Apple provides a status page for various developer services at
https://developer.apple.com/system-status/, including the status of the
Developer ID Notary Service. Show the URL notarization fails so that
troubleshooting is easier.
Add missing entries, regularize the descriptions, etc..
Note that pcap and pcapng are the native formats.
Fix various issues.
Update the editcap -F output to match urrent reality.
While we're at it, sort the libwiretap modules, putting observer.c in
the right place.
We initially disabled dark mode support in Info.plist when we didn't
support it very well, and later passively enabled it depending on our
SDK version. Go ahead and force it on since we officially support dark
mode. Closes#17098.
When installing ChmodBPF on macOS, assign the access_bpf group to the first
free GID greater than 100, rather to the default which starts at 500. Using
a GID less than 500 hides it in the System Preferences Users & Groups pane.
Bug: 6402
Change-Id: I62ed63bc64cb2721880467ffd0dc290ea57c8461
Reviewed-on: https://code.wireshark.org/review/37676
Reviewed-by: Gerald Combs <gerald@wireshark.org>
In osx-app.sh, $VERSION used to hold the minor version of the OS. We no
longer set it and it's probably safe to assume that we're building on
Lion or later, so remove it.
Change-Id: I8e85cd7c2fe2162019c7c436b7865be95d4a33e2
Reviewed-on: https://code.wireshark.org/review/36039
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Sparkle's AutoUpdate.app has its own signature, which fails Apple's
notarization requirements.
Change-Id: I5fc5490a3e7ef63dd84fe59369ddd8cf42ddeff6
Reviewed-on: https://code.wireshark.org/review/35813
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Run osx-extras.sh before building the ChmodBPF installer package.
Change-Id: Iec3f88da86e48b5aac385369c7e68f23babc4c34
Reviewed-on: https://code.wireshark.org/review/35491
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add macosx/osx-extras.sh, which can be used to sign the ChmodBPF script.
Bug: 15782
Change-Id: I9929dd6db067f8bc1097faac28ab9467f5a89a82
Reviewed-on: https://code.wireshark.org/review/35481
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The default shell in macOS 10.15 is zsh[1]. Bash appears to be included
for now, but it might be a good idea to start migrating away from it
just in case it's removed at some point in the future.
[1]https://support.apple.com/en-ca/HT208050
Change-Id: Ibe4338105d8fa1a590f84543489255ade71920d6
Reviewed-on: https://code.wireshark.org/review/35216
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Use the correct path to the Wireshark executable when finding
dependencies and adding debugging symbols.
Change-Id: Iefafa9d453ce60e77853f2d125769826b4d702c0
Reviewed-on: https://code.wireshark.org/review/35202
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Set or clear SPARKLE_LIBRARIES and SPARKLE_INCLUDE_DIRS in
FindSparkle.cmake, similar to what we do in other modules. Use them
instead of SPARKLE_LIBRARY and SPARKLE_INCLUDE_DIR.
Change-Id: I023c711edd6a44421aadf85413da3207d9b08e64
Reviewed-on: https://code.wireshark.org/review/35097
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Copy Sparkle.framework correctly. Force signing so that we replace
Sparkle's signature with ours.
In osx-app.sh, don't sign a file or framework if it's already signed.
Fix the osx-dmg.sh usage message while we're here.
Change-Id: I697073d234958e1d8386650935a132237ad88f64
Reviewed-on: https://code.wireshark.org/review/35095
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add support for automatic updates using the Sparkle framework. Add
FindSparkle.cmake and associated CMake plumbing. Add a public key and
other info to Info.plist.in. Add ui/macosx/sparkle_bridge.{h,m}, which
wraps the Sparkle API. Make code that's specific to WinSparkle
Windows-only.
Add Sparkle installation steps to the macos-setup scripts. Sparkle
prints a warning if your bundle is unsigned (which is the case during
development) so disable installing it by default.
Updating here takes a long time. We might be able to fix that by
shipping our DSYMs separately.
Change-Id: I6cc6671db5657dadc514bda6bf6e1c8bbc9468a5
Reviewed-on: https://code.wireshark.org/review/35090
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add osx-dmg.sh back and make it a simple wrapper around dmgbuild and
codesign.
Change-Id: I0baa21fd971aa1b06e1a6700881cd7625dffff35
Reviewed-on: https://code.wireshark.org/review/34629
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Scripting the Finder in order to lay out our disk image assumes that we
have access to the Finder. This might not be the case on our builder,
and it arguably shoudn't be.
Switch from using a Bash script + AppleScript to build and lay out our
.dmg to using dmgbuild, which creates our .DS_Store directly using
Python's ds_store module.
Change-Id: I2e4a9dd89bc8297c9cbd9df7aa8d3a44447bde85
Reviewed-on: https://code.wireshark.org/review/34623
Reviewed-by: Gerald Combs <gerald@wireshark.org>
arrange_dmg.applescript is failing on the macOS builder, so comment it
out for now.
Change-Id: Ibe7bf249623832954e9f67d241513b549dff990c
Reviewed-on: https://code.wireshark.org/review/34621
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Create ChmodBPF installer and uninstaller packages using pkgbuild and
productbuild. Place them in Wireshark.app/Resources/Extras.
Add a path_helper installer and uninstaller which respectively add and
remove /etc/*paths.d/Wireshark.
Remove the PackageMaker and utility-launcher assets and build targets.
Show a message in the main welcome screen if we don't have capture
permissions. Add an link which launches the ChmodBPF installer.
Add a "macOS Extras" item to About → Folders.
Migrate "Read me first" from RTF to Asciidoctor, which lets us add links
and looks like our other documentation.
Rename dmg_set_style.scpt to arrange_dmg.applescript and make it plain
text. Always run it in osx-dmg.sh.
Bug: 6991
Bug: 12593
Bug: 11399
Ping-Bug: 16074
Change-Id: I7b6aa89aae2be522b4141b0d44e8142dec749e90
Reviewed-on: https://code.wireshark.org/review/31047
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Removing Wireshark.app during preflight is the wrong way to ensure that
we uninstall old assets.
Bug: 16050
Change-Id: I39a0129e29830f8b6bc7ef228f3886db51d963ec
Reviewed-on: https://code.wireshark.org/review/34542
Reviewed-by: Gerald Combs <gerald@wireshark.org>
altool isn't guaranteed to clean up after itself, e.g. if an earthquake
takes down the Developer ID Notary Service (thanks to Jim Young for
tracking this down). Instead of checking for the existence of tokens,
check their existence and age.
Change-Id: Iac216d524a4894115ecf33589af1bbdebcc9cbab
Reviewed-on: https://code.wireshark.org/review/33856
Reviewed-by: Gerald Combs <gerald@wireshark.org>
altool appears to only support one notarization upload at a time. Add a
loop that waits for an empty upload token directory.
Convert the status check to a timeout loop.
Change-Id: I30fd15b6f098acfe5d9bdcd72237c56cc066dda4
Reviewed-on: https://code.wireshark.org/review/33749
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add our plugins to the bundle binary list.
Copy libraries using `install` in order to ensure that we can doctor
them up.
Bug: 15867
Change-Id: I864455f6ef7312938e89493015fd55874ab0a0c3
Reviewed-on: https://code.wireshark.org/review/33744
Reviewed-by: Gerald Combs <gerald@wireshark.org>
When gathering our dependencies, work around an issue with libbrotli's
install name similar to what we do with libssh.
Bug: 15730
Change-Id: I571746848e3343d81c286be66f6fe6510c698d6f
Reviewed-on: https://code.wireshark.org/review/32990
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The answer to the question "do we need to add hardened runtime
entitlements or exceptions?" in osx-app.sh is "yes". Update a comment
accordingly.
Change-Id: Icc6f9ed31838aa6342f405a244e726586e9c0c4d
Reviewed-on: https://code.wireshark.org/review/32703
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This adds the entitlement to everything we sign. I cannot test a more
granular approach without access to an Apple issued codesigning cert/key
pair.
Bug: 15667
Change-Id: I9fe962a06b681d33853b0944765987e21d21be2d
Reviewed-on: https://code.wireshark.org/review/32700
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Comment out the NSRequiresAquaSystemAppearance key in Info.plist under
the assumption that both we and Qt will have dark mode support in usable
shape by the next release.
Ping-Bug: 15511
Change-Id: Ic5960034ce302d81dcc624cbd0e2c017865f44e2
Reviewed-on: https://code.wireshark.org/review/32504
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The packages that PackageMaker creates don't remove old files when
upgrading. Add a preflight script that removes Wireshark.app if it
exists.
Fix a version check while we're here.
Change-Id: I8be8cbf51b34fef8a2d4259478b7d3199d976de3
Reviewed-on: https://code.wireshark.org/review/32150
Reviewed-by: Gerald Combs <gerald@wireshark.org>