[16776] | 1 | #!/bin/bash
| 2 |
[17487] | 3 | ## Expected environment, passed from GitHub secrets:
| 4 | # https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets
| 5 | # APPLE_ID_PW Password for the Apple ID
| 6 | # CERT_MACOS_P12 Certificate used for code signing, base64 encoded
| 7 | # CERT_MACOS_PW Password for that certificate
| 8 |
[18146] | 9 | set -Eeo pipefail
[16776] | 10 |
| 11 | # Don't show one time passwords
| 12 | set +x
| 13 |
| 15 |
| 16 | if [ -z "${1-}" ]
| 17 | then
[19030] | 18 | echo "Usage: $0 josm_revision [other_arch_jdk]"
[16776] | 19 | exit 1
| 20 | fi
| 21 |
| 22 | echo "Building JOSM.app"
| 23 |
[17239] | 24 | mkdir app
[16776] | 25 |
[18904] | 26 | if [ -z "$CERT_MACOS_P12" ] || [ -z "$CERT_MACOS_PW" ] || [ -z "$APPLE_ID_PW" ] || [ -z "$APPLE_ID_TEAM" ] || [ -z "$APPLE_ID" ]
[17487] | 27 | then
[18904] | 28 | echo "CERT_MACOS_P12, CERT_MACOS_PW, APPLE_ID, APPLE_ID_PW, or APPLE_ID_TEAM are not set in the environment."
[18146] | 29 | echo "A JOSM.app will be created but not signed nor notarized."
[17487] | 30 | SIGNAPP=false
[18476] | 31 | KEYCHAINPATH=false
[17487] | 33 | else
[16776] | 34 | echo "Preparing certificates/keychain for signing…"
| 35 |
| 36 | KEYCHAIN=build.keychain
[17373] | 37 | KEYCHAINPATH=~/Library/Keychains/$KEYCHAIN-db
[17487] | 38 | KEYCHAIN_PW=$(head /dev/urandom | base64 | head -c 20)
[16776] | 39 | CERTIFICATE_P12=certificate.p12
| 40 |
[17487] | 41 | echo "$CERT_MACOS_P12" | base64 --decode > $CERTIFICATE_P12
| 42 | security create-keychain -p "$KEYCHAIN_PW" $KEYCHAIN
[16776] | 43 | security default-keychain -s $KEYCHAIN
[17487] | 44 | security unlock-keychain -p "$KEYCHAIN_PW" $KEYCHAIN
| 45 | security import $CERTIFICATE_P12 -k $KEYCHAIN -P "$CERT_MACOS_PW" -T /usr/bin/codesign
| 46 | security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PW" $KEYCHAIN
[16776] | 47 | rm $CERTIFICATE_P12
[17487] | 48 | SIGNAPP=true
[16776] | 49 | echo "Signing preparation done."
[18476] | 50 | JPACKAGEOPTIONS="--mac-sign --mac-signing-keychain $KEYCHAINPATH"
[16776] | 51 | fi
| 52 |
[18146] | 53 | set -u
| 54 |
[19030] | 55 | function do_jpackage() {
| 56 | echo "Building app (${JAVA_HOME})"
| 57 | # We specifically need the options to not be quoted -- we _want_ the word splitting.
| 58 | # shellcheck disable=SC2086
| 59 | "${JAVA_HOME}/bin/jpackage" $JPACKAGEOPTIONS -n "JOSM" --input dist --main-jar josm-custom.jar \
| 60 | --main-class org.openstreetmap.josm.gui.MainApplication \
| 61 | --icon ./native/macosx/JOSM.icns --type app-image --dest app \
| 62 | --java-options "--add-modules java.scripting,java.sql,javafx.controls,javafx.media,javafx.swing,javafx.web" \
| 63 | --java-options "--add-exports=java.base/sun.security.action=ALL-UNNAMED" \
| 64 | --java-options "--add-exports=java.desktop/com.apple.eawt=ALL-UNNAMED" \
| 65 | --java-options "--add-exports=java.desktop/com.sun.imageio.plugins.jpeg=ALL-UNNAMED" \
| 66 | --java-options "--add-exports=java.desktop/com.sun.imageio.spi=ALL-UNNAMED" \
| 67 | --java-options "--add-opens=java.base/java.lang=ALL-UNNAMED" \
| 68 | --java-options "--add-opens=java.base/java.nio=ALL-UNNAMED" \
| 69 | --java-options "--add-opens=java.base/jdk.internal.loader=ALL-UNNAMED" \
| 70 | --java-options "--add-opens=java.base/jdk.internal.ref=ALL-UNNAMED" \
| 71 | --java-options "--add-opens=java.desktop/javax.imageio.spi=ALL-UNNAMED" \
| 72 | --java-options "--add-opens=java.desktop/javax.swing.text.html=ALL-UNNAMED" \
| 73 | --java-options "--add-opens=java.prefs/java.util.prefs=ALL-UNNAMED" \
| 74 | --app-version "$1" \
| 75 | --copyright "JOSM, and all its integral parts, are released under the GNU General Public License v2 or later" \
| 76 | --vendor "JOSM" \
| 77 | --mac-package-identifier de.openstreetmap.josm \
| 78 | --mac-package-signing-prefix de.openstreetmap.josm \
| 79 | --file-associations native/file-associations/bz2.properties \
| 80 | --file-associations native/file-associations/geojson.properties \
| 81 | --file-associations native/file-associations/gpx.properties \
| 82 | --file-associations native/file-associations/gz.properties \
| 83 | --file-associations native/file-associations/jos.properties \
| 84 | --file-associations native/file-associations/joz.properties \
| 85 | --file-associations native/file-associations/osm.properties \
| 86 | --file-associations native/file-associations/xz.properties \
| 87 | --file-associations native/file-associations/zip.properties \
| 88 | --add-modules java.compiler,java.base,java.datatransfer,java.desktop,java.logging,java.management,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.sql,java.transaction.xa,java.xml,jdk.crypto.ec,jdk.jfr,jdk.jsobject,jdk.unsupported,jdk.unsupported.desktop,jdk.xml.dom,javafx.controls,javafx.media,javafx.swing,javafx.web
| 89 | echo "Building done (${JAVA_HOME})."
| 90 | }
| 91 | function do_signapp() {
| 92 | echo "Compressing app (${1})"
| 93 | ditto -c -k --zlibCompressionLevel 9 --keepParent "app/${1}.app" "app/${1}.zip"
| 94 | if $SIGNAPP; then
| 95 | echo "Signing app (${1})"
| 96 | echo "Preparing for notarization"
| 97 | echo "Uploading to Apple"
| 98 | xcrun notarytool submit --apple-id "$APPLE_ID" --password "$APPLE_ID_PW" --team-id "$APPLE_ID_TEAM" --wait "app/${1}.zip"
| 99 | fi
| 100 | }
[16776] | 101 |
[19030] | 102 | function merge() {
| 103 | if [ "$(command -v lipo)" ]; then
| 104 | lipo -create -output "${1}" "${2}" "${3}"
| 105 | elif [ "$(command -v llvm-lipo-15)" ]; then
| 106 | llvm-lipo-15 -create -output "${1}" "${2}" "${3}"
| 107 | fi
| 108 | }
[16776] | 109 |
[19030] | 110 | function copy() {
| 111 | # Trim the root path
| 112 | FILE="${1#*/}"
| 113 | if [ ! -e "${2}/${FILE}" ]; then
| 114 | # Only make directories if we aren't looking at the root files
| 115 | if [[ "${FILE}" == *"/"* ]]; then mkdir -p "${2}/${FILE%/*}"; fi
| 116 | if file "${1}" | grep -q 'Mach-O' ; then
| 117 | merge "${2}/${FILE}" "${3}/${FILE}" "${4}/${FILE}"
| 118 | if file "${1}" | grep -q 'executable'; then
| 119 | chmod 755 "${2}/${FILE}"
| 120 | fi
| 121 | else
| 122 | cp -a "${1}" "${2}/${FILE}"
| 123 | fi
| 124 | fi
| 125 | }
[16776] | 126 |
[19030] | 127 | function directory_iterate() {
| 128 | while IFS= read -r -d '' file
| 129 | do
| 130 | copy "${file}" "${2}" "${3}" "${4}" &
| 131 | done < <(find "${1}" -type f,l -print0)
| 132 | wait
| 133 | }
| 134 |
| 135 | do_jpackage "${1}"
| 136 | if [ -n "${2}" ]; then
| 137 | function get_name() {
| 138 | echo "$("${JAVA_HOME}/bin/java" --version | head -n1 | awk '{print $2}' | awk -F'.' '{print $1}')_$(file "${JAVA_HOME}/bin/java" | awk -F' executable ' '{print $2}')"
| 139 | }
| 140 | first="$(get_name)"
| 141 | JAVA_HOME="${2}" second="$(get_name)"
| 142 | mv app/JOSM.app "app/JOSM_${first}.app"
| 143 | JAVA_HOME="${2}" do_jpackage "${1}"
| 144 | mv app/JOSM.app "app/JOSM_${second}.app"
| 145 | mkdir app/JOSM.app
| 146 | (cd app
| 147 | directory_iterate "JOSM_${first}.app" "JOSM.app" "JOSM_${first}.app" "JOSM_${second}.app"
| 148 | directory_iterate "JOSM_${second}.app" "JOSM.app" "JOSM_${first}.app" "JOSM_${second}.app"
| 149 | )
| 150 | do_signapp "JOSM_${first}"
| 151 | do_signapp "JOSM_${second}"
[19061] | 152 | if [ "${KEYCHAINPATH}" != "false" ]; then
[19032] | 153 | function do_codesign() {
| 154 | codesign --sign "FOSSGIS e.V." \
| 155 | --force \
| 156 | --keychain "${KEYCHAINPATH}" \
| 157 | --timestamp \
| 158 | --prefix "de.openstreetmap.josm" \
| 159 | --identifier "${2}" \
| 160 | --options runtime \
[19036] | 161 | --entitlements "$(dirname "${BASH_SOURCE[0]}")/josm.entitlements" \
[19032] | 162 | --verbose=4 "${1}"
| 163 | }
| 164 | do_codesign app/JOSM.app/Contents/runtime "com.oracle.java.de.openstreetmap.josm"
| 165 | do_codesign app/JOSM.app/ "de.openstreetmap.josm"
| 166 | fi
[17711] | 167 | fi
[19030] | 168 | do_signapp JOSM