Build/packaging: Support macOS package/DMG signing
This commit is contained in:
DRC
@@ -145,6 +145,11 @@ set(DEFAULT_IOS_ARMV8_BUILD ${CMAKE_SOURCE_DIR}/iosarmv8)
|
|||||||
set(IOS_ARMV8_BUILD ${DEFAULT_IOS_ARMV8_BUILD} CACHE PATH
|
set(IOS_ARMV8_BUILD ${DEFAULT_IOS_ARMV8_BUILD} CACHE PATH
|
||||||
"Directory containing ARMv8 iOS build to include in universal binaries (default: ${DEFAULT_IOS_ARMV8_BUILD})")
|
"Directory containing ARMv8 iOS build to include in universal binaries (default: ${DEFAULT_IOS_ARMV8_BUILD})")
|
||||||
|
|
||||||
|
set(OSX_APP_CERT_NAME "" CACHE STRING
|
||||||
|
"Name of the Developer ID Application certificate (in the macOS keychain) that should be used to sign the libjpeg-turbo DMG. Leave this blank to generate an unsigned DMG.")
|
||||||
|
set(OSX_INST_CERT_NAME "" CACHE STRING
|
||||||
|
"Name of the Developer ID Installer certificate (in the macOS keychain) that should be used to sign the libjpeg-turbo installer package. Leave this blank to generate an unsigned package.")
|
||||||
|
|
||||||
configure_file(release/makemacpkg.in pkgscripts/makemacpkg)
|
configure_file(release/makemacpkg.in pkgscripts/makemacpkg)
|
||||||
configure_file(release/Distribution.xml.in pkgscripts/Distribution.xml)
|
configure_file(release/Distribution.xml.in pkgscripts/Distribution.xml)
|
||||||
configure_file(release/uninstall.in pkgscripts/uninstall)
|
configure_file(release/uninstall.in pkgscripts/uninstall)
|
||||||
|
|||||||
@@ -58,6 +58,8 @@ BUILDDIRARMV7=@IOS_ARMV7_BUILD@
|
|||||||
BUILDDIRARMV7S=@IOS_ARMV7S_BUILD@
|
BUILDDIRARMV7S=@IOS_ARMV7S_BUILD@
|
||||||
BUILDDIRARMV8=@IOS_ARMV8_BUILD@
|
BUILDDIRARMV8=@IOS_ARMV8_BUILD@
|
||||||
WITH_JAVA=@WITH_JAVA@
|
WITH_JAVA=@WITH_JAVA@
|
||||||
|
OSX_APP_CERT_NAME="@OSX_APP_CERT_NAME@"
|
||||||
|
OSX_INST_CERT_NAME="@OSX_INST_CERT_NAME@"
|
||||||
LIPO=lipo
|
LIPO=lipo
|
||||||
|
|
||||||
PREFIX=@CMAKE_INSTALL_PREFIX@
|
PREFIX=@CMAKE_INSTALL_PREFIX@
|
||||||
@@ -258,11 +260,25 @@ cp $SRCDIR/release/License.rtf $SRCDIR/release/Welcome.rtf $SRCDIR/release/ReadM
|
|||||||
mkdir $TMPDIR/dmg
|
mkdir $TMPDIR/dmg
|
||||||
pkgbuild --root $PKGROOT --version $VERSION.$BUILD --identifier @PKGID@ \
|
pkgbuild --root $PKGROOT --version $VERSION.$BUILD --identifier @PKGID@ \
|
||||||
$TMPDIR/pkg/$PKGNAME.pkg
|
$TMPDIR/pkg/$PKGNAME.pkg
|
||||||
|
SUFFIX=
|
||||||
|
if [ "$OSX_INST_CERT_NAME" != "" ]; then
|
||||||
|
SUFFIX=-unsigned
|
||||||
|
fi
|
||||||
productbuild --distribution pkgscripts/Distribution.xml \
|
productbuild --distribution pkgscripts/Distribution.xml \
|
||||||
--package-path $TMPDIR/pkg/ --resources $TMPDIR/pkg/ \
|
--package-path $TMPDIR/pkg/ --resources $TMPDIR/pkg/ \
|
||||||
$TMPDIR/dmg/$PKGNAME.pkg
|
$TMPDIR/dmg/$PKGNAME$SUFFIX.pkg
|
||||||
|
if [ "$OSX_INST_CERT_NAME" != "" ]; then
|
||||||
|
productsign --sign "$OSX_INST_CERT_NAME" --timestamp \
|
||||||
|
$TMPDIR/dmg/$PKGNAME$SUFFIX.pkg $TMPDIR/dmg/$PKGNAME.pkg
|
||||||
|
rm -r $TMPDIR/dmg/$PKGNAME$SUFFIX.pkg
|
||||||
|
pkgutil --check-signature $TMPDIR/dmg/$PKGNAME.pkg
|
||||||
|
fi
|
||||||
hdiutil create -fs HFS+ -volname $PKGNAME-$VERSION \
|
hdiutil create -fs HFS+ -volname $PKGNAME-$VERSION \
|
||||||
-srcfolder "$TMPDIR/dmg" $TMPDIR/$PKGNAME-$VERSION.dmg
|
-srcfolder "$TMPDIR/dmg" $TMPDIR/$PKGNAME-$VERSION.dmg
|
||||||
|
if [ "$OSX_APP_CERT_NAME" != "" ]; then
|
||||||
|
codesign -s "$OSX_APP_CERT_NAME" --timestamp $TMPDIR/$PKGNAME-$VERSION.dmg
|
||||||
|
codesign -vv $TMPDIR/$PKGNAME-$VERSION.dmg
|
||||||
|
fi
|
||||||
cp $TMPDIR/$PKGNAME-$VERSION.dmg .
|
cp $TMPDIR/$PKGNAME-$VERSION.dmg .
|
||||||
|
|
||||||
exit
|
exit
|
||||||
|
|||||||
Reference in New Issue
Block a user