liz/rawTherapee
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #5352 from Benitoite/patch-17

Browse Source 
Notarization, Entitlements for macOS 10.15 Catalina
This commit is contained in:
Beep6581
2019-06-24 13:51:15 +02:00
committed by GitHub
parent c6cdaf37eb daedba584a
commit 981970b508
6 changed files with 127 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
CMakeLists.txt
View File

@@ -164,7 +164,7 @@ endif()
if(NOT DEFINED DATADIR) if(NOT DEFINED DATADIR)
if(BUILD_BUNDLE) if(BUILD_BUNDLE)
if(APPLE) if(APPLE)
set(DATADIR "../Resources") set(DATADIR "../../Resources")
else() else()
set(DATADIR .) set(DATADIR .)
endif() endif()
@@ -176,7 +176,7 @@ endif()
if(NOT DEFINED LIBDIR) if(NOT DEFINED LIBDIR)
if(BUILD_BUNDLE) if(BUILD_BUNDLE)
if(APPLE) if(APPLE)
set(LIBDIR "../Frameworks") set(LIBDIR "../../Frameworks")
else() else()
set(LIBDIR .) set(LIBDIR .)
endif() endif()
@@ -256,6 +256,10 @@ if(APPLE)
if("${CODESIGNID}") if("${CODESIGNID}")
set(CODESIGNID "${CODESIGNID}" CACHE STRING "Codesigning Identity") set(CODESIGNID "${CODESIGNID}" CACHE STRING "Codesigning Identity")
endif() endif()
if("${NOTARY}")
set(NOTARY "${NOTARY}" CACHE STRING "Notarization Identity")
endif()
endif() endif()
# Enforce absolute paths for non-bundle builds: # Enforce absolute paths for non-bundle builds:

10
tools/osx/Info.plist-bin.in Normal file
View File

@@ -0,0 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleName</key>
<string>RawTherapee-bin</string>
<key>CFBundleIdentifier</key>
<string>com.rawtherapee.rawtherapee</string>
</dict>
</plist>

29
tools/osx/executable_loader.in
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env bash #!/bin/sh
cd "$(dirname "$0")" || exit 1 cd "$(dirname "$0")" || exit 1
@@ -7,21 +7,8 @@ app="${cwd%/Contents/*}"
lib="${app}/Contents/Frameworks" lib="${app}/Contents/Frameworks"
resources="${app}/Contents/Resources" resources="${app}/Contents/Resources"
etc="${resources}"/etc etc="${resources}"/etc
### Pending deletion:
# See https://github.com/Beep6581/RawTherapee/issues/1779
# cups_dir=/tmp/RT5
# install -d "${cups_dir}"
# cp -f /usr/lib/libcups.2.dylib "${cups_dir}"
# export DYLD_LIBRARY_PATH="${lib}:${cups_dir}"
# export GTK_EXE_PREFIX="${resources}"
# export GTK_DATA_PREFIX="${resources}"
export XDG_DATA_DIRS="${resources}/share" export XDG_DATA_DIRS="${resources}/share"
# export GTK_IM_MODULE_FILE="${etc}/gtk-3.0/gtk.immodules"
export DYLD_LIBRARY_PATH="${lib}" export DYLD_LIBRARY_PATH="${lib}"
export GTK_PATH="${lib}/gtk-3.0/3.0.0" export GTK_PATH="${lib}/gtk-3.0/3.0.0"
export XDG_DATA_HOME="${resources}/share" export XDG_DATA_HOME="${resources}/share"
export GSETTINGS_SCHEMA_DIR="${resources}/share/glib-2.0/schemas" export GSETTINGS_SCHEMA_DIR="${resources}/share/glib-2.0/schemas"
@@ -31,25 +18,13 @@ export GDK_PIXBUF_MODULEDIR="${lib}/gdk-pixbuf-2.0/2.10.0/loaders"
export RT_SETTINGS="${HOME}/Library/Application Support/RawTherapee/config" export RT_SETTINGS="${HOME}/Library/Application Support/RawTherapee/config"
export RT_CACHE="${HOME}/Library/Application Support/RawTherapee/cache" export RT_CACHE="${HOME}/Library/Application Support/RawTherapee/cache"
### Pending deletion:
# Environment variables for X11 backend
#if [[ -d ${etc}/fonts ]]; then
# export FONTCONFIG_PATH="${etc}/fonts"
#fi
# Strip out system argument # Strip out system argument
case "$1" in case "$1" in
-psn_*) shift ;; -psn_*) shift ;;
esac esac
# Commented-out as part of "crash-on-startup part 2" fix, see https://github.com/Beep6581/RawTherapee/issues/3882#issuecomment-311703141
#if [[ -d "/tmp/RawTherapee.app" ]]; then
# rm -rf "/tmp/RawTherapee.app"
#fi
#ln -sf "${app}" /tmp
# Prevent crash when directory name contains special characters # Prevent crash when directory name contains special characters
AppleLocale=`defaults read -g AppleLocale` AppleLocale=`defaults read -g AppleLocale`
export LANG=${AppleLocale%@*}.UTF-8 export LANG=${AppleLocale%@*}.UTF-8
exec "${cwd}/rawtherapee-bin" "$@" exec "${cwd}/bin/rawtherapee-bin" "$@"

91
tools/osx/macosx_bundle.sh
View File

@@ -101,7 +101,7 @@ ETC="${RESOURCES}/etc"
EXECUTABLE="${MACOS}/rawtherapee" EXECUTABLE="${MACOS}/rawtherapee"
msg "Removing old files:" msg "Removing old files:"
rm -rf "${APP}" "${PROJECT_NAME}_*.dmg" rm -rf "${APP}" "${PROJECT_NAME}_*.dmg" "*zip"
msg "Creating bundle container:" msg "Creating bundle container:"
install -d "${RESOURCES}" \ install -d "${RESOURCES}" \
@@ -134,7 +134,7 @@ rm -r "${LIB}"/gdk-pixbuf-2.0
"${GTK_PREFIX}/bin/gdk-pixbuf-query-loaders" "${LIB}"/libpix*.so > "${ETC}/gtk-3.0/gdk-pixbuf.loaders" "${GTK_PREFIX}/bin/gdk-pixbuf-query-loaders" "${LIB}"/libpix*.so > "${ETC}/gtk-3.0/gdk-pixbuf.loaders"
"${GTK_PREFIX}/bin/gtk-query-immodules-3.0" "${LIB}"/{im*.so,libprint*.so} > "${ETC}/gtk-3.0/gtk.immodules" "${GTK_PREFIX}/bin/gtk-query-immodules-3.0" "${LIB}"/{im*.so,libprint*.so} > "${ETC}/gtk-3.0/gtk.immodules"
sed -i "" -e "s|${PWD}/RawTherapee.app/Contents/|@executable_path/../|" "${ETC}/gtk-3.0/gdk-pixbuf.loaders" "${ETC}/gtk-3.0/gtk.immodules" sed -i "" -e "s|${PWD}/RawTherapee.app/Contents/|/Applications/RawTherapee.app/Contents/|" "${ETC}/gtk-3.0/gdk-pixbuf.loaders" "${ETC}/gtk-3.0/gtk.immodules"
ditto {"${GTK_PREFIX}","${RESOURCES}"}/share/glib-2.0/schemas ditto {"${GTK_PREFIX}","${RESOURCES}"}/share/glib-2.0/schemas
"${GTK_PREFIX}/bin/glib-compile-schemas" "${RESOURCES}/share/glib-2.0/schemas" "${GTK_PREFIX}/bin/glib-compile-schemas" "${RESOURCES}/share/glib-2.0/schemas"
@@ -155,6 +155,12 @@ ditto {"${GTK_PREFIX}","${RESOURCES}"}/share/icons/Adwaita/index.theme
# Copy libjpeg-turbo into the app bundle # Copy libjpeg-turbo into the app bundle
cp /opt/local/lib/libjpeg.62.dylib "${RESOURCES}/../Frameworks" cp /opt/local/lib/libjpeg.62.dylib "${RESOURCES}/../Frameworks"
# Copy libexpat into the app bundle
cp /opt/local/lib/libexpat.1.dylib "${RESOURCES}/../Frameworks"
# Copy libz into the app bundle
cp /opt/local/lib/libz.1.dylib "${RESOURCES}/../Frameworks"
# Copy libtiff into the app bundle # Copy libtiff into the app bundle
cp /opt/local/lib/libtiff.5.dylib "${RESOURCES}/../Frameworks" cp /opt/local/lib/libtiff.5.dylib "${RESOURCES}/../Frameworks"
@@ -182,31 +188,67 @@ find -E "${CONTENTS}" -type f -regex '.*/(rawtherapee-cli|rawtherapee|.*\.(dylib
done done
msg "Registering @loader_path into the executable:" msg "Registering @loader_path into the executable:"
echo " install_name_tool -add_rpath @loader_path/../Frameworks '${EXECUTABLE}'" | bash -v echo " install_name_tool -add_rpath @executable_path/../../Frameworks '${EXECUTABLE}'" | bash -v
echo " install_name_tool -add_rpath @loader_path/../Frameworks '${EXECUTABLE}-cli'" | bash -v echo " install_name_tool -add_rpath @loader_path/../Frameworks '${EXECUTABLE}-cli'" | bash -v
msg "Installing required application bundle files:" msg "Installing required application bundle files:"
PROJECT_SOURCE_DATA_DIR="${PROJECT_SOURCE_DIR}/tools/osx" PROJECT_SOURCE_DATA_DIR="${PROJECT_SOURCE_DIR}/tools/osx"
ditto "${PROJECT_SOURCE_DIR}/build/Resources" "${RESOURCES}"
# Executable loader # Executable loader
# Note: executable is renamed to 'rawtherapee-bin'. # Note: executable is renamed to 'rawtherapee-bin'.
mv "${MACOS}/rawtherapee" "${MACOS}/rawtherapee-bin" mkdir "${MACOS}/bin"
mv "${MACOS}/rawtherapee" "${MACOS}/bin/rawtherapee-bin"
install -m 0755 "${PROJECT_SOURCE_DATA_DIR}/executable_loader.in" "${MACOS}/rawtherapee" install -m 0755 "${PROJECT_SOURCE_DATA_DIR}/executable_loader.in" "${MACOS}/rawtherapee"
# App bundle resources # App bundle resources
cp "${PROJECT_SOURCE_DATA_DIR}/"{rawtherapee,profile}.icns "${RESOURCES}" cp "${PROJECT_SOURCE_DATA_DIR}/"{rawtherapee,profile}.icns "${RESOURCES}"
cp "${PROJECT_SOURCE_DATA_DIR}/PkgInfo" "${CONTENTS}" cp "${PROJECT_SOURCE_DATA_DIR}/PkgInfo" "${CONTENTS}"
install -m 0644 "${PROJECT_SOURCE_DATA_DIR}/Info.plist.in" "${CONTENTS}/Info.plist" install -m 0644 "${PROJECT_SOURCE_DATA_DIR}/Info.plist.in" "${CONTENTS}/Info.plist"
install -m 0644 "${PROJECT_SOURCE_DATA_DIR}/Info.plist-bin.in" "${CONTENTS}/MacOS/bin/Info.plist"
sed -i "" -e "s|@version@|${PROJECT_FULL_VERSION}| sed -i "" -e "s|@version@|${PROJECT_FULL_VERSION}|
s|@shortVersion@|${PROJECT_VERSION}| s|@shortVersion@|${PROJECT_VERSION}|
s|@arch@|${arch}|" \ s|@arch@|${arch}|" \
"${CONTENTS}/Info.plist" "${CONTENTS}/Info.plist"
plutil -convert binary1 "${CONTENTS}/Info.plist" plutil -convert binary1 "${CONTENTS}/Info.plist"
plutil -convert binary1 "${CONTENTS}/MacOS/bin/Info.plist"
# Sign the app # Sign the app
CODESIGNID="$(cmake .. -LA -N | grep "CODESIGNID" | cut -d "=" -f2)" CODESIGNID="$(cmake .. -LA -N | grep "CODESIGNID" | cut -d "=" -f2)"
codesign --deep --force -v -s "${CODESIGNID}" --timestamp "${APP}" if ! test -z "$CODESIGNID" ; then
spctl -a -vvvv "${APP}" install -m 0644 "${PROJECT_SOURCE_DATA_DIR}/rt.entitlements" "${CONTENTS}/Entitlements.plist"
plutil -convert binary1 "${CONTENTS}/Entitlements.plist"
install -m 0644 "${PROJECT_SOURCE_DATA_DIR}/rt-bin.entitlements" "${CONTENTS}/MacOS/bin/Entitlements.plist"
plutil -convert binary1 "${CONTENTS}/MacOS/bin/Entitlements.plist"
codesign -v -s "${CODESIGNID}" -i "com.rawtherapee.rawtherapee-bin" --timestamp -o runtime --entitlements "${APP}/Contents/MacOS/bin/Entitlements.plist" "${APP}/Contents/MacOS/bin/rawtherapee-bin"
codesign --deep --preserve-metadata=identifier,entitlements,runtime --strict -v -s "${CODESIGNID}" -i "com.rawtherapee.rawtherapee" --timestamp -o runtime --entitlements "${APP}/Contents/Entitlements.plist" "${APP}"
spctl -a -vvvv "${APP}"
fi
# Notarize the app
NOTARY="$(cmake .. -LA -N | grep "NOTARY" | cut -d "=" -f2)"
if ! test -z "$NOTARY" ; then
ditto -c -k --sequesterRsrc --keepParent "${APP}" "${APP}.zip"
uuid=`xcrun altool --notarize-app --primary-bundle-id "com.rawtherapee.rawtherapee" ${NOTARY} --file "${APP}.zip" 2>&1 | grep 'RequestUUID' | awk '{ print $3 }'`
echo "Result= $uuid" # Display identifier string
sleep 15
while :
do
fullstatus=`xcrun altool --notarization-info "$uuid" ${NOTARY} 2>&1` # get the status
status1=`echo "$fullstatus" | grep 'Status\:' | awk '{ print $2 }'`
if [ "$status1" = "success" ]; then
xcrun stapler staple *app # staple the ticket
xcrun stapler validate -v *app
echo "Notarization success"
break
elif [ "$status1" = "in" ]; then
echo "Notarization still in progress, sleeping for 15 seconds and trying again"
sleep 15
else
echo "Notarization failed fullstatus below"
echo "$fullstatus"
exit 1
fi
done
fi
function CreateDmg { function CreateDmg {
local srcDir="$(mktemp -dt $$)" local srcDir="$(mktemp -dt $$)"
@@ -234,7 +276,36 @@ function CreateDmg {
hdiutil create -format UDBZ -fs HFS+ -srcdir "${srcDir}" -volname "${PROJECT_NAME}_${PROJECT_FULL_VERSION}" "${dmg_name}.dmg" hdiutil create -format UDBZ -fs HFS+ -srcdir "${srcDir}" -volname "${PROJECT_NAME}_${PROJECT_FULL_VERSION}" "${dmg_name}.dmg"
# Sign disk image # Sign disk image
codesign --deep --force -v -s "${CODESIGNID}" --timestamp "${dmg_name}.dmg" if ! test -z "$CODESIGNID" ; then
codesign --deep --force -v -s "${CODESIGNID}" --timestamp "${dmg_name}.dmg"
fi
# Notarize the dmg
if ! test -z "$NOTARY" ; then
zip "${dmg_name}.dmg.zip" "${dmg_name}.dmg"
uuid=`xcrun altool --notarize-app --primary-bundle-id "com.rawtherapee" ${NOTARY} --file "${dmg_name}.dmg.zip" 2>&1 | grep 'RequestUUID' | awk '{ print $3 }'`
echo "dmg Result= $uuid" # Display identifier string
sleep 15
while :
do
fullstatus=`xcrun altool --notarization-info "$uuid" ${NOTARY} 2>&1` # get the status
status1=`echo "$fullstatus" | grep 'Status\:' | awk '{ print $2 }'`
if [ "$status1" = "success" ]; then
xcrun stapler staple "${dmg_name}.dmg" # staple the ticket
xcrun stapler validate -v "${dmg_name}.dmg"
echo "dmg Notarization success"
break
elif [ "$status1" = "in" ]; then
echo "dmg Notarization still in progress, sleeping for 15 seconds and trying again"
sleep 15
else
echo "dmg Notarization failed fullstatus below"
echo "$fullstatus"
exit 1
fi
done
fi
# Zip disk image for redistribution # Zip disk image for redistribution
zip "${dmg_name}.zip" "${dmg_name}.dmg" AboutThisBuild.txt zip "${dmg_name}.zip" "${dmg_name}.dmg" AboutThisBuild.txt

8
tools/osx/rt-bin.entitlements Normal file
View File

@@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.inherit</key>
<true/>
</dict>
</plist>

20
tools/osx/rt.entitlements Normal file
View File

@@ -0,0 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>com.rawtherapee.rawtherapee</string>
<key>com.apple.security.temporary-exception.files.absolute-path.read-write</key>
<array>
<string>&quot;/&quot;</string>
</array>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.files.downloads.read-write</key>
<true/>
</dict>
</plist>