source: josm/trunk/native/macosx/macos-jpackage.sh

Last change on this file was 19036, checked in by taylor.smock, 2 weeks ago

See #23600: Native Apple Silicon Support

Add entitlements so that the app can start.
  • Property svn:executable set to *
File size: 6.8 KB
Line 
1#!/bin/bash
2
3## Expected environment, passed from GitHub secrets:
4# https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets
5# APPLE_ID_PW Password for the Apple ID
6# CERT_MACOS_P12 Certificate used for code signing, base64 encoded
7# CERT_MACOS_PW Password for that certificate
8
9set -Eeo pipefail
10
11# Don't show one time passwords
12set +x
13
14IMPORT_AND_UNLOCK_KEYCHAIN=${IMPORT_AND_UNLOCK_KEYCHAIN:-1}
15
16if [ -z "${1-}" ]
17then
18 echo "Usage: $0 josm_revision [other_arch_jdk]"
19 exit 1
20fi
21
22echo "Building JOSM.app"
23
24mkdir app
25
26if [ -z "$CERT_MACOS_P12" ] || [ -z "$CERT_MACOS_PW" ] || [ -z "$APPLE_ID_PW" ] || [ -z "$APPLE_ID_TEAM" ] || [ -z "$APPLE_ID" ]
27then
28 echo "CERT_MACOS_P12, CERT_MACOS_PW, APPLE_ID, APPLE_ID_PW, or APPLE_ID_TEAM are not set in the environment."
29 echo "A JOSM.app will be created but not signed nor notarized."
30 SIGNAPP=false
31 KEYCHAINPATH=false
32 JPACKAGEOPTIONS=""
33else
34 echo "Preparing certificates/keychain for signing…"
35
36 KEYCHAIN=build.keychain
37 KEYCHAINPATH=~/Library/Keychains/$KEYCHAIN-db
38 KEYCHAIN_PW=$(head /dev/urandom | base64 | head -c 20)
39 CERTIFICATE_P12=certificate.p12
40
41 echo "$CERT_MACOS_P12" | base64 --decode > $CERTIFICATE_P12
42 security create-keychain -p "$KEYCHAIN_PW" $KEYCHAIN
43 security default-keychain -s $KEYCHAIN
44 security unlock-keychain -p "$KEYCHAIN_PW" $KEYCHAIN
45 security import $CERTIFICATE_P12 -k $KEYCHAIN -P "$CERT_MACOS_PW" -T /usr/bin/codesign
46 security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PW" $KEYCHAIN
47 rm $CERTIFICATE_P12
48 SIGNAPP=true
49 echo "Signing preparation done."
50 JPACKAGEOPTIONS="--mac-sign --mac-signing-keychain $KEYCHAINPATH"
51fi
52
53set -u
54
55function do_jpackage() {
56 echo "Building app (${JAVA_HOME})"
57 # We specifically need the options to not be quoted -- we _want_ the word splitting.
58 # shellcheck disable=SC2086
59 "${JAVA_HOME}/bin/jpackage" $JPACKAGEOPTIONS -n "JOSM" --input dist --main-jar josm-custom.jar \
60 --main-class org.openstreetmap.josm.gui.MainApplication \
61 --icon ./native/macosx/JOSM.icns --type app-image --dest app \
62 --java-options "--add-modules java.scripting,java.sql,javafx.controls,javafx.media,javafx.swing,javafx.web" \
63 --java-options "--add-exports=java.base/sun.security.action=ALL-UNNAMED" \
64 --java-options "--add-exports=java.desktop/com.apple.eawt=ALL-UNNAMED" \
65 --java-options "--add-exports=java.desktop/com.sun.imageio.plugins.jpeg=ALL-UNNAMED" \
66 --java-options "--add-exports=java.desktop/com.sun.imageio.spi=ALL-UNNAMED" \
67 --java-options "--add-opens=java.base/java.lang=ALL-UNNAMED" \
68 --java-options "--add-opens=java.base/java.nio=ALL-UNNAMED" \
69 --java-options "--add-opens=java.base/jdk.internal.loader=ALL-UNNAMED" \
70 --java-options "--add-opens=java.base/jdk.internal.ref=ALL-UNNAMED" \
71 --java-options "--add-opens=java.desktop/javax.imageio.spi=ALL-UNNAMED" \
72 --java-options "--add-opens=java.desktop/javax.swing.text.html=ALL-UNNAMED" \
73 --java-options "--add-opens=java.prefs/java.util.prefs=ALL-UNNAMED" \
74 --app-version "$1" \
75 --copyright "JOSM, and all its integral parts, are released under the GNU General Public License v2 or later" \
76 --vendor "JOSM" \
77 --mac-package-identifier de.openstreetmap.josm \
78 --mac-package-signing-prefix de.openstreetmap.josm \
79 --file-associations native/file-associations/bz2.properties \
80 --file-associations native/file-associations/geojson.properties \
81 --file-associations native/file-associations/gpx.properties \
82 --file-associations native/file-associations/gz.properties \
83 --file-associations native/file-associations/jos.properties \
84 --file-associations native/file-associations/joz.properties \
85 --file-associations native/file-associations/osm.properties \
86 --file-associations native/file-associations/xz.properties \
87 --file-associations native/file-associations/zip.properties \
88 --add-modules java.compiler,java.base,java.datatransfer,java.desktop,java.logging,java.management,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.sql,java.transaction.xa,java.xml,jdk.crypto.ec,jdk.jfr,jdk.jsobject,jdk.unsupported,jdk.unsupported.desktop,jdk.xml.dom,javafx.controls,javafx.media,javafx.swing,javafx.web
89 echo "Building done (${JAVA_HOME})."
90}
91function do_signapp() {
92 echo "Compressing app (${1})"
93 ditto -c -k --zlibCompressionLevel 9 --keepParent "app/${1}.app" "app/${1}.zip"
94 if $SIGNAPP; then
95 echo "Signing app (${1})"
96 echo "Preparing for notarization"
97 echo "Uploading to Apple"
98 xcrun notarytool submit --apple-id "$APPLE_ID" --password "$APPLE_ID_PW" --team-id "$APPLE_ID_TEAM" --wait "app/${1}.zip"
99 fi
100}
101
102function merge() {
103 if [ "$(command -v lipo)" ]; then
104 lipo -create -output "${1}" "${2}" "${3}"
105 elif [ "$(command -v llvm-lipo-15)" ]; then
106 llvm-lipo-15 -create -output "${1}" "${2}" "${3}"
107 fi
108}
109
110function copy() {
111 # Trim the root path
112 FILE="${1#*/}"
113 if [ ! -e "${2}/${FILE}" ]; then
114 # Only make directories if we aren't looking at the root files
115 if [[ "${FILE}" == *"/"* ]]; then mkdir -p "${2}/${FILE%/*}"; fi
116 if file "${1}" | grep -q 'Mach-O' ; then
117 merge "${2}/${FILE}" "${3}/${FILE}" "${4}/${FILE}"
118 if file "${1}" | grep -q 'executable'; then
119 chmod 755 "${2}/${FILE}"
120 fi
121 else
122 cp -a "${1}" "${2}/${FILE}"
123 fi
124 fi
125}
126
127function directory_iterate() {
128 while IFS= read -r -d '' file
129 do
130 copy "${file}" "${2}" "${3}" "${4}" &
131 done < <(find "${1}" -type f,l -print0)
132 wait
133}
134
135do_jpackage "${1}"
136if [ -n "${2}" ]; then
137 function get_name() {
138 echo "$("${JAVA_HOME}/bin/java" --version | head -n1 | awk '{print $2}' | awk -F'.' '{print $1}')_$(file "${JAVA_HOME}/bin/java" | awk -F' executable ' '{print $2}')"
139 }
140 first="$(get_name)"
141 JAVA_HOME="${2}" second="$(get_name)"
142 mv app/JOSM.app "app/JOSM_${first}.app"
143 JAVA_HOME="${2}" do_jpackage "${1}"
144 mv app/JOSM.app "app/JOSM_${second}.app"
145 mkdir app/JOSM.app
146 (cd app
147 directory_iterate "JOSM_${first}.app" "JOSM.app" "JOSM_${first}.app" "JOSM_${second}.app"
148 directory_iterate "JOSM_${second}.app" "JOSM.app" "JOSM_${first}.app" "JOSM_${second}.app"
149 )
150 do_signapp "JOSM_${first}"
151 do_signapp "JOSM_${second}"
152 if [ -n "${KEYCHAINPATH}" ]; then
153 function do_codesign() {
154 codesign --sign "FOSSGIS e.V." \
155 --force \
156 --keychain "${KEYCHAINPATH}" \
157 --timestamp \
158 --prefix "de.openstreetmap.josm" \
159 --identifier "${2}" \
160 --options runtime \
161 --entitlements "$(dirname "${BASH_SOURCE[0]}")/josm.entitlements" \
162 --verbose=4 "${1}"
163 }
164 do_codesign app/JOSM.app/Contents/runtime "com.oracle.java.de.openstreetmap.josm"
165 do_codesign app/JOSM.app/ "de.openstreetmap.josm"
166 fi
167fi
168do_signapp JOSM
Note: See TracBrowser for help on using the repository browser.