You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@netbeans.apache.org by jo...@apache.org on 2022/03/22 20:52:45 UTC
[netbeans] branch master updated: [3697] Removed invalid cpp package reference and introduces support for sign… (#3699)
This is an automated email from the ASF dual-hosted git repository.
johnmcdonnell pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/netbeans.git
The following commit(s) were added to refs/heads/master by this push:
new 47d1973 [3697] Removed invalid cpp package reference and introduces support for sign… (#3699)
47d1973 is described below
commit 47d19733d85a17d739c12ef84732a42b1f928367
Author: John McDonnell <mc...@gmail.com>
AuthorDate: Tue Mar 22 20:52:27 2022 +0000
[3697] Removed invalid cpp package reference and introduces support for sign… (#3699)
Updated the macOS installer logic to:
* Remove the reference to the invalid cpp package
* Sign each pkg (and sign the offending native binaries, which the Apple notarization process reported)
---
nbbuild/installer/mac/newbuild/build.sh | 27 +++++----
nbbuild/installer/mac/newbuild/build.xml | 21 +++++--
.../mac/newbuild/commonfiles/signNativeBinaries.sh | 66 ++++++++++++++++++++++
.../mac/newbuild/dmg/distribution-nbide.dist | 2 +-
.../installer/mac/newbuild/dmg/distribution.dist | 2 +-
.../mac/newbuild/netBeans/nbide/build.xml | 21 +++++--
nbbuild/installer/readme.txt | 9 ++-
nbbuild/newbuild/build-nbi.sh | 8 +--
8 files changed, 125 insertions(+), 31 deletions(-)
diff --git a/nbbuild/installer/mac/newbuild/build.sh b/nbbuild/installer/mac/newbuild/build.sh
index 70f6109..82225c3 100755
--- a/nbbuild/installer/mac/newbuild/build.sh
+++ b/nbbuild/installer/mac/newbuild/build.sh
@@ -23,16 +23,14 @@ set -x -e
echo Given parameters: $1 $2 $3 $4 $5 $6
if [ -z "$1" ] || [ -z "$2" ]|| [ -z "$3" ] || [ -z "$4" ] || [ -z "$5" ] || [ -z "$6" ] || [ -z "$7" ]; then
- echo "usage: $0 zipdir prefix buildnumber build_jdk7 build_jdk8 build_jdk11 binaryname mac_sign_idname version_number [nb_locales]"
+ echo "usage: $0 zipdir prefix buildnumber binaryname installer_sign_idname application_sign_idname version_number [nb_locales]"
echo ""
echo "zipdir is the dir which contains the zip/modulclusters"
echo "prefix is the distro filename prefix, e.g. netbeans-hudson-trunk in netbeans-hudson-trunk-2464"
echo "buildnumber is the distro buildnumber, e.g. 2464 in netbeans-hudson-trunk-2464"
- echo "build_jdk7 is 1 if bundle jdk7 are required and 0 if not"
- echo "build_jdk8 is 1 if bundle jdk8 are required and 0 if not"
- echo "build_jdk11 is 1 if bundle jdk11 are required and 0 if not"
echo "binaryname is the basename of the zip file"
- echo "mac_sign_idname are required if the packages are to be signed, 0 if not"
+ echo "installer_sign_idname are required if the packages are to be signed, 0 if not"
+ echo "application_sign_idname are required if the packages are to be signed, 0 if not"
echo "version_number the netbeans version number"
echo "[nb_locales] is the string with the list of locales"
exit 1
@@ -41,14 +39,15 @@ fi
work_dir=$1
prefix=$2
buildnumber=$3
-build_jdk7=$4
-build_jdk8=$5
-build_jdk11=$6
-binaryname=$7
-mac_sign_idname=$8
-version_number=$9
-if [ -n "${10}" ] ; then
- nb_locales=",${10}"
+build_jdk7=0
+build_jdk8=0
+build_jdk11=0
+binaryname=$4
+installer_sign_idname=$5
+application_sign_idname=$6
+version_number=$7
+if [ -n "${8}" ] ; then
+ nb_locales=",${8}"
fi
basename=`dirname "$0"`
@@ -76,5 +75,5 @@ fi
rm -rf "$basename"/dist_en
-ant -f $basename/build.xml $target -Dlocales=$nb_locales -Dcommon.name=$commonname -Dnb.binary.name=$binaryname -Dmac.sign.idname="$mac_sign_idname" -Dprefix=$prefix -Dbuildnumber=$buildnumber -Dversionnumber=$version_number -Dbuild.jdk7=$build_jdk7 -Dbuild.jdk8=$build_jdk8 -Dbuild.jdk11=$build_jdk11 -Dgf_builds_host=$GLASSFISH_BUILDS_HOST -Djre_builds_host=$JRE_BUILDS_HOST -Djdk_builds_host=$JDK_BUILDS_HOST -Djre_builds_path=$JRE_BUILDS_PATH -Djdk7_builds_path=$JDK7_BUILDS_PATH -Djdk8_b [...]
+ant -f $basename/build.xml $target -Dlocales=$nb_locales -Dcommon.name=$commonname -Dnb.binary.name=$binaryname -Dinstaller.sign.idname="$installer_sign_idname" -Dapplication.sign.idname="$application_sign_idname" -Dprefix=$prefix -Dbuildnumber=$buildnumber -Dversionnumber=$version_number -Dbuild.jdk7=$build_jdk7 -Dbuild.jdk8=$build_jdk8 -Dbuild.jdk11=$build_jdk11 -Dgf_builds_host=$GLASSFISH_BUILDS_HOST -Djre_builds_host=$JRE_BUILDS_HOST -Djdk_builds_host=$JDK_BUILDS_HOST -Djre_builds_pa [...]
mv -f "$basename"/dist "$basename"/dist_en
diff --git a/nbbuild/installer/mac/newbuild/build.xml b/nbbuild/installer/mac/newbuild/build.xml
index c6a37c5..5700cab 100644
--- a/nbbuild/installer/mac/newbuild/build.xml
+++ b/nbbuild/installer/mac/newbuild/build.xml
@@ -25,7 +25,7 @@
<import file="${basedir}/build.pro"/>
<property file="${basedir}/Bundle.properties"/>
- <loadfile property="sign_iden_name" srcFile="${mac.sign.idname}" quiet="true">
+ <loadfile property="sign_iden_name" srcFile="${installer.sign.idname}" quiet="true">
<filterchain>
<striplinebreaks/>
</filterchain>
@@ -108,7 +108,7 @@
<equals arg1="${build.jdk11}" arg2="1"/>
</condition>
<condition property="sign_iden_name_arg" value="" else="--sign '${sign_iden_name}'">
- <equals arg1="${mac.sign.idname}" arg2="0"/>
+ <equals arg1="${installer.sign.idname}" arg2="0"/>
</condition>
</target>
@@ -139,7 +139,20 @@
<exec executable="sh" failonerror="yes">
<arg value="-c"/>
<arg value="unzip -o -d ${basedir}/netBeans/${module.name}/build/netbeans ${common.name}${nb.binary.name}-${cluster.name}.zip"/>
- </exec>
+ </exec>
+ <loadfile property="app_iden_name" srcFile="${application.sign.idname}" quiet="true">
+ <filterchain>
+ <striplinebreaks/>
+ </filterchain>
+ </loadfile>
+ <condition property="codesign.identity.arg" value="" else="'${app_iden_name}'">
+ <equals arg1="${application.sign.idname}" arg2="0"/>
+ </condition>
+ <property name="appDir" value="${basedir}/netBeans/${module.name}/build/netbeans"/>
+ <exec executable="sh" failonerror="yes">
+ <arg value="-c"/>
+ <arg value="sh ${basedir}/commonfiles/signNativeBinaries.sh ${codesign.identity.arg} ${appDir}"/>
+ </exec>
</target>
<target name="size-pack-module" description="Count up size of the module, pack200">
@@ -208,7 +221,7 @@
<target name="build-module">
<property name="module.builddir" value="${basedir}/netBeans/${module.name}/build"/>
-
+
<ant target="size-pack-module"/>
<property name="scriptsdir" value="${module.builddir}/scripts"/>
diff --git a/nbbuild/installer/mac/newbuild/commonfiles/signNativeBinaries.sh b/nbbuild/installer/mac/newbuild/commonfiles/signNativeBinaries.sh
new file mode 100644
index 0000000..f1d21cc
--- /dev/null
+++ b/nbbuild/installer/mac/newbuild/commonfiles/signNativeBinaries.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+if [ -z "$1" ] || [ -z "$2" ] ; then
+ echo "usage: $0 appSigningIdentity appDir"
+ echo "appSigningIdentity is Apple Developer ID Application certificate used for signing"
+ echo "appDir is the application directory"
+ exit 1;
+fi
+
+appSigningIdentity="$1"
+appDir="$2"
+
+nativeExecutionBinaries=( "/netbeans/ide/bin/nativeexecution/MacOSX-x86/unbuffer.dylib" "/netbeans/ide/bin/nativeexecution/MacOSX-x86/pty" "/netbeans/ide/bin/nativeexecution/MacOSX-x86/pty_open" "/netbeans/ide/bin/nativeexecution/MacOSX-x86/process_start" "/netbeans/ide/bin/nativeexecution/MacOSX-x86/killall" "/netbeans/ide/bin/nativeexecution/MacOSX-x86/stat" "/netbeans/ide/bin/nativeexecution/MacOSX-x86_64/unbuffer.dylib" "/netbeans/ide/bin/nativeexecution/MacOSX-x86_64/pty" "/netbeans [...]
+jniBinaries=("/netbeans/platform/modules/lib/aarch64/libjnidispatch-nb.jnilib" "/netbeans/platform/modules/lib/x86_64/libjnidispatch-nb.jnilib")
+profilerBinaries=("/netbeans/profiler/lib/deployed/jdk16/mac/libprofilerinterface.jnilib" "/netbeans/profiler/lib/deployed/jdk15/mac/libprofilerinterface.jnilib" )
+jansiJar="/netbeans/java/maven/lib/jansi-2.4.0.jar"
+
+function signBinariesFromArray() {
+ arr=("$@")
+ for file in "${arr[@]}"; do
+ echo $appDir$file
+ codesign --force --timestamp --options=runtime -s "$appSigningIdentity" -v $appDir$file
+ done
+}
+
+function signBinaryFromJar() {
+ jar tf $appDir$1 | grep '\.so\|\.dylib\|\.jnilib' > filelist.txt
+ while read f
+ do
+ if [[ "$f" == *native/Mac* ]]; then
+ jar xf $appDir$1 $f
+ codesign --force --timestamp --options=runtime -s "$appSigningIdentity" -v $f
+ jar uf $appDir$1 $f
+ rm -rf $f
+ fi
+ done < filelist.txt
+ rm -rf filelist.txt
+}
+
+if [[ "$appDir" == *nbide* ]]; then
+ signBinariesFromArray "${nativeExecutionBinaries[@]}"
+ signBinariesFromArray "${jniBinaries[@]}"
+fi
+
+if [[ "$appDir" == *javase* ]]; then
+ signBinariesFromArray "${profilerBinaries[@]}"
+ signBinaryFromJar $jansiJar
+fi
\ No newline at end of file
diff --git a/nbbuild/installer/mac/newbuild/dmg/distribution-nbide.dist b/nbbuild/installer/mac/newbuild/dmg/distribution-nbide.dist
index 8bcc03a..e1bcde3 100644
--- a/nbbuild/installer/mac/newbuild/dmg/distribution-nbide.dist
+++ b/nbbuild/installer/mac/newbuild/dmg/distribution-nbide.dist
@@ -153,6 +153,6 @@ function checkSystemversion() {
<pkg-ref id="ident.pkg.javaee" version="0.0.0.0.1" installKBytes="@SIZE_JAVAEE@" auth="Root" onConclusion="None">javaee-@NB_ID@.pkg</pkg-ref>
<pkg-ref id="ident.pkg.webcommon" version="0.0.0.0.1" installKBytes="@SIZE_WEBCOMMON@" auth="Root" onConclusion="None">webcommon-@NB_ID@.pkg</pkg-ref>
<pkg-ref id="ident.pkg.php" version="0.0.0.0.1" installKBytes="@SIZE_PHP@" auth="Root" onConclusion="None">php-@NB_ID@.pkg</pkg-ref>
- <pkg-ref id="ident.pkg.cpp" version="0.0.0.0.1" installKBytes="@SIZE_CPP@" auth="Root" onConclusion="None">cpp-@NB_ID@.pkg</pkg-ref>
+ <!-- <pkg-ref id="ident.pkg.cpp" version="0.0.0.0.1" installKBytes="@SIZE_CPP@" auth="Root" onConclusion="None">cpp-@NB_ID@.pkg</pkg-ref> -->
<pkg-ref id="ident.pkg.postinstallscripts" version="0.0.0.0.1" auth="Root" onConclusion="None">postinstallscripts.pkg</pkg-ref>
</installer-gui-script>
diff --git a/nbbuild/installer/mac/newbuild/dmg/distribution.dist b/nbbuild/installer/mac/newbuild/dmg/distribution.dist
index 34d9f96..dd60545 100644
--- a/nbbuild/installer/mac/newbuild/dmg/distribution.dist
+++ b/nbbuild/installer/mac/newbuild/dmg/distribution.dist
@@ -155,6 +155,6 @@ function checkSystemversion() {
<pkg-ref id="ident.pkg.javaee" version="0.0.0.0.1" installKBytes="@SIZE_JAVAEE@" auth="Root" onConclusion="None">javaee-@NB_ID@.pkg</pkg-ref>
<pkg-ref id="ident.pkg.webcommon" version="0.0.0.0.1" installKBytes="@SIZE_WEBCOMMON@" auth="Root" onConclusion="None">webcommon-@NB_ID@.pkg</pkg-ref>
<pkg-ref id="ident.pkg.php" version="0.0.0.0.1" installKBytes="@SIZE_PHP@" auth="Root" onConclusion="None">php-@NB_ID@.pkg</pkg-ref>
- <pkg-ref id="ident.pkg.cpp" version="0.0.0.0.1" installKBytes="@SIZE_CPP@" auth="Root" onConclusion="None">cpp-@NB_ID@.pkg</pkg-ref>
+ <!-- <pkg-ref id="ident.pkg.cpp" version="0.0.0.0.1" installKBytes="@SIZE_CPP@" auth="Root" onConclusion="None">cpp-@NB_ID@.pkg</pkg-ref> -->
<pkg-ref id="ident.pkg.postinstallscripts" version="0.0.0.0.1" auth="Root" onConclusion="None">postinstallscripts.pkg</pkg-ref>
</installer-gui-script>
diff --git a/nbbuild/installer/mac/newbuild/netBeans/nbide/build.xml b/nbbuild/installer/mac/newbuild/netBeans/nbide/build.xml
index 6426d81..ff3301a 100644
--- a/nbbuild/installer/mac/newbuild/netBeans/nbide/build.xml
+++ b/nbbuild/installer/mac/newbuild/netBeans/nbide/build.xml
@@ -77,6 +77,19 @@
</exec>
<copy file="../../../../../../nb/ide.launcher/macosx/.build/release/NetBeansLauncher" tofile="${appdir}/Contents/MacOS/netbeans"/>
<chmod file="${appdir}/Contents/MacOS/netbeans" perm="755"/>
+
+ <loadfile property="app_iden_name" srcFile="${application.sign.idname}" quiet="true">
+ <filterchain>
+ <striplinebreaks/>
+ </filterchain>
+ </loadfile>
+ <condition property="codesign.identity.arg" value="" else="-s '${app_iden_name}'">
+ <equals arg1="${application.sign.idname}" arg2="0"/>
+ </condition>
+ <exec executable="sh" failonerror="yes">
+ <arg value="-c"/>
+ <arg value="codesign -vvv --force --deep --timestamp --options=runtime ${codesign.identity.arg} '${appdir}'"/>
+ </exec>
</target>
<target name="build-pkg" depends="init, build-app">
@@ -115,17 +128,17 @@ NB_ID="${nb.id}"
<echo message="Building ide.pkg into ${basedir}/../../build/nbide.pkg"/>
- <loadfile property="sign_iden_name" srcFile="${mac.sign.idname}" quiet="true">
+ <loadfile property="sign_iden_name" srcFile="${installer.sign.idname}" quiet="true">
<filterchain>
<striplinebreaks/>
</filterchain>
</loadfile>
- <condition property="sign_iden_name_arg" value="" else="--sign '${sign_iden_name}'">
- <equals arg1="${mac.sign.idname}" arg2="0"/>
+ <condition property="pkgbuild.identity.arg" value="" else="--sign '${sign_iden_name}'">
+ <equals arg1="${installer.sign.idname}" arg2="0"/>
</condition>
<exec executable="sh" failonerror="yes">
<arg value="-c"/>
- <arg value="pkgbuild --root ${builddir}/app --scripts ${scriptsdir} --identifier org.netbeans.ide.nbide.${nb.id} --install-location ${install.dir} ${sign_iden_name_arg} ${basedir}/../../build/nbide-${nb.id}.pkg"/>
+ <arg value="pkgbuild --root ${builddir}/app --timestamp --scripts ${scriptsdir} --identifier org.netbeans.ide.nbide.${nb.id} --install-location ${install.dir} ${pkgbuild.identity.arg} ${basedir}/../../build/nbide-${nb.id}.pkg"/>
</exec>
</target>
diff --git a/nbbuild/installer/readme.txt b/nbbuild/installer/readme.txt
index 7eaac87..2998af5 100755
--- a/nbbuild/installer/readme.txt
+++ b/nbbuild/installer/readme.txt
@@ -48,9 +48,12 @@ export BUILDNUMBER BASENAME_PREFIX NB_BUILD_NUMBER DATESTAMP BUILD_DESC
#To build MAC installer on mac host set BUILD_MAC to 1
BUILD_MAC=0
export BUILD_MAC
-#Set MAC_SIGN_IDENTITY_NAME to the path to file containing Common Name of your certificate or set to 0 to not sign mac installer
-MAC_SIGN_IDENTITY_NAME=/Users/reemataneja/sign.txt
-export MAC_SIGN_IDENTITY_NAME
+#Set INSTALLER_SIGN_IDENTITY_NAME to the path to file containing Common Name of your certificate or set to 0 to not sign mac installer
+INSTALLER_SIGN_IDENTITY_NAME=/Users/john/Apache/installer_certificate.txt
+export INSTALLER_SIGN_IDENTITY_NAME
+#Set Application_SIGN_IDENTITY_NAME to the path to file containing Common Name of your certificate or set to 0 to not sign mac application
+APPLICATION_SIGN_IDENTITY_NAME=/Users/john/Apache/application_certificate.txt
+export APPLICATION_SIGN_IDENTITY_NAME
#To build linux and windows installers set BUILD_NB=1
BUILD_NB=1
diff --git a/nbbuild/newbuild/build-nbi.sh b/nbbuild/newbuild/build-nbi.sh
index 64d6ba2..681b87f 100644
--- a/nbbuild/newbuild/build-nbi.sh
+++ b/nbbuild/newbuild/build-nbi.sh
@@ -69,11 +69,12 @@ if [ ! -z $NATIVE_MAC_MACHINE ] && [ ! -z $MAC_PATH ]; then
exit $ERROR_CODE;
fi
+
# Run new builds
sh $NB_ALL/nbbuild/installer/mac/newbuild/init.sh | ssh $NATIVE_MAC_MACHINE "cat > $MAC_PATH/nbbuild/installer/mac/newbuild/build-private.sh"
ssh $NATIVE_MAC_MACHINE chmod a+x $MAC_PATH/nbbuild/installer/mac/newbuild/build.sh
- BASE_COMMAND="$MAC_PATH/nbbuild/installer/mac/newbuild/build.sh $DIST $BASENAME_PREFIX $BUILDNUMBER $BUILD_NBJDK7 $BUILD_NBJDK8 $BUILD_NBJDK11 $BINARY_NAME $MAC_SIGN_IDENTITY_NAME $NB_VER_NUMBER $LOCALES"
+ BASE_COMMAND="$MAC_PATH/nbbuild/installer/mac/newbuild/build.sh $DIST $BASENAME_PREFIX $BUILDNUMBER $BINARY_NAME $INSTALLER_SIGN_IDENTITY_NAME $APPLICATION_SIGN_IDENTITY_NAME $NB_VER_NUMBER $LOCALES"
ssh $NATIVE_MAC_MACHINE "$UNLOCK_COMMAND $BASE_COMMAND" > $MAC_LOG_NEW 2>&1 &
REMOTE_MAC_PID=$!
@@ -84,8 +85,7 @@ if [ ! -z $BUILD_MAC ]; then
sh $NB_ALL/nbbuild/installer/mac/newbuild/init.sh | cat > $NB_ALL/nbbuild/installer/mac/newbuild/build-private.sh
chmod a+x $NB_ALL/nbbuild/installer/mac/newbuild/build.sh
- BASE_COMMAND="$NB_ALL/nbbuild/installer/mac/newbuild/build.sh $DIST $BASENAME_PREFIX $BUILDNUMBER $BUILD_NBJDK7 $BUILD_NBJDK8 $BUILD_NBJDK11 $BINARY_NAME $MAC_SIGN_IDENTITY_NAME $NB_VER_NUMBER $LOCALES"
-
+ BASE_COMMAND="$NB_ALL/nbbuild/installer/mac/newbuild/build.sh $DIST $BASENAME_PREFIX $BUILDNUMBER $BINARY_NAME $INSTALLER_SIGN_IDENTITY_NAME $APPLICATION_SIGN_IDENTITY_NAME $NB_VER_NUMBER $LOCALES"
$BASE_COMMAND
fi
cd $NB_ALL/nbbuild/installer/infra/build
@@ -185,7 +185,7 @@ fi
cd $DIST
-bash ${SCRIPTS_DIR}/files-info.sh bundles bundles/jdk bundles/weblogic zip zip/moduleclusters
+bash ${SCRIPTS_DIR}/files-info.sh bundles zip zip/moduleclusters
ERROR_CODE=$?
if [ $ERROR_CODE != 0 ]; then
echo "ERROR: $ERROR_CODE - Counting of MD5 sums and size failed"
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@netbeans.apache.org
For additional commands, e-mail: commits-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists