Commit 801ec017 authored by Romain Bioteau's avatar Romain Bioteau Committed by GitHub
Browse files

tr(build) improve signing lifycle (#1292)

* use a script to sign binaries
* update sign profile
parent 8b19f136
<assembly
xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">
<id>all-in-one-zip</id>
<formats>
<format>zip</format>
</formats>
<includeBaseDirectory>true</includeBaseDirectory>
<fileSets>
<fileSet>
<directory>${project.build.directory}/products/org.bonitasoft.studio.product/macosx/cocoa/x86_64/${product.short.name}-${project.version}.app</directory>
<includes>
<include>**</include>
</includes>
<outputDirectory />
</fileSet>
</fileSets>
</assembly>
\ No newline at end of file
......@@ -45,7 +45,4 @@ slide2=${img.folder}/slide02-01.png
slide3=${img.folder}/slide03-01.png
#path from install dir (runtime) to xpm file
linux.icon=${all.in.one.foler}/icon.xpm
certificate.pfx.file=${project.build.directory}/selfsigned-certificate-1.0.0.pfx
certifacte.secret=${certifacteSecret}
\ No newline at end of file
linux.icon=${all.in.one.foler}/icon.xpm
\ No newline at end of file
......@@ -14,6 +14,7 @@
<windowsExecutableIcon>@windows.ico@</windowsExecutableIcon>
<osxApplicationBundleIcon>@mac.installer.icns@</osxApplicationBundleIcon>
<osxPlatforms>osx-intel osx-x86_64</osxPlatforms>
<createOsxBundleZip>1</createOsxBundleZip>
<createUninstaller>@enable.uninstaller@</createUninstaller>
<slideShowLoop>1</slideShowLoop>
<slideShowTiming>8</slideShowTiming>
......@@ -306,30 +307,6 @@ ${installdir}/@mac.shortcut.name@/Contents/Eclipse/jre/Contents/Home/bin/java</v
</ruleList>
</substitute>
</postInstallationActionList>
<postBuildActionList>
<actionGroup>
<actionList>
<createTimeStamp>
<format>%Y%m%d%H%M%S</format>
<variable>timestamp</variable>
</createTimeStamp>
<createDirectory>
<path>${outputDirectory}/${installerFilename}.app</path>
</createDirectory>
<copyFile>
<destination>${outputDirectory}/${installerFilename}.app/</destination>
<origin>@bitrock.output@/${installerFilename}/Contents</origin>
</copyFile>
</actionList>
<ruleList>
<compareValues>
<logic>equals</logic>
<value1>${platform_name}</value1>
<value2>osx</value2>
</compareValues>
</ruleList>
</actionGroup>
</postBuildActionList>
<finalPageActionList>
<runProgram>
<ruleList>
......
......@@ -90,6 +90,13 @@
<plugins>
<plugin>
<artifactId>maven-clean-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>clean</goal>
</goals>
</execution>
</executions>
<configuration>
<filesets>
<fileset>
......@@ -281,61 +288,26 @@
<goal>single</goal>
</goals>
</execution>
<execution>
<id>make-macos-zip-assembly</id>
<phase>package</phase>
<configuration>
<appendAssemblyId>false</appendAssemblyId>
<descriptors>
<descriptor>${basedir}/assembly-macos-zip-descriptor.xml</descriptor>
</descriptors>
<finalName>${product.short.name}-${project.version}.app</finalName>
</configuration>
<goals>
<goal>single</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
<profiles>
<profile>
<id>sign</id>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<executions>
<execution>
<id>sign-x86_64-exe</id>
<phase>process-resources</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>/bin/bash</executable>
<commandlineArgs>-c "curl --request POST -F exeFile=@${product.short.name}.exe ${signServiceURL} &gt; /tmp/${product.short.name}.exe &#38;&#38; cat /tmp/${product.short.name}.exe > ${product.short.name}.exe"</commandlineArgs>
<workingDirectory>${project.build.directory}/products/${productId}/win32/win32/x86_64/</workingDirectory>
</configuration>
</execution>
<execution>
<id>sign-x86-exe</id>
<phase>process-resources</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>/bin/bash</executable>
<commandlineArgs>-c "curl --request POST -F exeFile=@${product.short.name}.exe ${signServiceURL} &gt; /tmp/${product.short.name}.exe &#38;&#38; cat /tmp/${product.short.name}.exe > ${product.short.name}.exe"</commandlineArgs>
<workingDirectory>${project.build.directory}/products/${productId}/win32/win32/x86/</workingDirectory>
</configuration>
</execution>
<execution>
<id>sign-osx-app</id>
<phase>process-resources</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>/bin/bash</executable>
<commandlineArgs>-c "zip -q ${product.short.name}-${project.version}.zip -r ${product.short.name}-${project.version}.app &#38;&#38; curl --request POST -F exeFile=@${product.short.name}-${project.version}.zip ${macSignServiceURL} &gt; /tmp/${product.short.name}-${project.version}.zip &#38;&#38; cat /tmp/${product.short.name}-${project.version}.zip > ${product.short.name}-${project.version}.zip &#38;&#38; rm -r ${product.short.name}-${project.version}.app &#38;&#38; unzip -q ${product.short.name}-${project.version}.zip &#38;&#38; rm ${product.short.name}-${project.version}.zip"</commandlineArgs>
<workingDirectory>${project.build.directory}/products/${productId}/macosx/cocoa/x86_64/</workingDirectory>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>buildInstaller</id>
<activation>
......@@ -401,18 +373,6 @@
<goal>exec</goal>
</goals>
</execution>
<execution>
<id>build-and-sign-osx-dmg</id>
<phase>verify</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>/bin/bash</executable>
<commandlineArgs>-c "mv ${product.short.name}-${project.version}-osx ${product.short.name}-${project.version}-osx.app &#38;&#38; zip -q ${product.short.name}-${project.version}-osx.zip -r ${product.short.name}-${project.version}-osx.app &#38;&#38; curl --request POST -F exeFile=@${product.short.name}-${project.version}-osx.zip ${macBuildAndSignInstallerServiceURL} &gt; /tmp/${product.short.name}-${project.version}-osx.zip &#38;&#38; cat /tmp/${product.short.name}-${project.version}-osx.zip > ${product.short.name}-${project.version}-osx.zip &#38;&#38; unzip -q ${product.short.name}-${project.version}-osx.zip &#38;&#38; rm ${product.short.name}-${project.version}-osx.zip"</commandlineArgs>
<workingDirectory>${project.build.directory}/installers/output/</workingDirectory>
</configuration>
</execution>
<execution>
<id>win-x86</id>
<phase>package</phase>
......@@ -441,30 +401,6 @@
<goal>exec</goal>
</goals>
</execution>
<execution>
<id>sign-installer-x86_64-exe</id>
<phase>verify</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>/bin/bash</executable>
<commandlineArgs>-c "curl --request POST -F exeFile=@${product.short.name}-${project.version}-x86_64.exe ${signServiceURL} &gt; /tmp/${product.short.name}-${project.version}-x86_64.exe &#38;&#38; cat /tmp/${product.short.name}-${project.version}-x86_64.exe > ${product.short.name}-${project.version}-x86_64.exe"</commandlineArgs>
<workingDirectory>${project.build.directory}/installers/output/</workingDirectory>
</configuration>
</execution>
<execution>
<id>sign-installer-x86-exe</id>
<phase>verify</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>/bin/bash</executable>
<commandlineArgs>-c "curl --request POST -F exeFile=@${product.short.name}-${project.version}-x86.exe ${signServiceURL} &gt; /tmp/${product.short.name}-${project.version}-x86.exe &#38;&#38; cat /tmp/${product.short.name}-${project.version}-x86.exe > ${product.short.name}-${project.version}-x86.exe"</commandlineArgs>
<workingDirectory>${project.build.directory}/installers/output/</workingDirectory>
</configuration>
</execution>
</executions>
<configuration>
<executable>${BITROCK_HOME}/bin/builder</executable>
......@@ -527,7 +463,7 @@
<property name="bitrock.install" value="${project.build.directory}/installers" />
<property name="os_arch" value="64" />
<property file="installer/installer.properties" />
<property name="installer.name" value="${product.short.name}-${product.version}-osx" />
<property name="installer.name" value="${product.short.name}-${product.version}-macOs" />
<property name="updated.project.file" value="${basedir}/installer/installer_project_macosx_x86_64.xml" />
<ant antfile="createInstallerProject.xml" />
</target>
......@@ -708,5 +644,109 @@
</plugins>
</build>
</profile>
<profile>
<id>sign</id>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<executions>
<execution>
<id>sign-x86_64-exe</id>
<phase>process-resources</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>./sign.sh</executable>
<arguments>
<argument>${product.short.name}.exe</argument>
<argument>${signServiceURL}</argument>
<argument>${project.build.directory}/products/${productId}/win32/win32/x86_64/</argument>
</arguments>
<workingDirectory>${basedir}/codesign</workingDirectory>
</configuration>
</execution>
<execution>
<id>sign-x86-exe</id>
<phase>process-resources</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>./sign.sh</executable>
<arguments>
<argument>${product.short.name}.exe</argument>
<argument>${signServiceURL}</argument>
<argument>${project.build.directory}/products/${productId}/win32/win32/x86/</argument>
</arguments>
</configuration>
</execution>
<execution>
<id>sign-osx-app</id>
<phase>process-resources</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>./sign.sh</executable>
<arguments>
<argument>${project.build.directory}</argument>
<argument>${macSignServiceURL}</argument>
<argument>${product.short.name}-${project.version}.app.zip</argument>
</arguments>
</configuration>
</execution>
<execution>
<id>sign-installer-x86_64-exe</id>
<phase>verify</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>./sign.sh</executable>
<arguments>
<argument>${product.short.name}-${project.version}-x86_64.exe</argument>
<argument>${signServiceURL}</argument>
<argument>${project.build.directory}/installers/output/</argument>
</arguments>
</configuration>
</execution>
<execution>
<id>sign-installer-x86-exe</id>
<phase>verify</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>./sign.sh</executable>
<arguments>
<argument>${product.short.name}-${project.version}-x86.exe</argument>
<argument>${signServiceURL}</argument>
<argument>${project.build.directory}/installers/output/</argument>
</arguments>
</configuration>
</execution>
<execution>
<id>build-and-sign-osx-dmg</id>
<phase>verify</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>./sign.sh</executable>
<arguments>
<argument>${product.short.name}-${project.version}-macOs.zip</argument>
<argument>${macBuildAndSignInstallerServiceURL}</argument>
<argument>${project.build.directory}/installers/output/</argument>
</arguments>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>
#!/bin/sh
filename=$1
url=$2
workDir=$3
cd $workDir
if [ -f $filename ]; then
curl --request POST -F exeFile=@$filename $url > /tmp/$filename
cat /tmp/$filename > $filename
fi
\ No newline at end of file
......@@ -67,7 +67,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-clean-plugin</artifactId>
<version>2.5</version>
<version>3.1.0</version>
</plugin>
<plugin>
<groupId>org.eclipse.tycho</groupId>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment