ diff --git a/scripts/package-osx.sh b/scripts/package-osx.sh index e019770d9..214e28bbf 100755 --- a/scripts/package-osx.sh +++ b/scripts/package-osx.sh @@ -12,15 +12,37 @@ python3 setup.py build_locales pip3 install pyinstaller pyinstaller picard.spec +codesign=0 + +if [ -n "$encrypted_be5fb2212036_key" ] && [ -n "$encrypted_be5fb2212036_iv" ]; then + openssl aes-256-cbc -K "$encrypted_be5fb2212036_key" -iv "$encrypted_be5fb2212036_iv" -in scripts/appledev.p12.enc -out scripts/appledev.p12 -d +fi + +if [ -f scripts/appledev.p12 ] && [ -n "$appledev_p12_password" ]; then + security create-keychain -p picard picard.keychain + security unlock-keychain -p picard picard.keychain + security list-keychains -d user -s picard.keychain + security default-keychain -s picard.keychain + # The line below may become necessary when building on Sierra. + # See https://stackoverflow.com/q/39868578 + # security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k picard picard.keychain + security import scripts/appledev.p12 -k picard.keychain -P "$appledev_p12_password" -T /usr/bin/codesign + security find-identity -p codesigning # For debugging + codesign=1 +fi + cd dist ditto -rsrc --arch x86_64 'MusicBrainz Picard.app' 'MusicBrainz Picard.tmp' rm -r 'MusicBrainz Picard.app' mv 'MusicBrainz Picard.tmp' 'MusicBrainz Picard.app' -hdiutil create -volname "MusicBrainz Picard $VERSION" -srcfolder 'MusicBrainz Picard.app' -ov -format UDBZ "MusicBrainz Picard $VERSION.dmg" +[ "$codesign" = '1' ] && codesign --keychain picard.keychain --verify --verbose --deep --sign 'Developer ID Application: MetaBrainz Foundation Inc.' 'MusicBrainz Picard.app' +dmg="MusicBrainz Picard $VERSION.dmg" +hdiutil create -volname "MusicBrainz Picard $VERSION" -srcfolder 'MusicBrainz Picard.app' -ov -format UDBZ "$dmg" +[ "$codesign" = '1' ] && codesign --keychain picard.keychain --verify --verbose --sign 'Developer ID Application: MetaBrainz Foundation Inc.' "$dmg" if [ -n "$UPLOAD_OSX" ] then - curl --upload-file "MusicBrainz Picard $VERSION.dmg" https://transfer.sh/ + curl --upload-file "$dmg" https://transfer.sh/ # Required for a newline between the outputs echo -e "\n" - md5 -r "MusicBrainz Picard $VERSION.dmg" -fi \ No newline at end of file + md5 -r "$dmg" +fi diff --git a/scripts/setup-osx.sh b/scripts/setup-osx.sh index b06e6695d..578384558 100755 --- a/scripts/setup-osx.sh +++ b/scripts/setup-osx.sh @@ -1,11 +1,10 @@ #!/usr/bin/env bash brew update -brew tap samj1912/core -brew tap-pin samj1912/core -brew install python3 -brew link python3 --force brew install gettext brew link gettext --force +wget "https://www.python.org/ftp/python/3.6.6/python-3.6.6-macosx10.9.pkg" +sudo installer -pkg python-3.6.6-macosx10.9.pkg -target / +sudo python3 -m ensurepip wget "ftp://ftp.musicbrainz.org/pub/musicbrainz/libdiscid/libdiscid-$DISCID_VERSION.tar.gz" tar -xf "libdiscid-$DISCID_VERSION.tar.gz" cd "libdiscid-$DISCID_VERSION" @@ -18,4 +17,4 @@ tar -xf "chromaprint-fpcalc-$FPCALC_VERSION-macos-x86_64.tar.gz" cp "chromaprint-fpcalc-$FPCALC_VERSION-macos-x86_64/fpcalc" . pip3 install --upgrade pip setuptools wheel pip3 install virtualenv -virtualenv -p python3 . +python3 -m virtualenv -p python3 .