Start writing a proper macOS build script

2025-01-12 15:59:30 -05:00 · 2020-11-06 08:54:53 -08:00 · 2020-11-06 08:54:53 -08:00 · 1b23f82474
commit 1b23f82474
parent 654611f1e4
12 changed files with 98 additions and 2243 deletions
--- a/RELEASE.md
+++ b/RELEASE.md
@ -126,26 +126,16 @@ _TODO: Codesign_

 ### macOS

-Build a wheel package for OnionShare CLI (including Tor binaries, from Tor Browser):
-
-```sh
-cd cli
-poetry install
-poetry build
-```
-
-This will make a file like `dist\onionshare_cli-$VERSION-py3-none-any.whl` (except with your specific version number). Move it into `..\desktop`:
-
-```
-cp dist/onionshare_cli-*-py3-none-any.whl ../desktop
-cd ../desktop
-```
-
-Make sure the virtual environment is active, and then run `briefcase create`:
+Make sure your virtual environment is active:

 ```sh
 . venv/bin/activate
-./install/macos_package.sh
+```
+
+Run the macOS build script:
+
+```sh
+./package/macos/build.py --with-codesign
 ```

 Now, notarize the release. You must have an app-specific Apple ID password saved in the login keychain called `onionshare-notarize`.
--- a/desktop/install/check_lacked_trans.py
+++ b/desktop/install/check_lacked_trans.py
--- a/desktop/install/macos_package.sh
+++ b/desktop/install/macos_package.sh
@ -1,25 +0,0 @@
-#!/bin/bash
-
-export DEVELOPER_ID="Developer ID Application: Micah Lee (N9B95FDWH4)"
-
-# Cleanb up from the last build
-rm -rf macOS
-briefcase create
-
-# Codesign the child binaries
-codesign --sign "$DEVELOPER_ID" \
-    --entitlements install/macos_sandbox/ChildEntitlements.plist \
-    macOS/OnionShare/OnionShare.app/Contents/Resources/app/onionshare/resources/tor/tor \
-    --force --options runtime
-codesign --sign "$DEVELOPER_ID" \
-    --entitlements install/macos_sandbox/ChildEntitlements.plist \
-    macOS/OnionShare/OnionShare.app/Contents/Resources/app/onionshare/resources/tor/libevent-2.1.7.dylib \
-    --force --options runtime
-codesign --sign "$DEVELOPER_ID" \
-    --entitlements install/macos_sandbox/ChildEntitlements.plist \
-    macOS/OnionShare/OnionShare.app/Contents/Resources/app/onionshare/resources/tor/obfs4proxy \
-    --force --options runtime
-
-# Build and codesign the app bundle and dmg
-cp install/macos_sandbox/Entitlements.plist macOS/OnionShare/
-briefcase package -i "$DEVELOPER_ID"
--- a/desktop/install/onionshare.icns
+++ b/desktop/install/onionshare.icns
--- a/desktop/install/onionshare.ico
+++ b/desktop/install/onionshare.ico
--- a/desktop/install/org.onionshare.OnionShare.appdata.xml
+++ b/desktop/install/org.onionshare.OnionShare.appdata.xml
@ -1,29 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<component type="desktop-application">
-    <id>org.onionshare.OnionShare</id>
-    <metadata_license>CC0-1.0</metadata_license>
-    <project_license>GPL-3.0</project_license>
-    <name>OnionShare</name>
-    <summary>Securely and anonymously share files, host websites, and chat with friends</summary>
-    <description>
-        <p>
-            OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network.
-        </p>
-    </description>
-    <launchable type="desktop-id">org.onionshare.OnionShare.desktop</launchable>
-    <screenshots>
-        <screenshot type="default">
-            <image>https://raw.githubusercontent.com/micahflee/onionshare/master/docs/source/_static/screenshots/tabs.png</image>
-            <caption>Types of services that OnionShare supports</caption>
-        </screenshot>
-    </screenshots>
-    <url type="bugtracker">https://github.com/micahflee/onionshare/issues/</url>
-    <url type="help">https://onionshare.org/</url>
-    <url type="homepage">https://onionshare.org/</url>
-    <developer_name>Micah Lee</developer_name>
-    <update_contact>micah@micahflee.com</update_contact>
-    <content_rating type="oars-1.1" />
-    <releases>
-        <release type="development" date="2020-09-20" version="2.3.dev1" />
-    </releases>
-</component>
--- a/desktop/install/org.onionshare.OnionShare.desktop
+++ b/desktop/install/org.onionshare.OnionShare.desktop
@ -1,18 +0,0 @@
-[Desktop Entry]
-Name=OnionShare
-GenericName=OnionShare Client
-Comment=Share a file securely and anonymously over Tor
-Comment[da]=Del en fil sikkert og anonymt over Tor
-Comment[de]=Teile Dateien sicher und anonym über das Tor-Netzwerk
-Comment[hr]=Dijeli datoteku sigurno i anonimno preko Tora
-Exec=onionshare-gui
-Terminal=false
-Type=Application
-Icon=org.onionshare.OnionShare
-Categories=Network;FileTransfer;
-Keywords=tor;anonymity;privacy;onion service;file sharing;file hosting;
-Keywords[da]=tor;anonymitet;privatliv;onion-tjeneste;fildeling;filhosting;
-Keywords[de]=tor;Anonymität;Privatsphäre;Onion-Service;File-Sharing;File-Hosting;
-Keywords[hr]=tor;anonimnost;privatnost;Onion usluga;dijeljenje datoteka;hosting datoteka;
-StartupNotify=true
-StartupWMClass=onionshare
--- a/desktop/install/org.onionshare.OnionShare.png
+++ b/desktop/install/org.onionshare.OnionShare.png
--- a/desktop/install/org.onionshare.OnionShare.svg
+++ b/desktop/install/org.onionshare.OnionShare.svg
--- a/desktop/install/macos_sandbox/ChildEntitlements.plist
+++ b/desktop/install/macos_sandbox/ChildEntitlements.plist
--- a/desktop/install/macos_sandbox/Entitlements.plist
+++ b/desktop/install/macos_sandbox/Entitlements.plist
--- a/desktop/package/macos/build.py
+++ b/desktop/package/macos/build.py
@ -0,0 +1,91 @@
+#!/usr/bin/env python3
+import os
+import inspect
+import subprocess
+import argparse
+import shutil
+import glob
+
+root = os.path.dirname(
+    os.path.dirname(
+        os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe())))
+    )
+)
+
+
+def run(cmd, cwd=None):
+    subprocess.run(cmd, cwd=cwd, check=True)
+
+
+def main():
+    # Parse arguments
+    parser = argparse.ArgumentParser()
+    parser.add_argument(
+        "--with-codesign",
+        action="store_true",
+        dest="with_codesign",
+        help="Codesign the app bundle",
+    )
+    args = parser.parse_args()
+
+    cli_dir = os.path.join(root, "cli")
+    desktop_dir = os.path.join(root, "desktop")
+
+    print("○ Building onionshare-cli")
+    run(["poetry", "install"], cli_dir)
+    run(["poetry", "build"], cli_dir)
+    whl_filename = glob.glob(f"{cli_dir}/dist/*.whl")[0]
+    whl_basename = os.path.basename(whl_filename)
+    shutil.copyfile(whl_filename, os.path.join(desktop_dir, whl_basename))
+
+    print("○ Clean up from last build")
+    if os.path.exists(os.path.join(desktop_dir, "macOS")):
+        shutil.rmtree(os.path.join(desktop_dir, "macOS"))
+
+    print("○ Create app bundle")
+    run(["briefcase", "create"], desktop_dir)
+    app_path = os.path.join(desktop_dir, "macOS", "OnionShare", "OnionShare.app")
+    print(f"○ Unsigned app bundle: {app_path}")
+
+    if args.with_codesign:
+        identity_name_application = "Developer ID Application: Micah Lee (N9B95FDWH4)"
+        entitlements_child_filename = os.path.join(
+            desktop_dir, "package", "macos", "ChildEntitlements.plist"
+        )
+        entitlements_filename = os.path.join(
+            desktop_dir, "package", "macos", "Entitlements.plist"
+        )
+
+        print("○ Code signing app bundle")
+        run(
+            [
+                "codesign",
+                "--deep",
+                "-s",
+                identity_name_application,
+                "--force",
+                "--entitlements",
+                entitlements_child_filename,
+                "--timestamp",
+                app_path,
+            ]
+        )
+        run(
+            [
+                "codesign",
+                "-s",
+                identity_name_application,
+                "--force",
+                "--entitlements",
+                entitlements_filename,
+                "--timestamp",
+                app_path,
+            ]
+        )
+        print(f"○ Signed app bundle: {app_path}")
+
+        print("○ TODO: Make a DMG package")
+
+
+if __name__ == "__main__":
+    main()