Skip to content

Commit e055ca6

Browse files
kateinoigakukunMaxDesiatov
kateinoigakukun
authored and
MaxDesiatov
committed
[WASM] Distribute notarized toolchain installer as pkg
# Conflicts: # .github/workflows/nightly-distribution.yml # utils/webassembly/build-toolchain.sh
1 parent 740f8dc commit e055ca6

File tree

3 files changed

+143
-7
lines changed

3 files changed

+143
-7
lines changed

.github/workflows/nightly-distribution.yml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,11 +7,30 @@ jobs:
77
runs-on: macos-latest
88
steps:
99
- uses: actions/checkout@v1
10+
- name: Setup keychain
11+
run: |
12+
echo "$DARWIN_TOOLCHAIN_APPLICATION_CERT_BASE64" | base64 --decode -o developerID_application.cer
13+
security import developerID_application.cer
14+
echo "$DARWIN_TOOLCHAIN_INSTALLER_CERT_BASE64" | base64 --decode -o developerID_installer.cer
15+
security import developerID_installer.cer
16+
env:
17+
DARWIN_TOOLCHAIN_APPLICATION_CERT: ${{ secrets.DARWIN_TOOLCHAIN_APPLICATION_CERT }}
18+
DARWIN_TOOLCHAIN_APPLICATION_CERT_BASE64: ${{ secrets.DARWIN_TOOLCHAIN_APPLICATION_CERT_BASE64 }}
19+
DARWIN_TOOLCHAIN_INSTALLER_CERT: ${{ secrets.DARWIN_TOOLCHAIN_INSTALLER_CERT }}
20+
DARWIN_TOOLCHAIN_INSTALLER_CERT_BASE64: ${{ secrets.DARWIN_TOOLCHAIN_INSTALLER_CERT_BASE64 }}
1021
- run: ./utils/webassembly/distribute-latest-toolchain.sh swiftwasm DEVELOPMENT
1122
env:
1223
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
24+
DARWIN_TOOLCHAIN_APPLICATION_CERT: ${{ secrets.DARWIN_TOOLCHAIN_APPLICATION_CERT }}
25+
DARWIN_TOOLCHAIN_INSTALLER_CERT: ${{ secrets.DARWIN_TOOLCHAIN_INSTALLER_CERT }}
26+
DARWIN_TOOLCHAIN_NOTARIZE_EMAIL: ${{ secrets.DARWIN_TOOLCHAIN_NOTARIZE_EMAIL }}
27+
DARWIN_TOOLCHAIN_NOTARIZE_PASSWORD: ${{ secrets.DARWIN_TOOLCHAIN_NOTARIZE_PASSWORD }}
1328
if: github.ref == 'refs/heads/swiftwasm'
1429
- run: ./utils/webassembly/distribute-latest-toolchain.sh swiftwasm-release/5.3 5.3
1530
env:
1631
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
32+
DARWIN_TOOLCHAIN_APPLICATION_CERT: ${{ secrets.DARWIN_TOOLCHAIN_APPLICATION_CERT }}
33+
DARWIN_TOOLCHAIN_INSTALLER_CERT: ${{ secrets.DARWIN_TOOLCHAIN_INSTALLER_CERT }}
34+
DARWIN_TOOLCHAIN_NOTARIZE_EMAIL: ${{ secrets.DARWIN_TOOLCHAIN_NOTARIZE_EMAIL }}
35+
DARWIN_TOOLCHAIN_NOTARIZE_PASSWORD: ${{ secrets.DARWIN_TOOLCHAIN_NOTARIZE_PASSWORD }}
1736
if: github.ref == 'refs/heads/swiftwasm-release/5.3'

utils/webassembly/build-toolchain.sh

Lines changed: 46 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -124,11 +124,55 @@ merge_toolchains() {
124124
sed -i -e "s@\".*/include@\"../../../../share/wasi-sysroot/include@g" $DIST_TOOLCHAIN_SDK/usr/lib/swift/wasi/wasm32/wasi.modulemap
125125
}
126126

127+
create_darwin_info_plist() {
128+
echo "-- Create Info.plist --"
129+
PLISTBUDDY_BIN="/usr/libexec/PlistBuddy"
130+
131+
DARWIN_TOOLCHAIN_VERSION="5.3.${YEAR}${MONTH}${DAY}"
132+
BUNDLE_PREFIX="org.swiftwasm"
133+
DARWIN_TOOLCHAIN_BUNDLE_IDENTIFIER="${BUNDLE_PREFIX}.${YEAR}${MONTH}${DAY}"
134+
DARWIN_TOOLCHAIN_DISPLAY_NAME_SHORT="Swift for WebAssembly Snapshot"
135+
DARWIN_TOOLCHAIN_DISPLAY_NAME="${DARWIN_TOOLCHAIN_DISPLAY_NAME_SHORT} ${YEAR}-${MONTH}-${DAY}"
136+
DARWIN_TOOLCHAIN_ALIAS="swiftwasm"
137+
138+
DARWIN_TOOLCHAIN_INFO_PLIST="${DIST_TOOLCHAIN_SDK}/usr/Info.plist"
139+
DARWIN_TOOLCHAIN_REPORT_URL="https://bugs.swift.org/"
140+
COMPATIBILITY_VERSION=2
141+
COMPATIBILITY_VERSION_DISPLAY_STRING="Xcode 8.0"
142+
DARWIN_TOOLCHAIN_CREATED_DATE="$(date -u +'%a %b %d %T GMT %Y')"
143+
SWIFT_USE_DEVELOPMENT_TOOLCHAIN_RUNTIME="YES"
144+
145+
rm -f "${DARWIN_TOOLCHAIN_INFO_PLIST}"
146+
147+
${PLISTBUDDY_BIN} -c "Add DisplayName string '${DARWIN_TOOLCHAIN_DISPLAY_NAME}'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
148+
${PLISTBUDDY_BIN} -c "Add ShortDisplayName string '${DARWIN_TOOLCHAIN_DISPLAY_NAME_SHORT}'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
149+
${PLISTBUDDY_BIN} -c "Add CreatedDate date '${DARWIN_TOOLCHAIN_CREATED_DATE}'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
150+
${PLISTBUDDY_BIN} -c "Add CompatibilityVersion integer ${COMPATIBILITY_VERSION}" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
151+
${PLISTBUDDY_BIN} -c "Add CompatibilityVersionDisplayString string ${COMPATIBILITY_VERSION_DISPLAY_STRING}" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
152+
${PLISTBUDDY_BIN} -c "Add Version string '${DARWIN_TOOLCHAIN_VERSION}'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
153+
${PLISTBUDDY_BIN} -c "Add CFBundleIdentifier string '${DARWIN_TOOLCHAIN_BUNDLE_IDENTIFIER}'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
154+
${PLISTBUDDY_BIN} -c "Add ReportProblemURL string '${DARWIN_TOOLCHAIN_REPORT_URL}'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
155+
${PLISTBUDDY_BIN} -c "Add Aliases array" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
156+
${PLISTBUDDY_BIN} -c "Add Aliases:0 string '${DARWIN_TOOLCHAIN_ALIAS}'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
157+
${PLISTBUDDY_BIN} -c "Add OverrideBuildSettings dict" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
158+
${PLISTBUDDY_BIN} -c "Add OverrideBuildSettings:ENABLE_BITCODE string 'NO'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
159+
${PLISTBUDDY_BIN} -c "Add OverrideBuildSettings:SWIFT_DISABLE_REQUIRED_ARCLITE string 'YES'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
160+
${PLISTBUDDY_BIN} -c "Add OverrideBuildSettings:SWIFT_LINK_OBJC_RUNTIME string 'YES'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
161+
${PLISTBUDDY_BIN} -c "Add OverrideBuildSettings:SWIFT_DEVELOPMENT_TOOLCHAIN string 'YES'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
162+
${PLISTBUDDY_BIN} -c "Add OverrideBuildSettings:SWIFT_USE_DEVELOPMENT_TOOLCHAIN_RUNTIME string '${SWIFT_USE_DEVELOPMENT_TOOLCHAIN_RUNTIME}'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
163+
164+
chmod a+r "${DARWIN_TOOLCHAIN_INFO_PLIST}"
165+
}
166+
127167
build_host_toolchain
128168
build_target_toolchain
129169

130170
merge_toolchains
131171

132-
cd $DIST_TOOLCHAIN_DESTDIR
133-
tar cfz $PACKAGE_ARTIFACT $TOOLCHAIN_NAME
172+
if [[ "$(uname)" == "Darwin" ]]; then
173+
create_darwin_info_plist
174+
fi
175+
176+
cd "$DIST_TOOLCHAIN_DESTDIR"
177+
tar cfz "$PACKAGE_ARTIFACT" "$TOOLCHAIN_NAME"
134178
echo "Toolchain archive created successfully!"

utils/webassembly/distribute-latest-toolchain.sh

Lines changed: 78 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,12 @@ set -xe
44
repository='swiftwasm/swift'
55
workflow_name='main.yml'
66
branch=$1
7+
channel=$2
8+
swift_source_dir="$(cd "$(dirname $0)/../.." && pwd)"
9+
10+
DARWIN_TOOLCHAIN_APPLICATION_CERT=${DARWIN_TOOLCHAIN_APPLICATION_CERT:?"Please set DARWIN_TOOLCHAIN_APPLICATION_CERT"}
11+
DARWIN_TOOLCHAIN_INSTALLER_CERT=${DARWIN_TOOLCHAIN_INSTALLER_CERT:?"Please set DARWIN_TOOLCHAIN_APPLICATION_CERT"}
12+
DARWIN_TOOLCHAIN_NOTARIZE_EMAIL=${DARWIN_TOOLCHAIN_NOTARIZE_EMAIL:?"Please set DARWIN_TOOLCHAIN_NOTARIZE_EMAIL"}
713

814
gh_api=https://api.github.com
915

@@ -95,6 +101,72 @@ upload_tarball() {
95101
"https://uploads.github.com/repos/$repository/releases/$release_id/assets?name=$filename"
96102
}
97103

104+
sign_toolchain() {
105+
local darwin_toolchain=$1
106+
local codesign_bin="/usr/bin/codesign"
107+
108+
codesign_args=(--force --verify --verbose --deep --options runtime --timestamp --sign "${DARWIN_TOOLCHAIN_APPLICATION_CERT}")
109+
for binary in $(find "${darwin_toolchain}" -type f); do
110+
if file "$binary" | grep -q "Mach-O"; then
111+
${codesign_bin} "${codesign_args[@]}" "${binary}"
112+
fi
113+
done
114+
115+
${codesign_bin} "${codesign_args[@]}" "${darwin_toolchain}/usr/"
116+
}
117+
118+
create_installer() {
119+
local darwin_toolchain=$1
120+
local darwin_toolchain_name=$(basename "$darwin_toolchain")
121+
local darwin_toolchain_installer_package="$darwin_toolchain.pkg"
122+
local darwin_toolchain_install_location="/Library/Developer/Toolchains/${darwin_toolchain_name}.xctoolchain"
123+
local darwin_toolchain_version=$(/usr/libexec/PlistBuddy -c "Print Version string" "$darwin_toolchain"/usr/Info.plist)
124+
local darwin_toolchain_bundle_identifier=$(/usr/libexec/PlistBuddy -c "Print CFBundleIdentifier string" "$darwin_toolchain"/usr/Info.plist)
125+
126+
"${swift_source_dir}/utils/toolchain-installer" "${darwin_toolchain}/" "${darwin_toolchain_bundle_identifier}" \
127+
"${DARWIN_TOOLCHAIN_INSTALLER_CERT}" "${darwin_toolchain_installer_package}" "${darwin_toolchain_install_location}" \
128+
"${darwin_toolchain_version}" "${swift_source_dir}/utils/darwin-installer-scripts"
129+
130+
# Notarize the toolchain installer
131+
local request_output=$(xcrun altool --notarize-app --type osx \
132+
--file "${darwin_toolchain_installer_package}" \
133+
--primary-bundle-id "${darwin_toolchain_bundle_identifier}" \
134+
-u "${DARWIN_TOOLCHAIN_NOTARIZE_EMAIL}" \
135+
-p "@env:DARWIN_TOOLCHAIN_NOTARIZE_PASSWORD")
136+
local request_uuid=$(echo "$request_output" | grep "RequestUUID = " | awk '{print $3}')
137+
138+
local request_status=$(xcrun altool --notarization-info "$request_uuid" \
139+
-u "${DARWIN_TOOLCHAIN_NOTARIZE_EMAIL}" \
140+
-p "@env:DARWIN_TOOLCHAIN_NOTARIZE_PASSWORD")
141+
# Wait until finished
142+
while echo "$request_status" | grep -q "Status: in progress" ; do
143+
sleep 60
144+
request_status=$(xcrun altool --notarization-info "$request_uuid" \
145+
-u "${DARWIN_TOOLCHAIN_NOTARIZE_EMAIL}" \
146+
-p "@env:DARWIN_TOOLCHAIN_NOTARIZE_PASSWORD")
147+
done
148+
149+
if echo "$request_status" | grep -q "Status: success"; then
150+
xcrun stapler staple "${darwin_toolchain_installer_package}"
151+
else
152+
echo "Failed to notarize the toolchain $darwin_toolchain_installer_package: $request_status"
153+
fi
154+
}
155+
156+
package_darwin_toolchain() {
157+
local toolchain_tar=$1
158+
local destination=$2
159+
local toolchain_name=$(basename $(tar tfz "$toolchain_tar" | head -n1))
160+
local workdir=$(mktemp -d)
161+
162+
tar xfz "$toolchain_tar" -C "$workdir"
163+
sign_toolchain "$workdir/$toolchain_name"
164+
create_installer "$workdir/$toolchain_name"
165+
166+
mv "$workdir/$toolchain_name.pkg" "$destination"
167+
rm -rf "$workdir"
168+
}
169+
98170
tmp_dir=$(mktemp -d)
99171
pushd $tmp_dir
100172
download_artifact ubuntu18.04-installable
@@ -104,22 +176,23 @@ unzip ubuntu18.04-installable.zip
104176
unzip ubuntu20.04-installable.zip
105177
unzip macos-installable.zip
106178

107-
toolchain_name=$(basename $(tar tfz swift-wasm-$2-SNAPSHOT-ubuntu18.04-x86_64.tar.gz | head -n1))
179+
toolchain_name=$(basename $(tar tfz swift-wasm-$channel-SNAPSHOT-ubuntu18.04-x86_64.tar.gz | head -n1))
108180

109181
if is_released $toolchain_name; then
110182
echo "Latest toolchain $toolchain_name has been already released"
111183
exit 0
112184
fi
113185

114-
mv swift-wasm-$2-SNAPSHOT-ubuntu18.04-x86_64.tar.gz "$toolchain_name-ubuntu18.04-x86_64.tar.gz"
115-
mv swift-wasm-$2-SNAPSHOT-ubuntu20.04-x86_64.tar.gz "$toolchain_name-ubuntu20.04-x86_64.tar.gz"
116-
mv swift-wasm-$2-SNAPSHOT-macos-x86_64.tar.gz "$toolchain_name-macos-x86_64.tar.gz"
186+
187+
mv swift-wasm-$channel-SNAPSHOT-ubuntu18.04-x86_64.tar.gz "$toolchain_name-ubuntu18.04-x86_64.tar.gz"
188+
mv swift-wasm-$channel-SNAPSHOT-ubuntu20.04-x86_64.tar.gz "$toolchain_name-ubuntu20.04-x86_64.tar.gz"
189+
package_darwin_toolchain "swift-wasm-$channel-SNAPSHOT-macos-x86_64.tar.gz" "$toolchain_name-macos-x86_64.pkg"
117190

118191
create_tag $toolchain_name $head_sha
119192
release_id=$(create_release $toolchain_name $toolchain_name $head_sha)
120193

121194
upload_tarball $release_id "$toolchain_name-ubuntu18.04-x86_64.tar.gz"
122195
upload_tarball $release_id "$toolchain_name-ubuntu20.04-x86_64.tar.gz"
123-
upload_tarball $release_id "$toolchain_name-macos-x86_64.tar.gz"
196+
upload_tarball $release_id "$toolchain_name-macos-x86_64.pkg"
124197

125198
popd

0 commit comments

Comments
 (0)