source: josm/trunk/native/macosx/macos-jpackage.sh @ 17487

Last change on this file since 17487 was 17487, checked in by GerdP, 3 months ago

see #20257:macOS build process fixes and improvements

  • Property svn:executable set to *
File size: 3.3 KB
RevLine 
[16776]1#!/bin/bash
2
[17487]3## Expected environment, passed from GitHub secrets:
4# https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets
5# APPLE_ID_PW     Password for the Apple ID
6# CERT_MACOS_P12  Certificate used for code signing, base64 encoded
7# CERT_MACOS_PW   Password for that certificate
8
[16776]9set -Eeou pipefail
10
11# Don't show one time passwords
12set +x
13
[17487]14APPLE_ID="thomas.skowron@fossgis.de"
[16776]15IMPORT_AND_UNLOCK_KEYCHAIN=${IMPORT_AND_UNLOCK_KEYCHAIN:-1}
16
17if [ -z "${1-}" ]
18then
19    echo "Usage: $0 josm_revision"
20    exit 1
21fi
22
23echo "Building JOSM.app"
24
[17239]25mkdir app
[16776]26
[17487]27if [ -z "$CERT_MACOS_P12" ] || [ -z "$CERT_MACOS_PW" ] || [ -z "$APPLE_ID_PW" ]
28then
29    echo "CERT_MACOS_P12, CERT_MACOS_PW and APPLE_ID_PW are not set in the environment."
30    echo "I will create a JOSM.app but I won't attempt to sign and notarize it."
31    SIGNAPP=false
32else
[16776]33    echo "Preparing certificates/keychain for signing…"
34
35    KEYCHAIN=build.keychain
[17373]36    KEYCHAINPATH=~/Library/Keychains/$KEYCHAIN-db
[17487]37    KEYCHAIN_PW=$(head /dev/urandom | base64 | head -c 20)
[16776]38    CERTIFICATE_P12=certificate.p12
39
[17487]40    echo "$CERT_MACOS_P12" | base64 --decode > $CERTIFICATE_P12
41    security create-keychain -p "$KEYCHAIN_PW" $KEYCHAIN
[16776]42    security default-keychain -s $KEYCHAIN
[17487]43    security unlock-keychain -p "$KEYCHAIN_PW" $KEYCHAIN
44    security import $CERTIFICATE_P12 -k $KEYCHAIN -P "$CERT_MACOS_PW" -T /usr/bin/codesign
45    security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PW" $KEYCHAIN
[16776]46    rm $CERTIFICATE_P12
[17487]47    SIGNAPP=true
[16776]48    echo "Signing preparation done."
49fi
50
[17487]51if $SIGNAPP; then
52  JPACKAGEOPTIONS="--mac-sign --mac-signing-keychain $KEYCHAINPATH"
53else
54  JPACKAGEOPTIONS=""
55fi
56
[17373]57echo "Building and signin app"
[17487]58    jpackage $JPACKAGEOPTIONS -n "JOSM" --input dist --main-jar josm-custom.jar \
[17373]59    --main-class org.openstreetmap.josm.gui.MainApplication \
60    --icon ./native/macosx/JOSM.icns --type app-image --dest app \
61    --java-options "-Xmx8192m" \
[17487]62    --app-version "$1" \
[17373]63    --copyright "JOSM, and all its integral parts, are released under the GNU General Public License v2 or later" \
64    --vendor "https://josm.openstreetmap.de" \
65    --mac-sign \
66    --mac-package-identifier de.openstreetmap.josm \
67    --mac-package-signing-prefix de.openstreetmap.josm \
68    --mac-signing-keychain $KEYCHAINPATH \
69    --file-associations native/macosx/bz2.properties \
70    --file-associations native/macosx/geojson.properties \
71    --file-associations native/macosx/gpx.properties \
72    --file-associations native/macosx/gz.properties \
73    --file-associations native/macosx/jos.properties \
74    --file-associations native/macosx/joz.properties \
75    --file-associations native/macosx/osm.properties \
76    --file-associations native/macosx/zip.properties \
77    --add-modules java.base,java.datatransfer,java.desktop,java.logging,java.management,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.sql,java.transaction.xa,java.xml,jdk.crypto.ec,jdk.jfr,jdk.jsobject,jdk.unsupported,jdk.unsupported.desktop,jdk.xml.dom
[16776]78
[17373]79echo "Building done."
[16776]80
[17487]81if $SIGNAPP; then
82    echo "Preparing for notarization"
83    ditto -c -k --zlibCompressionLevel 9 --keepParent app/JOSM.app app/JOSM.zip
[16776]84
[17487]85    echo "Uploading to Apple"
86    xcrun altool --notarize-app -f app/JOSM.zip -p "$APPLE_ID_PW" -u "$APPLE_ID" --primary-bundle-id de.openstreetmap.josm
87fi
Note: See TracBrowser for help on using the repository browser.