github.com/containers/podman/v4@v4.9.4/contrib/pkginstaller/package.sh (about) 1 #!/bin/bash 2 3 set -euxo pipefail 4 5 BASEDIR=$(dirname "$0") 6 OUTPUT=$1 7 CODESIGN_IDENTITY=${CODESIGN_IDENTITY:-mock} 8 PRODUCTSIGN_IDENTITY=${PRODUCTSIGN_IDENTITY:-mock} 9 NO_CODESIGN=${NO_CODESIGN:-0} 10 HELPER_BINARIES_DIR="/opt/podman/qemu/bin" 11 12 binDir="${BASEDIR}/root/podman/bin" 13 qemuBinDir="${BASEDIR}/root/podman/qemu/bin" 14 15 version=$(cat "${BASEDIR}/VERSION") 16 arch=$(cat "${BASEDIR}/ARCH") 17 18 function build_podman() { 19 pushd "$1" 20 make GOARCH="${goArch}" podman-remote HELPER_BINARIES_DIR="${HELPER_BINARIES_DIR}" 21 make GOARCH="${goArch}" podman-mac-helper 22 cp bin/darwin/podman "contrib/pkginstaller/out/packaging/${binDir}/podman" 23 cp bin/darwin/podman-mac-helper "contrib/pkginstaller/out/packaging/${binDir}/podman-mac-helper" 24 popd 25 } 26 27 function sign() { 28 if [ "${NO_CODESIGN}" -eq "1" ]; then 29 return 30 fi 31 local opts="" 32 entitlements="${BASEDIR}/$(basename "$1").entitlements" 33 if [ -f "${entitlements}" ]; then 34 opts="--entitlements ${entitlements}" 35 fi 36 codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force ${opts} "$1" 37 } 38 39 function signQemu() { 40 if [ "${NO_CODESIGN}" -eq "1" ]; then 41 return 42 fi 43 44 local qemuArch="${arch}" 45 if [ "${qemuArch}" = amd64 ]; then 46 qemuArch=x86_64 47 fi 48 49 # sign the files inside /opt/podman/qemu/lib 50 libs=$(find "${BASEDIR}"/root/podman/qemu/lib -depth -name "*.dylib" -or -type f -perm +111) 51 echo "${libs}" | xargs -t -I % codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force % || true 52 53 # sign the files inside /opt/podman/qemu/bin except qemu-system-* 54 bins=$(find "${BASEDIR}"/root/podman/qemu/bin -depth -type f -perm +111 ! -name "qemu-system-${qemuArch}") 55 echo "${bins}" | xargs -t -I % codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force % || true 56 57 # sign the qemu-system-* binary 58 # need to remove any extended attributes, otherwise codesign complains: 59 # qemu-system-aarch64: resource fork, Finder information, or similar detritus not allowed 60 xattr -cr "${qemuBinDir}/qemu-system-${qemuArch}" 61 codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force \ 62 --entitlements "${BASEDIR}/hvf.entitlements" "${qemuBinDir}/qemu-system-${qemuArch}" 63 } 64 65 goArch="${arch}" 66 if [ "${goArch}" = aarch64 ]; then 67 goArch=arm64 68 fi 69 70 build_podman "../../../../" 71 sign "${binDir}/podman" 72 sign "${binDir}/gvproxy" 73 sign "${binDir}/podman-mac-helper" 74 signQemu 75 76 pkgbuild --identifier com.redhat.podman --version "${version}" \ 77 --scripts "${BASEDIR}/scripts" \ 78 --root "${BASEDIR}/root" \ 79 --install-location /opt \ 80 --component-plist "${BASEDIR}/component.plist" \ 81 "${OUTPUT}/podman.pkg" 82 83 productbuild --distribution "${BASEDIR}/Distribution" \ 84 --resources "${BASEDIR}/Resources" \ 85 --package-path "${OUTPUT}" \ 86 "${OUTPUT}/podman-unsigned.pkg" 87 rm "${OUTPUT}/podman.pkg" 88 89 if [ ! "${NO_CODESIGN}" -eq "1" ]; then 90 productsign --timestamp --sign "${PRODUCTSIGN_IDENTITY}" "${OUTPUT}/podman-unsigned.pkg" "${OUTPUT}/podman-installer-macos-${goArch}.pkg" 91 else 92 mv "${OUTPUT}/podman-unsigned.pkg" "${OUTPUT}/podman-installer-macos-${goArch}.pkg" 93 fi