diff options
author | Micah Lee <micah@micahflee.com> | 2020-11-06 08:54:53 -0800 |
---|---|---|
committer | Micah Lee <micah@micahflee.com> | 2020-11-06 08:54:53 -0800 |
commit | 1b23f82474d782911fecb04bb5ef6925842deacd (patch) | |
tree | dd88266af8d87d21e6c2e4426737b54917955b95 /desktop/package | |
parent | 654611f1e4e44ddf1370882c15123e36adb1a450 (diff) | |
download | onionshare-1b23f82474d782911fecb04bb5ef6925842deacd.tar.gz onionshare-1b23f82474d782911fecb04bb5ef6925842deacd.zip |
Start writing a proper macOS build script
Diffstat (limited to 'desktop/package')
-rw-r--r-- | desktop/package/macos/ChildEntitlements.plist | 10 | ||||
-rw-r--r-- | desktop/package/macos/Entitlements.plist | 43 | ||||
-rwxr-xr-x | desktop/package/macos/build.py | 91 |
3 files changed, 144 insertions, 0 deletions
diff --git a/desktop/package/macos/ChildEntitlements.plist b/desktop/package/macos/ChildEntitlements.plist new file mode 100644 index 00000000..06d88f66 --- /dev/null +++ b/desktop/package/macos/ChildEntitlements.plist @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <key>com.apple.security.app-sandbox</key> + <true/> + <key>com.apple.security.inherit</key> + <true/> +</dict> +</plist> diff --git a/desktop/package/macos/Entitlements.plist b/desktop/package/macos/Entitlements.plist new file mode 100644 index 00000000..8b9ac949 --- /dev/null +++ b/desktop/package/macos/Entitlements.plist @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <!-- Enable app sandbox --> + <key>com.apple.security.app-sandbox</key> + <true/> + + <!-- Required for running PyInstaller python code with hardened runtime --> + <key>com.apple.security.cs.allow-unsigned-executable-memory</key> + <true/> + + <!-- Both OnionShare and Tor need network server and client --> + <key>com.apple.security.network.server</key> + <true/> + <key>com.apple.security.network.client</key> + <true/> + + <!-- In share mode, users need to be able to select files, and in receive mode, + users need to be able to choose a folder to save files to --> + <key>com.apple.security.files.user-selected.read-write</key> + <true/> + + <!-- Flask needs to read this mime.types file when starting an HTTP server --> + <key>com.apple.security.temporary-exception.files.absolute-path.read-only</key> + <array> + <string>/private/etc/apache2/mime.types</string> + </array> + + <!-- For OnionShare to be able to connect to Tor Browser's tor control port, + it needs to read it's control_auth_cookie file --> + <key>com.apple.security.temporary-exception.files.home-relative-path.read-only</key> + <array> + <string>/Library/Application Support/TorBrowser-Data/Tor/control_auth_cookie</string> + </array> + + <!-- In receive mode, OnionShare needs to be able to write to ~/OnionShare --> + <key>com.apple.security.temporary-exception.files.home-relative-path.read-write</key> + <array> + <string>/OnionShare/</string> + </array> +</dict> +</plist> diff --git a/desktop/package/macos/build.py b/desktop/package/macos/build.py new file mode 100755 index 00000000..163f7752 --- /dev/null +++ b/desktop/package/macos/build.py @@ -0,0 +1,91 @@ +#!/usr/bin/env python3 +import os +import inspect +import subprocess +import argparse +import shutil +import glob + +root = os.path.dirname( + os.path.dirname( + os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe()))) + ) +) + + +def run(cmd, cwd=None): + subprocess.run(cmd, cwd=cwd, check=True) + + +def main(): + # Parse arguments + parser = argparse.ArgumentParser() + parser.add_argument( + "--with-codesign", + action="store_true", + dest="with_codesign", + help="Codesign the app bundle", + ) + args = parser.parse_args() + + cli_dir = os.path.join(root, "cli") + desktop_dir = os.path.join(root, "desktop") + + print("○ Building onionshare-cli") + run(["poetry", "install"], cli_dir) + run(["poetry", "build"], cli_dir) + whl_filename = glob.glob(f"{cli_dir}/dist/*.whl")[0] + whl_basename = os.path.basename(whl_filename) + shutil.copyfile(whl_filename, os.path.join(desktop_dir, whl_basename)) + + print("○ Clean up from last build") + if os.path.exists(os.path.join(desktop_dir, "macOS")): + shutil.rmtree(os.path.join(desktop_dir, "macOS")) + + print("○ Create app bundle") + run(["briefcase", "create"], desktop_dir) + app_path = os.path.join(desktop_dir, "macOS", "OnionShare", "OnionShare.app") + print(f"○ Unsigned app bundle: {app_path}") + + if args.with_codesign: + identity_name_application = "Developer ID Application: Micah Lee (N9B95FDWH4)" + entitlements_child_filename = os.path.join( + desktop_dir, "package", "macos", "ChildEntitlements.plist" + ) + entitlements_filename = os.path.join( + desktop_dir, "package", "macos", "Entitlements.plist" + ) + + print("○ Code signing app bundle") + run( + [ + "codesign", + "--deep", + "-s", + identity_name_application, + "--force", + "--entitlements", + entitlements_child_filename, + "--timestamp", + app_path, + ] + ) + run( + [ + "codesign", + "-s", + identity_name_application, + "--force", + "--entitlements", + entitlements_filename, + "--timestamp", + app_path, + ] + ) + print(f"○ Signed app bundle: {app_path}") + + print("○ TODO: Make a DMG package") + + +if __name__ == "__main__": + main()
\ No newline at end of file |