diff --git a/.travis.yml b/.travis.yml index 9088cde6a..37685df40 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,10 +10,10 @@ jobs: include: - name: MacOS os: osx - osx_image: xcode12.2 + osx_image: xcode12.5 env: - - QT_VERSION=5.15.1 + - QT_VERSION=5.15.2 script: - | @@ -21,7 +21,7 @@ jobs: brew install p7zip && \ pip3 install aqtinstall requests py7zr && \ python3 -m aqt install --outputdir $HOME/Qt $QT_VERSION mac desktop clang_64 -m qtbase && \ - python3 -m aqt tool --outputdir $HOME/Qt mac tools_ifw 4.0.1 qt.tools.ifw.40; + python3 -m aqt tool --outputdir $HOME/Qt mac tools_ifw 4.1.0 qt.tools.ifw.41; fi - bash deploy/build_macos.sh @@ -52,7 +52,7 @@ jobs: if [ ! -f /C/Qt/5.14.2/msvc2017/bin/qmake ]; then \ pip3 install aqtinstall requests py7zr && \ python -m aqt install --outputdir /C/Qt 5.14.2 windows desktop win32_msvc2017 -m qtbase && \ - python -m aqt tool --outputdir /C/Qt windows tools_ifw 4.0.1 qt.tools.ifw.40; \ + python -m aqt tool --outputdir /C/Qt windows tools_ifw 4.1.0 qt.tools.ifw.41; \ fi - echo 'call "C:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\Common7\Tools\VsDevCmd.bat"' > winbuild.bat - echo -e "\r\n" >> winbuild.bat diff --git a/deploy/build_macos.sh b/deploy/build_macos.sh index 2acbb2a32..5fd9b3d83 100755 --- a/deploy/build_macos.sh +++ b/deploy/build_macos.sh @@ -115,7 +115,7 @@ if [ "${MAC_CERT_PW+x}" ]; then /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "Developer ID Application: Privacy Technologies OU (X7UJ388FXK)" $DMG_FILENAME /usr/bin/codesign --verify -vvvv $DMG_FILENAME || true spctl -a -vvvv $DMG_FILENAME || true -#xcrun altool --notarize-app -f $DMG_FILENAME -t osx --primary-bundle-id $APP_DOMAIN -u $APPLE_DEV_EMAIL +#xcrun altool --notarize-app -f $DMG_FILENAME -t osx --primary-bundle-id $APP_DOMAIN -u $APPLE_DEV_EMAIL -p $APPLE_DEV_PASSWORD #xcrun stapler staple $DMG_FILENAME #xcrun stapler validate $DMG_FILENAME fi diff --git a/deploy/build_macos_notarized.sh b/deploy/build_macos_notarized.sh new file mode 100755 index 000000000..183576510 --- /dev/null +++ b/deploy/build_macos_notarized.sh @@ -0,0 +1,156 @@ +#!/bin/bash +echo "Build script started ..." + +set -o errexit -o nounset + +# Hold on to current directory +PROJECT_DIR=$(pwd) +DEPLOY_DIR=$PROJECT_DIR/deploy + +mkdir -p $DEPLOY_DIR/build +BUILD_DIR=$DEPLOY_DIR/build + +echo "Project dir: ${PROJECT_DIR}" +echo "Build dir: ${BUILD_DIR}" + +APP_NAME=AmneziaVPN +APP_FILENAME=$APP_NAME.app +APP_DOMAIN=org.amneziavpn.package +PLIST_NAME=$APP_NAME.plist + +OUT_APP_DIR=$BUILD_DIR/client +BUNDLE_DIR=$OUT_APP_DIR/$APP_FILENAME + +DEPLOY_DATA_DIR=$PROJECT_DIR/deploy/data/macos +INSTALLER_DATA_DIR=$BUILD_DIR/installer/packages/$APP_DOMAIN/data +INSTALLER_BUNDLE_DIR=$BUILD_DIR/installer/$APP_FILENAME + +PRO_FILE_PATH=$PROJECT_DIR/$APP_NAME.pro +QMAKE_STASH_FILE=$PROJECT_DIR/.qmake_stash +DMG_FILENAME=$PROJECT_DIR/${APP_NAME}_unsigned.dmg + +# Seacrh Qt +if [ -z "${QT_VERSION+x}" ]; then export QT_VERSION=5.15.2; fi + +QT_BIN_DIR=$HOME/Qt/$QT_VERSION/clang_64/bin +QIF_BIN_DIR=$QT_BIN_DIR/../../../Tools/QtInstallerFramework/4.1/bin + +echo "Using Qt in $QT_BIN_DIR" +echo "Using QIF in $QIF_BIN_DIR" + + +# Checking env +$QT_BIN_DIR/qmake -v +make -v +clang -v + +# Build App +echo "Building App..." +cd $BUILD_DIR + +$QT_BIN_DIR/qmake $PROJECT_DIR/AmneziaVPN.pro 'CONFIG+=release CONFIG+=x86_64' +make -j `sysctl -n hw.ncpu` + +# Build and run tests here + +echo "____________________________________" +echo "............Deploy.................." +echo "____________________________________" + +# Package +echo "Packaging ..." + +#cd $DEPLOY_DIR + +$QT_BIN_DIR/macdeployqt $OUT_APP_DIR/$APP_FILENAME -always-overwrite +cp -av $BUILD_DIR/service/server/$APP_NAME-service.app/Contents/macOS/$APP_NAME-service $BUNDLE_DIR/Contents/macOS +cp -Rv $PROJECT_DIR/deploy/data/macos/* $BUNDLE_DIR/Contents/macOS +rm -f $BUNDLE_DIR/Contents/macOS/post_install.sh $BUNDLE_DIR/Contents/macOS/post_uninstall.sh + +if [ "${MAC_CERT_PW+x}" ]; then + +CERTIFICATE_P12=$DEPLOY_DIR/PrivacyTechAppleCertDeveloperId.p12 +WWDRCA=$DEPLOY_DIR/WWDRCA.cer +KEYCHAIN=amnezia.build.keychain +TEMP_PASS=tmp_pass + +security create-keychain -p $TEMP_PASS $KEYCHAIN || true +security default-keychain -s $KEYCHAIN +security unlock-keychain -p $TEMP_PASS $KEYCHAIN + +security default-keychain +security list-keychains + +security import $WWDRCA -k $KEYCHAIN -T /usr/bin/codesign || true +security import $CERTIFICATE_P12 -k $KEYCHAIN -P $MAC_CERT_PW -T /usr/bin/codesign || true + +security set-key-partition-list -S apple-tool:,apple: -k $TEMP_PASS $KEYCHAIN +security find-identity -p codesigning + +echo "Signing App bundle..." +/usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "Developer ID Application: Privacy Technologies OU (X7UJ388FXK)" $BUNDLE_DIR +/usr/bin/codesign --verify -vvvv $BUNDLE_DIR || true +spctl -a -vvvv $BUNDLE_DIR || true + +echo "Notatizing App bundle..." +/usr/bin/ditto -c -k --keepParent $BUNDLE_DIR $PROJECT_DIR/Bundle_to_notarize.zip +xcrun altool --notarize-app -f $PROJECT_DIR/Bundle_to_notarize.zip -t osx --primary-bundle-id "$APP_DOMAIN" -u "$APPLE_DEV_EMAIL" -p $APPLE_DEV_PASSWORD +rm $PROJECT_DIR/Bundle_to_notarize.zip +sleep 600 +xcrun stapler staple $BUNDLE_DIR +xcrun stapler validate $BUNDLE_DIR +spctl -a -vvvv $BUNDLE_DIR || true + +fi + +echo "Packaging installer..." +mkdir -p $INSTALLER_DATA_DIR +cp -av $PROJECT_DIR/deploy/installer $BUILD_DIR +cp -av $DEPLOY_DATA_DIR/post_install.sh $INSTALLER_DATA_DIR/post_install.sh +cp -av $DEPLOY_DATA_DIR/post_uninstall.sh $INSTALLER_DATA_DIR/post_uninstall.sh +cp -av $DEPLOY_DATA_DIR/$PLIST_NAME $INSTALLER_DATA_DIR/$PLIST_NAME + +chmod a+x $INSTALLER_DATA_DIR/post_install.sh $INSTALLER_DATA_DIR/post_uninstall.sh + +cd $BUNDLE_DIR +tar czf $INSTALLER_DATA_DIR/$APP_NAME.tar.gz ./ + +echo "Building installer..." +$QIF_BIN_DIR/binarycreator --offline-only -v -c $BUILD_DIR/installer/config/macos.xml -p $BUILD_DIR/installer/packages -f $INSTALLER_BUNDLE_DIR + +if [ "${MAC_CERT_PW+x}" ]; then +echo "Signing installer bundle..." +/usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "Developer ID Application: Privacy Technologies OU (X7UJ388FXK)" $INSTALLER_BUNDLE_DIR +/usr/bin/codesign --verify -vvvv $INSTALLER_BUNDLE_DIR || true + +echo "Notatizing installer bundle..." +/usr/bin/ditto -c -k --keepParent $INSTALLER_BUNDLE_DIR $PROJECT_DIR/Installer_bundle_to_notarize.zip +xcrun altool --notarize-app -f $PROJECT_DIR/Installer_bundle_to_notarize.zip -t osx --primary-bundle-id "$APP_DOMAIN" -u "$APPLE_DEV_EMAIL" -p $APPLE_DEV_PASSWORD +rm $PROJECT_DIR/Installer_bundle_to_notarize.zip +sleep 600 +xcrun stapler staple $INSTALLER_BUNDLE_DIR +xcrun stapler validate $INSTALLER_BUNDLE_DIR +spctl -a -vvvv $INSTALLER_BUNDLE_DIR || true + +fi + +echo "Building DMG installer..." +hdiutil create -volname $APP_NAME -srcfolder $BUILD_DIR/installer/$APP_NAME.app -ov -format UDZO $DMG_FILENAME + +if [ "${MAC_CERT_PW+x}" ]; then +echo "Signing DMG installer..." +/usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "Developer ID Application: Privacy Technologies OU (X7UJ388FXK)" $DMG_FILENAME +/usr/bin/codesign --verify -vvvv $DMG_FILENAME || true + +echo "Notatizing DMG installer..." +xcrun altool --notarize-app -f $DMG_FILENAME -t osx --primary-bundle-id $APP_DOMAIN -u $APPLE_DEV_EMAIL -p $APPLE_DEV_PASSWORD +sleep 600 +xcrun stapler staple $DMG_FILENAME +xcrun stapler validate $DMG_FILENAME + +fi + +echo "Finished, artifact is $DMG_FILENAME" + +# restore keychain +security default-keychain -s login.keychain diff --git a/deploy/data/macos/post_install.sh b/deploy/data/macos/post_install.sh index 95c1a570a..7ca643fcb 100755 --- a/deploy/data/macos/post_install.sh +++ b/deploy/data/macos/post_install.sh @@ -29,4 +29,4 @@ launchctl load $LAUNCH_DAEMONS_PLIST_NAME echo "`date` Service status: $?" >> $LOG_FILE echo "`date` Script finished" >> $LOG_FILE -rm -- "$0" +#rm -- "$0"