-
Notifications
You must be signed in to change notification settings - Fork 7
/
rel.sh
executable file
·179 lines (153 loc) · 5.59 KB
/
rel.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
#!/bin/bash
set -e
#######################################
# Variables
#######################################
APP_NAME="projectm_sdl"
BUNDLE_ID="projectM"
DEVELOPER_ID="Developer ID Application: Mischa Spiegelmock (5926VBQM6Y)"
TEAM_ID="5926VBQM6Y"
KEYCHAIN_PROFILE="projectm"
BUILD_DIR="target"
OUTPUT_DIR="${PWD}/dist"
# Paths for universal binary
UNIVERSAL_BINARY="${OUTPUT_DIR}/${APP_NAME}"
# .app bundle paths
APP_BUNDLE_NAME="${APP_NAME}.app"
APP_BUNDLE_PATH="${OUTPUT_DIR}/${APP_BUNDLE_NAME}"
APP_EXECUTABLE_PATH="${APP_BUNDLE_PATH}/Contents/MacOS"
INFO_PLIST_PATH="${APP_BUNDLE_PATH}/Contents/Info.plist"
RESOURCES_PATH="${APP_BUNDLE_PATH}/Contents/Resources"
# Entitlements file (if sandboxing is needed)
ENTITLEMENTS_FILE="${OUTPUT_DIR}/entitlements.plist"
# Zip paths
PRE_NOTARIZATION_ZIP="${OUTPUT_DIR}/${APP_NAME}-pre-notarization.zip"
FINAL_ZIP="${OUTPUT_DIR}/${APP_NAME}.zip"
#######################################
# 1) Build Rust Binaries (x86_64 + arm64)
#######################################
echo "==> Building for x86_64"
cargo build --release --target x86_64-apple-darwin
echo "==> Building for arm64"
cargo build --release --target aarch64-apple-darwin
#######################################
# 2) Create Universal Binary
#######################################
mkdir -p "${OUTPUT_DIR}"
echo "==> Creating universal binary"
lipo -create -output "${UNIVERSAL_BINARY}" \
"${BUILD_DIR}/x86_64-apple-darwin/release/${APP_NAME}" \
"${BUILD_DIR}/aarch64-apple-darwin/release/${APP_NAME}"
#######################################
# 3) Create .app Bundle Structure
#######################################
echo "==> Creating .app bundle structure"
rm -rf "${APP_BUNDLE_PATH}" || true
mkdir -p "${APP_EXECUTABLE_PATH}"
mkdir -p "${RESOURCES_PATH}"
# Move the universal binary into MacOS/
mv "${UNIVERSAL_BINARY}" "${APP_EXECUTABLE_PATH}/${APP_NAME}"
#######################################
# 4) Create Info.plist with Microphone Access
#######################################
echo "==> Creating Info.plist"
cat > "${INFO_PLIST_PATH}" <<EOL
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleName</key>
<string>${APP_NAME}</string>
<key>CFBundleIdentifier</key>
<string>${BUNDLE_ID}</string>
<key>CFBundleVersion</key>
<string>1.0</string>
<key>CFBundleExecutable</key>
<string>${APP_NAME}</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>LSMinimumSystemVersion</key>
<string>10.12</string>
<key>NSMicrophoneUsageDescription</key>
<string>This app requires microphone access for audio input.</string>
</dict>
</plist>
EOL
#######################################
# 5) (Optional) Create Entitlements File for Sandboxing
#######################################
echo "==> Creating entitlements file for sandboxing (optional)"
cat > "${ENTITLEMENTS_FILE}" <<EOL
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.device.audio-input</key>
<true/>
</dict>
</plist>
EOL
#######################################
# 6) Clone and Copy Presets/Textures
#######################################
echo "==> Cloning preset repositories"
TEMP_DIR="$(mktemp -d)"
pushd "$TEMP_DIR" >/dev/null
# cream-of-the-crop
git clone git@github.com:projectM-visualizer/presets-cream-of-the-crop.git
mkdir -p "${RESOURCES_PATH}/presets"
cp -R presets-cream-of-the-crop/"." "${RESOURCES_PATH}/presets/"
# milkdrop-texture-pack
git clone git@github.com:projectM-visualizer/presets-milkdrop-texture-pack.git
mkdir -p "${RESOURCES_PATH}/textures"
cp -R presets-milkdrop-texture-pack/textures/"." "${RESOURCES_PATH}/textures/"
popd >/dev/null
rm -rf "$TEMP_DIR"
#######################################
# 7) Sign the .app Bundle with Entitlements
#######################################
echo "==> Signing the .app with hardened runtime and entitlements"
codesign --deep --verbose --force --options runtime \
--entitlements "${ENTITLEMENTS_FILE}" \
--sign "${DEVELOPER_ID}" "${APP_BUNDLE_PATH}"
#######################################
# 8) Zip the Signed .app for Notarization
#######################################
echo "==> Creating zip for notarization"
rm -f "${PRE_NOTARIZATION_ZIP}"
ditto -c -k --sequesterRsrc --keepParent \
"${APP_BUNDLE_PATH}" \
"${PRE_NOTARIZATION_ZIP}"
#######################################
# 9) Submit the Zip File for Notarization
#######################################
echo "==> Submitting for notarization"
xcrun notarytool submit "${PRE_NOTARIZATION_ZIP}" \
--keychain-profile "${KEYCHAIN_PROFILE}" \
--team-id "${TEAM_ID}" \
--wait
#######################################
# 10) Staple the Now-Notarized .app
#######################################
echo "==> Stapling notarization ticket to .app"
xcrun stapler staple "${APP_BUNDLE_PATH}"
#######################################
# 11) (Optional) Create Final Zip with Stapled .app
#######################################
echo "==> Creating final zip of stapled .app"
rm -f "${FINAL_ZIP}"
ditto -c -k --sequesterRsrc --keepParent \
"${APP_BUNDLE_PATH}" \
"${FINAL_ZIP}"
#######################################
# 12) Verify with Gatekeeper
#######################################
echo "==> Verifying with spctl"
spctl --assess --verbose=4 "${APP_BUNDLE_PATH}"
rm "${PRE_NOTARIZATION_ZIP}"
rm "${ENTITLEMENTS_FILE}"
echo "✅ Build, sign, notarize, staple, and package completed successfully!"