From cba27d354de2ad822bb93b12af539b20b6e1e7d2 Mon Sep 17 00:00:00 2001 From: pokamest Date: Mon, 8 Feb 2021 21:10:34 +0300 Subject: [PATCH 1/6] macos deploy fixes --- deploy/PrivacyTechAppleCert.p12 | Bin 3342 -> 0 bytes deploy/PrivacyTechAppleCertDeveloperId.p12 | Bin 0 -> 3336 bytes deploy/PrivacyTechAppleCertInstallerId.p12 | Bin 0 -> 3332 bytes deploy/WWDRCA.cer | Bin 0 -> 1062 bytes deploy/build_macos.sh | 36 +++++++++++++++++---- 5 files changed, 29 insertions(+), 7 deletions(-) delete mode 100644 deploy/PrivacyTechAppleCert.p12 create mode 100755 deploy/PrivacyTechAppleCertDeveloperId.p12 create mode 100755 deploy/PrivacyTechAppleCertInstallerId.p12 create mode 100644 deploy/WWDRCA.cer mode change 100644 => 100755 deploy/build_macos.sh diff --git a/deploy/PrivacyTechAppleCert.p12 b/deploy/PrivacyTechAppleCert.p12 deleted file mode 100644 index f8b91957454e3a310079aa7adc24a7ae148d31be..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3342 zcmY*a2T&7Cw@n}kC5i+>XrZHoCIKQHrAqHz5TpbIY0?Cd4xuO@iim)eNRy7V&;lYz zlNOptl_t{lqey>o=Dqj*|LokoXU{ovXJ>Y14?6NPEd`Jg9eHU4LL-FJ#2sD+QUP-# zFLi(-FA>Rf6FL$y|E~nejf4!7sV@{j0J(Mjs{qkR2<`t)xCDft=|I${B{}u_IU7n8 z6x4w5NJx6*wMXWM*jMrDF98g#4kw(&(S@gd@6B-1E2r2G?itX~@;8*bHfl=p660qw z_TB=$$C(CvdhxqALVB9nm{8>~86k&U^#>dC;b$}{a|W9}KNGy75_34DI0tDEudq>m zktvqu)suJFFBd8okCF?x})4K6#I9&czI5LbThK;=*i| z`1AXV3%u=wU{H>$kS3dX#J3Egfd^dnxM7ZyIkom^yy&BS-r`tllCFH|uy9wqQ0F`M z^0h$I?Rx3D1-t{W#PjWv(2&SC z5oiU+hdaho9>@iTd|wcONB?A--2tzz0w zvt$d7cr|~*Gh<5LgOY0HHe3g_QlHx&F%Q(PY#n*0Oqflhj*^pQvq8m0=4g7VE~Z@+ za&f3+eD=aI>`b435yzbPT&rzCMS|dWi-r(~j5lGlQJy;M>gM)`5NCJ+_TOcRtq+w( zz|b94o1g^7oE|-+ z3g8)rQN5i_GCT@m*13L5qKn@;aS)25PHC6;Fx`{*6*Xw1pUI4O&6?z0!PC9793V28q$}&m8 z3WnSCu5iYQZ)SLdX|01mhG|5BQ48D6%ykUk?5ddlzKiE|-NqE3)3TS8(iw2Pe|z#S79aK<#*7s>Q(NFI&~M_{FB|hcYIzOglK22 z%J<${QjOAAu>GQo6joil@E+Tpt-tGa^u~#`OO+3G7UUIXJ+V-}n?cdqSnzgZU7?I1 z;3N9@jM3?$_kOFuxRh_xQ#~lp3McMtm>*VTtlk*|!a)v_TG9}0q=@0EHi2cji?je| z7o*$Eo5OMg_U}*vT|p^hDdt05e7~<{poCkhO-pbTR8~o41Kx+rlw#GM$ojYZnJiV5 zkN1nEm5!egKZw5^20!h8A3LnP{{yAQ1=FF+P`4{bEF zzGbyaFdHP#?4C|IsSyItccQIJ5@_}NcXO6Hu^*M(jKiF==IZ?5H8hg_dn%u09TZjz zH?De|`2mg)Dx2n)26WRp#K3<78gH_By+v%^4%5YnvKHwd<#}Bd>mkxp(+i`VXdOO{ z8E5VJ3~=36xHmC6Gu`Y_sA6ozm?)4r-@(ru=&~_^#s7icxNr|$t$KEvF1cpi-G(Rn z-!RBDvPZo#7EwxuC_k)r9Q<-$iC9j%c7i)ZM}kNHBgk?i!JVK;a66f9Ar}Dx{l8eF z1ybZjg0|6-p!NSsJIcRlH{-^&)D#>b|2OSGk)R&yu|->r4-CgcYRo+J@`n3jvfm7R z7A&Bxh-Js%5e)MTJmcO8ZqeXM4U3EgJOW$!+m@ZK_u@vr_&Zqj<7i+1Yrf-YsV7v0 z!W5F)a{=PIo!Ff+Tg#P|X5mj+|Afmila9}%gR_lDwQ_W0*_X_(A>2jBGI_v{W!G8j z(QP^9iJTs??i|Ku&j3(U;%fvi?ybVOtcX^1tm@ZHSv^rdUBbupKRr?a7Pf$)ah+Tj zo)xMnw!t2z`2!=$kcLuDtW5m~Ha#`RIYv`ayXmEMvrt2_g;;xKuXA7#biTM&a(rDV ze(0A&Y-Rs|@_|+z4T3woh^SzBUwAIRL@&H!jP{qwAj`sb zxwGE5iivMjiV%tPZ3ZJo9Uh;=b2vGs$kQOhu%6HVK~vhs<9da0s)IQlVPEfP82|J7 za$=XZe%VT!wEJOUNZc;e$~WrqXwtJqn>o`w)Nkg{qdcrD>mB{X_suUj7Ey!H@>624 zD3<>gb@q60iy^D&j^}1F7c-nth!m=!a0sA>ewp-z>$urS~0{4|VMvLDg2FljN+ zg_nzqbsJH1Yu>=6sYmU+_N*;#i7fctpk*XSQIWLBqbCe^RlrmATWWl~s=8`e_b&O4 zc|}h^sEZV55RVfHktX=t?-%s`nLkstOXHrw|KD4 zg$Lm5@^3XM8J`hNouoHu#o*b?3jHJUCj|ftWhA<#InZ3a5iI4rF3^T^af;0F5aR(u9J65*U0J$5o4JDOPcR< z1Kt?K&cf0GW$CZ{nvZjDg)?aCHw$Y09O7mh=}+UNWJ#NHxz>J4`#tMea-m9kBSTSO z*y7x^Z-@9Kap+y$NU{{Iy9+ZOO<11EW}R~^Drk+*pzO?kNlWNUx;Gp`i+nN|6B>Q+ zl5WxB93y_Jau7DIE>e3p1f~%}EwtyYFDUc1SeU`K#V<+l(Q~fL0#^$+^G`k;{?_lo zFrX^V6#8c8v-60Df>8TtZSgLX@@3m}EuHR??Za%9DX z-0jIHSAZ{BwI{p&a`(yT0h#k5`~Na1fFT*XlCeF&5fDUXOvy7G$v#iAVBWqFhdrRCc$Q#B68V3a%I+3_@jK-5PZfk!_M`}!$>!2bc<6bf?y diff --git a/deploy/PrivacyTechAppleCertDeveloperId.p12 b/deploy/PrivacyTechAppleCertDeveloperId.p12 new file mode 100755 index 0000000000000000000000000000000000000000..a04ec85a02ac7e68cd42ccd951d286abb33fe7ae GIT binary patch literal 3336 zcmY*abyO4nyWYk&7^yH)I;0c^NDKo}x*H@U$0&(O4FzPN2oe$k(hbrvQcwvAi2;HG zsUcHBIz&+5x9>go-tWDCyyrRZ^Stl#{_#2I^B`~xU=WZBfukRS!X%z)Jv(9mQUmjG z^c`RveJh2=BXH2|e4oad>b08pq0#pAgKm<3G_P-tIflve^n5NHi#9u~!>Kp{3 z0X)G$%hx#p4n>D-OANfcsaQz=xNVoO?ngs#fT^~ZZ7@N~@!L&Bi>11UBWsBAg_{=+ zcG8=cZ2u5E9a4L@xuUJshSDEA%Rlr1yASOdaiX_Axq*jiF9V<1C;`?``NPs4g% zcE?#>P8Gq9R|FE>NmO-imrS&hOUX@@qs*jAFn95>l3%6qZEQyb`E~gLhBJj8mnNhW zUV(xuCXzVPG#mSHTBWFQNfhcIULK=U-Q#m7OyyrPH>vzh=7IgFU1O!z(^f;6}mA(zKDrGA;q`$ua^E}n;CW9>^{o(#e&#@dNThC&32cRHSR;N*XjF)AT9ggDlwTr`ytU3SO#=$VRq_?!R_H z*IQ48(z2uy$eChvD}3F-R>iGSFFr@01tH`=aYSP3E(XzW>d$T>+Fhx_}jr~K~hOUGS9M~`OL zC3`&IaVC5%j`9MW@ZZf&3sY=MIQ^upcgG*qMCS1BA;;1u>aQg~gl(r)!rUtlMM~Z;UJA32qbfE1!Kyn9UT#pikSeb} zngI*$Lsc{roC*Vsu}%jN)#i|}4|UxscSFu%+Ge`Iv?b>n76$Omot470XS)8XtGVia z@!4u;UTwDP<4YV)cN zKis~|L;JZmM>SpjG->jp!%5Mr&C`oBs?brb=kD~c1@cV252SX1PixvMCcdsd^OBiV zV3KxD@%WAU!N+J)QWVOowl&z+Bat>6_`y~)IXl5@LTz=_4Iz(zL2tFGCsfHltY`6{ z>2S5`ng}m3#C~^OeJt`_WoVfum8@RgAlI=dx%i(T|fxWO?3gtn--JgV_588&ot z-$H;f$#rWwi$NPOeShTiRswFbG-Bs@eb=$5#9@G!TFMH(BOoryAlKXT^UvZWt1AfY zT@Jyrp76*5wALnPy~pX3Doc%wZ|Gdn-2k$Qi7ylRp&Hwk=d-}#&}e9|A(LX_r{}2w zL0~l5N7yosFV-F@AZ{~#G8-gQo$4JnrCR%Yhnjh(_J$dW$=``TljGN(l;iP)YT|E2 z8$a#b<}5Xhna$^K{mPIsAu{_{nHXr-4N43Xivt5nT*J%Xf1AosyC?PK^X3<6Z`ED) zR|eFZ{*F=>gV?N6WaVQ)k^L;tD%VZHxJh9BGh5P((Bs=}UD3Rxb0kssy32$~#)Ex~ zxywuzZz~&%^xcI=``2}tZBQ`a#W?f5%<|z~2yYkX>-KvLpl;EzfuNum_!(+kY>x?A=_MrN#-xcT+b#>t*pa{MVstN|@kJFZ zW_d{~QD|0ir!r{SpIt-4q4+Nyx;89-d71m}lN-{eAFfv3xXfL>;PTh!Jb;7Np~!&h z5Jkm$U0XGuw6fZIuu0Pr7S+{Lh3wz9VQRT|@xfMD{wM6$C~jtq^+E58-d|eU)+~MK z-n>7;=(dSVx(+{%+EMdeR)m{R!OX*QWRC8*3YdCi~L?>Q@$j zuDsT_GZ|Og-owbOpkCuOre_K0oQ(!KNa)n@IJ=n9uJUjd{ZO9Hz`MMAP@TsiFFBFP z(tLtRR@Cm>x#zmIZsy{XW4Zh=9^^?&)gKlsQgkaK|78GAB>~KL`g%x!&CRCa86es=2C9JL3k2yGf zj4O6MpZ<9%a28;v-X-;4e2>oHMHErk@pj@_@OsU0?YUV3?>C zVKkK_;h{HtNc<%oR-IV3PrSI}59S$SD@xM|gUiVEtiXv-eA{1!Ex4B^1n{2ku0euFCL+PN{{EJoD*M!rC!MfEeulHgGeKkjgq`9n zTR|UmlMufWWAO2stf4`N@z38X{TOa=gAA=hnW@+YQQpXGtz}HXscBo)qY6*zzAwaM z0n`I^gy?&G8d30&LdZZ9%BY$Yds@Iw(%iVw7Fm+#lLAZvY z^DXnZj&qax6O+E4&*e@XoLuwYXTL9zv!5=`3DBm@DXGvbpzP)4h<=6`%$GZ~d8eKq$KKlZJ z&Zkxg;1|!_B}2c>NgB=g-jd`JkU0NSuyqNW=Y1mD`Sw!oN4b6y=y`UTa;D;JpKti1)2R7q@;N+TL2;n(OH>A zz95}3KV8Eo?xXXay@-@{GsH7}wPW5ynTUJ@_J6-e7+l7S*8`vra0EC5_yKAF6d;gN zUH~6}F9k6aPMgB=15_!!FNJrf%sB%5Dd+?61}IY$Bg&LJW$PaYETuQ2>^TG6D5}qY z`JgE(3hU$9LD(>%67@VO&o9qa~`fm41yH zrAAf7_Dk>Q-uu1x^M0Q9eBN`O^F05(2a2HqkN`=c81NAJHNjUJuLv|i3Sb@v+y=sc zn}~EB6hprEuSA}QAzva=3nV}Q5vKlCfY96IRR28z3?zqM2T^)7g_mOlV*N-+C;{OZ z@-oA(Z4$Vilf?)0IhT-65{CYPmfToo;U7LoSjw$AhNc?Bhu$8f7DD5Jh zyCOTS1>?0ALm%rILdp@JH<`8SjC>6t%R0eD1lb@JDlU-Ngyfd6{yyg#(`e>wpeM`8jb7x ztmf5XMk6QvfQOhNcEEl{M$PO>X$$$Kn6u<&^|3XwGPKxvUPNWqvCMB-atv_9X5mZ- z`?W3VwXJGQQtiZgJn4HbS67XO-5Wl1@j2wW#;2FnM9M5$Uq=V zU3p&8yojXNrDYD?cl63SE}2Gclhw}WUCJna^9;J*;_0{QZP*{MyGFEh^}gs5&4cXxa3Gi@b(S*iSWpMMFK8}jJM z1%t}6l0m+kEgjdreHVj1!-7?Z+=}kcf{w~H556rVuYb7th9|SDh7+53nz|82O@QRe zA0zaO8^=~=l%thdBcx$C{GY(&Z^}!;HzIigQ~DGITms7qE8fHEvamHPvaLttR zqTKmkW~>(KA#2uUG0(XrHY_AE;Q?|Dt^fFJE0hKpm)VOy6(`M~Ctuw(G7o z;ip_3lbn>&z1Fbg(K*w&pdWdlT+~w&0WjrRqjL8h+IPNqQjUDpiL_JnlQ)l>$#ac6 z$pi;4JSzKbS~3VPvPuByecb)%73B#2w6pju-$i6^gvdKv*L?d=76dNyAX)w345fUw zgXHY+5P|`d;_Z~7?$^1LskxrP(e%|$oC6%uMtRw=tH;tzZBspK{Y_>_iX{&c<=4|( zPe>{n(!WbrKok8N8m3hT`80i1dY}DimJTD`c_de-dz5)4baAdx45Y1Wk}G~h?PT0=)weLT780r;2mjoiB5%QG6sBkG zw~Nb3w;M^RZ7J~8oNt-+3Kyp{6jUBw@mUC$Yk_%`guHO6=-;R-(wyB(4KSmu3P3Ay z)>ioNM1AU&iEN5pB8xwyHmu`oVhr5QJjg4Vbx3@vZIs!9!-H}!Y1V*j;{*L$X6mtX z&*iyA`tYX;K*_6T1B^#CX2#5p{e6d3NAXS)2vo>aQ>n!0i+k@e?{(XwOWh-^-U?L# z9#^{stj#tI&j{8WbXERl#{ZI)xUb1^rpu<-(=#3Q<5w(dKXNxX3d=F5kNMuiUEwR3 z1~Zj3V)kTj3Fqpu+fWTRp<=u6u@V-np<=Gu5)|{BqI$M-&t9H+v;LLILFd~3x2A`O zfvZi&{=6pnnjZ!=`0|Qgufb`QRL(;VgV*LmjamvGvYs@jf8QL)d#-YsWL!AFgcg)H zC)tSNWB>Ij>5u(EL3^j7Ee~h#T`YVHOi!{|Jo4NM=J;pt9d z3Ab|S81_e0=hq_$gN^O0daszJb?juFhBds@{KUniOK<|qS>0ltFHqYPhha^p`ibmW zIwZ>cDuat##}fU)c_fC46xdFIBg4_K)80dIh`{xq3%tEcN8!B4!dnoAR=h9|IQ7P= zl)q_f_E|(A3yn|0@btQ8hIa#+p~QUXrD?TS9aG(_l^<&p=~TZ!W*VxEd1gb@Rla|o zC+uk1fArbwdv;=zvW)D5P?^X;cUvOm*U^*F&erzQZBa>mXAGCe9J}RE3|agC3AQ{8 zSp^6~Rzjo;h?PT5{Xa2B1tiJCfOer6(ANJ;KhnSHckt0Xz6|YD^f&!L7|^gga@bG8 zQG+Z-VLx^IIkJ}ZXStP04M@!^!cjH0=F`g1{?jhlY5tC&h_Z`KdgA?oNgYT)jMpzd zPVQL=S|!F9(dby5>AGyQjUP-=cBy8Cme6#fuTFV-5uO4tQUU@Rk_r|hjU;8Jl4zLrMann7{hr{cwZW%lhzwnKr z=rtRgOg4a9e#fzHdO(d9_UA2P23nQoOkeWk-FVfBA$6s)CV%t%LxRhBE&V_!!+!Q3 z%WUEO8G^b~!Gvp70jatz(+>f4O3lqk%aqJk10>~==N1k*vrO9YF^ukQuJ2V+nKQUf zr!j5e1&?;~s@MF2YkpI9n2j*9aOg4%TgW0_Wjz(+HP?_kp+G%UgC$9pyh?LVz=nV~+9Ru&d>K2+%9?5EqVs$(}d1XfA; zq_4#)4nOH8NLVslszb<{Ln9GS+^9|8S^OT|yntWu^$p5@mzhtK;W1-Z#J2aDFz~nc zT~aV9^mYl3YV&`}zReN|kMcdax39EzJ>6MFF@E@AqWIB?wU+nF?AeQ!s`ZG%C}-HC zZe!v3KVW1G%SgL;Ws7AV-a-d*t;5dC{r*Se8)cYeAV|PkFbt_U@tn6Q3WP|T)2MG1 zpm7EQvj_J{H$Oq*c{3j%`?l1-Og45wHVoPmUYh*__<~-a;g*yM%{^6B0yy$ee(2`v z)S*GFJZe=wp6{wuu`Uv_X}#O{Y>e+xBPTa0=j`3_((1GAr%6GfU2`LiPU{IG{ap&` zp9?F=U^RuM4#%7exNR{l$1tAuhd+@C?58t;(8(10n|QoJL8k#HCuBA(@WOcHmXhrW z_yvK>QqsM?a^M##5o(EmPUTeEodL9|uZb80a2tPVH=?@(hQ{y17RZ&JlJ#sC!5%Ux z4tv&Wue>#LY>dWgV?ULQe117mY@Cds5KLl|N)7aiX{Fz===;ZJ+KM_-D+#s-g;h3+ zIvIxairrvJw~ncj4$%k1+#@)-|UF^SSsb){pQc$X2QW$A4DB0IB z7$2}dc&wE8jzqO{Iw{Ru&M~A@KiVaZEm3Y&(x!0S$a3Ni7*pCttK8y?8?Z`<+*s^! zrhG*T{_0=8lsYi#?r$Y6mE$ISiV;O;LH+*sd%VUd>dfv4fCFp*b^uO*D!>8YPb_x; z0^mi&=R^)hWdGit03U!avCo}&{wlIWR+oq_M8{uu5bB4n!X( z;0fRcH_hbn~t literal 0 HcmV?d00001 diff --git a/deploy/WWDRCA.cer b/deploy/WWDRCA.cer new file mode 100644 index 0000000000000000000000000000000000000000..d2bb1da64122c864c872d9b711b176d042462748 GIT binary patch literal 1062 zcmXqLVo@?^V&+=F%*4pV#KCxP&k@Vq1p)@VY@Awc9&O)w85vnw84QvPxeYkkm_u3E zgqcEv4TTK^K^!h&F2{m`oKywRyktE?H3JopAh)nAM9?|4s3bEjGdZy&Ge1wkv9u&3 zzbLb$(ooDm1f-5xm=~fhC_leM!P(J3PMp`!*ucoZ+{nZl`k>Qj@$g1r8WvHYTX!VypjWG%{)c-lQVYXRuCJE(pY=;r$WxRF4-br${9`c}_k`!An>Li0EopDe zv*^E}E$UaTdLwGTU-QAd$KGuPNJ^ruh+PumVL-h)reU3&vOc4_NAnbP|3 z#gVzkGL~*w{3pGxU>8%Qce&F<%bj1(KJXzgbzkmy4MuTzafLDk420{ zq(fbtbLBRPgzh)5cYSk@JQ@_Tc)I~VNLrYY@jnZz0W**?kOv7Uvq%_-HHc_m$aJ4l z#`*6{cCVhpvhVJ`^&D{qdLRYzEb0cT2FeQ*7s$8CW|Wi^Sn2C07v<Nhma(=FU z5ipVI0fh|sKiL>2Sz0$ga7&Wk^6MMZpzW` ze<$2-^n%rNMP7I9$xNP|H^ujq>s(2H^mkUSRbjJu1>%3p6qBF+hu?6 zedkq{<@Qo*x8F5!lFt%JA<5kEuT>H4)frt++IqZRKk^h=we)T%!^(BLy$#kqT(EJE zX2Ubi@~8Vu7BQZxzw?Oene~p{Z+0b3{mh!|*mRcPTGnUklH03)o}Bv9|B3H&wV91C z_x#+Vd5N(q?V(=JH^r`_KPnzJuG@ck!rYZ>Kd=95AvG=CKqhc$%$vflrY$-AJfiXd D2`7-6 literal 0 HcmV?d00001 diff --git a/deploy/build_macos.sh b/deploy/build_macos.sh old mode 100644 new mode 100755 index ecd31833..2671a517 --- a/deploy/build_macos.sh +++ b/deploy/build_macos.sh @@ -29,15 +29,9 @@ QMAKE_STASH_FILE=$PROJECT_DIR/.qmake_stash TARGET_FILENAME=$PROJECT_DIR/$APP_NAME.dmg # Seacrh Qt -echo "Brew Qt version $(brew --prefix qt)" - - -#if [ -f $(brew --prefix qt)/clang_64/bin/qmake ]; then QT_BIN_DIR=$(brew --prefix qt)/clang_64/bin; -#else QT_BIN_DIR=$HOME/Qt/5.14.2/clang_64/bin; fi +if [ -z "${QT_VERSION+x}" ]; then export QT_VERSION=5.14.2; fi QT_BIN_DIR=$HOME/Qt/$QT_VERSION/clang_64/bin - -#QIF_BIN_DIR=$HOME/Qt/Tools/QtInstallerFramework/4.0/bin QIF_BIN_DIR=$QT_BIN_DIR/../../../Tools/QtInstallerFramework/4.0/bin echo "Using Qt in $QT_BIN_DIR" @@ -73,6 +67,30 @@ $QT_BIN_DIR/macdeployqt $OUT_APP_DIR/$APP_FILENAME -always-overwrite cp -av $RELEASE_DIR/service/server/$APP_NAME-service.app/Contents/macOS/$APP_NAME-service $BUNDLE_DIR/Contents/macOS cp -Rv $PROJECT_DIR/deploy/data/macos/* $BUNDLE_DIR/Contents/macOS +if [ "${MAC_CERT_PW+x}" ]; then + +CERTIFICATE_P12=$SCRIPT_DIR/PrivacyTechAppleCertDeveloperId.p12 +WWDRCA=$SCRIPT_DIR/WWDRCA.cer +KEYCHAIN=build.keychain +TEMP_PASS=tmp_pass + +if [ -z "$(security list-keychains | grep $KEYCHAIN)" ]; then +security create-keychain -p $TEMP_PASS $KEYCHAIN +security list-keychains +security default-keychain -s $KEYCHAIN +security unlock-keychain -p $TEMP_PASS $KEYCHAIN +security import $WWDRCA -k $KEYCHAIN -T /usr/bin/codesign +security import $CERTIFICATE_P12 -k $KEYCHAIN -P $MAC_CERT_PW -T /usr/bin/codesign +fi + +security find-identity -p codesigning + +codesign --deep --force --verbose -o runtime --sign "Developer ID Application: Privacy Technologies OU (X7UJ388FXK)" $BUNDLE_DIR +codesign --verify -vvvv $BUNDLE_DIR +spctl -a -vvvv $BUNDLE_DIR + +fi + mkdir -p $INSTALLER_DATA_DIR cp -av $PROJECT_DIR/deploy/installer $RELEASE_DIR @@ -90,5 +108,9 @@ cd $RELEASE_DIR/installer $QIF_BIN_DIR/binarycreator --offline-only -v -c config/macos.xml -p packages -f $APP_NAME hdiutil create -volname $APP_NAME -srcfolder $APP_NAME.app -ov -format UDZO $TARGET_FILENAME +if [ "${MAC_CERT_PW+x}" ]; then +codesign --deep --force --verbose --sign "Developer ID Application: Privacy Technologies OU (X7UJ388FXK)" $TARGET_FILENAME +#xcrun altool --notarize-app -f $TARGET_FILENAME -t osx --primary-bundle-id $APP_DOMAIN +fi echo "Finished, artifact is $PROJECT_DIR/$APP_NAME.dmg" From 2aa9f9cca96f1329715085f232bedf226d305219 Mon Sep 17 00:00:00 2001 From: pokamest Date: Mon, 8 Feb 2021 12:42:48 -0800 Subject: [PATCH 2/6] macos build fix --- .travis.yml | 12 ++---------- deploy/build_macos.sh | 29 ++++++++++++++++++----------- 2 files changed, 20 insertions(+), 21 deletions(-) diff --git a/.travis.yml b/.travis.yml index 67618ffb..e25f6362 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,15 +14,7 @@ jobs: env: - QT_VERSION=5.15.1 - - before_install: - - export CERTIFICATE_P12=deploy/PrivacyTechAppleCert.p12 - - export KEYCHAIN=build.keychain - - security create-keychain -p $MAC_CERT_PW $KEYCHAIN - - security default-keychain -s $KEYCHAIN - - security unlock-keychain -p $MAC_CERT_PW $KEYCHAIN - - security import $CERTIFICATE_P12 -k $KEYCHAIN -P $MAC_CERT_PW -T /usr/bin/codesign - + script: - | if [ ! -f $HOME/Qt/$QT_VERSION/clang_64/bin/qmake ]; then \ @@ -93,4 +85,4 @@ cache: directories: - $HOME/Qt - /C/Qt - - $HOME/Library/Caches/Homebrew \ No newline at end of file + - $HOME/Library/Caches/Homebrew diff --git a/deploy/build_macos.sh b/deploy/build_macos.sh index 2671a517..ad6a2053 100755 --- a/deploy/build_macos.sh +++ b/deploy/build_macos.sh @@ -71,23 +71,25 @@ if [ "${MAC_CERT_PW+x}" ]; then CERTIFICATE_P12=$SCRIPT_DIR/PrivacyTechAppleCertDeveloperId.p12 WWDRCA=$SCRIPT_DIR/WWDRCA.cer -KEYCHAIN=build.keychain +KEYCHAIN=amnezia.build.keychain TEMP_PASS=tmp_pass -if [ -z "$(security list-keychains | grep $KEYCHAIN)" ]; then -security create-keychain -p $TEMP_PASS $KEYCHAIN -security list-keychains +security create-keychain -p $TEMP_PASS $KEYCHAIN || true security default-keychain -s $KEYCHAIN security unlock-keychain -p $TEMP_PASS $KEYCHAIN -security import $WWDRCA -k $KEYCHAIN -T /usr/bin/codesign -security import $CERTIFICATE_P12 -k $KEYCHAIN -P $MAC_CERT_PW -T /usr/bin/codesign -fi +security default-keychain +security list-keychains + +security import $WWDRCA -k $KEYCHAIN -T /usr/bin/codesign || true +security import $CERTIFICATE_P12 -k $KEYCHAIN -P $MAC_CERT_PW -T /usr/bin/codesign || true + +security set-key-partition-list -S apple-tool:,apple: -k $TEMP_PASS $KEYCHAIN security find-identity -p codesigning -codesign --deep --force --verbose -o runtime --sign "Developer ID Application: Privacy Technologies OU (X7UJ388FXK)" $BUNDLE_DIR -codesign --verify -vvvv $BUNDLE_DIR -spctl -a -vvvv $BUNDLE_DIR +/usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "Developer ID Application: Privacy Technologies OU (X7UJ388FXK)" $BUNDLE_DIR +/usr/bin/codesign --verify -vvvv $BUNDLE_DIR || true +spctl -a -vvvv $BUNDLE_DIR || true fi @@ -109,8 +111,13 @@ $QIF_BIN_DIR/binarycreator --offline-only -v -c config/macos.xml -p packages -f hdiutil create -volname $APP_NAME -srcfolder $APP_NAME.app -ov -format UDZO $TARGET_FILENAME if [ "${MAC_CERT_PW+x}" ]; then -codesign --deep --force --verbose --sign "Developer ID Application: Privacy Technologies OU (X7UJ388FXK)" $TARGET_FILENAME +/usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "Developer ID Application: Privacy Technologies OU (X7UJ388FXK)" $TARGET_FILENAME +/usr/bin/codesign --verify -vvvv $TARGET_FILENAME || true +spctl -a -vvvv $TARGET_FILENAME || true #xcrun altool --notarize-app -f $TARGET_FILENAME -t osx --primary-bundle-id $APP_DOMAIN fi echo "Finished, artifact is $PROJECT_DIR/$APP_NAME.dmg" + +# restore keychain +security default-keychain -s login.keychain From 447410a27acab3e184f9a3b961231dc44652ca0a Mon Sep 17 00:00:00 2001 From: pokamest Date: Mon, 8 Feb 2021 23:57:35 +0300 Subject: [PATCH 3/6] Macos build fix (#6) macos deploy fixes --- .travis.yml | 12 +----- deploy/PrivacyTechAppleCert.p12 | Bin 3342 -> 0 bytes deploy/PrivacyTechAppleCertDeveloperId.p12 | Bin 0 -> 3336 bytes deploy/PrivacyTechAppleCertInstallerId.p12 | Bin 0 -> 3332 bytes deploy/WWDRCA.cer | Bin 0 -> 1062 bytes deploy/build_macos.sh | 43 +++++++++++++++++---- 6 files changed, 38 insertions(+), 17 deletions(-) delete mode 100644 deploy/PrivacyTechAppleCert.p12 create mode 100755 deploy/PrivacyTechAppleCertDeveloperId.p12 create mode 100755 deploy/PrivacyTechAppleCertInstallerId.p12 create mode 100644 deploy/WWDRCA.cer mode change 100644 => 100755 deploy/build_macos.sh diff --git a/.travis.yml b/.travis.yml index 67618ffb..e25f6362 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,15 +14,7 @@ jobs: env: - QT_VERSION=5.15.1 - - before_install: - - export CERTIFICATE_P12=deploy/PrivacyTechAppleCert.p12 - - export KEYCHAIN=build.keychain - - security create-keychain -p $MAC_CERT_PW $KEYCHAIN - - security default-keychain -s $KEYCHAIN - - security unlock-keychain -p $MAC_CERT_PW $KEYCHAIN - - security import $CERTIFICATE_P12 -k $KEYCHAIN -P $MAC_CERT_PW -T /usr/bin/codesign - + script: - | if [ ! -f $HOME/Qt/$QT_VERSION/clang_64/bin/qmake ]; then \ @@ -93,4 +85,4 @@ cache: directories: - $HOME/Qt - /C/Qt - - $HOME/Library/Caches/Homebrew \ No newline at end of file + - $HOME/Library/Caches/Homebrew diff --git a/deploy/PrivacyTechAppleCert.p12 b/deploy/PrivacyTechAppleCert.p12 deleted file mode 100644 index f8b91957454e3a310079aa7adc24a7ae148d31be..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3342 zcmY*a2T&7Cw@n}kC5i+>XrZHoCIKQHrAqHz5TpbIY0?Cd4xuO@iim)eNRy7V&;lYz zlNOptl_t{lqey>o=Dqj*|LokoXU{ovXJ>Y14?6NPEd`Jg9eHU4LL-FJ#2sD+QUP-# zFLi(-FA>Rf6FL$y|E~nejf4!7sV@{j0J(Mjs{qkR2<`t)xCDft=|I${B{}u_IU7n8 z6x4w5NJx6*wMXWM*jMrDF98g#4kw(&(S@gd@6B-1E2r2G?itX~@;8*bHfl=p660qw z_TB=$$C(CvdhxqALVB9nm{8>~86k&U^#>dC;b$}{a|W9}KNGy75_34DI0tDEudq>m zktvqu)suJFFBd8okCF?x})4K6#I9&czI5LbThK;=*i| z`1AXV3%u=wU{H>$kS3dX#J3Egfd^dnxM7ZyIkom^yy&BS-r`tllCFH|uy9wqQ0F`M z^0h$I?Rx3D1-t{W#PjWv(2&SC z5oiU+hdaho9>@iTd|wcONB?A--2tzz0w zvt$d7cr|~*Gh<5LgOY0HHe3g_QlHx&F%Q(PY#n*0Oqflhj*^pQvq8m0=4g7VE~Z@+ za&f3+eD=aI>`b435yzbPT&rzCMS|dWi-r(~j5lGlQJy;M>gM)`5NCJ+_TOcRtq+w( zz|b94o1g^7oE|-+ z3g8)rQN5i_GCT@m*13L5qKn@;aS)25PHC6;Fx`{*6*Xw1pUI4O&6?z0!PC9793V28q$}&m8 z3WnSCu5iYQZ)SLdX|01mhG|5BQ48D6%ykUk?5ddlzKiE|-NqE3)3TS8(iw2Pe|z#S79aK<#*7s>Q(NFI&~M_{FB|hcYIzOglK22 z%J<${QjOAAu>GQo6joil@E+Tpt-tGa^u~#`OO+3G7UUIXJ+V-}n?cdqSnzgZU7?I1 z;3N9@jM3?$_kOFuxRh_xQ#~lp3McMtm>*VTtlk*|!a)v_TG9}0q=@0EHi2cji?je| z7o*$Eo5OMg_U}*vT|p^hDdt05e7~<{poCkhO-pbTR8~o41Kx+rlw#GM$ojYZnJiV5 zkN1nEm5!egKZw5^20!h8A3LnP{{yAQ1=FF+P`4{bEF zzGbyaFdHP#?4C|IsSyItccQIJ5@_}NcXO6Hu^*M(jKiF==IZ?5H8hg_dn%u09TZjz zH?De|`2mg)Dx2n)26WRp#K3<78gH_By+v%^4%5YnvKHwd<#}Bd>mkxp(+i`VXdOO{ z8E5VJ3~=36xHmC6Gu`Y_sA6ozm?)4r-@(ru=&~_^#s7icxNr|$t$KEvF1cpi-G(Rn z-!RBDvPZo#7EwxuC_k)r9Q<-$iC9j%c7i)ZM}kNHBgk?i!JVK;a66f9Ar}Dx{l8eF z1ybZjg0|6-p!NSsJIcRlH{-^&)D#>b|2OSGk)R&yu|->r4-CgcYRo+J@`n3jvfm7R z7A&Bxh-Js%5e)MTJmcO8ZqeXM4U3EgJOW$!+m@ZK_u@vr_&Zqj<7i+1Yrf-YsV7v0 z!W5F)a{=PIo!Ff+Tg#P|X5mj+|Afmila9}%gR_lDwQ_W0*_X_(A>2jBGI_v{W!G8j z(QP^9iJTs??i|Ku&j3(U;%fvi?ybVOtcX^1tm@ZHSv^rdUBbupKRr?a7Pf$)ah+Tj zo)xMnw!t2z`2!=$kcLuDtW5m~Ha#`RIYv`ayXmEMvrt2_g;;xKuXA7#biTM&a(rDV ze(0A&Y-Rs|@_|+z4T3woh^SzBUwAIRL@&H!jP{qwAj`sb zxwGE5iivMjiV%tPZ3ZJo9Uh;=b2vGs$kQOhu%6HVK~vhs<9da0s)IQlVPEfP82|J7 za$=XZe%VT!wEJOUNZc;e$~WrqXwtJqn>o`w)Nkg{qdcrD>mB{X_suUj7Ey!H@>624 zD3<>gb@q60iy^D&j^}1F7c-nth!m=!a0sA>ewp-z>$urS~0{4|VMvLDg2FljN+ zg_nzqbsJH1Yu>=6sYmU+_N*;#i7fctpk*XSQIWLBqbCe^RlrmATWWl~s=8`e_b&O4 zc|}h^sEZV55RVfHktX=t?-%s`nLkstOXHrw|KD4 zg$Lm5@^3XM8J`hNouoHu#o*b?3jHJUCj|ftWhA<#InZ3a5iI4rF3^T^af;0F5aR(u9J65*U0J$5o4JDOPcR< z1Kt?K&cf0GW$CZ{nvZjDg)?aCHw$Y09O7mh=}+UNWJ#NHxz>J4`#tMea-m9kBSTSO z*y7x^Z-@9Kap+y$NU{{Iy9+ZOO<11EW}R~^Drk+*pzO?kNlWNUx;Gp`i+nN|6B>Q+ zl5WxB93y_Jau7DIE>e3p1f~%}EwtyYFDUc1SeU`K#V<+l(Q~fL0#^$+^G`k;{?_lo zFrX^V6#8c8v-60Df>8TtZSgLX@@3m}EuHR??Za%9DX z-0jIHSAZ{BwI{p&a`(yT0h#k5`~Na1fFT*XlCeF&5fDUXOvy7G$v#iAVBWqFhdrRCc$Q#B68V3a%I+3_@jK-5PZfk!_M`}!$>!2bc<6bf?y diff --git a/deploy/PrivacyTechAppleCertDeveloperId.p12 b/deploy/PrivacyTechAppleCertDeveloperId.p12 new file mode 100755 index 0000000000000000000000000000000000000000..a04ec85a02ac7e68cd42ccd951d286abb33fe7ae GIT binary patch literal 3336 zcmY*abyO4nyWYk&7^yH)I;0c^NDKo}x*H@U$0&(O4FzPN2oe$k(hbrvQcwvAi2;HG zsUcHBIz&+5x9>go-tWDCyyrRZ^Stl#{_#2I^B`~xU=WZBfukRS!X%z)Jv(9mQUmjG z^c`RveJh2=BXH2|e4oad>b08pq0#pAgKm<3G_P-tIflve^n5NHi#9u~!>Kp{3 z0X)G$%hx#p4n>D-OANfcsaQz=xNVoO?ngs#fT^~ZZ7@N~@!L&Bi>11UBWsBAg_{=+ zcG8=cZ2u5E9a4L@xuUJshSDEA%Rlr1yASOdaiX_Axq*jiF9V<1C;`?``NPs4g% zcE?#>P8Gq9R|FE>NmO-imrS&hOUX@@qs*jAFn95>l3%6qZEQyb`E~gLhBJj8mnNhW zUV(xuCXzVPG#mSHTBWFQNfhcIULK=U-Q#m7OyyrPH>vzh=7IgFU1O!z(^f;6}mA(zKDrGA;q`$ua^E}n;CW9>^{o(#e&#@dNThC&32cRHSR;N*XjF)AT9ggDlwTr`ytU3SO#=$VRq_?!R_H z*IQ48(z2uy$eChvD}3F-R>iGSFFr@01tH`=aYSP3E(XzW>d$T>+Fhx_}jr~K~hOUGS9M~`OL zC3`&IaVC5%j`9MW@ZZf&3sY=MIQ^upcgG*qMCS1BA;;1u>aQg~gl(r)!rUtlMM~Z;UJA32qbfE1!Kyn9UT#pikSeb} zngI*$Lsc{roC*Vsu}%jN)#i|}4|UxscSFu%+Ge`Iv?b>n76$Omot470XS)8XtGVia z@!4u;UTwDP<4YV)cN zKis~|L;JZmM>SpjG->jp!%5Mr&C`oBs?brb=kD~c1@cV252SX1PixvMCcdsd^OBiV zV3KxD@%WAU!N+J)QWVOowl&z+Bat>6_`y~)IXl5@LTz=_4Iz(zL2tFGCsfHltY`6{ z>2S5`ng}m3#C~^OeJt`_WoVfum8@RgAlI=dx%i(T|fxWO?3gtn--JgV_588&ot z-$H;f$#rWwi$NPOeShTiRswFbG-Bs@eb=$5#9@G!TFMH(BOoryAlKXT^UvZWt1AfY zT@Jyrp76*5wALnPy~pX3Doc%wZ|Gdn-2k$Qi7ylRp&Hwk=d-}#&}e9|A(LX_r{}2w zL0~l5N7yosFV-F@AZ{~#G8-gQo$4JnrCR%Yhnjh(_J$dW$=``TljGN(l;iP)YT|E2 z8$a#b<}5Xhna$^K{mPIsAu{_{nHXr-4N43Xivt5nT*J%Xf1AosyC?PK^X3<6Z`ED) zR|eFZ{*F=>gV?N6WaVQ)k^L;tD%VZHxJh9BGh5P((Bs=}UD3Rxb0kssy32$~#)Ex~ zxywuzZz~&%^xcI=``2}tZBQ`a#W?f5%<|z~2yYkX>-KvLpl;EzfuNum_!(+kY>x?A=_MrN#-xcT+b#>t*pa{MVstN|@kJFZ zW_d{~QD|0ir!r{SpIt-4q4+Nyx;89-d71m}lN-{eAFfv3xXfL>;PTh!Jb;7Np~!&h z5Jkm$U0XGuw6fZIuu0Pr7S+{Lh3wz9VQRT|@xfMD{wM6$C~jtq^+E58-d|eU)+~MK z-n>7;=(dSVx(+{%+EMdeR)m{R!OX*QWRC8*3YdCi~L?>Q@$j zuDsT_GZ|Og-owbOpkCuOre_K0oQ(!KNa)n@IJ=n9uJUjd{ZO9Hz`MMAP@TsiFFBFP z(tLtRR@Cm>x#zmIZsy{XW4Zh=9^^?&)gKlsQgkaK|78GAB>~KL`g%x!&CRCa86es=2C9JL3k2yGf zj4O6MpZ<9%a28;v-X-;4e2>oHMHErk@pj@_@OsU0?YUV3?>C zVKkK_;h{HtNc<%oR-IV3PrSI}59S$SD@xM|gUiVEtiXv-eA{1!Ex4B^1n{2ku0euFCL+PN{{EJoD*M!rC!MfEeulHgGeKkjgq`9n zTR|UmlMufWWAO2stf4`N@z38X{TOa=gAA=hnW@+YQQpXGtz}HXscBo)qY6*zzAwaM z0n`I^gy?&G8d30&LdZZ9%BY$Yds@Iw(%iVw7Fm+#lLAZvY z^DXnZj&qax6O+E4&*e@XoLuwYXTL9zv!5=`3DBm@DXGvbpzP)4h<=6`%$GZ~d8eKq$KKlZJ z&Zkxg;1|!_B}2c>NgB=g-jd`JkU0NSuyqNW=Y1mD`Sw!oN4b6y=y`UTa;D;JpKti1)2R7q@;N+TL2;n(OH>A zz95}3KV8Eo?xXXay@-@{GsH7}wPW5ynTUJ@_J6-e7+l7S*8`vra0EC5_yKAF6d;gN zUH~6}F9k6aPMgB=15_!!FNJrf%sB%5Dd+?61}IY$Bg&LJW$PaYETuQ2>^TG6D5}qY z`JgE(3hU$9LD(>%67@VO&o9qa~`fm41yH zrAAf7_Dk>Q-uu1x^M0Q9eBN`O^F05(2a2HqkN`=c81NAJHNjUJuLv|i3Sb@v+y=sc zn}~EB6hprEuSA}QAzva=3nV}Q5vKlCfY96IRR28z3?zqM2T^)7g_mOlV*N-+C;{OZ z@-oA(Z4$Vilf?)0IhT-65{CYPmfToo;U7LoSjw$AhNc?Bhu$8f7DD5Jh zyCOTS1>?0ALm%rILdp@JH<`8SjC>6t%R0eD1lb@JDlU-Ngyfd6{yyg#(`e>wpeM`8jb7x ztmf5XMk6QvfQOhNcEEl{M$PO>X$$$Kn6u<&^|3XwGPKxvUPNWqvCMB-atv_9X5mZ- z`?W3VwXJGQQtiZgJn4HbS67XO-5Wl1@j2wW#;2FnM9M5$Uq=V zU3p&8yojXNrDYD?cl63SE}2Gclhw}WUCJna^9;J*;_0{QZP*{MyGFEh^}gs5&4cXxa3Gi@b(S*iSWpMMFK8}jJM z1%t}6l0m+kEgjdreHVj1!-7?Z+=}kcf{w~H556rVuYb7th9|SDh7+53nz|82O@QRe zA0zaO8^=~=l%thdBcx$C{GY(&Z^}!;HzIigQ~DGITms7qE8fHEvamHPvaLttR zqTKmkW~>(KA#2uUG0(XrHY_AE;Q?|Dt^fFJE0hKpm)VOy6(`M~Ctuw(G7o z;ip_3lbn>&z1Fbg(K*w&pdWdlT+~w&0WjrRqjL8h+IPNqQjUDpiL_JnlQ)l>$#ac6 z$pi;4JSzKbS~3VPvPuByecb)%73B#2w6pju-$i6^gvdKv*L?d=76dNyAX)w345fUw zgXHY+5P|`d;_Z~7?$^1LskxrP(e%|$oC6%uMtRw=tH;tzZBspK{Y_>_iX{&c<=4|( zPe>{n(!WbrKok8N8m3hT`80i1dY}DimJTD`c_de-dz5)4baAdx45Y1Wk}G~h?PT0=)weLT780r;2mjoiB5%QG6sBkG zw~Nb3w;M^RZ7J~8oNt-+3Kyp{6jUBw@mUC$Yk_%`guHO6=-;R-(wyB(4KSmu3P3Ay z)>ioNM1AU&iEN5pB8xwyHmu`oVhr5QJjg4Vbx3@vZIs!9!-H}!Y1V*j;{*L$X6mtX z&*iyA`tYX;K*_6T1B^#CX2#5p{e6d3NAXS)2vo>aQ>n!0i+k@e?{(XwOWh-^-U?L# z9#^{stj#tI&j{8WbXERl#{ZI)xUb1^rpu<-(=#3Q<5w(dKXNxX3d=F5kNMuiUEwR3 z1~Zj3V)kTj3Fqpu+fWTRp<=u6u@V-np<=Gu5)|{BqI$M-&t9H+v;LLILFd~3x2A`O zfvZi&{=6pnnjZ!=`0|Qgufb`QRL(;VgV*LmjamvGvYs@jf8QL)d#-YsWL!AFgcg)H zC)tSNWB>Ij>5u(EL3^j7Ee~h#T`YVHOi!{|Jo4NM=J;pt9d z3Ab|S81_e0=hq_$gN^O0daszJb?juFhBds@{KUniOK<|qS>0ltFHqYPhha^p`ibmW zIwZ>cDuat##}fU)c_fC46xdFIBg4_K)80dIh`{xq3%tEcN8!B4!dnoAR=h9|IQ7P= zl)q_f_E|(A3yn|0@btQ8hIa#+p~QUXrD?TS9aG(_l^<&p=~TZ!W*VxEd1gb@Rla|o zC+uk1fArbwdv;=zvW)D5P?^X;cUvOm*U^*F&erzQZBa>mXAGCe9J}RE3|agC3AQ{8 zSp^6~Rzjo;h?PT5{Xa2B1tiJCfOer6(ANJ;KhnSHckt0Xz6|YD^f&!L7|^gga@bG8 zQG+Z-VLx^IIkJ}ZXStP04M@!^!cjH0=F`g1{?jhlY5tC&h_Z`KdgA?oNgYT)jMpzd zPVQL=S|!F9(dby5>AGyQjUP-=cBy8Cme6#fuTFV-5uO4tQUU@Rk_r|hjU;8Jl4zLrMann7{hr{cwZW%lhzwnKr z=rtRgOg4a9e#fzHdO(d9_UA2P23nQoOkeWk-FVfBA$6s)CV%t%LxRhBE&V_!!+!Q3 z%WUEO8G^b~!Gvp70jatz(+>f4O3lqk%aqJk10>~==N1k*vrO9YF^ukQuJ2V+nKQUf zr!j5e1&?;~s@MF2YkpI9n2j*9aOg4%TgW0_Wjz(+HP?_kp+G%UgC$9pyh?LVz=nV~+9Ru&d>K2+%9?5EqVs$(}d1XfA; zq_4#)4nOH8NLVslszb<{Ln9GS+^9|8S^OT|yntWu^$p5@mzhtK;W1-Z#J2aDFz~nc zT~aV9^mYl3YV&`}zReN|kMcdax39EzJ>6MFF@E@AqWIB?wU+nF?AeQ!s`ZG%C}-HC zZe!v3KVW1G%SgL;Ws7AV-a-d*t;5dC{r*Se8)cYeAV|PkFbt_U@tn6Q3WP|T)2MG1 zpm7EQvj_J{H$Oq*c{3j%`?l1-Og45wHVoPmUYh*__<~-a;g*yM%{^6B0yy$ee(2`v z)S*GFJZe=wp6{wuu`Uv_X}#O{Y>e+xBPTa0=j`3_((1GAr%6GfU2`LiPU{IG{ap&` zp9?F=U^RuM4#%7exNR{l$1tAuhd+@C?58t;(8(10n|QoJL8k#HCuBA(@WOcHmXhrW z_yvK>QqsM?a^M##5o(EmPUTeEodL9|uZb80a2tPVH=?@(hQ{y17RZ&JlJ#sC!5%Ux z4tv&Wue>#LY>dWgV?ULQe117mY@Cds5KLl|N)7aiX{Fz===;ZJ+KM_-D+#s-g;h3+ zIvIxairrvJw~ncj4$%k1+#@)-|UF^SSsb){pQc$X2QW$A4DB0IB z7$2}dc&wE8jzqO{Iw{Ru&M~A@KiVaZEm3Y&(x!0S$a3Ni7*pCttK8y?8?Z`<+*s^! zrhG*T{_0=8lsYi#?r$Y6mE$ISiV;O;LH+*sd%VUd>dfv4fCFp*b^uO*D!>8YPb_x; z0^mi&=R^)hWdGit03U!avCo}&{wlIWR+oq_M8{uu5bB4n!X( z;0fRcH_hbn~t literal 0 HcmV?d00001 diff --git a/deploy/WWDRCA.cer b/deploy/WWDRCA.cer new file mode 100644 index 0000000000000000000000000000000000000000..d2bb1da64122c864c872d9b711b176d042462748 GIT binary patch literal 1062 zcmXqLVo@?^V&+=F%*4pV#KCxP&k@Vq1p)@VY@Awc9&O)w85vnw84QvPxeYkkm_u3E zgqcEv4TTK^K^!h&F2{m`oKywRyktE?H3JopAh)nAM9?|4s3bEjGdZy&Ge1wkv9u&3 zzbLb$(ooDm1f-5xm=~fhC_leM!P(J3PMp`!*ucoZ+{nZl`k>Qj@$g1r8WvHYTX!VypjWG%{)c-lQVYXRuCJE(pY=;r$WxRF4-br${9`c}_k`!An>Li0EopDe zv*^E}E$UaTdLwGTU-QAd$KGuPNJ^ruh+PumVL-h)reU3&vOc4_NAnbP|3 z#gVzkGL~*w{3pGxU>8%Qce&F<%bj1(KJXzgbzkmy4MuTzafLDk420{ zq(fbtbLBRPgzh)5cYSk@JQ@_Tc)I~VNLrYY@jnZz0W**?kOv7Uvq%_-HHc_m$aJ4l z#`*6{cCVhpvhVJ`^&D{qdLRYzEb0cT2FeQ*7s$8CW|Wi^Sn2C07v<Nhma(=FU z5ipVI0fh|sKiL>2Sz0$ga7&Wk^6MMZpzW` ze<$2-^n%rNMP7I9$xNP|H^ujq>s(2H^mkUSRbjJu1>%3p6qBF+hu?6 zedkq{<@Qo*x8F5!lFt%JA<5kEuT>H4)frt++IqZRKk^h=we)T%!^(BLy$#kqT(EJE zX2Ubi@~8Vu7BQZxzw?Oene~p{Z+0b3{mh!|*mRcPTGnUklH03)o}Bv9|B3H&wV91C z_x#+Vd5N(q?V(=JH^r`_KPnzJuG@ck!rYZ>Kd=95AvG=CKqhc$%$vflrY$-AJfiXd D2`7-6 literal 0 HcmV?d00001 diff --git a/deploy/build_macos.sh b/deploy/build_macos.sh old mode 100644 new mode 100755 index ecd31833..ad6a2053 --- a/deploy/build_macos.sh +++ b/deploy/build_macos.sh @@ -29,15 +29,9 @@ QMAKE_STASH_FILE=$PROJECT_DIR/.qmake_stash TARGET_FILENAME=$PROJECT_DIR/$APP_NAME.dmg # Seacrh Qt -echo "Brew Qt version $(brew --prefix qt)" - - -#if [ -f $(brew --prefix qt)/clang_64/bin/qmake ]; then QT_BIN_DIR=$(brew --prefix qt)/clang_64/bin; -#else QT_BIN_DIR=$HOME/Qt/5.14.2/clang_64/bin; fi +if [ -z "${QT_VERSION+x}" ]; then export QT_VERSION=5.14.2; fi QT_BIN_DIR=$HOME/Qt/$QT_VERSION/clang_64/bin - -#QIF_BIN_DIR=$HOME/Qt/Tools/QtInstallerFramework/4.0/bin QIF_BIN_DIR=$QT_BIN_DIR/../../../Tools/QtInstallerFramework/4.0/bin echo "Using Qt in $QT_BIN_DIR" @@ -73,6 +67,32 @@ $QT_BIN_DIR/macdeployqt $OUT_APP_DIR/$APP_FILENAME -always-overwrite cp -av $RELEASE_DIR/service/server/$APP_NAME-service.app/Contents/macOS/$APP_NAME-service $BUNDLE_DIR/Contents/macOS cp -Rv $PROJECT_DIR/deploy/data/macos/* $BUNDLE_DIR/Contents/macOS +if [ "${MAC_CERT_PW+x}" ]; then + +CERTIFICATE_P12=$SCRIPT_DIR/PrivacyTechAppleCertDeveloperId.p12 +WWDRCA=$SCRIPT_DIR/WWDRCA.cer +KEYCHAIN=amnezia.build.keychain +TEMP_PASS=tmp_pass + +security create-keychain -p $TEMP_PASS $KEYCHAIN || true +security default-keychain -s $KEYCHAIN +security unlock-keychain -p $TEMP_PASS $KEYCHAIN + +security default-keychain +security list-keychains + +security import $WWDRCA -k $KEYCHAIN -T /usr/bin/codesign || true +security import $CERTIFICATE_P12 -k $KEYCHAIN -P $MAC_CERT_PW -T /usr/bin/codesign || true + +security set-key-partition-list -S apple-tool:,apple: -k $TEMP_PASS $KEYCHAIN +security find-identity -p codesigning + +/usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "Developer ID Application: Privacy Technologies OU (X7UJ388FXK)" $BUNDLE_DIR +/usr/bin/codesign --verify -vvvv $BUNDLE_DIR || true +spctl -a -vvvv $BUNDLE_DIR || true + +fi + mkdir -p $INSTALLER_DATA_DIR cp -av $PROJECT_DIR/deploy/installer $RELEASE_DIR @@ -90,5 +110,14 @@ cd $RELEASE_DIR/installer $QIF_BIN_DIR/binarycreator --offline-only -v -c config/macos.xml -p packages -f $APP_NAME hdiutil create -volname $APP_NAME -srcfolder $APP_NAME.app -ov -format UDZO $TARGET_FILENAME +if [ "${MAC_CERT_PW+x}" ]; then +/usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "Developer ID Application: Privacy Technologies OU (X7UJ388FXK)" $TARGET_FILENAME +/usr/bin/codesign --verify -vvvv $TARGET_FILENAME || true +spctl -a -vvvv $TARGET_FILENAME || true +#xcrun altool --notarize-app -f $TARGET_FILENAME -t osx --primary-bundle-id $APP_DOMAIN +fi echo "Finished, artifact is $PROJECT_DIR/$APP_NAME.dmg" + +# restore keychain +security default-keychain -s login.keychain From 5f7ef3134510a43b315ad0dd3b157205fb263d61 Mon Sep 17 00:00:00 2001 From: pokamest Date: Tue, 9 Feb 2021 00:33:26 +0300 Subject: [PATCH 4/6] win cert updated --- deploy/PrivacyTechWindowsCert.pfx | Bin 7939 -> 7864 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/deploy/PrivacyTechWindowsCert.pfx b/deploy/PrivacyTechWindowsCert.pfx index 60e139fc51afc208f30d5f1628af03e1dbab05b0..0eb043c475bfd7976d74f851add61de065a5944b 100644 GIT binary patch delta 1440 zcmV;R1z-AuKDa%9FoGVm0s#Xsf*x=N2`Yw2hW8Bt2LYgh9$^H69$hek9$7Gg1_lNR zDuzgg_YDCD0ic2f_XL6k^Du%1?=XS|>jn!dhDe6@4FL=a0Ro_c1okk31oAK(1_~;M zNQUXpcZGJr?ePgB#DDHbL%Y zc&N48H603nQJ=jGlJstBeZm9(Hw5!&vh*qwF3%aKwkEYT$6Y;|>U45oXb_gUuE<2l zWo%KB1G1hUS)t$y>>qTVf`n7u1^UzeW;*nn7lbaS^U_{5RJ{?*m0JvfLm&1`_b>g zR$9avTCH*6^{}{USWA<|&`|a&?tn*Ycv>+1-_@s*UMTiQ*X&o>c*76A|BD|73Me&l z8R9p1c~gba0BoUTx(sAU4Tfbec{Bdo%ZpF}mSC%hKdas3-;`9Ld6nfX1e#wOEz{XX zT18cV1eMyZA4Vt-mZCtF7s$AhiBdI?MUAd;Bziwr1%QRAvjy^G12jf=Xw{AifY>^7 zd5Q*aJH>2O&FVsr`9TrmN;*exEYulH%G5Opt|hZ{Y{U&Hv*8rdNUE9mD`md5b6LjqFAyskpWy-bcq6OW3X^OvQG6@G+5vf^(5ghaaThM;`wy zXFEe+y6)FdWq_Kuh^$!7$N)Qg!Nh9;}zmyv*f zt`MHYvBgtgV(Jh)ts9v?GG0bGv$8Z2*w}=rBK%@D)a!9=-3#qfj-^5f6hRN+P8uM6bm<5@AGdsgaHz)74 ztTXc*ovHY$3C}&0W~u)Xl($Xn0$A05hk#XkAKRE4nYWIA==Wf6A5FO`P-?(rKo8n5 zrwerG>;`7Y+*!p$mEpd<#%1mj2sp`JMa7vI(sYnwLgasM{kz+ghVHQYR!SKUvMm!J z6E1VwfurXB+#5iY>{LLY2V)2&ja76JKya5jRDWtBIGe1^-y;$EcNT5rKE#-RG6~Pc z8+%j$9=s7YFBQbYntQ?3rc_t#MAu6r_MP|`v%)LpCo$#uSb17Hj>KkoUm?f69v_X+ zYETJF?6Q|GIkQHn4dhjPLF-I@RR7K2sbFOks0y@^#FO8WUY= zL^$8Z?Tdega+`mnN6x^nkJ6}s#0_y#WHa=46Yr6vlHggzLAnt1lB|?fPGU)UxOyn- z(nGaX$_m&h1bh;B4RRSko2ZB! zgj6oXM^@sL?wYQmNKQTa5LQE+k5Dmz;gb*y7PFiM8yP%1Fdr}n1_dh)0|FWZ6oJ;U ugOB>TrUsWR(bRN1nyh%EJOmU7A|kE%W4930#tZY9W;MF(Lf}LK0te8vjiS8( delta 1509 zcmV&L zNQU_ zyMvQuwA6>tM4gS0L$DLBN1bqRY8hx}ZtMy_KsZ6pe4-CC>-0WK_mZ*pnzldlP`u^e}6rcr8gh3rL( z`WHQWQTfeWSkX6kVof&PD`AnUMis7)UMvadlUtpL%xPyKE%+V-AHI`5@Vv%FJmmD@ z%aKvv#@g#II-KSh{of13?^l~Pq-uxZ%f|$l&x*JlISI7cXo-!Vol5?dp7|koc6E&Q zzD#+43T|A~{N=A1`~S0pcvMm`G;SK;PkfD`VM5UKSmp0yE#psXD5M`~jGSWchYE>Z z3n0-jQ985}27nqsmqoHy!Ff+6HR8aaFj~V-+t9jBghB@*X<|D2e)y53WD4%o3zcHF z55;VZHFDsEQ4tw&JSdxW9;O%CWtDz7W-QZxDeRGm0ggI032|{c1dPWy@2{knHVkQ`$&Z9g*vQ zPxUC+qjP_MidbtOqI0m{Vj>t;eb%OD$)&C{mP#9Ad4)7nQr5h`Sr^RUKwsk(Rmh2r zL)dhd<5T`r{S`LH4g&s=-=duPZ)0D8?EWyWu zO9MjQQFAw8niS!NMD~ompw|?C*%&TyLZ`JPwHCTqL_9nzcQ_cSO<%cs-M*O55hX-) zJ-R!fs0Mc9jf))2fe$FuFqZqpZV4vt{!a#5znUM!(tnr_ZyXm1vK*)*v4)X(B(q-+ zhM=6Z*v@C2ODv2K4PC|PNQ2faBH5Pbc+l3ajQ^H#m9=vvcW?ukyQ9h?< z-cjvj_C+FH#c$H^bO6}@yXw4|hxeH@fJX2k3u6Do69muHqtQ$GCryC%U+>B&I0rg4 z;ox@z=@A)RCc-dHA#WP;xzSV^5|RSrJKXO^!-h4_fDn<`AC#EeWdngG*anfTnzW*k zyn67srbOKn`2VABTz|U`+!jz8i^VOjWl8Vqs`j%;1vD8!g2~9H6(Do?_9Z_h;qp%@&imi|GUugTZv6KiL^$mM83Ka3{Lu LIAhC>0s;rn@qM`1 From c15b57e690d9957ccbb0949d644a44b092ce9b24 Mon Sep 17 00:00:00 2001 From: pokamest Date: Wed, 10 Feb 2021 00:07:12 +0300 Subject: [PATCH 5/6] windows travis fix --- deploy/build_windows.bat | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/deploy/build_windows.bat b/deploy/build_windows.bat index 9d938f5e..8ee3e74f 100644 --- a/deploy/build_windows.bat +++ b/deploy/build_windows.bat @@ -44,6 +44,12 @@ echo "PRO_FILE_PATH: %PRO_FILE_PATH%" echo "QMAKE_STASH_FILE: %QMAKE_STASH_FILE%" echo "TARGET_FILENAME: %TARGET_FILENAME%" +rem Signing staff +powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope LocalMachine +powershell Get-ExecutionPolicy -List + +powershell Import-PfxCertificate -FilePath %SCRIPT_DIR:"=%\PrivacyTechWindowsCert.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $(ConvertTo-SecureString -String $Env:WIN_CERT_PW -AsPlainText -Force) + echo "Cleanup..." Rmdir /Q /S %RELEASE_DIR% Del %QMAKE_STASH_FILE% @@ -59,7 +65,6 @@ cd %PROJECT_DIR% cd %WORK_DIR% set CL=/MP nmake /A /NOLOGO -break nmake clean rem if not exist "%OUT_APP_DIR:"=%\%APP_FILENAME:"=%" break @@ -70,11 +75,11 @@ copy "%WORK_DIR:"=%\platform\post-uninstall\release\post-uninstall.exe" %OUT_APP echo "Signing exe" cd %OUT_APP_DIR% -signtool sign /f "%SCRIPT_DIR:"=%\PrivacyTechWindowsCert.pfx" /p %WIN_CERT_PW% /fd sha256 /tr http://timestamp.comodoca.com/?td=sha256 /td sha256 *.exe +signtool sign /v /sm /s My /n "Privacy Technologies OU" /fd sha256 /tr http://timestamp.comodoca.com/?td=sha256 /td sha256 *.exe "%QT_BIN_DIR:"=%\windeployqt" --release --force --no-translations "%OUT_APP_DIR:"=%\%APP_FILENAME:"=%" -signtool sign /f "%SCRIPT_DIR:"=%\PrivacyTechWindowsCert.pfx" /p %WIN_CERT_PW% /fd sha256 /tr http://timestamp.comodoca.com/?td=sha256 /td sha256 *.dll +signtool sign /v /sm /s My /n "Privacy Technologies OU" /fd sha256 /tr http://timestamp.comodoca.com/?td=sha256 /td sha256 *.dll echo "Copying deploy data..." xcopy %DEPLOY_DATA_DIR% %OUT_APP_DIR% /s /e /y /i /f @@ -96,7 +101,7 @@ echo "Creating installer..." "%QIF_BIN_DIR:"=%\binarycreator" --offline-only -v -c config\windows.xml -p packages -f %TARGET_FILENAME% cd %PROJECT_DIR% -signtool sign /f "%SCRIPT_DIR:"=%\PrivacyTechWindowsCert.pfx" /p %WIN_CERT_PW% /fd sha256 /tr http://timestamp.comodoca.com/?td=sha256 /td sha256 %TARGET_FILENAME% +signtool sign /v /sm /s My /n "Privacy Technologies OU" /fd sha256 /tr http://timestamp.comodoca.com/?td=sha256 /td sha256 %TARGET_FILENAME% echo "Finished, see %TARGET_FILENAME%" exit 0 \ No newline at end of file From f50eea3eaf11f6d825d0c3a9b71a496ad40416a0 Mon Sep 17 00:00:00 2001 From: pokamest Date: Wed, 10 Feb 2021 06:57:26 -0800 Subject: [PATCH 6/6] macos signing fixes --- .gitignore | 1 + .travis.yml | 2 +- deploy/build_macos.sh | 55 +++++++++++++++++++++++-------------------- 3 files changed, 31 insertions(+), 27 deletions(-) diff --git a/.gitignore b/.gitignore index e48347c2..6e68831a 100644 --- a/.gitignore +++ b/.gitignore @@ -35,6 +35,7 @@ CMakeLists.txt.user* .DS_Store ._.DS_Store ._* +*.dmg # tmp files *.*~ diff --git a/.travis.yml b/.travis.yml index e25f6362..9088cde6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -30,7 +30,7 @@ jobs: token: $GH_TOKEN skip_cleanup: true file: - - "AmneziaVPN.dmg" + - "AmneziaVPN_unsigned.dmg" on: tags: true branch: master diff --git a/deploy/build_macos.sh b/deploy/build_macos.sh index ad6a2053..2acbb2a3 100755 --- a/deploy/build_macos.sh +++ b/deploy/build_macos.sh @@ -5,31 +5,30 @@ set -o errexit -o nounset # Hold on to current directory PROJECT_DIR=$(pwd) -SCRIPT_DIR=$PROJECT_DIR/deploy +DEPLOY_DIR=$PROJECT_DIR/deploy -mkdir -p $SCRIPT_DIR/build -WORK_DIR=$SCRIPT_DIR/build +mkdir -p $DEPLOY_DIR/build +BUILD_DIR=$DEPLOY_DIR/build echo "Project dir: ${PROJECT_DIR}" -echo "Build dir: ${WORK_DIR}" +echo "Build dir: ${BUILD_DIR}" APP_NAME=AmneziaVPN APP_FILENAME=$APP_NAME.app APP_DOMAIN=org.amneziavpn.package PLIST_NAME=$APP_NAME.plist -RELEASE_DIR=$WORK_DIR -OUT_APP_DIR=$RELEASE_DIR/client +OUT_APP_DIR=$BUILD_DIR/client BUNDLE_DIR=$OUT_APP_DIR/$APP_FILENAME DEPLOY_DATA_DIR=$PROJECT_DIR/deploy/data/macos -INSTALLER_DATA_DIR=$RELEASE_DIR/installer/packages/$APP_DOMAIN/data +INSTALLER_DATA_DIR=$BUILD_DIR/installer/packages/$APP_DOMAIN/data PRO_FILE_PATH=$PROJECT_DIR/$APP_NAME.pro QMAKE_STASH_FILE=$PROJECT_DIR/.qmake_stash -TARGET_FILENAME=$PROJECT_DIR/$APP_NAME.dmg +DMG_FILENAME=$PROJECT_DIR/${APP_NAME}_unsigned.dmg # Seacrh Qt -if [ -z "${QT_VERSION+x}" ]; then export QT_VERSION=5.14.2; fi +if [ -z "${QT_VERSION+x}" ]; then export QT_VERSION=5.15.2; fi QT_BIN_DIR=$HOME/Qt/$QT_VERSION/clang_64/bin QIF_BIN_DIR=$QT_BIN_DIR/../../../Tools/QtInstallerFramework/4.0/bin @@ -37,8 +36,6 @@ QIF_BIN_DIR=$QT_BIN_DIR/../../../Tools/QtInstallerFramework/4.0/bin echo "Using Qt in $QT_BIN_DIR" echo "Using QIF in $QIF_BIN_DIR" -ls -al $QT_BIN_DIR/../../.. - # Checking env $QT_BIN_DIR/qmake -v @@ -47,7 +44,7 @@ clang -v # Build App echo "Building App..." -cd $WORK_DIR +cd $BUILD_DIR $QT_BIN_DIR/qmake $PROJECT_DIR/AmneziaVPN.pro 'CONFIG+=release CONFIG+=x86_64' make -j `sysctl -n hw.ncpu` @@ -61,16 +58,16 @@ echo "____________________________________" # Package echo "Packaging ..." -#cd $SCRIPT_DIR +#cd $DEPLOY_DIR $QT_BIN_DIR/macdeployqt $OUT_APP_DIR/$APP_FILENAME -always-overwrite -cp -av $RELEASE_DIR/service/server/$APP_NAME-service.app/Contents/macOS/$APP_NAME-service $BUNDLE_DIR/Contents/macOS +cp -av $BUILD_DIR/service/server/$APP_NAME-service.app/Contents/macOS/$APP_NAME-service $BUNDLE_DIR/Contents/macOS cp -Rv $PROJECT_DIR/deploy/data/macos/* $BUNDLE_DIR/Contents/macOS if [ "${MAC_CERT_PW+x}" ]; then -CERTIFICATE_P12=$SCRIPT_DIR/PrivacyTechAppleCertDeveloperId.p12 -WWDRCA=$SCRIPT_DIR/WWDRCA.cer +CERTIFICATE_P12=$DEPLOY_DIR/PrivacyTechAppleCertDeveloperId.p12 +WWDRCA=$DEPLOY_DIR/WWDRCA.cer KEYCHAIN=amnezia.build.keychain TEMP_PASS=tmp_pass @@ -95,7 +92,7 @@ fi mkdir -p $INSTALLER_DATA_DIR -cp -av $PROJECT_DIR/deploy/installer $RELEASE_DIR +cp -av $PROJECT_DIR/deploy/installer $BUILD_DIR cp -av $DEPLOY_DATA_DIR/post_install.sh $INSTALLER_DATA_DIR/post_install.sh cp -av $DEPLOY_DATA_DIR/post_uninstall.sh $INSTALLER_DATA_DIR/post_uninstall.sh cp -av $DEPLOY_DATA_DIR/$PLIST_NAME $INSTALLER_DATA_DIR/$PLIST_NAME @@ -106,18 +103,24 @@ chmod a+x $INSTALLER_DATA_DIR/post_install.sh $INSTALLER_DATA_DIR/post_uninstall cd $BUNDLE_DIR tar czf $INSTALLER_DATA_DIR/$APP_NAME.tar.gz ./ -cd $RELEASE_DIR/installer -$QIF_BIN_DIR/binarycreator --offline-only -v -c config/macos.xml -p packages -f $APP_NAME -hdiutil create -volname $APP_NAME -srcfolder $APP_NAME.app -ov -format UDZO $TARGET_FILENAME - +cd $BUILD_DIR/installer +$QIF_BIN_DIR/binarycreator --offline-only -v -c config/macos.xml -p packages -f $APP_FILENAME if [ "${MAC_CERT_PW+x}" ]; then -/usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "Developer ID Application: Privacy Technologies OU (X7UJ388FXK)" $TARGET_FILENAME -/usr/bin/codesign --verify -vvvv $TARGET_FILENAME || true -spctl -a -vvvv $TARGET_FILENAME || true -#xcrun altool --notarize-app -f $TARGET_FILENAME -t osx --primary-bundle-id $APP_DOMAIN +/usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "Developer ID Application: Privacy Technologies OU (X7UJ388FXK)" $APP_FILENAME fi -echo "Finished, artifact is $PROJECT_DIR/$APP_NAME.dmg" +hdiutil create -volname $APP_NAME -srcfolder $APP_NAME.app -ov -format UDZO $DMG_FILENAME + +if [ "${MAC_CERT_PW+x}" ]; then +/usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "Developer ID Application: Privacy Technologies OU (X7UJ388FXK)" $DMG_FILENAME +/usr/bin/codesign --verify -vvvv $DMG_FILENAME || true +spctl -a -vvvv $DMG_FILENAME || true +#xcrun altool --notarize-app -f $DMG_FILENAME -t osx --primary-bundle-id $APP_DOMAIN -u $APPLE_DEV_EMAIL +#xcrun stapler staple $DMG_FILENAME +#xcrun stapler validate $DMG_FILENAME +fi + +echo "Finished, artifact is $DMG_FILENAME" # restore keychain security default-keychain -s login.keychain