source: josm/trunk/native/macosx/macos-jpackage.sh

Last change on this file was 18904, checked in by stoecker, 3 weeks ago

don't hardcode ID
  • Property svn:executable set to *
File size: 4.5 KB
Line 
1#!/bin/bash
2
3## Expected environment, passed from GitHub secrets:
4# https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets
5# APPLE_ID_PW     Password for the Apple ID
6# CERT_MACOS_P12  Certificate used for code signing, base64 encoded
7# CERT_MACOS_PW   Password for that certificate
8
9set -Eeo pipefail
10
11# Don't show one time passwords
12set +x
13
14IMPORT_AND_UNLOCK_KEYCHAIN=${IMPORT_AND_UNLOCK_KEYCHAIN:-1}
15
16if [ -z "${1-}" ]
17then
18    echo "Usage: $0 josm_revision"
19    exit 1
20fi
21
22echo "Building JOSM.app"
23
24mkdir app
25
26if [ -z "$CERT_MACOS_P12" ] || [ -z "$CERT_MACOS_PW" ] || [ -z "$APPLE_ID_PW" ] || [ -z "$APPLE_ID_TEAM" ]  || [ -z "$APPLE_ID" ]
27then
28    echo "CERT_MACOS_P12, CERT_MACOS_PW, APPLE_ID, APPLE_ID_PW, or APPLE_ID_TEAM are not set in the environment."
29    echo "A JOSM.app will be created but not signed nor notarized."
30    SIGNAPP=false
31    KEYCHAINPATH=false
32    JPACKAGEOPTIONS=""
33else
34    echo "Preparing certificates/keychain for signing…"
35
36    KEYCHAIN=build.keychain
37    KEYCHAINPATH=~/Library/Keychains/$KEYCHAIN-db
38    KEYCHAIN_PW=$(head /dev/urandom | base64 | head -c 20)
39    CERTIFICATE_P12=certificate.p12
40
41    echo "$CERT_MACOS_P12" | base64 --decode > $CERTIFICATE_P12
42    security create-keychain -p "$KEYCHAIN_PW" $KEYCHAIN
43    security default-keychain -s $KEYCHAIN
44    security unlock-keychain -p "$KEYCHAIN_PW" $KEYCHAIN
45    security import $CERTIFICATE_P12 -k $KEYCHAIN -P "$CERT_MACOS_PW" -T /usr/bin/codesign
46    security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PW" $KEYCHAIN
47    rm $CERTIFICATE_P12
48    SIGNAPP=true
49    echo "Signing preparation done."
50    JPACKAGEOPTIONS="--mac-sign --mac-signing-keychain $KEYCHAINPATH"
51fi
52
53set -u
54
55echo "Building and signing app"
56# We specifically need the options to not be quoted -- we _want_ the word splitting.
57# shellcheck disable=SC2086
58jpackage $JPACKAGEOPTIONS -n "JOSM" --input dist --main-jar josm-custom.jar \
59    --main-class org.openstreetmap.josm.gui.MainApplication \
60    --icon ./native/macosx/JOSM.icns --type app-image --dest app \
61    --java-options "--add-modules java.scripting,java.sql,javafx.controls,javafx.media,javafx.swing,javafx.web" \
62    --java-options "--add-exports=java.base/sun.security.action=ALL-UNNAMED" \
63    --java-options "--add-exports=java.desktop/com.apple.eawt=ALL-UNNAMED" \
64    --java-options "--add-exports=java.desktop/com.sun.imageio.plugins.jpeg=ALL-UNNAMED" \
65    --java-options "--add-exports=java.desktop/com.sun.imageio.spi=ALL-UNNAMED" \
66    --java-options "--add-opens=java.base/java.lang=ALL-UNNAMED" \
67    --java-options "--add-opens=java.base/java.nio=ALL-UNNAMED" \
68    --java-options "--add-opens=java.base/jdk.internal.loader=ALL-UNNAMED" \
69    --java-options "--add-opens=java.base/jdk.internal.ref=ALL-UNNAMED" \
70    --java-options "--add-opens=java.desktop/javax.imageio.spi=ALL-UNNAMED" \
71    --java-options "--add-opens=java.desktop/javax.swing.text.html=ALL-UNNAMED" \
72    --java-options "--add-opens=java.prefs/java.util.prefs=ALL-UNNAMED" \
73    --app-version "$1" \
74    --copyright "JOSM, and all its integral parts, are released under the GNU General Public License v2 or later" \
75    --vendor "JOSM" \
76    --mac-package-identifier de.openstreetmap.josm \
77    --mac-package-signing-prefix de.openstreetmap.josm \
78    --file-associations native/file-associations/bz2.properties \
79    --file-associations native/file-associations/geojson.properties \
80    --file-associations native/file-associations/gpx.properties \
81    --file-associations native/file-associations/gz.properties \
82    --file-associations native/file-associations/jos.properties \
83    --file-associations native/file-associations/joz.properties \
84    --file-associations native/file-associations/osm.properties \
85    --file-associations native/file-associations/xz.properties \
86    --file-associations native/file-associations/zip.properties \
87    --add-modules java.compiler,java.base,java.datatransfer,java.desktop,java.logging,java.management,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.sql,java.transaction.xa,java.xml,jdk.crypto.ec,jdk.jfr,jdk.jsobject,jdk.unsupported,jdk.unsupported.desktop,jdk.xml.dom,javafx.controls,javafx.media,javafx.swing,javafx.web
88
89echo "Building done."
90
91if $SIGNAPP; then
92    echo "Preparing for notarization"
93    ditto -c -k --zlibCompressionLevel 9 --keepParent app/JOSM.app app/JOSM.zip
94
95    echo "Uploading to Apple"
96    xcrun notarytool submit --apple-id "$APPLE_ID" --password "$APPLE_ID_PW" --team-id "$APPLE_ID_TEAM" --wait app/JOSM.zip
97fi
Note: See TracBrowser for help on using the repository browser.