DISTRHO
/
Cardinal
mirror of https://github.com/DISTRHO/Cardinal.git
1
0
Fork 0
Code Issues 0 Releases 20 Wiki Activity
Browse Source

Sign and Notarize macOS builds 

Signed-off-by: falkTX <falktx@falktx.com>
macos-sign-ci
falkTX 1 week ago
parent
aecdb062f8
commit
889d0bc0f9
Signed by: falkTX <falktx@falktx.com> GPG Key ID: CDBAA37ABC74FBA0
3 changed files with 49 additions and 1 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +7
    -0
      .github/workflows/build.yml
  2. +1
    -1
      dpf
  3. +41
    -0
      utils/create-macos-installer.sh

+ 7
- 0
.github/workflows/build.yml View File

@@ -202,6 +202,13 @@ jobs:
- name: Build macOS (packaging) - name: Build macOS (packaging)
if: steps.cache.outputs.cache-hit == 'true' if: steps.cache.outputs.cache-hit == 'true'
shell: bash shell: bash
env:
MACOS_APP_CERTIFICATE: ${{ secrets.MACOS_APP_CERTIFICATE }}
MACOS_INSTALLER_CERTIFICATE: ${{ secrets.MACOS_INSTALLER_CERTIFICATE }}
MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }}
MACOS_NOTARIZATION_USER: ${{ secrets.MACOS_NOTARIZATION_USER }}
MACOS_NOTARIZATION_PASS: ${{ secrets.MACOS_NOTARIZATION_PASS }}
MACOS_NOTARIZATION_TEAM: ${{ secrets.MACOS_NOTARIZATION_TEAM }}
run: | run: |
source deps/PawPaw/local.env macos-universal-10.15 source deps/PawPaw/local.env macos-universal-10.15
./utils/create-macos-installer.sh ./utils/create-macos-installer.sh


+ 1
- 1
dpf

@@ -1 +1 @@
Subproject commit d38701abff789f44f2f483a6360416a9adbcc8f9
Subproject commit 1f459dc33d58761b53fbecbfdabbb03b241781b4

+ 41
- 0
utils/create-macos-installer.sh View File

@@ -26,10 +26,34 @@ rm -rf vst2/*.vst/Contents/Resources
rm -rf vst3/*.vst3/Contents/Resources rm -rf vst3/*.vst3/Contents/Resources
rm -rf clap/*.clap/Contents/Resources rm -rf clap/*.clap/Contents/Resources


if [ -n "${MACOS_APP_CERTIFICATE}" ] && [ -n "${MACOS_INSTALLER_CERTIFICATE}" ] && [ -n "${MACOS_CERTIFICATE_PASSWORD}" ]; then
security create-keychain -p "" $(pwd)/keychain.db
security unlock-keychain -p "" $(pwd)/keychain.db
echo -n "${MACOS_APP_CERTIFICATE}" | base64 --decode -o cert.p12
security import cert.p12 -P "${MACOS_CERTIFICATE_PASSWORD}" -A -t cert -f pkcs12 -k $(pwd)/keychain.db
echo -n "${MACOS_INSTALLER_CERTIFICATE}" | base64 --decode -o cert.p12
security import cert.p12 -P "${MACOS_CERTIFICATE_PASSWORD}" -A -t cert -f pkcs12 -k $(pwd)/keychain.db
rm cert.p12
security list-keychain -d user -s $(pwd)/keychain.db

MACOS_APP_DEV_ID="$(security find-identity -v $(pwd)/keychain.db | grep 'Developer ID Application:' | head -n 1 | cut -d' ' -f 5-99 | sed 's/\"//g')"
codesign -s "${MACOS_APP_DEV_ID}" --deep --force --verbose --option=runtime au/*.component
codesign -s "${MACOS_APP_DEV_ID}" --deep --force --verbose --option=runtime clap/*.clap
codesign -s "${MACOS_APP_DEV_ID}" --deep --force --verbose --option=runtime jack/*.app
codesign -s "${MACOS_APP_DEV_ID}" --deep --force --verbose --option=runtime native/*.app
codesign -s "${MACOS_APP_DEV_ID}" --deep --force --verbose --option=runtime vst2/*.vst
codesign -s "${MACOS_APP_DEV_ID}" --deep --force --verbose --option=runtime vst3/*.vst3
codesign -s "${MACOS_APP_DEV_ID}" --force --verbose --option=runtime lv2/*.lv2/*.dylib

MACOS_INSTALLER_DEV_ID="$(security find-identity -v $(pwd)/keychain.db | grep 'Developer ID Installer:' | head -n 1 | cut -d' ' -f 5-99 | sed 's/\"//g')"
PKG_SIGN_ARGS=(--sign "${MACOS_INSTALLER_DEV_ID}")
fi

pkgbuild \ pkgbuild \
--identifier "studio.kx.distrho.cardinal.resources" \ --identifier "studio.kx.distrho.cardinal.resources" \
--install-location "/Library/Application Support/Cardinal/" \ --install-location "/Library/Application Support/Cardinal/" \
--root "${PWD}/res/" \ --root "${PWD}/res/" \
"${PKG_SIGN_ARGS[@]}" \
../dpf-cardinal-resources.pkg ../dpf-cardinal-resources.pkg


pkgbuild \ pkgbuild \
@@ -37,6 +61,7 @@ pkgbuild \
--component-plist "../utils/macOS/Build_JACK.plist" \ --component-plist "../utils/macOS/Build_JACK.plist" \
--install-location "/Applications/" \ --install-location "/Applications/" \
--root "${PWD}/jack/" \ --root "${PWD}/jack/" \
"${PKG_SIGN_ARGS[@]}" \
../dpf-cardinal-jack.pkg ../dpf-cardinal-jack.pkg


pkgbuild \ pkgbuild \
@@ -44,36 +69,42 @@ pkgbuild \
--component-plist "../utils/macOS/Build_Native.plist" \ --component-plist "../utils/macOS/Build_Native.plist" \
--install-location "/Applications/" \ --install-location "/Applications/" \
--root "${PWD}/native/" \ --root "${PWD}/native/" \
"${PKG_SIGN_ARGS[@]}" \
../dpf-cardinal-native.pkg ../dpf-cardinal-native.pkg


pkgbuild \ pkgbuild \
--identifier "studio.kx.distrho.plugins.cardinal.components" \ --identifier "studio.kx.distrho.plugins.cardinal.components" \
--install-location "/Library/Audio/Plug-Ins/Components/" \ --install-location "/Library/Audio/Plug-Ins/Components/" \
--root "${PWD}/au/" \ --root "${PWD}/au/" \
"${PKG_SIGN_ARGS[@]}" \
../dpf-cardinal-components.pkg ../dpf-cardinal-components.pkg


pkgbuild \ pkgbuild \
--identifier "studio.kx.distrho.plugins.cardinal.lv2bundles" \ --identifier "studio.kx.distrho.plugins.cardinal.lv2bundles" \
--install-location "/Library/Audio/Plug-Ins/LV2/" \ --install-location "/Library/Audio/Plug-Ins/LV2/" \
--root "${PWD}/lv2/" \ --root "${PWD}/lv2/" \
"${PKG_SIGN_ARGS[@]}" \
../dpf-cardinal-lv2bundles.pkg ../dpf-cardinal-lv2bundles.pkg


pkgbuild \ pkgbuild \
--identifier "studio.kx.distrho.plugins.cardinal.vst2bundles" \ --identifier "studio.kx.distrho.plugins.cardinal.vst2bundles" \
--install-location "/Library/Audio/Plug-Ins/VST/" \ --install-location "/Library/Audio/Plug-Ins/VST/" \
--root "${PWD}/vst2/" \ --root "${PWD}/vst2/" \
"${PKG_SIGN_ARGS[@]}" \
../dpf-cardinal-vst2bundles.pkg ../dpf-cardinal-vst2bundles.pkg


pkgbuild \ pkgbuild \
--identifier "studio.kx.distrho.plugins.cardinal.vst3bundles" \ --identifier "studio.kx.distrho.plugins.cardinal.vst3bundles" \
--install-location "/Library/Audio/Plug-Ins/VST3/" \ --install-location "/Library/Audio/Plug-Ins/VST3/" \
--root "${PWD}/vst3/" \ --root "${PWD}/vst3/" \
"${PKG_SIGN_ARGS[@]}" \
../dpf-cardinal-vst3bundles.pkg ../dpf-cardinal-vst3bundles.pkg


pkgbuild \ pkgbuild \
--identifier "studio.kx.distrho.plugins.cardinal.clapbundles" \ --identifier "studio.kx.distrho.plugins.cardinal.clapbundles" \
--install-location "/Library/Audio/Plug-Ins/CLAP/" \ --install-location "/Library/Audio/Plug-Ins/CLAP/" \
--root "${PWD}/clap/" \ --root "${PWD}/clap/" \
"${PKG_SIGN_ARGS[@]}" \
../dpf-cardinal-clapbundles.pkg ../dpf-cardinal-clapbundles.pkg


cd .. cd ..
@@ -86,4 +117,14 @@ productbuild \
--identifier "studio.kx.distrho.cardinal" \ --identifier "studio.kx.distrho.cardinal" \
--package-path "${PWD}" \ --package-path "${PWD}" \
--version 0 \ --version 0 \
"${PKG_SIGN_ARGS[@]}" \
Cardinal-macOS.pkg Cardinal-macOS.pkg

if [ -n "${MACOS_NOTARIZATION_USER}" ] && [ -n "${MACOS_NOTARIZATION_PASS}" ] && [ -n "${MACOS_NOTARIZATION_TEAM}" ]; then
xcrun notarytool submit Cardinal-macOS.pkg \
--apple-id ${MACOS_NOTARIZATION_USER} \
--password ${MACOS_NOTARIZATION_PASS} \
--team-id ${MACOS_NOTARIZATION_TEAM} \
--wait
xcrun stapler staple Cardinal-macOS.pkg
fi

Write Preview
Loading…
Cancel
Save