Changes:
- Set correct target architecture when building on ARM64.
- Split signing and notarization into separate commands. This eases the
workflow when notarization fails because changes to Apple's ToS have
not yet been accepted on iTunes Connect.
- Sign all binaries and frameworks individually instead of using --deep.
This is the correct way of signing apps and it avoids weird problems
during signature verification.
- Fix signing of AppDirs, which was supposed to work, but never did.
* Move portable configuration files into a config subfolder from the executable. This prevents overwriting the stored config when the application is updated in-place.
* Use .portable file to signal a portable app
* Fix#4751
The recent macOS security patch renders our codesigning
"fix" of setting the sandbox entitlement to false twice
unusable. This patch adds a full provisioning profile
and adjusts the signing procedure to not include
entitlements for Qt frameworks.
The patch also changes the app and bundle ID, so granted
accessibility privileges have to be granted again after
installing the update.
Fixes#4398Fixes#4515
* Introduce .gitrev file to tarball generation
* Correct labeling of builds based on supplied parameters to CMake
* Convert supplied key file path to absolute when building under MSYS
* Support OVERRIDE_VERSION to build properly version numbered snapshots
* Do not build tests for any build
* Remove Git revision finding code in favor of a simple command call: git rev-parse --short=7 HEAD
* Added GIT_HEAD_OVERRIDE to explicitly define the hash for the current commit in case git is not available
* Made WIX default over NSIS in release tool
* Rename version.h to git-info.h
AppImage recipes are the legacy method for building AppImages, whereas
linuxdeploy is meant to replace them. It takes care of finding and
deploying all needed libraries and Qt plugins automagically, but it's
still under heavy development, so some manual work using appimagetool
and a few fixes are required to make it work for KeePassXC.
This patch moves building of AppImages directly into the release-tool,
both as a separate module (release-tool appimage) as well as a flag
(--appimage) for the build module. The release and CI Dockerfiles were
updated accordingly to support the new build process. The release
Dockerfile also received a Qt update to version 5.10.1.
In theory, it is now possible to use release-tool appsign for embedding
PGP signatures into AppImages, but it fails in practice due to ELF
header size limitations.
According to the AppStream specification org.keepassxc is not a valid
id. The product name is missing. This results in failures if one tries
to validate the file and makes it unusable where validation is enforced.
Additionally it seems specification don't allow the `<icon>` tag with
component type desktop-application. I am not sure this tag is strictly
necessary. In any case validation tests require this to be removed.
Fixing both of these issues ensure the AppStream appdata is compliant
and works anywhere passing validations is a requirement.
Also provide some other fixes and improvements to the appdata.
Minor validation failures:
- Fix missing captions for screenshots (`appstreamcli`)
- Fix descriptions cannot start with `<ul>` tag (`appstream-util`)
Other enhancements:
- Add more URL types, but could not add donation type because "&" is not
allowed in the `<url>` tag and using "%26" causes
`appstreamcli validate` to fail.
- Add `<developer_name>`, which in cases such as KeePassXC is a team name.
