This repository has been archived by the owner on Jul 2, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
buildAndSign.sh
146 lines (124 loc) · 4.46 KB
/
buildAndSign.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
SIGNATURE=$1 # Apple signing ID: "Developer ID Application: Developer Name (DUCNFCN445)"
NOTARIZATION_USERNAME=$2 # Apple ID username: "[email protected]"
NOTARIZATION_PASSWORD=$3 # Apple ID password Keychain listing: "AC_PASSWORD"
NOTARIZATION_PROVIDER=$4 # Team provider short name: "4RYZSDG57V"
VERSION=$(./gradlew -q printVersionName)
JDEPS="java.base,java.desktop,java.logging,java.sql,java.xml,java.datatransfer,java.compiler,jdk.unsupported,java.naming,jdk.crypto.ec,jdk.httpserver"
OUTPUT_DIR="build/app"
APP_FILE="$OUTPUT_DIR/AirMessage.app"
PACKAGE_FILE="$OUTPUT_DIR/server-v$VERSION.zip"
echo "Preparing AirMessage Server v$VERSION"
#Build webpack
npm install --prefix connectauth
npm run build --prefix connectauth
if [ -d "src/main/resources/connectsite" ]
then
rm -rf src/main/resources/connectsite/*
else
mkdir src/main/resources/connectsite
fi
cp -r connectauth/build/* src/main/resources/connectsite
#Clean up old files
./gradlew clean
#Assemble app files
./gradlew build
./gradlew copyToLib
#Prepare tmp directory
mkdir build/libs/tmp
pushd build/libs/tmp
#Sign native JAR libraries
if [ -z "$SIGNATURE" ]
then
echo "Skipping re-signing dependencies"
else
for f in ../*.jar;
do
echo "Re-signing $(basename "$f")"
jar xf "$f" #Unpack
rm "$f" #Delete original JAR
find -E . -regex ".*\.(dylib|jnilib)" -print0 | xargs codesign --force --verbose --sign "$SIGNATURE" #Codesign dynamic libraries
jar cmf META-INF/MANIFEST.MF "$f" ./* #Repack JAR
rm -r ./* #Empty directory
done
fi
#Clean up tmp directory
popd
rm -rf build/libs/tmp
#Create app directory
mkdir $OUTPUT_DIR
#Package app
echo "Packaging app"
$JAVA_HOME/bin/jpackage \
--name "AirMessage" \
--app-version "$VERSION" \
--input "build/libs" \
--main-jar "$(./gradlew -q printJarName)" \
--main-class "me.tagavari.airmessageserver.server.Main" \
--type "app-image" \
--java-options "-XstartOnFirstThread" \
--add-modules "$JDEPS" \
--mac-package-identifier "me.tagavari.airmessageserver" \
--mac-package-name "AirMessage" \
--mac-package-signing-prefix "airmessage" \
--icon "AirMessage.icns" \
--dest $OUTPUT_DIR
#Update app plist
echo "Fixing plist"
plutil -insert LSUIElement -string True "$APP_FILE/Contents/Info.plist" #Hide dock icon
plutil -insert NSAppTransportSecurity -xml "<dict><key>NSAllowsLocalNetworking</key><true/><key>NSAllowsArbitraryLoads</key><true/></dict>" "$APP_FILE/Contents/Info.plist" #Enable local networking (for AirMessage Connect sign-in)
#Sign app
if [ -z "$SIGNATURE" ]
then
echo "Skipping signing app"
else
echo "Signing app"
codesign --force --options runtime --entitlements "macos.entitlements" --sign "$SIGNATURE" "$APP_FILE/Contents/runtime/Contents/MacOS/libjli.dylib"
codesign --force --options runtime --entitlements "macos.entitlements" --sign "$SIGNATURE" "$APP_FILE/Contents/MacOS/AirMessage"
codesign --force --options runtime --entitlements "macos.entitlements" --sign "$SIGNATURE" "$APP_FILE"
fi
#Package app to ZIP
if [ -z "$NOTARIZATION_PASSWORD" ]
then
echo "Compressing app for development"
else
echo "Compressing app for notarization"
fi
ditto -c -k --keepParent "$APP_FILE" "$PACKAGE_FILE"
if [ -z "$NOTARIZATION_PASSWORD" ]
then
echo "Skipping notarization"
echo "Successfully built AirMessage Server v$VERSION for development"
else
#Notarize app
echo "Uploading app to Apple notarization service"
REQUEST_UUID=$(xcrun altool --notarize-app \
--primary-bundle-id "me.tagavari.airmessageserver" \
--username "$NOTARIZATION_USERNAME" \
--password "$NOTARIZATION_PASSWORD" \
--asc-provider "$NOTARIZATION_PROVIDER" \
--file "$PACKAGE_FILE" \
| grep RequestUUID | awk '{print $3}')
rm "$PACKAGE_FILE"
#Wait for notarization to finish
echo "Waiting for completion of notarization request $REQUEST_UUID"
while true; do
NOTARIZATION_STATUS=$(xcrun altool --notarization-info "$REQUEST_UUID" --username "$NOTARIZATION_USERNAME" --password "$NOTARIZATION_PASSWORD")
if echo "$NOTARIZATION_STATUS" | grep -q "Status: in progress"; then sleep 20
elif echo "$NOTARIZATION_STATUS" | grep -q "Status: success"; then break
else
>&2 echo "$NOTARIZATION_STATUS"
exit
fi
done
#Staple ticket
echo "Stapling ticket"
xcrun stapler staple "$APP_FILE"
#Check for signatures
echo "Verifying files"
spctl --assess "$APP_FILE"
codesign --verify "$APP_FILE"
#Re-compress app
echo "Compressing final app to $PACKAGE_FILE"
ditto -c -k --keepParent "$APP_FILE" "$PACKAGE_FILE"
echo "Successfully built AirMessage Server v$VERSION for distribution"
fi