2019-07-14 13:31:16 +08:00
|
|
|
# MacOS Deployment
|
2013-10-15 23:14:30 -04:00
|
|
|
|
2019-07-14 13:31:16 +08:00
|
|
|
The `macdeployqtplus` script should not be run manually. Instead, after building as usual:
|
2019-09-07 23:52:45 -04:00
|
|
|
|
2019-07-14 13:31:16 +08:00
|
|
|
```bash
|
|
|
|
make deploy
|
|
|
|
```
|
2013-10-15 23:14:30 -04:00
|
|
|
|
2022-11-18 12:36:20 +00:00
|
|
|
When complete, it will have produced `Bitcoin-Core.zip`.
|
2013-10-15 23:14:30 -04:00
|
|
|
|
2019-07-14 13:31:16 +08:00
|
|
|
## SDK Extraction
|
2013-10-15 23:14:30 -04:00
|
|
|
|
2019-10-15 19:28:49 -04:00
|
|
|
### Step 1: Obtaining `Xcode.app`
|
|
|
|
|
2022-02-02 14:13:32 -05:00
|
|
|
A free Apple Developer Account is required to proceed.
|
|
|
|
|
2019-10-15 19:28:49 -04:00
|
|
|
Our current macOS SDK
|
2022-03-11 16:20:29 +01:00
|
|
|
(`Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz`)
|
|
|
|
can be extracted from
|
2021-05-03 14:45:08 +08:00
|
|
|
[Xcode_12.2.xip](https://download.developer.apple.com/Developer_Tools/Xcode_12.2/Xcode_12.2.xip).
|
2022-03-11 16:20:29 +01:00
|
|
|
|
2021-07-21 12:31:04 +02:00
|
|
|
Alternatively, after logging in to your account go to 'Downloads', then 'More'
|
2022-06-28 03:37:18 +00:00
|
|
|
and search for [`Xcode 12.2`](https://developer.apple.com/download/all/?q=Xcode%2012.2).
|
2022-03-11 16:20:29 +01:00
|
|
|
|
2021-07-21 12:31:04 +02:00
|
|
|
An Apple ID and cookies enabled for the hostname are needed to download this.
|
2022-03-11 16:20:29 +01:00
|
|
|
|
|
|
|
The `sha256sum` of the downloaded XIP archive should be `28d352f8c14a43d9b8a082ac6338dc173cb153f964c6e8fb6ba389e5be528bd0`.
|
2020-04-10 20:12:18 -04:00
|
|
|
|
2019-10-15 19:28:49 -04:00
|
|
|
After Xcode version 7.x, Apple started shipping the `Xcode.app` in a `.xip`
|
|
|
|
archive. This makes the SDK less-trivial to extract on non-macOS machines. One
|
|
|
|
approach (tested on Debian Buster) is outlined below:
|
2013-10-15 23:14:30 -04:00
|
|
|
|
2019-07-14 13:31:16 +08:00
|
|
|
```bash
|
2020-06-10 16:17:51 -04:00
|
|
|
# Install/clone tools needed for extracting Xcode.app
|
|
|
|
apt install cpio
|
|
|
|
git clone https://github.com/bitcoin-core/apple-sdk-tools.git
|
2019-07-14 13:31:16 +08:00
|
|
|
|
2021-05-03 14:45:08 +08:00
|
|
|
# Unpack Xcode_12.2.xip and place the resulting Xcode.app in your current
|
2020-06-10 16:17:51 -04:00
|
|
|
# working directory
|
2021-05-03 14:45:08 +08:00
|
|
|
python3 apple-sdk-tools/extract_xcode.py -f Xcode_12.2.xip | cpio -d -i
|
2019-07-14 13:31:16 +08:00
|
|
|
```
|
|
|
|
|
2019-10-15 19:28:49 -04:00
|
|
|
On macOS the process is more straightforward:
|
2019-07-14 13:31:16 +08:00
|
|
|
|
|
|
|
```bash
|
2021-05-03 14:45:08 +08:00
|
|
|
xip -x Xcode_12.2.xip
|
2019-07-14 13:31:16 +08:00
|
|
|
```
|
|
|
|
|
2021-05-03 14:45:08 +08:00
|
|
|
### Step 2: Generating `Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz` from `Xcode.app`
|
2019-10-15 19:28:49 -04:00
|
|
|
|
2021-05-03 14:45:08 +08:00
|
|
|
To generate `Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz`, run
|
2019-10-15 19:28:49 -04:00
|
|
|
the script [`gen-sdk`](./gen-sdk) with the path to `Xcode.app` (extracted in the
|
|
|
|
previous stage) as the first argument.
|
|
|
|
|
|
|
|
```bash
|
2021-05-03 14:45:08 +08:00
|
|
|
# Generate a Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz from
|
2019-10-15 19:28:49 -04:00
|
|
|
# the supplied Xcode.app
|
|
|
|
./contrib/macdeploy/gen-sdk '/path/to/Xcode.app'
|
|
|
|
```
|
|
|
|
|
2022-04-22 22:01:28 +02:00
|
|
|
The `sha256sum` of the generated TAR.GZ archive should be `df75d30ecafc429e905134333aeae56ac65fac67cb4182622398fd717df77619`.
|
2022-03-11 16:20:29 +01:00
|
|
|
|
2022-11-18 12:36:20 +00:00
|
|
|
## Deterministic macOS App Notes
|
2022-03-11 16:20:29 +01:00
|
|
|
|
2022-11-18 12:36:20 +00:00
|
|
|
macOS Applications are created in Linux by combining a recent `clang` and the Apple
|
|
|
|
`binutils` (`ld`, `ar`, etc).
|
2019-07-14 13:31:16 +08:00
|
|
|
|
|
|
|
Apple uses `clang` extensively for development and has upstreamed the necessary
|
|
|
|
functionality so that a vanilla clang can take advantage. It supports the use of `-F`,
|
2021-04-28 15:27:32 +08:00
|
|
|
`-target`, `-mmacosx-version-min`, and `-isysroot`, which are all necessary when
|
2019-07-14 13:31:16 +08:00
|
|
|
building for macOS.
|
|
|
|
|
|
|
|
Apple's version of `binutils` (called `cctools`) contains lots of functionality missing in the
|
|
|
|
FSF's `binutils`. In addition to extra linker options for frameworks and sysroots, several
|
|
|
|
other tools are needed as well such as `install_name_tool`, `lipo`, and `nmedit`. These
|
|
|
|
do not build under Linux, so they have been patched to do so. The work here was used as
|
|
|
|
a starting point: [mingwandroid/toolchain4](https://github.com/mingwandroid/toolchain4).
|
|
|
|
|
|
|
|
In order to build a working toolchain, the following source packages are needed from
|
|
|
|
Apple: `cctools`, `dyld`, and `ld64`.
|
|
|
|
|
|
|
|
These tools inject timestamps by default, which produce non-deterministic binaries. The
|
|
|
|
`ZERO_AR_DATE` environment variable is used to disable that.
|
|
|
|
|
|
|
|
This version of `cctools` has been patched to use the current version of `clang`'s headers
|
|
|
|
and its `libLTO.so` rather than those from `llvmgcc`, as it was originally done in `toolchain4`.
|
|
|
|
|
|
|
|
To complicate things further, all builds must target an Apple SDK. These SDKs are free to
|
2022-02-02 14:13:32 -05:00
|
|
|
download, but not redistributable. See the SDK Extraction notes above for how to obtain it.
|
2019-07-14 13:31:16 +08:00
|
|
|
|
2022-02-02 14:13:32 -05:00
|
|
|
The Guix process builds 2 sets of files: Linux tools, then Apple binaries which are
|
2019-07-14 13:31:16 +08:00
|
|
|
created using these tools. The build process has been designed to avoid including the
|
2021-07-08 16:20:01 +08:00
|
|
|
SDK's files in Guix's outputs. All interim tarballs are fully deterministic and may be freely
|
2019-07-14 13:31:16 +08:00
|
|
|
redistributed.
|
|
|
|
|
|
|
|
As of OS X 10.9 Mavericks, using an Apple-blessed key to sign binaries is a requirement in
|
|
|
|
order to satisfy the new Gatekeeper requirements. Because this private key cannot be
|
|
|
|
shared, we'll have to be a bit creative in order for the build process to remain somewhat
|
|
|
|
deterministic. Here's how it works:
|
|
|
|
|
2022-11-18 12:36:20 +00:00
|
|
|
- Builders use Guix to create an unsigned release. This outputs an unsigned ZIP which
|
2019-07-14 13:31:16 +08:00
|
|
|
users may choose to bless and run. It also outputs an unsigned app structure in the form
|
2022-11-18 12:36:20 +00:00
|
|
|
of a tarball.
|
2019-07-14 13:31:16 +08:00
|
|
|
- The Apple keyholder uses this unsigned app to create a detached signature, using the
|
|
|
|
script that is also included there. Detached signatures are available from this [repository](https://github.com/bitcoin-core/bitcoin-detached-sigs).
|
2021-07-08 16:20:01 +08:00
|
|
|
- Builders feed the unsigned app + detached signature back into Guix. It uses the
|
2022-11-18 12:36:20 +00:00
|
|
|
pre-built tools to recombine the pieces into a deterministic ZIP.
|