boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: c71f868f by Nicolas Vigier at 2025-09-19T13:57:23+02:00 Bug 44162: Move setup of dmg tools to a function Move the setup of dmg tools from gatekeeper-bundling.sh to a function, so we can re-use it in other scripts. - - - - - c24ab3b9 by hackademix at 2025-09-22T16:04:56+02:00 Bug 44162: Work-around to prevent older 7z versions to break rcodesign. Co-authored-by: Nicolas Vigier <boklm@torproject.org> - - - - - 7 changed files: - tools/signing/do-all-signing - + tools/signing/extract-dmg - + tools/signing/extract-dmg.mullvadbrowser - + tools/signing/extract-dmg.torbrowser - tools/signing/functions - tools/signing/gatekeeper-bundling.sh - tools/signing/linux-signer-rcodesign-sign Changes: ===================================== tools/signing/do-all-signing ===================================== @@ -99,6 +99,10 @@ function clean-build-artifacts { "$script_dir/clean-build-artifacts" } +function extract-dmg { + "$script_dir/extract-dmg" +} + function sync-before-linux-signer-rcodesign-sign { "$script_dir/sync-local-to-linux-signer" } @@ -245,6 +249,8 @@ do_step set-time-on-signing-machine do_step wait-for-finished-build do_step sync-builder-unsigned-to-local-signed do_step clean-build-artifacts +[ -n "$platform_macos" ] && \ + do_step extract-dmg do_step sync-scripts-to-linux-signer do_step sync-before-linux-signer-rcodesign-sign [ -n "$platform_macos" ] && \ ===================================== tools/signing/extract-dmg ===================================== @@ -0,0 +1,12 @@ +#!/bin/bash +set -e +script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +source "$script_dir/functions" + +setup_dmg_tools + +# extract the hfs from the dmg archive preemptively to avoid an obsolete +# 7z version to break the rcodesign step +archive="$signed_version_dir/$(project-name)-macos-${tbb_version}" +dmg extract "$archive.dmg" "$archive.hfs" 0 +rm -f "$archive.dmg" ===================================== tools/signing/extract-dmg.mullvadbrowser ===================================== @@ -0,0 +1 @@ +extract-dmg \ No newline at end of file ===================================== tools/signing/extract-dmg.torbrowser ===================================== @@ -0,0 +1 @@ +extract-dmg \ No newline at end of file ===================================== tools/signing/functions ===================================== @@ -83,4 +83,24 @@ function rbm_showconf_boolean { echo '1' } +function setup_dmg_tools { + dmgtools_dir=$(mktemp -d) + trap "rm -Rf $dmgtools_dir" EXIT + local libdmg_file="$script_dir/../../out/libdmg-hfsplus/libdmg-hfsplus-d6287b5afc24-6f206c.tar.zst" + test -f "$libdmg_file" || \ + exit_error "$libdmg_file is missing." \ + "You can build it with:" \ + " ./rbm/rbm build --target no_containers libdmg-hfsplus" \ + "See var/deps in projects/libdmg-hfsplus/config for the list of build dependencies" + local hfstools_file="$script_dir/../../out/hfsplus-tools/hfsplus-tools-540.1.linux3-2acaa4.tar.zst" + test -f "$hfstools_file" || \ + exit_error "$hfstools_file is missing." \ + "You can build it with:" \ + " ./rbm/rbm build --target no_containers hfsplus-tools" \ + "You will need the clang and uuid-dev packages installed" + tar -C "$dmgtools_dir" -xf "$libdmg_file" + tar -C "$dmgtools_dir" -xf "$hfstools_file" + export PATH="$PATH:$dmgtools_dir/libdmg-hfsplus:$dmgtools_dir/hfsplus-tools" +} + . "$script_dir/set-config" ===================================== tools/signing/gatekeeper-bundling.sh ===================================== @@ -39,18 +39,8 @@ test -f $faketime_path || \ exit_error "$faketime_path is missing" test -d $macos_stapled_dir || \ exit_error "The stapled macos zip files should be placed in directory $macos_stapled_dir" -libdmg_file="$script_dir/../../out/libdmg-hfsplus/libdmg-hfsplus-d6287b5afc24-6f206c.tar.zst" -test -f "$libdmg_file" || \ - exit_error "$libdmg_file is missing." \ - "You can build it with:" \ - " ./rbm/rbm build --target no_containers libdmg-hfsplus" \ - "See var/deps in projects/libdmg-hfsplus/config for the list of build dependencies" -hfstools_file="$script_dir/../../out/hfsplus-tools/hfsplus-tools-540.1.linux3-2acaa4.tar.zst" -test -f "$hfstools_file" || \ - exit_error "$hfstools_file is missing." \ - "You can build it with:" \ - " ./rbm/rbm build --target no_containers hfsplus-tools" \ - "You will need the clang and uuid-dev packages installed" + +setup_dmg_tools ProjName=$(ProjectName) Proj_Name=$(Project_Name) @@ -66,10 +56,6 @@ rm -Rf "$tmpdir" mkdir "$tmpdir" cp -rT "$script_dir/../../projects/common/dmg-root/$ProjName.dmg" "$tmpdir/dmg" -tar -C "$tmpdir" -xf "$libdmg_file" -tar -C "$tmpdir" -xf "$hfstools_file" -export PATH="$PATH:$tmpdir/libdmg-hfsplus:$tmpdir/hfsplus-tools" - cd $tmpdir/dmg cp ${tbb_version_type}.DS_Store .DS_Store @@ -84,3 +70,5 @@ rm -Rf "$tmpdir" # move the signed+stapled dmgs to expected output directory for publishing and mar generation mv -vf "$macos_signed_dir"/"${proj_name}"-*.dmg "$signed_version_dir"/ +# Remove hfs file created in extract-dmg +rm -f "$signed_version_dir"/"${proj_name}"-*.hfs ===================================== tools/signing/linux-signer-rcodesign-sign ===================================== @@ -19,5 +19,8 @@ destdir=~/"$SIGNING_PROJECTNAME-$tbb_version-macos-signed" mkdir -p $destdir rm -f "$destdir/$output_file" -sudo -u signing-macos -- /signing/tor-browser-build/tools/signing/wrappers/sign-rcodesign-128 ~/"$SIGNING_PROJECTNAME-$tbb_version"/$(project-name)-macos-${tbb_version}.dmg "$display_name" +volume=~/"$SIGNING_PROJECTNAME-$tbb_version"/"$(project-name)-macos-${tbb_version}.hfs" +echo "Using $volume" +sudo -u signing-macos -- /signing/tor-browser-build/tools/signing/wrappers/sign-rcodesign-128 "$volume" "$display_name" cp "/home/signing-macos/last-signed-$display_name.tar.zst" "$destdir/$output_file" +rm -f "$volume" View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/a... -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/a... You're receiving this email because of your account on gitlab.torproject.org.