exec >&2
echo 'Usage: pkgbuild.sh [-x] [--app-key <appkey>] [--inst-key <instkey>]'
+ echo ' [--apple-id <appleid> <password>]'
echo ' [--pass N] [--csdb <CellServDB>] <binary-dir>'
echo
echo '--app-key and --inst-key are for signing. -x prints all comamnds as '
- echo 'they are run.'
+ echo 'they are run. --apple-id is for notarizing.'
+ echo
+ echo 'Note: the password associated with <appleid> can be a reference to a'
+ echo 'keychain item. Including your password as cleartext is not'
+ echo 'recommended. e.g.'
+ echo
+ echo '--apple-id foo@bar.com "@keychain:PASSWORD"'
+ echo
+ echo 'In this case, keychain must hold a keychain item named PASSWORD with'
+ echo 'an account matching foo@bar.com.'
echo
echo 'By default, all passes are run. Available passes:'
echo ' --pass 1: prepare pkgroot'
APP_KEY=
INST_KEY=
+APPLE_ID=
+APPLE_PW=
DEST_DIR=
CSDB=
INST_KEY="$1"
shift
;;
+ --apple-id)
+ APPLE_ID="$1"
+ shift
+ APPLE_PW="$1"
+ shift
+ ;;
--csdb)
CSDB="$1"
shift
RELNAME="Catalina"
THISREL=15
+elif [ x"$majorvers" = x20 ]; then
+ RELNAME="BigSur"
+ # Big Sur version number is 11.0 (not 10.16). Still, set THISREL to 16 so we
+ # know that this version came after the ones listed above.
+ THISREL=16
+ OSVER=11
+
elif [ x"$majorvers" = x ] ; then
echo "Error running uname" >&2
exit 1
chmod og-rx "$PKGROOT"/private/var/db/openafs/cache
if [ x"$APP_KEY" != x ] ; then
+ # To be notarized by Apple, all files must be signed.
+ find "$PKGROOT" -type f -exec codesign --verbose --force \
+ --timestamp --sign "$APP_KEY" $CODESIGN_OPTS {} \;
+
# Sign each 'thing' that we have (commands, kexts, etc)
for obj in "$DPKGROOT"/Library/OpenAFS/Debug/afs.kext \
"$PKGROOT"/Library/OpenAFS/Tools/root.client/usr/vice/etc/afs.kext \
"$PKGROOT"/Library/Security/SecurityAgentPlugins/aklog.bundle \
"$PKGROOT"/Library/OpenAFS/Tools/tools/growlagent-openafs.app \
"$PKGROOT"/Library/OpenAFS/Tools/tools/aklog.bundle \
+ "$PKGROOT"/Library/OpenAFS/Tools/tools/OpenAFS.prefPane/Contents/Resources/AFSBackgrounder.app \
+ "$PKGROOT"/Library/OpenAFS/Tools/tools/OpenAFS.prefPane \
"$PLUGINS"/afscell.bundle
do
codesign --verbose --force --timestamp --sign "$APP_KEY" $CODESIGN_OPTS "$obj"
done
- # To be notarized by Apple, all files must be signed.
- find "$PKGROOT" -type f -exec codesign --verbose --force \
- --timestamp --sign "$APP_KEY" $CODESIGN_OPTS {} \;
# Check if our signatures for our kexts are valid. 'kextutil' will exit
# with an error and print out a message if something is wrong with the
"$PKGROOT"/Library/OpenAFS/Tools/root.client/usr/vice/etc/afs.kext \
"$PKGROOT"/private/var/db/openafs/etc/afs.kext
do
- kextutil -no-load -print-diagnostics "$kext"
+ # This check will fail on systems that require notarization, because we haven't
+ # notarized anything yet. For now, just disable the check for those versions.
+ if [ $THISREL -ge 14 ]; then
+ echo "Skipping kextutil checks for $kext"
+ else
+ kextutil -no-load -print-diagnostics "$kext"
+ fi
done
fi
fi
# generate Distribution.xml from Distribution.xml.in -- nonstandard substs
- sed -e "s/%%OSX_MAJOR_CUR%%/$THISREL/g" \
- -e "s/%%OSX_MAJOR_NEXT%%/$(( $THISREL + 1 ))/g" \
- -e "s,%%PRES_EXTRA%%,$PRES_EXTRA,g" \
- -e "s/%%OPENAFS_VERSION%%/@PACKAGE_VERSION@/g" \
- < Distribution.xml.in > Distribution.xml
+ if [ $majorvers -ge 20 ] ; then
+ # Unlike older versions, point releases for macOS Big Sur increment the
+ # second component of the release number (prior releases increment the
+ # third component of this number).
+ sed -e "s/%%OSX_MAJOR_CUR%%/0/g" \
+ -e "s/%%OSX_MAJOR_NEXT%%/0/g" \
+ -e "s/%%OSVER_CUR%%/$OSVER/g" \
+ -e "s/%%OSVER_NEXT%%/$(( $OSVER + 1 ))/g" \
+ -e "s,%%PRES_EXTRA%%,$PRES_EXTRA,g" \
+ -e "s/%%OPENAFS_VERSION%%/@PACKAGE_VERSION@/g" \
+ < Distribution.xml.in > Distribution.xml
+ else
+ sed -e "s/%%OSX_MAJOR_CUR%%/$THISREL/g" \
+ -e "s/%%OSX_MAJOR_NEXT%%/$(( $THISREL + 1 ))/g" \
+ -e "s/%%OSVER_CUR%%/10/g" \
+ -e "s/%%OSVER_NEXT%%/10/g" \
+ -e "s,%%PRES_EXTRA%%,$PRES_EXTRA,g" \
+ -e "s/%%OPENAFS_VERSION%%/@PACKAGE_VERSION@/g" \
+ < Distribution.xml.in > Distribution.xml
+ fi
rm -rf "$CURDIR/prod"
mkdir "$CURDIR/prod"
if [ x"$APP_KEY" != x ] ; then
codesign --verbose --force --timestamp --sign "$APP_KEY" "$CURDIR"/dmg/Uninstall.command
+ codesign --verbose --force --timestamp --sign "$APP_KEY" "$CURDIR"/dmg/OpenAFS.pkg
fi
hdiutil create -srcfolder "$CURDIR"/dmg -volname OpenAFS \
echo
echo "Created $CURDIR/OpenAFS-@PACKAGE_VERSION@-$RELNAME".dmg
+
+ if [ x"$APPLE_ID" != x ] ; then
+ echo "Notarizing package..."
+ ./notarize.pl "$APPLE_ID" "$APPLE_PW" "$CURDIR/OpenAFS-@PACKAGE_VERSION@-$RELNAME.dmg"
+ fi
fi