use different keys for native code signing and app signing

update the command used to notarize the app
don't over-write builder provided environment variables in config.sh
2023-01-12 00:36:58 +00:00 · 2023-01-10 18:48:28 +00:00 · 2022-12-28 01:35:01 +00:00 · 2022-12-09 16:08:10 +00:00 · 2022-12-09 16:02:19 +00:00 · 2022-12-09 15:58:25 +00:00
5 changed files with 65 additions and 43 deletions
--- a/BUILD.md
+++ b/BUILD.md
@@ -72,6 +72,7 @@ In order to configure your release environment, you must set the following
 environment variables:
 - `I2P_SIGNER` should be the [Apple Developer ID of the signer](https://developer.apple.com/support/developer-id/)
 - `I2P_CODE_SIGNER` should be the Apple Developer ID for Code Signing of the signer(Usually find this with `security find-identity -v -p codesigning`)
 - `I2P_VERSION` should be the version of the I2P router that you want to use
 - `I2P_BUILD_NUMBER` should be an integer greater than `0`.
--- a/README.md
+++ b/README.md
@@ -30,10 +30,16 @@ In order to build an AppBundle that can work from anywhere, it is necessary to u
 1. You need an "app-specific password" which you can create at https://appleid.apple.com
 2. Execute 
 ```
-xcrun altool --eval-app --primary-bundle-id net.i2p.router -u <your Apple id> -f <name of the .dmg file>
+xcrun notarytool store-credentials "$AC_PASSWORD"
               --apple-id "$AC_USERNAME"
               --team-id "$WWDRTeamID"
               --password "$secret_2FA_password"
 ```
-This will ask you for the password you generated in step 1 and will return a long UUID string you can use to check the progress.
+ - In this example command:
-
+ - `AC_PASSWORD` is the name of the credentials config.
 - `AC_USERNAME` is the username of the Apple Account.
 - `WWDRTeamID` is the developer/team ID available from the Apple Account.
 - `secret_2FA_Password` is the app-specific password you set up in the first step.
 3. Periodically execute the following to check the progress of the notarisation:
 ```
 xcrun altool --eval-info <the long UUID string> -u <your Apple id>
--- a/build.sh
+++ b/build.sh
@@ -21,7 +21,6 @@ fi
 if [ -z "${I2P_SIGNER}" ]; then
    echo "I2P_SIGNER variable not set, can't sign. Script will terminate after unsigned app-image generation"
    exit 1
 fi
 if [ -z ${I2P_VERSION} ]; then
@@ -67,17 +66,25 @@ cd ..
 echo "compiling native lib"
 cc -v -Wl,-lobjc -mmacosx-version-min=10.9 -I"$JAVA_HOME/include" -I"$JAVA_HOME/include/darwin" -Ic -o build/libMacLauncher.jnilib -shared c/net_i2p_router_MacLauncher.c 
-echo "signing jbigi libs"
+if [ -z $I2P_SIGNER ]; then
-mkdir jbigi
+    echo "I2P_SIGNER is unset, not proceeding to sign jbigi libs"
-cp $I2P_JARS/jbigi.jar jbigi
+    cp $I2P_JARS/jbigi.jar build
-cd jbigi
+else
-unzip jbigi.jar
+    echo "signing jbigi libs"
-for lib in *.jnilib; do
+    mkdir jbigi
-    codesign --force -s $I2P_SIGNER -v $lib
+    cp $I2P_JARS/jbigi.jar jbigi
-    jar uf jbigi.jar $lib
+    cd jbigi
-done
+    unzip jbigi.jar
-cp jbigi.jar ../build
+    for lib in *.jnilib; do
-cd ..
+        codesign --force -s $I2P_SIGNER -v $lib
        jar uf jbigi.jar $lib
    done
    cp jbigi.jar ../build
    cd ..
 fi
 I2P_VERSION=$(java -cp build/router.jar net.i2p.router.RouterVersion | sed "s/.*: //" | head -n 1)
 echo "preparing to invoke jpackage for I2P version $I2P_VERSION build $I2P_BUILD_NUMBER"
@@ -127,15 +134,21 @@ if [ -z $I2P_SIGNER ]; then
    exit 0 
 fi
-if [ $I2P_SIGNER = signer@mail.i2p]; then
+
 echo "signing the runtime libraries"
 if [ $I2P_CODE_SIGNER = signer@mail.i2p ]; then
    echo "I2P_CODE_SIGNER is unset, not signing dylibs or jnilibs, app will fail notarization"
 else
    find I2P.app -name *.dylib -exec codesign --force -s $I2P_CODE_SIGNER -v '{}' \;
    find I2P.app -name *.jnilib -exec codesign --force -s $I2P_CODE_SIGNER -v '{}' \;
 fi
 if [ $I2P_SIGNER = signer@mail.i2p ]; then
    echo "I2P_SIGNER is unset, not proceeding to signing phase"
    exit 0 
 fi
 echo "signing the runtime libraries"
 find I2P.app -name *.dylib -exec codesign --force -s $I2P_SIGNER -v '{}' \;
 find I2P.app -name *.jnilib -exec codesign --force -s $I2P_SIGNER -v '{}' \;
 echo "signing the bundle"
 codesign --force -d --deep -f \
    --options=runtime \
--- a/config.sh
+++ b/config.sh
@@ -1,5 +1,26 @@
 #! /usr/bin/env sh
-I2P_SIGNER=signer@mail.i2p
+if [ -z $I2P_SIGNER ]; then
-I2P_VERSION=2.0.0
+    # This is the team ID of the Apple account associated with the app. It is used to sign the DMG.
-I2P_BUILD_NUMBER=1
+    # it is a unique ID which is a short, random-looking string.
    I2P_SIGNER=signer@mail.i2p
 fi
 if [ -z $I2P_CODE_SIGNER ]; then
    # This is the code signing ID of the team associated with the Apple Account. it is used to sign the libraries.
    # it is a unique ID which is a short, random-looking string.
    I2P_SIGNER=signer@mail.i2p
 fi
 if [ -z $I2P_VERSION ]; then
    I2P_VERSION=2.0.0
 fi
 if [ -z $I2P_BUILD_NUMBER ]; then
    I2P_BUILD_NUMBER=1
 fi
 # Uncomment/Edit this line to include the signer in the config file
 # I2P_SIGNER=signer@mail.i2p
 # Uncomment/Edit this line to include the code signer in the config file
 # I2P_CODE_SIGNER=signer@mail.i2p
 # Uncomment/Edit this line to include the version number in the config file
 # I2P_VERSION=2.0.0
 # Uncomment/Edit this line to include the build number in the config file
 # I2P_BUILD_NUMBER=1
--- a/java/net/i2p/router/MacLauncher.java
+++ b/java/net/i2p/router/MacLauncher.java
@@ -18,7 +18,6 @@ public class MacLauncher {
    /** this is totally undocumented */
    private static final String APP_PATH = "jpackage.app-path";
    private static Router i2pRouter;
    public static void main(String[] args) throws Exception {
        String path = System.getProperty(APP_PATH,"unknown");
@@ -43,30 +42,12 @@ public class MacLauncher {
        }
        i2pRouter = new Router(System.getProperties());
        Thread registrationThread = new Thread(REGISTER_UPP);
        registrationThread.setName("UPP Registration");
        registrationThread.setDaemon(true);
        registrationThread.start();
-        String arch = System.getProperty("os.arch");
+        RouterLaunch.main(args);
        if (arch.equals("aarch64")) {
            changeSetting(i2pRouter, "router.newsURL", "http://tc73n4kivdroccekirco7rhgxdg5f3cjvbaapabupeyzrqwv5guq.b32.i2p/mac-arm64/stable/news.su3");
            changeSetting(i2pRouter, "router.backupNewsURL", "http://dn3tvalnjz432qkqsvpfdqrwpqkw3ye4n4i2uyfr4jexvo3sp5ka.b32.i2p/news/mac-arm64/stable/news.su3");
        } else {
            changeSetting(i2pRouter, "router.newsURL", "http://tc73n4kivdroccekirco7rhgxdg5f3cjvbaapabupeyzrqwv5guq.b32.i2p/mac/stable/news.su3");
            changeSetting(i2pRouter, "router.backupNewsURL", "http://dn3tvalnjz432qkqsvpfdqrwpqkw3ye4n4i2uyfr4jexvo3sp5ka.b32.i2p/news/mac/stable/news.su3");
        }
        i2pRouter.runRouter();
    }
    private static void changeSetting(Router i2pRouter, String key, String value){
        String setting = i2pRouter.getConfigSetting(key);
        if (setting == null) {
            i2pRouter.saveConfig(key, value);
        }
    }
    private static native void disableAppNap();
Author	SHA1	Message	Date
idk	c070524f06	use different keys for native code signing and app signing	2023-01-12 00:36:58 +00:00
idk	74e75bf916	update the command used to notarize the app	2023-01-10 18:48:28 +00:00
idk	fa567cb536	don't over-write builder provided environment variables in config.sh	2022-12-28 01:35:01 +00:00
idk	9cf7d70c65	copy unsigned jbigi jar to the build dir in unsigned builds	2022-12-09 16:08:10 +00:00
idk	63f6870d6a	fully enable unsigned local builds	2022-12-09 16:02:19 +00:00
idk	dd6be52e50	Skip signing jbigi libs if I2P_SIGNER is unset	2022-12-09 15:58:25 +00:00
idk	b03bfd5f53	Merge branch 'master' of https://i2pgit.org/i2p-hackers/i2p-jpackage-mac	2022-12-09 15:32:52 +00:00
idk	f1cdbacdbf	correct SDKman java version	2022-12-09 15:14:33 +00:00
idk	e6da4c2926	Merge branch 'master' into 'master' Detailed build instructions including Java, Ant, Brew setup See merge request i2p-hackers/i2p-jpackage-mac!2	2022-11-29 21:18:34 +00:00