From 654611f1e4e44ddf1370882c15123e36adb1a450 Mon Sep 17 00:00:00 2001 From: Micah Lee Date: Wed, 4 Nov 2020 17:34:00 -0800 Subject: [PATCH] Write macOS package script, to codesign child binaries --- RELEASE.md | 29 +++++++++++++++++-- desktop/install/macos_package.sh | 25 ++++++++++++++++ .../{child.plist => ChildEntitlements.plist} | 0 .../{parent.plist => Entitlements.plist} | 0 4 files changed, 52 insertions(+), 2 deletions(-) create mode 100755 desktop/install/macos_package.sh rename desktop/install/macos_sandbox/{child.plist => ChildEntitlements.plist} (100%) rename desktop/install/macos_sandbox/{parent.plist => Entitlements.plist} (100%) diff --git a/RELEASE.md b/RELEASE.md index 9f75096b..91d4a3ab 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -145,6 +145,31 @@ Make sure the virtual environment is active, and then run `briefcase create`: ```sh . venv/bin/activate -briefcase create -briefcase package -i "Developer ID Application: Micah Lee" +./install/macos_package.sh ``` + +Now, notarize the release. You must have an app-specific Apple ID password saved in the login keychain called `onionshare-notarize`. + +- Notarize it: `xcrun altool --notarize-app --primary-bundle-id "com.micahflee.onionshare" -u "micah@micahflee.com" -p "@keychain:onionshare-notarize" --file macOS/OnionShare-$VERSION.dmg` +- Wait for it to get approved, check status with: `xcrun altool --notarization-history 0 -u "micah@micahflee.com" -p "@keychain:onionshare-notarize"` +- After it's approved, staple the ticket: `xcrun stapler staple macOS/OnionShare-$VERSION.dmg` + +This will create `macOS/OnionShare-$VERSION.dmg`, signed and notarized. + +### Source package + +TODO: Write documentation for source package + +### Publishing the release + +To publish the release: + +- Create a new release on GitHub, put the changelog in the description of the release, and upload all six files (the macOS installer, the Windows installer, the source package, and their signatures) +- Upload the six release files to https://onionshare.org/dist/$VERSION/ +- Copy the six release files into the OnionShare team Keybase filesystem +- Update the [onionshare-website](https://github.com/micahflee/onionshare-website) repo: + - Edit `latest-version.txt` to match the latest version + - Update the version number and download links + - Deploy to https://onionshare.org/ +- Email the [onionshare-dev](https://lists.riseup.net/www/subscribe/onionshare-dev) mailing list announcing the release +- Make a PR to [homebrew-cask](https://github.com/homebrew/homebrew-cask) to update the macOS version diff --git a/desktop/install/macos_package.sh b/desktop/install/macos_package.sh new file mode 100755 index 00000000..44c42ca8 --- /dev/null +++ b/desktop/install/macos_package.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +export DEVELOPER_ID="Developer ID Application: Micah Lee (N9B95FDWH4)" + +# Cleanb up from the last build +rm -rf macOS +briefcase create + +# Codesign the child binaries +codesign --sign "$DEVELOPER_ID" \ + --entitlements install/macos_sandbox/ChildEntitlements.plist \ + macOS/OnionShare/OnionShare.app/Contents/Resources/app/onionshare/resources/tor/tor \ + --force --options runtime +codesign --sign "$DEVELOPER_ID" \ + --entitlements install/macos_sandbox/ChildEntitlements.plist \ + macOS/OnionShare/OnionShare.app/Contents/Resources/app/onionshare/resources/tor/libevent-2.1.7.dylib \ + --force --options runtime +codesign --sign "$DEVELOPER_ID" \ + --entitlements install/macos_sandbox/ChildEntitlements.plist \ + macOS/OnionShare/OnionShare.app/Contents/Resources/app/onionshare/resources/tor/obfs4proxy \ + --force --options runtime + +# Build and codesign the app bundle and dmg +cp install/macos_sandbox/Entitlements.plist macOS/OnionShare/ +briefcase package -i "$DEVELOPER_ID" diff --git a/desktop/install/macos_sandbox/child.plist b/desktop/install/macos_sandbox/ChildEntitlements.plist similarity index 100% rename from desktop/install/macos_sandbox/child.plist rename to desktop/install/macos_sandbox/ChildEntitlements.plist diff --git a/desktop/install/macos_sandbox/parent.plist b/desktop/install/macos_sandbox/Entitlements.plist similarity index 100% rename from desktop/install/macos_sandbox/parent.plist rename to desktop/install/macos_sandbox/Entitlements.plist