diff options
-rw-r--r-- | contrib/pkginstaller/.gitignore | 6 | ||||
-rw-r--r-- | contrib/pkginstaller/Distribution.in | 17 | ||||
-rw-r--r-- | contrib/pkginstaller/Makefile | 61 | ||||
-rw-r--r-- | contrib/pkginstaller/README.md | 25 | ||||
-rw-r--r-- | contrib/pkginstaller/Resources/banner.png | bin | 0 -> 50381 bytes | |||
-rw-r--r-- | contrib/pkginstaller/Resources/conclusion.html | 13 | ||||
-rw-r--r-- | contrib/pkginstaller/hvf.entitlements | 8 | ||||
-rwxr-xr-x | contrib/pkginstaller/package.sh | 88 | ||||
-rwxr-xr-x | contrib/pkginstaller/scripts/postinstall | 27 | ||||
-rwxr-xr-x | contrib/pkginstaller/scripts/preinstall | 5 | ||||
-rw-r--r-- | contrib/pkginstaller/welcome.html.in | 16 |
11 files changed, 266 insertions, 0 deletions
diff --git a/contrib/pkginstaller/.gitignore b/contrib/pkginstaller/.gitignore new file mode 100644 index 000000000..5e597ab07 --- /dev/null +++ b/contrib/pkginstaller/.gitignore @@ -0,0 +1,6 @@ +out +Distribution +welcome.html +tmp-download +.vscode +root diff --git a/contrib/pkginstaller/Distribution.in b/contrib/pkginstaller/Distribution.in new file mode 100644 index 000000000..0e0d3843a --- /dev/null +++ b/contrib/pkginstaller/Distribution.in @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="utf-8" standalone="no"?> +<installer-script minSpecVersion="1.000000"> + <title>Podman __VERSION__</title> + <background mime-type="image/png" file="banner.png" scaling="proportional"/> + <welcome file="welcome.html" mime-type="text/html" /> + <conclusion file="conclusion.html" mime-type="text/html" /> + <license file="LICENSE.txt"/> + <options customize="never" hostArchitectures="x86_64,arm64" /> + <domains enable_localSystem="true" /> + <choices-outline> + <line choice="podman"/> + </choices-outline> + <choice id="podman" title="podman"> + <pkg-ref id="podman.pkg"/> + </choice> + <pkg-ref id="podman.pkg">podman.pkg</pkg-ref> +</installer-script> diff --git a/contrib/pkginstaller/Makefile b/contrib/pkginstaller/Makefile new file mode 100644 index 000000000..c84a08482 --- /dev/null +++ b/contrib/pkginstaller/Makefile @@ -0,0 +1,61 @@ +SHELL := bash + +ARCH ?= aarch64 +PODMAN_VERSION ?= 4.1.0 +GVPROXY_VERSION ?= 0.4.0 +QEMU_VERSION ?= 7.0.0-2 +GVPROXY_RELEASE_URL ?= https://github.com/containers/gvisor-tap-vsock/releases/download/v$(GVPROXY_VERSION)/gvproxy-darwin +QEMU_RELEASE_URL ?= https://github.com/containers/podman-machine-qemu/releases/download/v$(QEMU_VERSION)/podman-machine-qemu-$(ARCH)-$(QEMU_VERSION).tar.xz +PACKAGE_DIR ?= out/packaging +TMP_DOWNLOAD ?= tmp-download +PACKAGE_ROOT ?= root +PKG_NAME := podman-installer-macos-$(ARCH).pkg + +default: pkginstaller + +$(TMP_DOWNLOAD)/gvproxy: + mkdir -p $(TMP_DOWNLOAD) + cd $(TMP_DOWNLOAD) && curl -sLo gvproxy $(GVPROXY_RELEASE_URL) + +$(TMP_DOWNLOAD)/podman-machine-qemu-$(ARCH)-$(QEMU_VERSION).tar.xz: + mkdir -p $(TMP_DOWNLOAD) + cd $(TMP_DOWNLOAD) && curl -sLO $(QEMU_RELEASE_URL) + +packagedir: package_root Distribution welcome.html + mkdir -p $(PACKAGE_DIR) + cp -r Resources $(PACKAGE_DIR)/ + cp welcome.html $(PACKAGE_DIR)/Resources/ + cp Distribution $(PACKAGE_DIR)/ + cp -r scripts $(PACKAGE_DIR)/ + cp -r $(PACKAGE_ROOT) $(PACKAGE_DIR)/ + cp package.sh $(PACKAGE_DIR)/ + cd $(PACKAGE_DIR) && pkgbuild --analyze --root ./root component.plist + echo -n $(PODMAN_VERSION) > $(PACKAGE_DIR)/VERSION + echo -n $(ARCH) > $(PACKAGE_DIR)/ARCH + cp ../../LICENSE $(PACKAGE_DIR)/Resources/LICENSE.txt + cp hvf.entitlements $(PACKAGE_DIR)/ + +package_root: clean-pkgroot $(TMP_DOWNLOAD)/podman-machine-qemu-$(ARCH)-$(QEMU_VERSION).tar.xz $(TMP_DOWNLOAD)/gvproxy + mkdir -p $(PACKAGE_ROOT)/podman/bin $(PACKAGE_ROOT)/podman/qemu + tar -C $(PACKAGE_ROOT)/podman/qemu -xf $(TMP_DOWNLOAD)/podman-machine-qemu-$(ARCH)-$(QEMU_VERSION).tar.xz + cp $(TMP_DOWNLOAD)/gvproxy $(PACKAGE_ROOT)/podman/bin/ + chmod a+x $(PACKAGE_ROOT)/podman/bin/* + +%: %.in + @sed -e 's/__VERSION__/'$(PODMAN_VERSION)'/g' $< >$@ + +pkginstaller: packagedir + cd $(PACKAGE_DIR) && ./package.sh .. + +_notarize: pkginstaller + xcrun notarytool submit --apple-id $(NOTARIZE_USERNAME) --password $(NOTARIZE_PASSWORD) --team-id=$(NOTARIZE_TEAM) -f json --wait out/$(PKG_NAME) + +notarize: _notarize + xcrun stapler staple out/$(PKG_NAME) + +.PHONY: clean clean-pkgroot +clean: + rm -rf $(TMP_DOWNLOAD) $(PACKAGE_ROOT) $(PACKAGE_DIR) Distribution welcome.html + +clean-pkgroot: + rm -rf $(PACKAGE_ROOT) $(PACKAGE_DIR) Distribution welcome.html diff --git a/contrib/pkginstaller/README.md b/contrib/pkginstaller/README.md new file mode 100644 index 000000000..7aaf64808 --- /dev/null +++ b/contrib/pkginstaller/README.md @@ -0,0 +1,25 @@ +## How to build + +```sh +$ make ARCH=<amd64 | aarch64> NO_CODESIGN=1 pkginstaller + +# or to create signed pkg +$ make ARCH=<amd64 | aarch64> CODESIGN_IDENTITY=<ID> PRODUCTSIGN_IDENTITY=<ID> pkginstaller + +# or to prepare a signed and notarized pkg for release +$ make ARCH=<amd64 | aarch64> CODESIGN_IDENTITY=<ID> PRODUCTSIGN_IDENTITY=<ID> NOTARIZE_USERNAME=<appleID> NOTARIZE_PASSWORD=<appleID-password> NOTARIZE_TEAM=<team-id> notarize +``` + +The generated pkg will be written to `out/podman-macos-installer-*.pkg`. +Currently the pkg installs `podman`, `qemu`, `gvproxy` and `podman-mac-helper` to `/opt/podman` + +The `qemu` build it uses is from [containers/podman-machine-qemu](https://github.com/containers/podman-machine-qemu) + +## Uninstalling + +```sh +$ sudo rm -rf /opt/podman +``` + +### Screenshot +<img width="626" alt="screenshot-macOS-pkg-podman" src="https://user-images.githubusercontent.com/8885742/157380992-2e3b1573-34a0-4aa0-bdc1-a85f4792a1d2.png"> diff --git a/contrib/pkginstaller/Resources/banner.png b/contrib/pkginstaller/Resources/banner.png Binary files differnew file mode 100644 index 000000000..7db751341 --- /dev/null +++ b/contrib/pkginstaller/Resources/banner.png diff --git a/contrib/pkginstaller/Resources/conclusion.html b/contrib/pkginstaller/Resources/conclusion.html new file mode 100644 index 000000000..c442e4ebf --- /dev/null +++ b/contrib/pkginstaller/Resources/conclusion.html @@ -0,0 +1,13 @@ +<!DOCTYPE html> +<html lang="en"> +<head> + <meta charset="utf-8"/> +</head> +<body> +<div align="left" style="font-family: Helvetica; padding-left: 10px;"> + <br/> + <p style="color: #020202; font-size: 12px;">Thanks for installing Podman!</p> + <p style="color: #020202; font-size: 12px;">You can now start using the 'podman' command. First run 'podman machine init'</b>.</p> +</div> +</body> +</html> diff --git a/contrib/pkginstaller/hvf.entitlements b/contrib/pkginstaller/hvf.entitlements new file mode 100644 index 000000000..154f3308e --- /dev/null +++ b/contrib/pkginstaller/hvf.entitlements @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <key>com.apple.security.hypervisor</key> + <true/> +</dict> +</plist> diff --git a/contrib/pkginstaller/package.sh b/contrib/pkginstaller/package.sh new file mode 100755 index 000000000..bb91fe01f --- /dev/null +++ b/contrib/pkginstaller/package.sh @@ -0,0 +1,88 @@ +#!/bin/bash + +set -euxo pipefail + +BASEDIR=$(dirname "$0") +OUTPUT=$1 +CODESIGN_IDENTITY=${CODESIGN_IDENTITY:-mock} +PRODUCTSIGN_IDENTITY=${PRODUCTSIGN_IDENTITY:-mock} +NO_CODESIGN=${NO_CODESIGN:-0} +HELPER_BINARIES_DIR="/opt/podman/qemu/bin" + +binDir="${BASEDIR}/root/podman/bin" +qemuBinDir="${BASEDIR}/root/podman/qemu/bin" + +version=$(cat "${BASEDIR}/VERSION") +arch=$(cat "${BASEDIR}/ARCH") + +function build_podman() { + pushd "$1" + make GOARCH="${arch}" podman-remote HELPER_BINARIES_DIR="${HELPER_BINARIES_DIR}" + make GOARCH="${arch}" podman-mac-helper + cp bin/darwin/podman "contrib/pkginstaller/out/packaging/${binDir}/podman" + cp bin/darwin/podman-mac-helper "contrib/pkginstaller/out/packaging/${binDir}/podman-mac-helper" + popd +} + +function sign() { + if [ "${NO_CODESIGN}" -eq "1" ]; then + return + fi + local opts="" + entitlements="${BASEDIR}/$(basename "$1").entitlements" + if [ -f "${entitlements}" ]; then + opts="--entitlements ${entitlements}" + fi + codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force ${opts} "$1" +} + +function signQemu() { + if [ "${NO_CODESIGN}" -eq "1" ]; then + return + fi + + local qemuArch="${arch}" + if [ "${qemuArch}" = amd64 ]; then + qemuArch=x86_64 + fi + + # sign the files inside /opt/podman/qemu/lib + libs=$(find "${BASEDIR}"/root/podman/qemu/lib -depth -name "*.dylib" -or -type f -perm +111) + echo "${libs}" | xargs -t -I % codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force % || true + + # sign the files inside /opt/podman/qemu/bin except qemu-system-* + bins=$(find "${BASEDIR}"/root/podman/qemu/bin -depth -type f -perm +111 ! -name "qemu-system-${qemuArch}") + echo "${bins}" | xargs -t -I % codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force % || true + + # sign the qemu-system-* binary + # need to remove any extended attributes, otherwise codesign complains: + # qemu-system-aarch64: resource fork, Finder information, or similar detritus not allowed + xattr -cr "${qemuBinDir}/qemu-system-${qemuArch}" + codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force \ + --entitlements "${BASEDIR}/hvf.entitlements" "${qemuBinDir}/qemu-system-${qemuArch}" +} + +build_podman "../../../../" +sign "${binDir}/podman" +sign "${binDir}/gvproxy" +sign "${binDir}/podman-mac-helper" +signQemu + +pkgbuild --identifier com.redhat.podman --version "${version}" \ + --scripts "${BASEDIR}/scripts" \ + --root "${BASEDIR}/root" \ + --install-location /opt \ + --component-plist "${BASEDIR}/component.plist" \ + "${OUTPUT}/podman.pkg" + +productbuild --distribution "${BASEDIR}/Distribution" \ + --resources "${BASEDIR}/Resources" \ + --package-path "${OUTPUT}" \ + "${OUTPUT}/podman-unsigned.pkg" +rm "${OUTPUT}/podman.pkg" + +if [ ! "${NO_CODESIGN}" -eq "1" ]; then + productsign --timestamp --sign "${PRODUCTSIGN_IDENTITY}" "${OUTPUT}/podman-unsigned.pkg" "${OUTPUT}/podman-installer-macos-${arch}.pkg" +else + mv "${OUTPUT}/podman-unsigned.pkg" "${OUTPUT}/podman-installer-macos-${arch}.pkg" +fi diff --git a/contrib/pkginstaller/scripts/postinstall b/contrib/pkginstaller/scripts/postinstall new file mode 100755 index 000000000..db17eede8 --- /dev/null +++ b/contrib/pkginstaller/scripts/postinstall @@ -0,0 +1,27 @@ +#!/bin/bash + +set -e + +BZSH_PODMAN_PATH_EXP='PATH="/opt/podman/bin:$PATH"' +FISH_PODMAN_PATH_EXP='set PATH "/opt/podman/bin $PATH"' +BASHRC_PATH="$HOME/.bash_profile" +ZSHENV_PATH="$HOME/.zshenv" +ZSHRC_PATH="$HOME/.zshrc" +FSHCFG_PATH="$HOME/.config/fish/config.fish" + +# append /Applications/podman/bin to $PATH +if [ -f "$BASHRC_PATH" ]; then + grep -Fxq "$BZSH_PODMAN_PATH_EXP" "$BASHRC_PATH" || echo "$BZSH_PODMAN_PATH_EXP" >> "$BASHRC_PATH" +fi +if [ -f "$ZSHENV_PATH" ]; then + grep -Fxq "$BZSH_PODMAN_PATH_EXP" "$ZSHENV_PATH" || echo "$BZSH_PODMAN_PATH_EXP" >> "$ZSHENV_PATH" +fi +if [ -f "$ZSHRC_PATH" ]; then + grep -Fxq "$BZSH_PODMAN_PATH_EXP" "$ZSHRC_PATH" || echo "$BZSH_PODMAN_PATH_EXP" >> "$ZSHRC_PATH" +fi +if [ -f "$FSHCFG_PATH" ]; then + grep -Fxq "$FISH_PODMAN_PATH_EXP" "$FSHCFG_PATH" || echo "$FISH_PODMAN_PATH_EXP" >> "$FSHCFG_PATH" +fi + +ln -s /opt/podman/bin/podman-mac-helper /opt/podman/qemu/bin/podman-mac-helper +ln -s /opt/podman/bin/gvproxy /opt/podman/qemu/bin/gvproxy diff --git a/contrib/pkginstaller/scripts/preinstall b/contrib/pkginstaller/scripts/preinstall new file mode 100755 index 000000000..a381868fc --- /dev/null +++ b/contrib/pkginstaller/scripts/preinstall @@ -0,0 +1,5 @@ +#!/bin/bash + +set -e + +rm -rf /opt/podman diff --git a/contrib/pkginstaller/welcome.html.in b/contrib/pkginstaller/welcome.html.in new file mode 100644 index 000000000..b06198716 --- /dev/null +++ b/contrib/pkginstaller/welcome.html.in @@ -0,0 +1,16 @@ +<!DOCTYPE html> +<html lang="en"> +<head> + <meta charset="utf-8"/> +</head> +<body> +<div align="left" style="font-family: Helvetica; padding-left: 10px;"> + <br/> + <p style="color: #020202; font-size: 12px;">This will install <span style="color: #46b9d6; font-size: 12px;">Podman __VERSION__</span> + on your computer. You will be guided through the steps necessary to install this software.</p> + <br/> + <p style="color: #abb0b0; font-size: 12px;">Click <span style="color: #626666">“Continue"</span> to continue the + setup</p> +</div> +</body> +</html> |