diff options
| -rwxr-xr-x | build.sh | 22 | ||||
| -rw-r--r-- | gui/tasks/distribution.js | 26 |
2 files changed, 34 insertions, 14 deletions
@@ -21,6 +21,7 @@ source env.sh "" if [[ "${1:-""}" != "--dev-build" ]]; then BUILD_MODE="release" + NPM_PACK_ARGS="" if [[ $(git diff --shortstat 2> /dev/null | tail -n1) != "" ]]; then echo "Dirty working directory!" echo "You should only build releases in clean working directories in order to make it" @@ -48,6 +49,7 @@ if [[ "${1:-""}" != "--dev-build" ]]; then fi else BUILD_MODE="dev" + NPM_PACK_ARGS="--no-compression" echo "!! Development build. Not for general distribution !!" unset CSC_LINK CSC_KEY_PASSWORD export CSC_IDENTITY_AUTO_DISCOVERY=false @@ -57,6 +59,9 @@ if [[ "$BUILD_MODE" == "dev" || $(git describe) != "$PRODUCT_VERSION" ]]; then GIT_COMMIT=$(git rev-parse HEAD | head -c 6) PRODUCT_VERSION="$PRODUCT_VERSION-dev-$GIT_COMMIT" echo "Modifying product version to $PRODUCT_VERSION" + + echo "Disabling Apple notarization (macOs only) of installer in this dev build" + NPM_PACK_ARGS+=" --no-apple-notarization" else echo "Removing old Rust build artifacts" cargo +stable clean @@ -164,21 +169,10 @@ npm install echo "Packing final release artifact..." -if [[ "$BUILD_MODE" == "dev" ]]; then - # Disable installer compression on *explicit* dev builds. - # This does not disable compression on build server builds, since they - # always run without --dev-build. - echo "Disabling compression of installer in this dev build" - - PACK_ARGS="--no-compression" -else - PACK_ARGS="" -fi - case "$(uname -s)" in - Linux*) npm run pack:linux -- $PACK_ARGS;; - Darwin*) npm run pack:mac -- $PACK_ARGS;; - MINGW*) npm run pack:win -- $PACK_ARGS;; + Linux*) npm run pack:linux -- $NPM_PACK_ARGS;; + Darwin*) npm run pack:mac -- $NPM_PACK_ARGS;; + MINGW*) npm run pack:win -- $NPM_PACK_ARGS;; esac popd diff --git a/gui/tasks/distribution.js b/gui/tasks/distribution.js index 16bdd4f811..c950a24950 100644 --- a/gui/tasks/distribution.js +++ b/gui/tasks/distribution.js @@ -3,12 +3,14 @@ const fs = require('fs'); const builder = require('electron-builder'); const rimraf = require('rimraf'); const util = require('util'); +const { notarize } = require('electron-notarize'); const renameAsync = util.promisify(fs.rename); const unlinkAsync = util.promisify(fs.unlink); const rimrafAsync = util.promisify(rimraf); const compression = process.argv.indexOf('--no-compression') !== -1 ? 'store' : 'normal'; +const noAppleNotarization = process.argv.indexOf('--no-apple-notarization') !== -1; const config = { appId: 'net.mullvad.vpn', @@ -156,6 +158,8 @@ function packWin() { function packMac() { let appOutDir; + let outDir; + let appVersion; return builder.build({ targets: builder.Platform.MAC.createTarget(), @@ -163,16 +167,38 @@ function packMac() { ...config, afterPack: (context) => { appOutDir = context.appOutDir; + outDir = context.outDir; + appVersion = context.packager.appInfo.version; return Promise.resolve(); }, afterAllArtifactBuild: (buildResult) => { + if (!noAppleNotarization) { + notarizeMac(path.join(outDir, `MullvadVPN-${appVersion}.pkg`)); + } // remove the folder that contains the unpacked app return rimrafAsync(appOutDir); }, + afterSign: noAppleNotarization + ? undefined + : (context) => { + const appOutDir = context.appOutDir; + const appName = context.packager.appInfo.productFilename; + return notarizeMac(path.join(appOutDir, `${appName}.app`)); + }, }, }); } +function notarizeMac(notarizePath) { + console.log('Notarizing ' + notarizePath); + return notarize({ + appBundleId: config.appId, + appPath: notarizePath, + appleId: process.env.NOTARIZE_APPLE_ID, + appleIdPassword: process.env.NOTARIZE_APPLE_ID_PASSWORD, + }); +} + function packLinux() { return builder.build({ targets: builder.Platform.LINUX.createTarget(), |