osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

GitLab CI: Enable macOS Arm notarization. 

Enable code signing & notarization in the macOS Arm Package job. Add
"needs: []". Verify the .dmg after notarizing it.
This commit is contained in:
Gerald Combs 2021-08-24 16:24:59 -07:00 committed by Wireshark GitLab Utility
parent f7755972c9
commit 28c4c947c0
3 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
.gitlab-ci.yml
View File

@ -407,10 +407,9 @@ Win32 Package:
# - Notarization
macOS Arm Package:
stage: build
# Production builds
rules: !reference [.if-w-w-only-merged]
# Testing builds
# rules: !reference [.if-w-w-only-merge-request]
variables:
CODE_SIGN_IDENTITY: "Wireshark Foundation, Inc."
tags:
- wireshark-macos-arm-package
retry: 1
@ -432,15 +431,18 @@ macOS Arm Package:
- arch -arch arm64 cmake -DENABLE_CCACHE=ON -DCMAKE_APPLE_SILICON_PROCESSOR=arm64 -DCMAKE_OSX_DEPLOYMENT_TARGET=11.0 -DCMAKE_OSX_SYSROOT=macosx11.3 -DCMAKE_OSX_ARCHITECTURES=arm64 -DTEST_EXTRA_ARGS=--enable-release -G Ninja ..
- printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
- arch -arch arm64 ninja
# - package-prep
- package-prep
- arch -arch arm64 ninja dmg_package
# - notarize-build
- cd run
- notarize-build
- |
if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ] && [ -n "$S3_DESTINATION_MACOS" ] ; then
aws s3 cp run/Wireshark-*.dmg "$S3_DESTINATION_MACOS/"
if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ] && [ -n "$S3_DESTINATION_MACOS_ARM64" ] ; then
aws s3 cp run/Wireshark-*.dmg "$S3_DESTINATION_MACOS_ARM64/"
fi
- cd ..
- arch -arch arm64 ninja test-programs
- arch -arch arm64 ctest --parallel 4 --output-on-failure
needs: []
# Build the User's Guide and Developer's Guide
Documentation:

4
packaging/macosx/notarize-dmg.sh
View File

@ -116,3 +116,7 @@ echo -e "\\nStapling $dmg_file"
"${staple_cmd[@]}"
echo -e "\\nSHA256 post: $(shasum -a 256 "$dmg_file" | awk '{print $1}' )"
# macOS 10.14.5+ requires notarization in order for this to pass?
# https://wiki.lazarus.freepascal.org/Notarization_for_macOS_10.14.5%2B
spctl --assess --type open --context context:primary-signature --verbose=2 "$dmg_file" || exit 1

1
packaging/macosx/osx-dmg.sh.in
View File

@ -79,7 +79,6 @@ if [ -n "$CODE_SIGN_IDENTITY" ] ; then
--timestamp \
--verbose \
"$img_name"
spctl --assess --type open --context context:primary-signature --verbose=2 "$img_name" || exit 1
fi
exit 0