Merge branch 'mac-signing-instructions'

3 files changed, 44 insertions, 14 deletions

diff --git a/README.md b/README.md
index fe5680b0d5..18aeaa726e 100644
--- a/README.md
+++ b/README.md
@@ -113,7 +113,7 @@ it and behave accordingly.
     ```
     as in `yarn run pack:linux`.
 
-    The artifact (.dmg, .deb, .msi) version is the `version` property of `package.json`.
+    The artifact (.pkg, .deb, .msi) version is the `version` property of `package.json`.
 
 
 ## Making a release
@@ -135,6 +135,19 @@ the version of the app you are going to release. For example `2018.3-beta1` or `
 
     Please verify that the script did the right thing before you push the commit and tag it created.
 
+1. When building for macOS, the following environment variables must be set:
+   * `CSC_LINK` - The path to the `.p12` certificate file with the Apple application signing keys.
+     This file must contain both the "Developer ID Application" and the "Developer ID Installer"
+     certificates + private keys. If this environment variable is missing `build.sh` will skip
+     signing.
+   * `CSC_KEY_PASSWORD` - The password to the file given in `CSC_LINK`. If this is not set then
+     `build.sh` will prompt you for it. If you set it yourself, make sure to define it in such a
+     way that it's not stored in your bash history:
+     ```bash
+     export HISTCONTROL=ignorespace
+     export CSC_KEY_PASSWORD='my secret'
+     ```
+
 1. Run `./build.sh` on each computer/platform where you want to create a release artifact. This will
     do the following for you:
     1. Update `relays.json` with the latest relays
diff --git a/build.sh b/build.sh
index 87116e49ee..5f967f035a 100755
--- a/build.sh
+++ b/build.sh
@@ -5,7 +5,7 @@
 
 set -eu
 
-REQUIRED_RUSTC_VERSION="rustc 1.24.0 (4d90ac38c 2018-02-12)"
+REQUIRED_RUSTC_VERSION="rustc 1.26.0 (a77568041 2018-05-07)"
 RUSTC_VERSION=`rustc +stable --version`
 if [[ $RUSTC_VERSION != $REQUIRED_RUSTC_VERSION ]]; then
     echo "You are running the wrong Rust compiler version."
@@ -25,9 +25,25 @@ if [[ "${1:-""}" != "--allow-dirty" ]]; then
     fi
 fi
 
-case "$(uname -s)" in
-    Darwin*)    export MACOSX_DEPLOYMENT_TARGET="10.7";;
-esac
+if [[ "$(uname -s)" = "Darwin" ]]; then
+    export MACOSX_DEPLOYMENT_TARGET="10.7"
+
+    # if CSC_LINK is set, then we do signing
+    if [[ ! -z ${CSC_LINK-} ]]; then
+        echo "Building with macOS signing activated. Using certificate at $CSC_LINK"
+        if [[ -z ${CSC_KEY_PASSWORD-} ]]; then
+            read -sp "CSC_KEY_PASSWORD = " CSC_KEY_PASSWORD
+            echo ""
+            export CSC_KEY_PASSWORD
+        fi
+        export CSC_IDENTITY_AUTO_DISCOVERY=true
+    else
+        echo "!! CSC_LINK not set. This build will not be signed !!"
+        unset CSC_LINK CSC_KEY_PASSWORD
+        export CSC_IDENTITY_AUTO_DISCOVERY=false
+    fi
+fi
+
 
 # Remove binaries. To make sure it is rebuilt with the stable toolchain and the latest changes.
 cargo +stable clean
@@ -54,7 +70,7 @@ yarn install
 
 echo "Packing final release artifact..."
 case "$(uname -s)" in
-    #Linux*)     yarn pack:linux;;
+    Linux*)     yarn pack:linux;;
     Darwin*)    yarn pack:mac;;
 esac
 
diff --git a/dist-assets/pkg-scripts/preinstall b/dist-assets/pkg-scripts/preinstall
index db9c296fd6..b64746c8a8 100755
--- a/dist-assets/pkg-scripts/preinstall
+++ b/dist-assets/pkg-scripts/preinstall
@@ -13,10 +13,10 @@ echo "Running preinstall at $(date)"
 OLD_INSTALL_DIR="/Applications/MullvadVPN.app"
 if [ -d "$OLD_INSTALL_DIR" ]; then
     echo "Found old Mullvad VPN install at $OLD_INSTALL_DIR. Stopping and uninstalling"
-    pkill MullvadVPN || true
-    pkill mullvad-daemon || true
+    pkill MullvadVPN || echo "Unable to kill MullvadVPN, not running?"
+    pkill mullvad-daemon || echo "Unable to kill mullvad-daemon, not running?"
     sleep 0.5
-    rm -rf "$OLD_INSTALL_DIR"
+    rm -r "$OLD_INSTALL_DIR"
 fi
 
 # Migrate settings from <=2018.1 paths
@@ -25,15 +25,16 @@ NEW_SETTINGS_DIR="/etc/mullvad-daemon"
 if [ -d "$OLD_SETTINGS_DIR" ]; then
     echo "Found old setting dir $OLD_SETTINGS_DIR. Moving to $NEW_SETTINGS_DIR"
     mkdir -p "$NEW_SETTINGS_DIR"
-    mv "$OLD_SETTINGS_DIR/settings.json" "$NEW_SETTINGS_DIR/settings.json" || true
-    rm -rf "$OLD_SETTINGS_DIR"
+    mv "$OLD_SETTINGS_DIR/settings.json" "$NEW_SETTINGS_DIR/settings.json" || \
+        echo "Unable to migrate settings, not present in old dir?"
+    rm -r "$OLD_SETTINGS_DIR"
 fi
 
 # Delete logs from <=2018.1 paths
 OLD_LOG_DIR="$HOME/Library/Logs/MullvadVPN"
 if [ -d "$OLD_LOG_DIR" ]; then
     echo "Found old log dir $OLD_LOG_DIR. Deleting"
-    rm -rf "$OLD_LOG_DIR"
+    rm -r "$OLD_LOG_DIR"
 fi
 
 # Migrate cache files from <=2018.1 paths
@@ -42,6 +43,6 @@ NEW_CACHE_DIR="/var/root/Library/Caches/mullvad-daemon"
 if [ -d "$OLD_CACHE_DIR" ]; then
     echo "Found old cache dir at $OLD_CACHE_DIR, moving to $NEW_CACHE_DIR"
     mkdir -p "$NEW_CACHE_DIR"
-    mv "$OLD_CACHE_DIR"/* "$NEW_CACHE_DIR/" || true
-    rm -rf "$OLD_CACHE_DIR"
+    mv "$OLD_CACHE_DIR"/* "$NEW_CACHE_DIR/" || echo "Unable to migrate cache. No cache files?"
+    rm -r "$OLD_CACHE_DIR"
 fi