mirror of
https://github.com/onionshare/onionshare.git
synced 2025-01-25 10:42:58 -03:00
Update macOS build script to enable runtime, build DMG instead of PKG; update Tor; update build instructions
This commit is contained in:
Micah Lee
parent
437beef098
commit
f8f920b8a6
4 changed files with 43 additions and 45 deletions
50
BUILD.md
50
BUILD.md
|
|
@ -139,13 +139,22 @@ install/build_osx.sh
|
|||
|
||||
Now you should have `dist/OnionShare.app`.
|
||||
|
||||
#### To codesign and build a pkg for distribution
|
||||
#### To codesign and build a DMG for distribution
|
||||
|
||||
If you want to build for distribution, you'll need a codesigning certificate, and you'll also need to have [create-dmg](https://github.com/sindresorhus/create-dmg) installed:
|
||||
|
||||
```sh
|
||||
npm install --global create-dmg
|
||||
brew install graphicsmagick imagemagick
|
||||
```
|
||||
|
||||
And then run:
|
||||
|
||||
```sh
|
||||
install/build_osx.sh --release
|
||||
```
|
||||
|
||||
Now you should have `dist/OnionShare.pkg`.
|
||||
Now you should have `dist/OnionShare $VERSION.dmg`.
|
||||
|
||||
## Windows
|
||||
|
||||
|
|
@ -193,7 +202,7 @@ Add the following directories (you might want to make sure these are exact on yo
|
|||
|
||||
OnionShare uses PyInstaller to turn the python source code into Windows executable `.exe` file. Apparently, malware developers also use PyInstaller, and some anti-virus vendors have included snippets of PyInstaller code in their virus definitions. To avoid this, you have to compile the Windows PyInstaller bootloader yourself instead of using the pre-compiled one that comes with PyInstaller.
|
||||
|
||||
(If you don't care about this, you can install PyInstaller with `pip install PyInstaller==3.5`.)
|
||||
(If you don't care about this, you can install PyInstaller with `pip install PyInstaller==4.0`.)
|
||||
|
||||
Here's how to compile the PyInstaller bootloader:
|
||||
|
||||
|
|
@ -206,16 +215,14 @@ cd "C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\VC\Auxiliary\
|
|||
vcvars32.bat
|
||||
```
|
||||
|
||||
Change to a folder where you keep source code, and clone the PyInstaller git repo and checkout the `v3.5` tag:
|
||||
Change to a folder where you keep source code, and clone the PyInstaller git repo and checkout the `v4.0` tag:
|
||||
|
||||
```
|
||||
git clone https://github.com/pyinstaller/pyinstaller.git
|
||||
cd pyinstaller
|
||||
git tag -v v3.5
|
||||
git checkout v4.0
|
||||
```
|
||||
|
||||
(Note that ideally you would verify the git tag, but the PGP key that has signed the `v3.5` git tag for is not published anywhere, so this isn't possible. See [this issue](https://github.com/pyinstaller/pyinstaller/issues/4430).)
|
||||
|
||||
The next step is to compile the bootloader. We should do this all in dangerzone's poetry shell:
|
||||
|
||||
```
|
||||
|
|
@ -243,7 +250,7 @@ Now the next time you use PyInstaller to build OnionShare, the `.exe` file shoul
|
|||
|
||||
#### If you want to build the installer
|
||||
|
||||
* Go to http://nsis.sourceforge.net/Download and download the latest NSIS. I downloaded `nsis-3.04-setup.exe`.
|
||||
* Go to http://nsis.sourceforge.net/Download and download the latest NSIS. I downloaded `nsis-3.06.1-setup.exe`.
|
||||
* Add `C:\Program Files (x86)\NSIS` to the path.
|
||||
|
||||
#### If you want to sign binaries with Authenticode
|
||||
|
|
@ -347,30 +354,19 @@ To make a PPA release:
|
|||
|
||||
## macOS release
|
||||
|
||||
To make a macOS release, go to macOS build machine:
|
||||
|
||||
- Build machine should be running macOS 10.11.6, and must have the Apple-trusted `Developer ID Application: Micah Lee` and `Developer ID Installer: Micah Lee` code-signing certificates installed
|
||||
- Build machine should be running macOS 10.13.6, and must have the Apple-trusted `Developer ID Application: Micah Lee` and `Developer ID Installer: Micah Lee` code-signing certificates installed
|
||||
- Verify and checkout the git tag for this release
|
||||
- Run `./install/build_osx.sh --release`; this will make a codesigned installer package called `dist/OnionShare-$VERSION.pkg`
|
||||
- Copy `OnionShare-$VERSION.pkg` to developer machine
|
||||
|
||||
Then move back to the developer machine:
|
||||
|
||||
- PGP-sign the macOS installer, `gpg -a --detach-sign OnionShare-$VERSION.pkg`
|
||||
|
||||
Note that once we support notarizing the macOS installer (see [this issue](https://github.com/micahflee/onionshare/issues/953)), these will be the steps instead:
|
||||
|
||||
- Developer machine, running the latest macOS, must have an app-specific Apple ID password saved in the login keychain called `onionshare-notarize`
|
||||
- Notarize it: `xcrun altool --notarize-app --primary-bundle-id "com.micahflee.onionshare" -u "micah@micahflee.com" -p "@keychain:onionshare-notarize" --file OnionShare-$VERSION.pkg`
|
||||
- Wait for it to get approved, check status with: `xcrun altool --notarization-history 0 -u "micah@micahflee.com" -p "@keychain:onionshare-notarize"`
|
||||
- After it's approved, staple the ticket: `xcrun stapler staple OnionShare-$VERSION.pkg`
|
||||
- PGP-sign the final, notarized and stapled, `gpg -a --detach-sign OnionShare-$VERSION.pkg`
|
||||
- Run `poetry install && poetry run ./install/build_osx.sh --release`; this will make a codesigned installer package called `dist/OnionShare $VERSION.dmg`
|
||||
- Notarize it: `xcrun altool --notarize-app --primary-bundle-id "com.micahflee.onionshare" -u "micah@micahflee.com" -p "$APPLEIDPW" --file "OnionShare $VERSION.dmg"`
|
||||
- Wait for it to get approved, check status with: `xcrun altool --notarization-history 0 -u "micah@micahflee.com" -p "$APPLEIDPW"`
|
||||
- After it's approved, staple the ticket: `xcrun stapler staple "OnionShare $VERSION.dmg"`
|
||||
- PGP-sign the final, notarized and stapled, `gpg -a --detach-sign "OnionShare $VERSION.dmg"`
|
||||
|
||||
This process ends up with two final files:
|
||||
|
||||
```
|
||||
OnionShare-$VERSION.pkg
|
||||
OnionShare-$VERSION.pkg.asc
|
||||
OnionShare $VERSION.dmg
|
||||
OnionShare $VERSION.dmg.asc
|
||||
```
|
||||
|
||||
## Windows release
|
||||
|
|
|
|||
|
|
@ -20,9 +20,7 @@ cd $ROOT
|
|||
if [ "$1" = "--release" ]; then
|
||||
mkdir -p dist
|
||||
APP_PATH="$ROOT/dist/OnionShare.app"
|
||||
PKG_PATH="$ROOT/dist/OnionShare.pkg"
|
||||
IDENTITY_NAME_APPLICATION="Developer ID Application: Micah Lee"
|
||||
IDENTITY_NAME_INSTALLER="Developer ID Installer: Micah Lee"
|
||||
IDENTITY_NAME_APPLICATION="Developer ID Application: Micah Lee (N9B95FDWH4)"
|
||||
ENTITLEMENTS_CHILD_PATH="$ROOT/install/macos_sandbox/child.plist"
|
||||
ENTITLEMENTS_PARENT_PATH="$ROOT/install/macos_sandbox/parent.plist"
|
||||
|
||||
|
|
@ -30,26 +28,30 @@ if [ "$1" = "--release" ]; then
|
|||
codesign \
|
||||
--deep \
|
||||
-s "$IDENTITY_NAME_APPLICATION" \
|
||||
-o runtime \
|
||||
--force \
|
||||
--entitlements "$ENTITLEMENTS_CHILD_PATH" \
|
||||
--timestamp \
|
||||
"$APP_PATH"
|
||||
codesign \
|
||||
-s "$IDENTITY_NAME_APPLICATION" \
|
||||
-o runtime \
|
||||
--force \
|
||||
--entitlements "$ENTITLEMENTS_PARENT_PATH" \
|
||||
--timestamp \
|
||||
"$APP_PATH"
|
||||
|
||||
echo "Creating an installer"
|
||||
productbuild \
|
||||
--sign "$IDENTITY_NAME_INSTALLER" \
|
||||
--component "$APP_PATH" /Applications \
|
||||
--timestamp \
|
||||
"$PKG_PATH"
|
||||
echo "Create the DMG"
|
||||
if [ ! -f "/usr/local/bin/create-dmg" ]; then
|
||||
echo "Error: create-dmg is not installed"
|
||||
exit 0
|
||||
fi
|
||||
/usr/local/bin/create-dmg "$APP_PATH" --identity "$IDENTITY_NAME_APPLICATION"
|
||||
mv *.dmg dist
|
||||
|
||||
echo "Cleaning up"
|
||||
rm -rf "$APP_PATH"
|
||||
|
||||
echo "All done, your installer is in: $PKG_PATH"
|
||||
echo "All done, your DMG is in:"
|
||||
ls dist/*.dmg
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -36,10 +36,10 @@ import requests
|
|||
|
||||
|
||||
def main():
|
||||
dmg_url = "https://archive.torproject.org/tor-package-archive/torbrowser/8.5.5/TorBrowser-8.5.5-osx64_en-US.dmg"
|
||||
dmg_filename = "TorBrowser-8.5.5-osx64_en-US.dmg"
|
||||
dmg_url = "https://archive.torproject.org/tor-package-archive/torbrowser/9.5.4/TorBrowser-9.5.4-osx64_en-US.dmg"
|
||||
dmg_filename = "TorBrowser-9.5.4-osx64_en-US.dmg"
|
||||
expected_dmg_sha256 = (
|
||||
"9c1b7840bd251a4c52f0c919991e57cafb9178c55e11fa49f83ffacce3c20511"
|
||||
"5cc9ef95db8d99e762822c0bd596d7042fba2728e542732f337368c6b891b3ea"
|
||||
)
|
||||
|
||||
# Build paths
|
||||
|
|
@ -107,8 +107,8 @@ def main():
|
|||
os.path.join(dist_path, "MacOS", "Tor", "tor.real"),
|
||||
)
|
||||
shutil.copyfile(
|
||||
os.path.join(dmg_tor_path, "MacOS", "Tor", "libevent-2.1.6.dylib"),
|
||||
os.path.join(dist_path, "MacOS", "Tor", "libevent-2.1.6.dylib"),
|
||||
os.path.join(dmg_tor_path, "MacOS", "Tor", "libevent-2.1.7.dylib"),
|
||||
os.path.join(dist_path, "MacOS", "Tor", "libevent-2.1.7.dylib"),
|
||||
)
|
||||
os.chmod(os.path.join(dist_path, "MacOS", "Tor", "tor.real"), 0o755)
|
||||
# obfs4proxy binary
|
||||
|
|
|
|||
|
|
@ -34,10 +34,10 @@ import requests
|
|||
|
||||
|
||||
def main():
|
||||
exe_url = "https://archive.torproject.org/tor-package-archive/torbrowser/8.5.5/torbrowser-install-8.5.5_en-US.exe"
|
||||
exe_filename = "torbrowser-install-8.5.5_en-US.exe"
|
||||
exe_url = "https://archive.torproject.org/tor-package-archive/torbrowser/9.5.4/torbrowser-install-9.5.4_en-US.exe"
|
||||
exe_filename = "torbrowser-install-9.5.4_en-US.exe"
|
||||
expected_exe_sha256 = (
|
||||
"a3aa7e626d1d2365dcecc6f17055f467f31c4ff9558a769e51d4b90640e48bb0"
|
||||
"af4c7ee756a3abf7b1f338d0bf7415b36b17bff56e0e6c08244d68a0bda81a29"
|
||||
)
|
||||
# Build paths
|
||||
root_path = os.path.dirname(
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue