Adding upstream version 1.34.4.
Signed-off-by: Daniel Baumann <daniel@debian.org>
This commit is contained in:
parent
e393c3af3f
commit
4978089aab
GPG key ID:
FBB4F0E80A80222F
4963 changed files with 677545 additions and 0 deletions
139
scripts/mac-signing.sh
Normal file
139
scripts/mac-signing.sh
Normal file
|
|
@ -0,0 +1,139 @@
|
|||
#!/bin/bash
|
||||
|
||||
function cleanup () {
|
||||
echo "Cleaning up any existing Telegraf or Telegraf.app"
|
||||
printf "\n"
|
||||
rm -rf Telegraf
|
||||
rm -rf Telegraf.app
|
||||
}
|
||||
|
||||
function archive_notarize()
|
||||
{
|
||||
target="${1}"
|
||||
|
||||
# submit archive for notarization, extract uuid
|
||||
uuid="$(
|
||||
# This extracts the value from `notarytool's` output. Unfortunately,
|
||||
# the 'id' is written to multiple times in the output. This requires
|
||||
# `awk` to `exit` after the first instance. However, doing so closes
|
||||
# `stdout` for `notarytool` which results with error code 141. This
|
||||
# takes the *complete* output from `notarytool` then
|
||||
# parses it with `awk`.
|
||||
awk '{ if ( $1 == "id:" ) { $1 = ""; print $0; exit 0; } }' \
|
||||
<<< "$(
|
||||
# shellcheck disable=SC2154
|
||||
xcrun notarytool submit \
|
||||
--apple-id "${AppleUsername}" \
|
||||
--password "${ApplePassword}" \
|
||||
--team-id 'M7DN9H35QT' \
|
||||
"${target}"
|
||||
)"
|
||||
)"
|
||||
shopt -s extglob
|
||||
uuid="${uuid%%+([[:space:]])}" # strips leading whitespace
|
||||
uuid="${uuid##+([[:space:]])}" # strips trailing whitespace
|
||||
|
||||
if [[ -z "${uuid}" ]]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# loop until notarization is complete
|
||||
while true ; do
|
||||
sleep 10
|
||||
|
||||
response="$(
|
||||
# This extracts the value from `notarytool's` output. Unfortunately,
|
||||
# the 'id' is written to multiple times in the output. This requires
|
||||
# `awk` to `exit` after the first instance. However, doing so closes
|
||||
# `stdout` for `notarytool` which results with error code 141. This
|
||||
# takes the *complete* output from `notarytool` then
|
||||
# parses it with `awk`.
|
||||
awk '{ if ( $1 == "status:" ) { $1 = ""; print $0; exit 0; } }' \
|
||||
<<< "$(
|
||||
# shellcheck disable=SC2154
|
||||
xcrun notarytool info \
|
||||
--apple-id "${AppleUsername}" \
|
||||
--password "${ApplePassword}" \
|
||||
--team-id 'M7DN9H35QT' \
|
||||
"${uuid}"
|
||||
)"
|
||||
)"
|
||||
shopt -s extglob
|
||||
response="${response%%+([[:space:]])}" # strips leading whitespace
|
||||
response="${response##+([[:space:]])}" # strips trailing whitespace
|
||||
|
||||
if [[ "${response}" != 'In Progress' ]] ; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ "${response}" != 'Accepted' ]]; then
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
# Acquire the necessary certificates.
|
||||
# MacCertificate, MacCertificatePassword, AppleSigningAuthorityCertificate are environment variables, to follow convention they should have been all caps.
|
||||
# shellcheck disable=SC2154
|
||||
base64 -D -o MacCertificate.p12 <<< "$MacCertificate"
|
||||
# shellcheck disable=SC2154
|
||||
sudo security import MacCertificate.p12 -k /Library/Keychains/System.keychain -P "$MacCertificatePassword" -A
|
||||
# shellcheck disable=SC2154
|
||||
base64 -D -o AppleSigningAuthorityCertificate.cer <<< "$AppleSigningAuthorityCertificate"
|
||||
sudo security import AppleSigningAuthorityCertificate.cer -k '/Library/Keychains/System.keychain' -A
|
||||
|
||||
amdFile=$(find "$HOME/project/dist" -name "*darwin_amd64.tar*")
|
||||
armFile=$(find "$HOME/project/dist" -name "*darwin_arm64.tar*")
|
||||
macFiles=("${amdFile}" "${armFile}")
|
||||
|
||||
version=$(make version)
|
||||
plutil -insert CFBundleShortVersionString -string "$version" ~/project/Info.plist
|
||||
plutil -insert CFBundleVersion -string "$version" ~/project/Info.plist
|
||||
|
||||
for tarFile in "${macFiles[@]}";
|
||||
do
|
||||
cleanup
|
||||
|
||||
# Create the .app bundle directory structure
|
||||
RootAppDir="Telegraf.app/Contents"
|
||||
mkdir -p "$RootAppDir"
|
||||
mkdir -p "$RootAppDir/MacOS"
|
||||
mkdir -p "$RootAppDir/Resources"
|
||||
|
||||
DeveloperID="Developer ID Application: InfluxData Inc. (M7DN9H35QT)"
|
||||
|
||||
# Sign telegraf binary
|
||||
echo "Extract $tarFile to $RootAppDir/Resources"
|
||||
tar -xzvf "$tarFile" --strip-components=2 -C "$RootAppDir/Resources"
|
||||
printf "\n"
|
||||
TelegrafBinPath="$RootAppDir/Resources/usr/bin/telegraf"
|
||||
codesign --force -s "$DeveloperID" --timestamp --options=runtime "$TelegrafBinPath"
|
||||
echo "Verify if $TelegrafBinPath was signed"
|
||||
codesign -dvv "$TelegrafBinPath"
|
||||
|
||||
printf "\n"
|
||||
|
||||
cp ~/project/scripts/telegraf_entry_mac "$RootAppDir"/MacOS
|
||||
cp ~/project/Info.plist "$RootAppDir"
|
||||
cp ~/project/assets/windows/icon.icns "$RootAppDir/Resources"
|
||||
|
||||
chmod +x "$RootAppDir/MacOS/telegraf_entry_mac"
|
||||
|
||||
# Sign the entire .app bundle, and wrap it in a DMG.
|
||||
codesign -s "$DeveloperID" --timestamp --options=runtime --deep --force Telegraf.app
|
||||
baseName=$(basename "$tarFile" .tar.gz)
|
||||
echo "$baseName"
|
||||
hdiutil create -size 500m -volname Telegraf -srcfolder Telegraf.app "$baseName".dmg
|
||||
codesign -s "$DeveloperID" --timestamp --options=runtime "$baseName".dmg
|
||||
|
||||
archive_notarize "${baseName}.dmg"
|
||||
|
||||
# Attach the notarization to the DMG.
|
||||
xcrun stapler staple "$baseName".dmg
|
||||
cleanup
|
||||
|
||||
mkdir -p ~/project/build/dist
|
||||
mv "$baseName".dmg ~/project/build/dist
|
||||
|
||||
echo "$baseName.dmg signed and notarized!"
|
||||
done
|
||||
Loading…
Add table
Add a link
Reference in a new issue