Pass a prefix to `codesign` so that our signature identifier is
"org.wireshark.foo" instead of "foo" for our command line utilities,
libraries, and ChmodBPF.
Make copies of our top-level packages instead of symlinking them. Blind
attempt at fixing #18830.
Switch to UDZO for our application disk images as recommended in
https://developer.apple.com/forums/thread/128166
[skip ci]
libbrotlidec and libbrotlicommon show up in `otool -L` without any path
information on the macOS builders, similar to what's described at
https://github.com/google/brotli/issues/934
Try to work around this in osx-app.sh.
Switch to the name "Logray" for the log analyzer. Rays are biological
cousins of sharks and more people like the name "Logray" in a completely
unscientific survey here. Apologies for any inconvenience this might
cause.
Create a Wireshark.dSYM bundle for our debugging symbols. Create a
separate .dmg for the dSYM bundle, similar to what we do for Windows.
`dwarfdump --uuid run/Wireshark.dSYM` returns what app
This reduces the size of the application bundle and .dmg quite a bit
(sizes measured with `du -sm`):
51 Wireshark 3.7.0 Intel 64.dmg
81 Wireshark dSYM 3.7.0 Intel 64.dmg
182 Wireshark.app
262 Wireshark.dSYM
In osx-app.sh, $VERSION used to hold the minor version of the OS. We no
longer set it and it's probably safe to assume that we're building on
Lion or later, so remove it.
Change-Id: I8e85cd7c2fe2162019c7c436b7865be95d4a33e2
Reviewed-on: https://code.wireshark.org/review/36039
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Sparkle's AutoUpdate.app has its own signature, which fails Apple's
notarization requirements.
Change-Id: I5fc5490a3e7ef63dd84fe59369ddd8cf42ddeff6
Reviewed-on: https://code.wireshark.org/review/35813
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Use the correct path to the Wireshark executable when finding
dependencies and adding debugging symbols.
Change-Id: Iefafa9d453ce60e77853f2d125769826b4d702c0
Reviewed-on: https://code.wireshark.org/review/35202
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Set or clear SPARKLE_LIBRARIES and SPARKLE_INCLUDE_DIRS in
FindSparkle.cmake, similar to what we do in other modules. Use them
instead of SPARKLE_LIBRARY and SPARKLE_INCLUDE_DIR.
Change-Id: I023c711edd6a44421aadf85413da3207d9b08e64
Reviewed-on: https://code.wireshark.org/review/35097
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Copy Sparkle.framework correctly. Force signing so that we replace
Sparkle's signature with ours.
In osx-app.sh, don't sign a file or framework if it's already signed.
Fix the osx-dmg.sh usage message while we're here.
Change-Id: I697073d234958e1d8386650935a132237ad88f64
Reviewed-on: https://code.wireshark.org/review/35095
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add support for automatic updates using the Sparkle framework. Add
FindSparkle.cmake and associated CMake plumbing. Add a public key and
other info to Info.plist.in. Add ui/macosx/sparkle_bridge.{h,m}, which
wraps the Sparkle API. Make code that's specific to WinSparkle
Windows-only.
Add Sparkle installation steps to the macos-setup scripts. Sparkle
prints a warning if your bundle is unsigned (which is the case during
development) so disable installing it by default.
Updating here takes a long time. We might be able to fix that by
shipping our DSYMs separately.
Change-Id: I6cc6671db5657dadc514bda6bf6e1c8bbc9468a5
Reviewed-on: https://code.wireshark.org/review/35090
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add our plugins to the bundle binary list.
Copy libraries using `install` in order to ensure that we can doctor
them up.
Bug: 15867
Change-Id: I864455f6ef7312938e89493015fd55874ab0a0c3
Reviewed-on: https://code.wireshark.org/review/33744
Reviewed-by: Gerald Combs <gerald@wireshark.org>
When gathering our dependencies, work around an issue with libbrotli's
install name similar to what we do with libssh.
Bug: 15730
Change-Id: I571746848e3343d81c286be66f6fe6510c698d6f
Reviewed-on: https://code.wireshark.org/review/32990
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The answer to the question "do we need to add hardened runtime
entitlements or exceptions?" in osx-app.sh is "yes". Update a comment
accordingly.
Change-Id: Icc6f9ed31838aa6342f405a244e726586e9c0c4d
Reviewed-on: https://code.wireshark.org/review/32703
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This adds the entitlement to everything we sign. I cannot test a more
granular approach without access to an Apple issued codesigning cert/key
pair.
Bug: 15667
Change-Id: I9fe962a06b681d33853b0944765987e21d21be2d
Reviewed-on: https://code.wireshark.org/review/32700
Reviewed-by: Gerald Combs <gerald@wireshark.org>
On the previous builder, `otool -L /path/to/libssh.4.dylib` returned a
bare "libssh.4.dylib", which required a workaround. On the new builder
it returns "@rpath/libssh.4.dylib". Adjust the workaround accordinly.
Remove a couple of chmods while we're here. Permission issues are better
addressed elsewhere.
Change-Id: If0692219d9558c77b45620e7aad309853012b7e8
Reviewed-on: https://code.wireshark.org/review/32059
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Sign our bundle as described in Apple's Code Signing Guide. Enable the
Hardened Runtime when signing.
Look for packagemaker in our PATH before checking specific locations.
Switch from zlib to bzip2 compression for our .dmg. Sign our .dmg.
To do: Notarization.
Change-Id: Ia6556e67998ff247dd3d77d6f040773e070f66cc
Reviewed-on: https://code.wireshark.org/review/32032
Reviewed-by: Gerald Combs <gerald@wireshark.org>
In CMake we only used PROJECT_RELEASE_VERSION to construct our plugin
path, so rename it to PLUGIN_PATH_ID. Use a dash to separate version
numbers on macOS in order to allow code signing and a period elsewhere.
In the C code we only used VERSION_RELEASE to construct our plugin path,
so rename it to PLUGIN_PATH_ID.
Change-Id: I02abc591d7857269e8d47b414b61df4b28a25f2d
Reviewed-on: https://code.wireshark.org/review/32013
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
They weren't getting put in the version-number subdirectory, so the
plugin loader wasn't finding them.
If that causes problems with codesign, then we need to either
1) figure out how to make it work with codesign
or
2) for macOS, not put plugins in a version-number subdirectory
***AND*** change the plugin loading process not to look for
compiled in a version-number subdirectory.
Change-Id: I58d344b728d05369d35edef4e4e530f10034e930
Reviewed-on: https://code.wireshark.org/review/32000
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Update the code signing portions of the packaging scripts to match newer
versions of macOS.
Change-Id: I5e03611d8db61416955e797edcadfcff1404cc38
Reviewed-on: https://code.wireshark.org/review/31996
Reviewed-by: Gerald Combs <gerald@wireshark.org>
As of 25e1e2c848 we no longer set LIBRARY_OUTPUT_DIRECTORY to
Wireshark.app/Contents/Frameworks. As a result we need to copy them into
place during our packaging process.
Change-Id: Idbdea289dce60e9acf9ab317f4151bfe2c993ddd
Reviewed-on: https://code.wireshark.org/review/31160
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Pass --minimize to dsymutil, which reduces the size of our dsyms. Print
the name of each file as we dsymify it.
Change-Id: Ic8b14daa2ceaa07c2c9ca3162020e5861d165f6d
Ping-bug: 15361
Reviewed-on: https://code.wireshark.org/review/31150
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Qt5CoreConfigExtras.cmake sets Qt5::qmake. Use it to find the
corresponding path to macdeployqt and use those in osx-app.sh.
Change-Id: I2e67f0126e272fc95d40476b9bfc83ab38d73cee
Reviewed-on: https://code.wireshark.org/review/28359
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See if that makes it possible for CrashReporter to fully symbolicate
crash dumps, so the user gets line numbers and the like in crash dumps
from the OS, and we get them if the user sends a crash dump to us.
Change-Id: I8bb48b2d2f6b3e23fea43c1a3bd3a5a9a97a5c2c
Reviewed-on: https://code.wireshark.org/review/26123
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There's no Wireshark.app/Contents/Resources/bin directory; remove the
variable containing its path, and the part of an error message that
refers to it.
Change-Id: Id41cc00a2671925c50b2075dd3e9d0f84d5bd921
Reviewed-on: https://code.wireshark.org/review/26039
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Instead of using the never-defined $binpath (undefined going back to at
least Wireshark 1.0.0 - is it a leftover from the Inkscape version?),
use $bundle_binary_list, to strip all the executables with strip -ur.
(Not that we want to strip anything - we don't even want the debugging
symbols stripped! - but for cleanliness.)
Change-Id: I9c3520ffb418bf9dc206d3ccb55d347c208f3be2
Reviewed-on: https://code.wireshark.org/review/26033
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We no longer have the code to create a bundle, as we rely on CMake
having done so, at least to the extent of populating the bundle with all
the files we've generated. Get rid of the code that used to support it,
and the command-line options that are no longer necessary now that we no
longer build code bundles.
Don't have explicit lists of CLI or extcap binaries; instead, just look
for all plain files in Wireshark.app/Contents/MacOS that have read and
execute permissions for owner/group/user. That way, we don't have to
update the script if we add new binaries or new directories of binaries.
Change-Id: I047296a7889bea71165eebde10f34bec6ea96cc5
Reviewed-on: https://code.wireshark.org/review/26032
Reviewed-by: Guy Harris <guy@alum.mit.edu>