Merge pull request #117 from PropGit/mac_release_3

PropGit · web-flow · commit 7993255e22c3 · 2020-05-26T17:00:06.000-07:00
Mac release 3
diff --git a/.gitattributes b/.gitattributes
@@ -6,3 +6,4 @@ chromestore/* filter=lfs diff=lfs merge=lfs -text
 *.psd filter=lfs diff=lfs merge=lfs -text
 *.exe filter=lfs diff=lfs merge=lfs -text
 package/win-resources/nwjs/nwjs-v*.exe filter=lfs diff=lfs merge=lfs -text
+assets/BlocklyProp-Splash.png filter=lfs diff=lfs merge=lfs -text
diff --git a/assets/BlocklyProp-Splash.png b/assets/BlocklyProp-Splash.png
diff --git a/package/mac_app_notarize.sh b/package/mac_app_notarize.sh
@@ -0,0 +1,141 @@
+#!/bin/sh --
+#
+# This script transmits a packaged macOS application to Apple for notarization.
+# Must be run on macOS Catalina (or later) with XCode installed.
+#
+# Requirements for this script are:
+#
+#   User must specify the application bundle name without extension: (example -a "MyApplication")
+#     IMPORTANT: Packaged application bundle must exist in folder noted below
+#   User must specify the package version: (example: -v 1.0.56)
+#   User must specify the Apple developer account: (example: -d "developer@domain.com")
+#   
+#   These files and folders must exist in the paths shown below (in relation to this script's folder):
+#      ../dist/{APP_NAME}-{VERSION}-setup-MacOS.pkg
+#
+
+usage()
+{
+cat << EOF
+Usage: $0 OPTIONS
+
+This script transmits a packaged macOS application to Apple for notarization.
+
+OPTIONS:
+    -h  show usage
+    -a  (REQUIRED) application bundle name
+        - example: -a "MyApplication"
+    -v  (REQUIRED) version
+        - example: -v 0.5.1
+    -d  (REQUIRED) developer account
+        - example: -d "developer@domain.name"
+
+    examples: $0 -a "MyApplication" -v 1.0.56 -d "developer@domain.name"
+
+EOF
+}
+
+#
+# Resource path
+#
+DISTRIBUTION="../dist/"
+
+#
+# initialize input options with default values
+#
+APP_NAME=
+VERSION=
+DEVELOPER_ACCOUNT=
+
+#
+# get parms as flags or as requiring arguments
+#
+while getopts "ha:v:d:" OPTION
+do
+    case $OPTION in
+        h)
+            usage; exit 1 ;;
+        a)
+            APP_NAME=$OPTARG
+            ;;           
+        v)
+            VERSION=$OPTARG
+            ;;
+        d)
+            DEVELOPER_ACCOUNT=$OPTARG
+            ;;
+        ?)
+            echo "[HALT] Misconfigured options - see usage notes"
+            usage; exit  ;;
+    esac
+done
+
+#
+# Error if no application bundle name (-a bundle) was declared
+#
+if [[ -z $APP_NAME ]]
+then
+    echo "[HALT] No application bundle was declared - see usage notes for -a."
+    echo
+    usage
+    exit 1
+fi
+
+#
+# Error if no version (-v) option declared
+#
+if [[ -z $VERSION ]]
+then
+    echo "[HALT] No version option was declared - see usage notes for -v."
+    echo
+    usage
+    exit 1
+fi
+
+#
+# Error if no version string declared
+#
+if [ ${VERSION}X == X ]
+then
+    echo "[HALT] No version string was declared - see usage notes for -v."
+    echo
+    usage
+    exit 1
+fi
+
+#
+# Error if no developer account (-d bundle) was declared
+#
+if [[ -z $DEVELOPER_ACCOUNT ]]
+then
+    echo "[HALT] No developer account was declared - see usage notes for -d."
+    echo
+    usage
+    exit 1
+fi
+
+#
+# Show Info
+#
+echo
+echo "----- Transmitting packaged app to Apple for notarization -----"
+echo "NOTE: use altool app password defined in Apple Developer Account"
+echo
+echo "Package: \"${DISTRIBUTION}${APP_NAME}-${VERSION}-setup-MacOS.pkg\""
+echo
+echo "... be patient - this will take a while ..."
+echo
+
+#
+# Transmit app package for notarization
+#
+xcrun altool --notarize-app --primary-bundle-id "${APP_NAME}" --username "${DEVELOPER_ACCOUNT}" --file "${DISTRIBUTION}${APP_NAME}-${VERSION}-setup-MacOS.pkg"
+
+echo
+echo "If no errors reported (above), wait a few minutes and check ${DEVELOPER_ACCOUNT} email for notarization verdict."
+echo "To see detailed report (after verdict), use: xcrun altool -u \"${DEVELOPER_ACCOUNT}\" --notarization-info <hash>"
+echo 
+echo "If \"successful\" vertict, staple notarization ticket to package: xcrun stapler staple -v ${DISTRIBUTION}${APP_NAME}-${VERSION}-setup-MacOS.pkg"
+echo
+echo "Done!"
+exit 0
diff --git a/package/mac_app_sign_and_package.sh b/package/mac_app_sign_and_package.sh
@@ -9,10 +9,11 @@
 #     IMPORTANT: Application bundle must exist in folder noted below
 #   User must specify the package version: (example: "-v 1.0.56")
 #   
-#   All other parameters are optional: (FTDI driver installer, restart requirement, developer identities, deploy package request)
+#   All other parameters are optional: (FTDI driver installer, restart requirement, developer identities)
 #
 #   These files and folders must exist in the paths show below (in relation to this script's folder):
 #      ./drivers/FTDIUSBSerialDriver.kext
+#      ./mac-resources/neededToRun.entitlements
 #      ../dist/|application_bundle_name|.app
 #
 #   To update the driver, 
@@ -23,7 +24,7 @@
 #      - copy the FTDIUSBSerialDriver.kext from /Library/Extensions/ to the ../drivers/ folder
 #
 #   The ../dist/|application_bundle_name|.app will be modified by this script to digitally sign it with the default or optional
-#       application developer identity certificate
+#       application developer identity certificate as well as with the given runtime entitlements (neededToRun.entitlements)
 #
 
 usage()
@@ -56,13 +57,21 @@ EOF
 #
 # Resource paths
 #
+# Notes: 
+#   * All are paths relative to this script.
+#   * NWJS_FW_LIBRARIES (NW.js Framework Libraries) is the path inside of APP_BUNDLE (defined later)
+#
 RESOURCES="./mac-resources/"
 DISTRIBUTION="../dist/"
+NWJS_FW="/Contents/Frameworks/nwjs Framework.framework/"
+NWJS_FW_LIBRARIES="${NWJS_FW}Versions/Current/Libraries/"
+ENTITLEMENTS="${RESOURCES}neededToRun.entitlements"
 
 #
 # Default installation locations
 #
-# note: the FTDI kext used to be in "/System/Library/Extensions/" per Apple's previous suggestion (before Mavericks?)
+# Note: the FTDI kext used to be in "/System/Library/Extensions/" per Apple's previous suggestion (before Mavericks?)
+#
 FTDIDRIVER_DEST_DIR="/Library/Extensions/"
 DEFAULT_APP_DIR="/Applications/"
 
@@ -75,7 +84,8 @@ FTDIDRIVER_KEXT=${FTDIDRIVER}.kext
 #
 # Modified temporary distro xml
 #
-# note: will contain copied or sed-modified version of template DistributionXXXX.xml
+# Note: will contain copied or sed-modified version of template DistributionXXXX.xml
+#
 DIST_DST=DistributionMOD.xml
 
 #
@@ -267,16 +277,64 @@ else
     exit 1
 fi
 
+echo
+
+#
+# Attempt to deeply codesign the known-to-be-unsigned nwjs libraries and nwjs framework
+#
+echo "Code signing nwjs libraries and framework within the application bundle: ${DISTRIBUTION}${APP_BUNDLE} with identity: \"${APP_IDENTITY}\""
+#
+# signing libEGL.dylib
+#
+codesign -s "$APP_IDENTITY" --deep -f -v --options runtime --timestamp --entitlements "${ENTITLEMENTS}" "${DISTRIBUTION}${APP_BUNDLE}${NWJS_FW_LIBRARIES}libEGL.dylib"
+if [ "$?" != "0" ]; then
+    echo "[Error] Code signing nwjs library failed!" 1>&2
+    exit 1
+fi
+#
+# libGLESv2.dylib
+#
+codesign -s "$APP_IDENTITY" --deep -f -v --options runtime --timestamp --entitlements "${ENTITLEMENTS}" "${DISTRIBUTION}${APP_BUNDLE}${NWJS_FW_LIBRARIES}libGLESv2.dylib"
+if [ "$?" != "0" ]; then
+    echo "[Error] Code signing nwjs library failed!" 1>&2
+    exit 1
+fi
+#
+# libswiftshader_libEGL.dylib
+#
+codesign -s "$APP_IDENTITY" --deep -f -v --options runtime --timestamp --entitlements "${ENTITLEMENTS}" "${DISTRIBUTION}${APP_BUNDLE}${NWJS_FW_LIBRARIES}libswiftshader_libEGL.dylib"
+if [ "$?" != "0" ]; then
+    echo "[Error] Code signing nwjs library failed!" 1>&2
+    exit 1
+fi
+#
+# libswiftshader_libGLESv2.dylib
+#
+codesign -s "$APP_IDENTITY" --deep -f -v --options runtime --timestamp --entitlements "${ENTITLEMENTS}" "${DISTRIBUTION}${APP_BUNDLE}${NWJS_FW_LIBRARIES}libswiftshader_libGLESv2.dylib"
+if [ "$?" != "0" ]; then
+    echo "[Error] Code signing nwjs library failed!" 1>&2
+    exit 1
+fi
+#
+# nwjs Framework
+#
+codesign -s "$APP_IDENTITY" --deep -f -v --options runtime --timestamp --entitlements "${ENTITLEMENTS}" "${DISTRIBUTION}${APP_BUNDLE}${NWJS_FW}nwjs Framework"
+if [ "$?" != "0" ]; then
+    echo "[Error] Code signing nwjs framework failed!" 1>&2
+    exit 1
+fi
+
+
 echo
 
 #
 # Attempt to deeply codesign the app bundle
 #
 echo "Code signing the application bundle (hardened runtime with entitlements): ${DISTRIBUTION}${APP_BUNDLE} with identity: \"${APP_IDENTITY}\""
-codesign -s "$APP_IDENTITY" --deep -f -v --options runtime --timestamp --entitlements "./mac-resources/neededToRun.entitlements" "${DISTRIBUTION}${APP_BUNDLE}"
+codesign -s "$APP_IDENTITY" --deep -f -v --options runtime --timestamp --entitlements "${ENTITLEMENTS}" "${DISTRIBUTION}${APP_BUNDLE}"
 if [ "$?" != "0" ]; then
-    echo "[Error] Codesigning the application bundle failed!" 1>&2
-    exit 1    
+    echo "[Error] Code signing the application bundle failed!" 1>&2
+    exit 1
 fi
 
 echo
diff --git a/package/mac_app_staple.sh b/package/mac_app_staple.sh
@@ -0,0 +1,116 @@
+#!/bin/sh --
+#
+# This script staples a successfully notarized app ticket to an app package.
+# Must be run on macOS Catalina (or later) with XCode installed.
+#
+# Requirements for this script are:
+#
+#   User must have successfully notarized the app first.
+#   User must specify the application bundle name without extension: (example -a "MyApplication")
+#     IMPORTANT: Packaged application bundle must exist in folder noted below
+#   User must specify the package version: (example: -v 1.0.56)
+#   
+#   These files and folders must exist in the paths shown below (in relation to this script's folder):
+#      ../dist/{APP_NAME}-{VERSION}-setup-MacOS.pkg
+#
+
+usage()
+{
+cat << EOF
+Usage: $0 OPTIONS
+
+This script staples a successfully notarized app ticket to a packaged macOS application.
+
+OPTIONS:
+    -h  show usage
+    -a  (REQUIRED) application bundle name
+        - example: -a "MyApplication"
+    -v  (REQUIRED) version
+        - example: -v 0.5.1
+
+    examples: $0 -a "MyApplication" -v 1.0.56
+
+EOF
+}
+
+#
+# Resource path
+#
+DISTRIBUTION="../dist/"
+
+#
+# initialize input options with default values
+#
+APP_NAME=
+VERSION=
+
+#
+# get parms as flags or as requiring arguments
+#
+while getopts "ha:v:" OPTION
+do
+    case $OPTION in
+        h)
+            usage; exit 1 ;;
+        a)
+            APP_NAME=$OPTARG
+            ;;           
+        v)
+            VERSION=$OPTARG
+            ;;
+        ?)
+            echo "[HALT] Misconfigured options - see usage notes"
+            usage; exit  ;;
+    esac
+done
+
+#
+# Error if no application bundle name (-a bundle) was declared
+#
+if [[ -z $APP_NAME ]]
+then
+    echo "[HALT] No application bundle was declared - see usage notes for -a."
+    echo
+    usage
+    exit 1
+fi
+
+#
+# Error if no version (-v) option declared
+#
+if [[ -z $VERSION ]]
+then
+    echo "[HALT] No version option was declared - see usage notes for -v."
+    echo
+    usage
+    exit 1
+fi
+
+#
+# Error if no version string declared
+#
+if [ ${VERSION}X == X ]
+then
+    echo "[HALT] No version string was declared - see usage notes for -v."
+    echo
+    usage
+    exit 1
+fi
+
+#
+# Show Info
+#
+echo
+echo "----- Stapling packaged app with notarization ticket -----"
+echo
+echo "Package: \"${DISTRIBUTION}${APP_NAME}-${VERSION}-setup-MacOS.pkg\""
+echo
+
+#
+# Staple app package
+#
+xcrun stapler staple -v "${DISTRIBUTION}${APP_NAME}-${VERSION}-setup-MacOS.pkg"
+
+echo
+echo "Done!"
+exit 0
diff --git a/package/mac_app_verify_signatures.sh b/package/mac_app_verify_signatures.sh
