almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Updates to the macOS and Windows build scripts and documentation

Browse source
This commit is contained in:
Micah Lee 2022-08-26 14:06:06 -07:00
parent eabf7a9c18
commit 6713cce503
No known key found for this signature in database
GPG key ID: 403C2657CD994F73
5 changed files with 34 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
BUILD.md
View file

@ -54,16 +54,14 @@ Create a .rpm:
## macOS ## macOS
Install Xcode from the App Store.
Install [Docker Desktop](https://www.docker.com/products/docker-desktop). Make sure to choose your correct CPU, either Intel Chip or Apple Chip. Install [Docker Desktop](https://www.docker.com/products/docker-desktop). Make sure to choose your correct CPU, either Intel Chip or Apple Chip.
Install Python 3.9.9 [from python.org](https://www.python.org/downloads/release/python-399/). Install the latest version of Python 3.9 [from python.org](https://www.python.org/downloads/macos/), and make sure `/Library/Frameworks/Python.framework/Versions/3.9/bin` is in your `PATH`.
Install Python dependencies: Install Python dependencies:
```sh ```sh
pip3 install --user poetry python3 -m pip install poetry
poetry install poetry install
``` ```
@ -110,12 +108,12 @@ The output is in the `dist` folder.
Install [Docker Desktop](https://www.docker.com/products/docker-desktop). Install [Docker Desktop](https://www.docker.com/products/docker-desktop).
Install Python 3.9.9 (x86) [from python.org](https://www.python.org/downloads/release/python-399/). When installing it, make sure to check the "Add Python 3.9 to PATH" checkbox on the first page of the installer. Install the latest version of Python 3.9 (64-bit) [from python.org](https://www.python.org/downloads/windows/). Make sure to check the "Add Python 3.9 to PATH" checkbox on the first page of the installer.
Install [poetry](https://python-poetry.org/). Open PowerShell, and run: Install [poetry](https://python-poetry.org/):
``` ```
(Invoke-WebRequest -Uri https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py -UseBasicParsing).Content | python python -m pip install poetry
``` ```
Change to the `dangerzone` folder, and install the poetry dependencies: Change to the `dangerzone` folder, and install the poetry dependencies:

33
RELEASE.md
View file

@ -34,14 +34,13 @@ To make a macOS release, go to macOS build machine:
- Build machine must have: - Build machine must have:
- macOS 10.14 - macOS 10.14
- Apple-trusted `Developer ID Application: FIRST LOOK PRODUCTIONS, INC.` and `Developer ID Installer: FIRST LOOK PRODUCTIONS, INC.` code-signing certificates installed - Apple-trusted `Developer ID Application: FIRST LOOK PRODUCTIONS, INC. (P24U45L8P5)` code-signing certificates installed
- An app-specific Apple ID password saved in the login keychain called `flockagent-notarize`
- Verify and checkout the git tag for this release - Verify and checkout the git tag for this release
- Run `poetry install` - Run `poetry install`
- Run `poetry run ./install/macos/build_app.py --with-codesign`; this will make `dist/Dangerzone.dmg` - Run `poetry run ./install/macos/build-app.py --with-codesign`; this will make `dist/Dangerzone.dmg`
- Notarize it: `xcrun altool --notarize-app --primary-bundle-id "media.firstlook.dangerzone" -u "micah@firstlook.org" -p "@keychain:dangerzone-notarize" --file dist/Dangerzone.dmg` - Notarize it: `xcrun altool --notarize-app --primary-bundle-id "media.firstlook.dangerzone" -u "micah@firstlook.org" -p "$PASSWORD" --file dist/Dangerzone.dmg`
- Wait for it to get approved, check status with: `xcrun altool --notarization-history 0 -u "micah@firstlook.org" -p "@keychain:dangerzone-notarize"` - Wait for it to get approved, check status with: `xcrun altool --notarization-history 0 -u "micah@firstlook.org" -p "$PASSWORD"`
- (If it gets rejected, you can see why with: `xcrun altool --notarization-info [RequestUUID] -u "micah@firstlook.org" -p "@keychain:dangerzone-notarize"`) - (If it gets rejected, you can see why with: `xcrun altool --notarization-info $REQUEST_UUID -u "micah@firstlook.org" -p "$PASSWORD"`)
- After it's approved, staple the ticket: `xcrun stapler staple dist/Dangerzone.dmg` - After it's approved, staple the ticket: `xcrun stapler staple dist/Dangerzone.dmg`
This process ends up with the final file: This process ends up with the final file:
@ -54,15 +53,25 @@ Rename `Dangerzone.dmg` to `Dangerzone-$VERSION.dmg`.
## Windows release ## Windows release
To make a Windows release, go to the Windows build machine: ### Set up a Windows 11 VM for making releases
- Download a VirtualBox VM image for Windows from here: https://developer.microsoft.com/en-us/windows/downloads/virtual-machines/ and import it into VirtualBox. Also install the Oracle VM VirtualBox Extension Pack.
- Install updates
- Install git for Windows from https://git-scm.com/download/win, and clone the dangerzone repo
- Follow the Windows build instructions in `BUILD.md`, except:
- Don't install Docker Desktop (it won't work without nested virtualization)
- Install the Windows SDK from here: https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/ and add `C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool` to the path (you'll need it for `signtool.exe`)
- You'll also need the Windows codesigning certificate installed on the VM
### Build the container image
Instead of running `python .\install\windows\build-image.py` in the VM, run the build image script on the host (making sure to build for `linux/amd64`). Copy `share/container.tar.gz` and `share/image-id.txt` from the host into the `share` folder in the VM
### Build the Dangerzone binary and installer
- Build machine should be running Windows 10, and have the Windows codesigning certificate installed
- Verify and checkout the git tag for this release - Verify and checkout the git tag for this release
- Run `poetry install` - Run `poetry install`
- Run `poetry shell`, then `cd ..\pyinstaller`, `python setup.py install`, `exit` - Run `poetry run .\install\windows\build-app.bat`
- Run `poetry run install\windows\step1-build-exe.bat`
- Open a second command prompt _as an administratror_, cd to the dangerzone directory, and run: `install\windows\step2-make-symlink.bat`
- Back in the first command prompt, run: `poetry run install\windows\step3-build-installer.bat`
- When you're done you will have `dist\Dangerzone.msi` - When you're done you will have `dist\Dangerzone.msi`
Rename `Dangerzone.msi` to `Dangerzone-$VERSION.msi`. Rename `Dangerzone.msi` to `Dangerzone-$VERSION.msi`.

4
install/macos/build-app.py
View file

@ -73,9 +73,7 @@ def main():
if args.with_codesign: if args.with_codesign:
print("○ Code signing app bundle") print("○ Code signing app bundle")
identity_name_application = ( identity_name_application = "Developer ID Application: FIRST LOOK PRODUCTIONS, INC. (P24U45L8P5)"
"Developer ID Application: FIRST LOOK PRODUCTIONS, INC. (P24U45L8P5)"
)
entitlements_plist_path = os.path.join(root, "install/macos/entitlements.plist") entitlements_plist_path = os.path.join(root, "install/macos/entitlements.plist")
for path in itertools.chain( for path in itertools.chain(

6
install/windows/build-app.bat
View file

@ -6,8 +6,8 @@ REM build the exe
python .\setup-windows.py build python .\setup-windows.py build
REM code sign dangerzone.exe REM code sign dangerzone.exe
signtool.exe sign /v /d "Dangerzone" /sha1 28a4af3b6ba5ed0ef307e1b96a140e1b42450c3b /tr http://timestamp.digicert.com build\exe.win32-3.9\dangerzone.exe signtool.exe sign /v /d "Dangerzone" /sha1 1a0345732140749bdaa03efe8591b2c2a036884c /tr http://timestamp.digicert.com build\exe.win-amd64-3.9\dangerzone.exe
signtool.exe sign /v /d "Dangerzone" /sha1 28a4af3b6ba5ed0ef307e1b96a140e1b42450c3b /tr http://timestamp.digicert.com build\exe.win32-3.9\dangerzone-cli.exe signtool.exe sign /v /d "Dangerzone" /sha1 1a0345732140749bdaa03efe8591b2c2a036884c /tr http://timestamp.digicert.com build\exe.win-amd64-3.9\dangerzone-cli.exe
REM build the wix file REM build the wix file
python install\windows\build-wxs.py > build\Dangerzone.wxs python install\windows\build-wxs.py > build\Dangerzone.wxs
@ -19,7 +19,7 @@ light.exe -ext WixUIExtension Dangerzone.wixobj
REM code sign dangerzone.msi REM code sign dangerzone.msi
insignia.exe -im Dangerzone.msi insignia.exe -im Dangerzone.msi
signtool.exe sign /v /d "Dangerzone" /sha1 28a4af3b6ba5ed0ef307e1b96a140e1b42450c3b /tr http://timestamp.digicert.com Dangerzone.msi signtool.exe sign /v /d "Dangerzone" /sha1 1a0345732140749bdaa03efe8591b2c2a036884c /tr http://timestamp.digicert.com Dangerzone.msi
REM moving Dangerzone.msi to dist REM moving Dangerzone.msi to dist
cd .. cd ..

9
install/windows/build-wxs.py
View file

@ -23,7 +23,7 @@ def build_data(dirname, dir_prefix, id_, name):
id_prefix = id_ id_prefix = id_
# Skip lib/Pyside2/Examples folder # Skip lib/Pyside2/Examples folder
if "\\build\\exe.win32-3.9\\lib\\PySide2\\examples" in dirname: if "\\build\\exe.win-amd64-3.9\\lib\\PySide2\\examples" in dirname:
continue continue
id_value = f"{id_prefix}{basename.capitalize().replace('-', '_')}" id_value = f"{id_prefix}{basename.capitalize().replace('-', '_')}"
@ -121,7 +121,7 @@ def main():
dist_dir = os.path.join( dist_dir = os.path.join(
os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))), os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))),
"build", "build",
"exe.win32-3.9", "exe.win-amd64-3.9",
) )
if not os.path.exists(dist_dir): if not os.path.exists(dist_dir):
print("You must build the dangerzone binary before running this") print("You must build the dangerzone binary before running this")
@ -145,7 +145,7 @@ def main():
data["dirs"][0]["dirs"].append( data["dirs"][0]["dirs"].append(
build_data( build_data(
dist_dir, dist_dir,
"exe.win32-3.9", "exe.win-amd64-3.9",
"INSTALLDIR", "INSTALLDIR",
"Dangerzone", "Dangerzone",
) )
@ -224,9 +224,8 @@ def main():
print('<?xml version="1.0" encoding="windows-1252"?>') print('<?xml version="1.0" encoding="windows-1252"?>')
print(f'<?define ProductVersion = "{version}"?>') print(f'<?define ProductVersion = "{version}"?>')
print('<?define ProductUpgradeCode = "12b9695c-965b-4be0-bc33-21274e809576"?>') print('<?define ProductUpgradeCode = "12b9695c-965b-4be0-bc33-21274e809576"?>')
ET.indent(root_el) ET.indent(root_el)
ET.dump(root_el) print(ET.tostring(root_el).decode())
if __name__ == "__main__": if __name__ == "__main__":