diff options
Diffstat (limited to 'contrib/pkginstaller/package.sh')
| -rwxr-xr-x | contrib/pkginstaller/package.sh | 42 |
1 files changed, 37 insertions, 5 deletions
diff --git a/contrib/pkginstaller/package.sh b/contrib/pkginstaller/package.sh index b7b33954d..f6f7cef16 100755 --- a/contrib/pkginstaller/package.sh +++ b/contrib/pkginstaller/package.sh @@ -10,11 +10,19 @@ NO_CODESIGN=${NO_CODESIGN:-0} HELPER_BINARIES_DIR="/opt/podman/qemu/bin" binDir="${BASEDIR}/root/podman/bin" +qemuBinDir="${BASEDIR}/root/podman/qemu/bin" + +version=$(cat "${BASEDIR}/VERSION") +arch=$(cat "${BASEDIR}/ARCH") function build_podman() { pushd "$1" - make podman-remote HELPER_BINARIES_DIR="${HELPER_BINARIES_DIR}" - make podman-mac-helper + local goArch="${arch}" + if [ "${goArch}" = aarch64 ]; then + goArch=arm64 + fi + make GOARCH="${goArch}" podman-remote HELPER_BINARIES_DIR="${HELPER_BINARIES_DIR}" + make GOARCH="${goArch}" podman-mac-helper cp bin/darwin/podman "contrib/pkginstaller/out/packaging/${binDir}/podman" cp bin/darwin/podman-mac-helper "contrib/pkginstaller/out/packaging/${binDir}/podman-mac-helper" popd @@ -29,16 +37,40 @@ function sign() { if [ -f "${entitlements}" ]; then opts="--entitlements ${entitlements}" fi - codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --force --timestamp "${opts}" "$1" + codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force ${opts} "$1" } -version=$(cat "${BASEDIR}/VERSION") -arch=$(cat "${BASEDIR}/ARCH") +function signQemu() { + if [ "${NO_CODESIGN}" -eq "1" ]; then + return + fi + + local qemuArch="${arch}" + if [ "${qemuArch}" = amd64 ]; then + qemuArch=x86_64 + fi + + # sign the files inside /opt/podman/qemu/lib + libs=$(find "${BASEDIR}"/root/podman/qemu/lib -depth -name "*.dylib" -or -type f -perm +111) + echo "${libs}" | xargs -t -I % codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force % || true + + # sign the files inside /opt/podman/qemu/bin except qemu-system-* + bins=$(find "${BASEDIR}"/root/podman/qemu/bin -depth -type f -perm +111 ! -name "qemu-system-${qemuArch}") + echo "${bins}" | xargs -t -I % codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force % || true + + # sign the qemu-system-* binary + # need to remove any extended attributes, otherwise codesign complains: + # qemu-system-aarch64: resource fork, Finder information, or similar detritus not allowed + xattr -cr "${qemuBinDir}/qemu-system-${qemuArch}" + codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force \ + --entitlements "${BASEDIR}/hvf.entitlements" "${qemuBinDir}/qemu-system-${qemuArch}" +} build_podman "../../../../" sign "${binDir}/podman" sign "${binDir}/gvproxy" sign "${binDir}/podman-mac-helper" +signQemu pkgbuild --identifier com.redhat.podman --version "${version}" \ --scripts "${BASEDIR}/scripts" \ |