suzanne.soy/racket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

make installer: add Mac OS X code-signing support

Browse Source
This commit is contained in:
Matthew Flatt 2013-10-19 07:07:08 -06:00
parent 64b1b1037e
commit 2054fb79de
6 changed files with 59 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Makefile
View File

@ -164,6 +164,10 @@ BUILD_STAMP =
# the default as the version number:
INSTALL_NAME =
# A signing identity (spaces allowed) for Mac OS X binaries in an
# installer:
SIGN_IDENTITY =
# A README file to download from the server for the client:
README = README.txt
@ -377,7 +381,7 @@ COPY_ARGS = SERVER=$(SERVER) SERVER_PORT=$(SERVER_PORT) SERVER_HOSTS="$(SERVER_H
PKG_SOURCE_MODE="$(PKG_SOURCE_MODE)" INSTALL_NAME="$(INSTALL_NAME)"\
DIST_NAME="$(DIST_NAME)" DIST_BASE=$(DIST_BASE) \
DIST_DIR=$(DIST_DIR) DIST_SUFFIX=$(DIST_SUFFIX) \
DIST_DESC="$(DIST_DESC)" README="$(README)" \
DIST_DESC="$(DIST_DESC)" README="$(README)" SIGN_IDENTITY="$(SIGN_IDENTITY)"\
JOB_OPTIONS="$(JOB_OPTIONS)"
client:
@ -419,7 +423,9 @@ bundle-config:
$(RACKET) -l distro-build/set-config $(SET_BUNDLE_CONFIG_q)
UPLOAD_q = --readme http://$(SVR_PRT)/$(README) --upload http://$(SVR_PRT)/ --desc "$(DIST_DESC)"
DIST_ARGS_q = $(UPLOAD_q) $(RELEASE_MODE) $(SOURCE_MODE) "$(DIST_NAME)" $(DIST_BASE) $(DIST_DIR) "$(DIST_SUFFIX)"
DIST_ARGS_q = $(UPLOAD_q) $(RELEASE_MODE) $(SOURCE_MODE) \
"$(DIST_NAME)" $(DIST_BASE) $(DIST_DIR) "$(DIST_SUFFIX)" \
"$(SIGN_IDENTITY)"
# Create an installer from the build (with installed packages) that's
# in "bundle/racket":

1
pkgs/distro-build/config.rkt
View File

@ -135,6 +135,7 @@
[(#:configure) (and (list? val) (andmap string? val))]
[(#:bits) (or (equal? val 32) (equal? val 64))]
[(#:vc) (or (equal? val "x86") (equal? val "x64"))]
[(#:sign-identity) (string? val)]
[(#:timeout) (real? val)]
[(#:j) (exact-positive-integer? val)]
[(#:repo) (string? val)]

5
pkgs/distro-build/doc.txt
View File

@ -212,6 +212,11 @@ Site-configuration keywords (where <string*> means no spaces, etc.):
#:vc <string*> --- "x86" or "x64" to select the Visual C build mode;
default depends on `#:bits'
#:sign-identity <string> --- provides an identity to be passed to
`codesign` for code signing on Mac OS X (for all executables in a
distribution), where an empty string disables signing; the default
is ""
#:j <integer> --- parallelism for `make' on Unix and Mac OS X and
for `raco setup' on all platforms; defaults to 1

2
pkgs/distro-build/drive-clients.rkt
View File

@ -271,6 +271,7 @@
default-dist-dir))
(define dist-suffix (get-opt c '#:dist-suffix ""))
(define dist-catalogs (choose-catalogs c '("")))
(define sign-identity (get-opt c '#:sign-identity ""))
(define release? (get-opt c '#:release? default-release?))
(define source? (get-opt c '#:source? #f))
(define source-pkgs? (get-opt c '#:source-pkgs? source?))
@ -291,6 +292,7 @@
" DIST_DIR=" dist-dir
" DIST_SUFFIX=" (q dist-suffix)
" DIST_CATALOGS_q=" (qq dist-catalogs kind)
" SIGN_IDENTITY=" (q sign-identity)
" INSTALL_NAME=" (q install-name)
" BUILD_STAMP=" (q build-stamp)
" RELEASE_MODE=" (if release? "--release" (q ""))

42
pkgs/distro-build/installer-dmg.rkt
View File

@ -10,15 +10,17 @@
make-dmg)
(define hdiutil "/usr/bin/hdiutil")
(define codesign "/usr/bin/codesign")
(define-runtime-path bg-image "macosx-installer/racket-rising.png")
(define (system*/show . l)
(displayln (apply ~a #:separator " " l))
(flush-output)
(unless (apply system* l)
(error "failed")))
(define (make-dmg volname src-dir dmg bg readme)
(define (make-dmg volname src-dir dmg bg readme sign-identity)
(define tmp-dmg (make-temporary-file "~a.dmg"))
(define work-dir
(let-values ([(base name dir?) (split-path src-dir)])
@ -27,7 +29,8 @@
(delete-directory/files work-dir #:must-exist? #f)
(make-directory* work-dir)
(printf "Copying ~a\n" src-dir)
(copy-directory/files src-dir (build-path work-dir volname)
(define dest-dir (build-path work-dir volname))
(copy-directory/files src-dir dest-dir
#:keep-modify-seconds? #t)
(when readme
(call-with-output-file*
@ -37,6 +40,8 @@
(display readme o))))
(when bg
(copy-file bg (build-path work-dir ".bg.png")))
(unless (string=? sign-identity "")
(sign-executables dest-dir sign-identity))
;; The following command should work fine, but it looks like hdiutil in 10.4
;; is miscalculating the needed size, making it too big in our case (and too
;; small with >8GB images). It seems that it works to first generate an
@ -58,6 +63,35 @@
tmp-dmg "-o" dmg)
(delete-file tmp-dmg))
(define (sign-executables dest-dir sign-identity)
;; Sign any executable in "bin", top-level ".app", or either of those in "lib"
(define (check-bins dir)
(for ([f (in-list (directory-list dir #:build? #t))])
(when (and (file-exists? f)
(member 'execute (file-or-directory-permissions f))
(member (call-with-input-file
f
(lambda (i)
(define bstr (read-bytes 4 i))
(and (bytes? bstr)
(= 4 (bytes-length bstr))
(integer-bytes->integer bstr #f))))
'(#xFeedFace #xFeedFacf)))
(system*/show codesign "-s" sign-identity f))))
(define (check-apps dir)
(for ([f (in-list (directory-list dir #:build? #t))])
(when (and (directory-exists? f)
(regexp-match #rx#".app$" f))
(define name (let-values ([(base name dir?) (split-path f)])
(path-replace-suffix name #"")))
(define exe (build-path f "Contents" "MacOS" name))
(when (file-exists? exe)
(system*/show codesign "-s" sign-identity exe)))))
(check-bins (build-path dest-dir "bin"))
(check-bins (build-path dest-dir "lib"))
(check-apps dest-dir)
(check-apps (build-path dest-dir "lib")))
(define (dmg-layout dmg volname bg)
(define-values (mnt del?)
(let ([preferred (build-path "/Volumes/" volname)])
@ -99,10 +133,10 @@
(when del?
(delete-directory mnt)))
(define (installer-dmg human-name base-name dist-suffix readme)
(define (installer-dmg human-name base-name dist-suffix readme sign-identity)
(define dmg-name (format "bundle/~a-~a~a.dmg"
base-name
(system-library-subpath #f)
dist-suffix))
(make-dmg human-name "bundle/racket" dmg-name bg-image readme)
(make-dmg human-name "bundle/racket" dmg-name bg-image readme sign-identity)
dmg-name)

9
pkgs/distro-build/installer.rkt
View File

@ -16,7 +16,7 @@
(define upload-desc "")
(define download-readme #f)
(define-values (short-human-name human-name base-name dir-name dist-suffix)
(define-values (short-human-name human-name base-name dir-name dist-suffix sign-identity)
(command-line
#:once-each
[("--release") "Create a release installer"
@ -30,7 +30,7 @@
[("--readme") readme "URL for README.txt to include"
(set! download-readme readme)]
#:args
(human-name base-name dir-name dist-suffix)
(human-name base-name dir-name dist-suffix sign-identity)
(values human-name
(format "~a v~a" human-name (version))
(format "~a-~a" base-name (version))
@ -39,7 +39,8 @@
(format "~a-~a" dir-name (version)))
(if (string=? dist-suffix "")
""
(string-append "-" dist-suffix)))))
(string-append "-" dist-suffix))
sign-identity)))
(display-time)
@ -57,7 +58,7 @@
(installer-tgz base-name dir-name dist-suffix readme)
(case (system-type)
[(unix) (installer-sh human-name base-name dir-name release? dist-suffix readme)]
[(macosx) (installer-dmg human-name base-name dist-suffix readme)]
[(macosx) (installer-dmg human-name base-name dist-suffix readme sign-identity)]
[(windows) (installer-exe short-human-name base-name release? dist-suffix readme)])))
(call-with-output-file*