macOS

README: Edit text #681

Summary
Jobs
- build
Run details
- Usage
- Workflow file

Workflow file for this run

	name: macOS

	on: [push, pull_request]

	env:
	PYTHON_VER: '3.11.1'
	PYTHON_VER_SHORT: '3.11'
	PYTHON_VER_SHORT_COMPACT: '311'
	PYOTHERSIDE_VER: '1.5.9'
	OPENSSL_VER: '1.1.1i'

	jobs:
	build:

	runs-on: macOS-latest

	steps:
	- uses: actions/checkout@v1

	- name: Install Qt
	uses: jurplel/install-qt-action@v2
	with:
	version: '5.15.1'
	host: 'mac'
	target: 'desktop'

	- name: Install dependencies from homebrew
	run: \|
	pip install --upgrade pip
	brew update
	brew install swig zlib curl coreutils \|\| true

	- name: Setup GPG
	run: \|
	curl https://keybase.io/pablogsal/pgp_keys.asc?fingerprint=a035c8c19219ba821ecea86b64e628f8d684696d \| gpg --import
	curl "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x7953ac1fbc3dc8b3b292393ed5e9e43f7df9ee8c" -o ./key1.asc
	curl "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x8657ABB260F056B1E5190839D9C4D26D0E604491" -o ./key2.asc
	gpg --import ./key1.asc
	gpg --import ./key2.asc

	- name: Build OpenSSL
	run: \|
	wget https://www.openssl.org/source/openssl-${OPENSSL_VER}.tar.gz
	wget https://www.openssl.org/source/openssl-${OPENSSL_VER}.tar.gz.asc
	gpg --verify openssl-${OPENSSL_VER}.tar.gz.asc
	tar -xzvf openssl-${OPENSSL_VER}.tar.gz
	cd openssl-${OPENSSL_VER}
	sudo env MACOSX_DEPLOYMENT_TARGET=10.13 ./config --prefix=/opt/openssl
	sudo env MACOSX_DEPLOYMENT_TARGET=10.13 make
	sudo make install

	- name: Build Python as a framework
	run: \|
	wget https://www.python.org/ftp/python/${PYTHON_VER}/Python-${PYTHON_VER}.tgz
	wget https://www.python.org/ftp/python/${PYTHON_VER}/Python-${PYTHON_VER}.tgz.asc
	gpg --verify Python-${PYTHON_VER}.tgz.asc
	tar -xzvf Python-${PYTHON_VER}.tgz
	cd Python-${PYTHON_VER}
	# Make sure gettext is not installed when configuring Python,
	# otherwise it seems to break the linking for PyOtherSide build later.
	# Re-intall after, because it's needed for wget.
	brew uninstall gettext --ignore-dependencies
	#brew unlink python@3.9
	./configure MACOSX_DEPLOYMENT_TARGET=10.13 CPPFLAGS="-I/opt/openssl/include" LDFLAGS="-L/opt/openssl/lib" CC=clang --enable-framework --with-openssl=/opt/openssl --enable-optimizations
	sudo make altinstall
	#brew link --overwrite python@3.9
	brew reinstall gettext

	- name: Install python dependencies
	run: \|
	sudo /Library/Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/bin/pip${PYTHON_VER_SHORT} install --upgrade pip
	sudo env MACOSX_DEPLOYMENT_TARGET=10.13 CFLAGS="-I/opt/openssl/include" LDFLAGS="-L/opt/openssl/lib" /Library/Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/bin/pip${PYTHON_VER_SHORT} install -r requirements.txt
	sudo patch /Library/Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/lib/python${PYTHON_VER_SHORT}/site-packages/ykman/otp.py .github/workflows/macos-ykman-patch.patch


	- name: Change id for bundled Python
	run: sudo sed -i '' 's/org.python.python/com.yubico.python/g' /Library/Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/Resources/Python.app/Contents/Info.plist

	- name: Build PyOtherSide QML plugin
	run: \|
	wget https://github.com/thp/pyotherside/archive/${PYOTHERSIDE_VER}.tar.gz
	echo "189cb0b973e40fcb6b95fd51b0bcd6cc8494b514d49ffe966ec488cf05bbf51e ${PYOTHERSIDE_VER}.tar.gz" \| sha256sum -c -
	tar -xzvf ${PYOTHERSIDE_VER}.tar.gz
	echo "DEFINES += QT_NO_DEBUG_OUTPUT" >> pyotherside-${PYOTHERSIDE_VER}/src/src.pro
	cd pyotherside-${PYOTHERSIDE_VER}
	qmake PYTHON_CONFIG=/Library/Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/bin/python${PYTHON_VER_SHORT}-config
	make
	sudo make install

	- name: Build yubikey-manager-qt
	run: \|
	qmake
	make

	- name: Copy over CLI binary to app bundle
	run: cp ykman-cli/ykman ykman-gui/ykman-gui.app/Contents/MacOS/

	- name: Run macdeployqt
	run: macdeployqt ykman-gui/ykman-gui.app/ -qmldir=ykman-gui/qml/ -appstore-compliant

	- name: Copy over dynamic libraries
	run: \|
	sudo find /opt/openssl/ -name '*.dylib' -exec cp '{}' ykman-gui/ykman-gui.app/Contents/Frameworks/ ';'

	- name: Copy over Python.framework to app bundle
	run: \|
	cp -a /Library/Frameworks/Python.framework ykman-gui/ykman-gui.app/Contents/Frameworks/
	sudo find ykman-gui/ykman-gui.app/Contents/Frameworks/Python.framework -name '*.pyc' -delete
	sudo find ykman-gui/ykman-gui.app/Contents/Frameworks/Python.framework -name '__pycache__' -delete

	- name: Point pyotherside to relative Python
	run: \|
	sudo install_name_tool -change /Library/Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/Python @executable_path/../Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/Python ykman-gui/ykman-gui.app/Contents/PlugIns/quick/libpyothersideplugin.dylib

	- name: Point custom Python share objects to relative openssl dylibs
	run: \|
	sudo install_name_tool -change /opt/openssl/lib/libcrypto.1.1.dylib @executable_path/../Frameworks/libcrypto.1.1.dylib ykman-gui/ykman-gui.app/Contents/Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/lib/python${PYTHON_VER_SHORT}/lib-dynload/_ssl.cpython-${PYTHON_VER_SHORT_COMPACT}-darwin.so
	sudo install_name_tool -change /opt/openssl/lib/libssl.1.1.dylib @executable_path/../Frameworks/libssl.1.1.dylib ykman-gui/ykman-gui.app/Contents/Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/lib/python${PYTHON_VER_SHORT}/lib-dynload/_ssl.cpython-${PYTHON_VER_SHORT_COMPACT}-darwin.so
	sudo install_name_tool -change /opt/openssl/lib/libcrypto.1.1.dylib @executable_path/../Frameworks/libcrypto.1.1.dylib ykman-gui/ykman-gui.app/Contents/Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/lib/python${PYTHON_VER_SHORT}/lib-dynload/_hashlib.cpython-${PYTHON_VER_SHORT_COMPACT}-darwin.so
	sudo install_name_tool -change /opt/openssl/lib/libssl.1.1.dylib @executable_path/../Frameworks/libssl.1.1.dylib ykman-gui/ykman-gui.app/Contents/Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/lib/python${PYTHON_VER_SHORT}/lib-dynload/_hashlib.cpython-${PYTHON_VER_SHORT_COMPACT}-darwin.so
	sudo install_name_tool -change /opt/openssl/lib/libcrypto.1.1.dylib @executable_path/../Frameworks/libcrypto.1.1.dylib ykman-gui/ykman-gui.app/Contents/Frameworks/libssl.1.1.dylib
	sudo install_name_tool -change /opt/openssl/lib/libcrypto.1.1.dylib @executable_path/../Frameworks/libcrypto.1.1.dylib ykman-gui/ykman-gui.app/Contents/Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/lib/python${PYTHON_VER_SHORT}/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so
	sudo install_name_tool -change /opt/openssl/lib/libssl.1.1.dylib @executable_path/../Frameworks/libssl.1.1.dylib ykman-gui/ykman-gui.app/Contents/Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/lib/python${PYTHON_VER_SHORT}/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so

	- name: Point to relative Qt for CLI binary (macdeployqt doesn't fix this)
	run: \|
	sudo install_name_tool -change /usr/local/opt/qt/lib/QtQml.framework/Versions/5/QtQml @executable_path/../Frameworks/QtQml.framework/Versions/5/QtQml ykman-gui/ykman-gui.app/Contents/MacOS/ykman
	sudo install_name_tool -change /usr/local/opt/qt/lib/QtNetwork.framework/Versions/5/QtNetwork @executable_path/../Frameworks/QtNetwork.framework/Versions/5/QtNetwork ykman-gui/ykman-gui.app/Contents/MacOS/ykman
	sudo install_name_tool -change /usr/local/opt/qt/lib/QtCore.framework/Versions/5/QtCore @executable_path/../Frameworks/QtCore.framework/Versions/5/QtCore ykman-gui/ykman-gui.app/Contents/MacOS/ykman

	- name: Remove extra files
	run: \|
	rm -rf ykman-gui/ykman-gui.app/Contents/Frameworks/Python.framework/Versions/2.7
	rm -rf ykman-gui/ykman-gui.app/Contents/Resources/pymodules

	- name: Rename and archive app bundle
	run: \|
	export REF=$(echo ${GITHUB_REF} \| cut -d '/' -f 3)
	mv ykman-gui/ykman-gui.app YubiKey\ Manager.app
	tar -czf yubikey-manager-qt-${REF}.app.tar.gz YubiKey\ Manager.app
	mkdir deploy
	mv yubikey-manager-qt-${REF}.app.tar.gz deploy

	- name: Uninstall runtime dependencies
	run: \|
	brew uninstall openssl@1.1 python --ignore-dependencies
	sudo rm -rf /usr/local/Cellar/qt

	- name: Run GUI
	run: \|
	./YubiKey\ Manager.app/Contents/MacOS/ykman-gui --version
	./YubiKey\ Manager.app/Contents/MacOS/ykman-gui --help

	- name: Run CLI
	run: \|
	./YubiKey\ Manager.app/Contents/MacOS/ykman --version
	[[ -z "$(./YubiKey\ Manager.app/Contents/MacOS/ykman --version \| grep -E "not found\|missing")" ]]

	- name: Upload artifact
	uses: actions/upload-artifact@v1
	with:
	name: yubikey-manager-qt-macos-app-bundle
	path: deploy

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README: Edit text #681

Workflow file

README: Edit text #681

Jobs

Run details

Workflow file for this run