From 8933f7fa446b0d5f0c669f49c447bbe44aabf289 Mon Sep 17 00:00:00 2001 From: Grant Fitzsimmons <37256050+grantfitzsimmons@users.noreply.github.com> Date: Wed, 28 Aug 2024 20:19:36 -0500 Subject: [PATCH 1/6] Update build.yml --- .github/workflows/build.yml | 29 +++++++---------------------- 1 file changed, 7 insertions(+), 22 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 33f4abd08..2dd595333 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -92,28 +92,13 @@ jobs: with: name: Specify_macos - - name: Upload the Mac package for notarization - run: > - xcrun altool --notarize-app --primary-bundle-id org.specifysoftware - --username beach@ku.edu --password $AC_PASSWORD - --file Specify_macos/Specify_macos.dmg | tee notarize-app-output.txt; - grep -q "RequestUUID = " notarize-app-output.txt || { echo "Uploading package for notarization failed!"; exit 1; } - env: - AC_PASSWORD: ${{ secrets.AC_PASSWORD }} - - - name: Get the request UUID - run: sed -En 's/RequestUUID = (.*)$/\1/p' notarize-app-output.txt | tee request-uuid.txt - - - name: Check the notarization status - run: > - for i in {1..60}; do - sleep 120; - xcrun altool --notarization-info $(< request-uuid.txt) - --username beach@ku.edu --password $AC_PASSWORD - | tee notarization-info.txt; - grep -q "Status: in progress" notarization-info.txt || break; - done; - grep -q "Status: success" notarization-info.txt || { echo "Notarization failed!"; exit 1; } + - name: Notarize the Mac package + run: | + xcrun notarytool submit Specify_macos/Specify_macos.dmg --wait \ + --apple-id "beach@ku.edu" \ + --password "$AC_PASSWORD" \ + | tee notarize-app-output.txt + grep -q "status: Accepted" notarize-app-output.txt || { echo "Notarization failed!"; exit 1; } env: AC_PASSWORD: ${{ secrets.AC_PASSWORD }} From fe128907592ccd702b6fb4284a17f956e3930ecd Mon Sep 17 00:00:00 2001 From: Grant Fitzsimmons <37256050+grantfitzsimmons@users.noreply.github.com> Date: Wed, 28 Aug 2024 20:24:03 -0500 Subject: [PATCH 2/6] Add Apple Team ID This will fail until we have the team ID, have reached out to Jim --- .github/workflows/build.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2dd595333..8d0bd6e44 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -97,10 +97,12 @@ jobs: xcrun notarytool submit Specify_macos/Specify_macos.dmg --wait \ --apple-id "beach@ku.edu" \ --password "$AC_PASSWORD" \ + --team-id "$APPLE_TEAM_ID" \ | tee notarize-app-output.txt grep -q "status: Accepted" notarize-app-output.txt || { echo "Notarization failed!"; exit 1; } env: AC_PASSWORD: ${{ secrets.AC_PASSWORD }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - name: Staple the notarization ticket to the installer run: xcrun stapler staple Specify_macos/Specify_macos.dmg From 62fbf7ee3f95881a0b5390fa611aceca47becb24 Mon Sep 17 00:00:00 2001 From: Grant Fitzsimmons <37256050+grantfitzsimmons@users.noreply.github.com> Date: Thu, 29 Aug 2024 11:02:43 -0500 Subject: [PATCH 3/6] Add debugging for notarization --- .github/workflows/build.yml | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8d0bd6e44..9c53851e0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -94,12 +94,32 @@ jobs: - name: Notarize the Mac package run: | - xcrun notarytool submit Specify_macos/Specify_macos.dmg --wait \ + SUBMISSION_ID=$(xcrun notarytool submit Specify_macos/Specify_macos.dmg \ --apple-id "beach@ku.edu" \ --password "$AC_PASSWORD" \ --team-id "$APPLE_TEAM_ID" \ - | tee notarize-app-output.txt - grep -q "status: Accepted" notarize-app-output.txt || { echo "Notarization failed!"; exit 1; } + --output-format json | jq -r '.id') + echo "Submission ID: $SUBMISSION_ID" + + xcrun notarytool wait "$SUBMISSION_ID" \ + --apple-id "beach@ku.edu" \ + --password "$AC_PASSWORD" \ + --team-id "$APPLE_TEAM_ID" + + NOTARIZATION_STATUS=$(xcrun notarytool info "$SUBMISSION_ID" \ + --apple-id "beach@ku.edu" \ + --password "$AC_PASSWORD" \ + --team-id "$APPLE_TEAM_ID" \ + --output-format json | jq -r '.status') + + if [ "$NOTARIZATION_STATUS" != "Accepted" ]; then + echo "Notarization failed. Fetching logs..." + xcrun notarytool log "$SUBMISSION_ID" \ + --apple-id "beach@ku.edu" \ + --password "$AC_PASSWORD" \ + --team-id "$APPLE_TEAM_ID" + exit 1 + fi env: AC_PASSWORD: ${{ secrets.AC_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} From ff3256e656bdd96f8a2c4ebcda5d486212b8f0db Mon Sep 17 00:00:00 2001 From: Grant Fitzsimmons <37256050+grantfitzsimmons@users.noreply.github.com> Date: Thu, 29 Aug 2024 11:34:58 -0500 Subject: [PATCH 4/6] Sign binaries in JAR files Attempting to resolve 'Archive contains critical validation errors' --- .github/workflows/build.yml | 38 ++++++++++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9c53851e0..0c043aa6e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -92,9 +92,41 @@ jobs: with: name: Specify_macos + - name: Sign binaries in JAR files + run: | + # For libgluegen-rt.jnilib + mkdir -p temp_gluegen + cd temp_gluegen + unzip ../Specify_macos/Specify\ Installer.app/Contents/Resources/app/0.dat/wwlibs/gluegen-rt-natives-macosx-universal.jar + codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --timestamp libgluegen-rt.jnilib + zip -u ../Specify_macos/Specify\ Installer.app/Contents/Resources/app/0.dat/wwlibs/gluegen-rt-natives-macosx-universal.jar libgluegen-rt.jnilib + cd .. + rm -rf temp_gluegen + + # For mac-universal.lib + mkdir -p temp_sqlitejdbc + cd temp_sqlitejdbc + unzip ../Specify_macos/Specify\ Installer.app/Contents/Resources/app/0.dat/libs/sqlitejdbc.jar + codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --timestamp mac-universal.lib + zip -u ../Specify_macos/Specify\ Installer.app/Contents/Resources/app/0.dat/libs/sqlitejdbc.jar mac-universal.lib + cd .. + rm -rf temp_sqlitejdbc + env: + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + + - name: Re-sign the application + run: | + codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --timestamp Specify_macos/Specify\ Installer.app + env: + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + + - name: Create new DMG + run: | + hdiutil create -volname "Specify Installer" -srcfolder Specify_macos/Specify\ Installer.app -ov -format UDZO Specify_macos_signed.dmg + - name: Notarize the Mac package run: | - SUBMISSION_ID=$(xcrun notarytool submit Specify_macos/Specify_macos.dmg \ + SUBMISSION_ID=$(xcrun notarytool submit Specify_macos_signed.dmg \ --apple-id "beach@ku.edu" \ --password "$AC_PASSWORD" \ --team-id "$APPLE_TEAM_ID" \ @@ -125,13 +157,13 @@ jobs: APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - name: Staple the notarization ticket to the installer - run: xcrun stapler staple Specify_macos/Specify_macos.dmg + run: xcrun stapler staple Specify_macos_signed.dmg - name: Upload the stapled Specify_macos.dmg as artifact uses: actions/upload-artifact@v1 with: name: Specify_macos_with_ticket - path: Specify_macos/Specify_macos.dmg + path: Specify_macos_signed.dmg release: name: Create a Specify 6 release From d29e9cd9de12d9b85fe9965f8a921aca1c7c2c9b Mon Sep 17 00:00:00 2001 From: Grant Fitzsimmons <37256050+grantfitzsimmons@users.noreply.github.com> Date: Thu, 29 Aug 2024 11:45:20 -0500 Subject: [PATCH 5/6] Update build.yml --- .github/workflows/build.yml | 64 +++++++++++++++++++++++++++---------- 1 file changed, 48 insertions(+), 16 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0c043aa6e..f7b799f67 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -92,37 +92,69 @@ jobs: with: name: Specify_macos + - name: Inspect directory structure + run: | + echo "Current directory:" + pwd + echo "Contents of current directory:" + ls -R + - name: Sign binaries in JAR files run: | # For libgluegen-rt.jnilib - mkdir -p temp_gluegen - cd temp_gluegen - unzip ../Specify_macos/Specify\ Installer.app/Contents/Resources/app/0.dat/wwlibs/gluegen-rt-natives-macosx-universal.jar - codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --timestamp libgluegen-rt.jnilib - zip -u ../Specify_macos/Specify\ Installer.app/Contents/Resources/app/0.dat/wwlibs/gluegen-rt-natives-macosx-universal.jar libgluegen-rt.jnilib - cd .. - rm -rf temp_gluegen + GLUEGEN_JAR=$(find . -name "gluegen-rt-natives-macosx-universal.jar") + if [ -n "$GLUEGEN_JAR" ]; then + mkdir -p temp_gluegen + cd temp_gluegen + unzip "../$GLUEGEN_JAR" + if [ -f "libgluegen-rt.jnilib" ]; then + codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --timestamp libgluegen-rt.jnilib + zip -u "../$GLUEGEN_JAR" libgluegen-rt.jnilib + else + echo "libgluegen-rt.jnilib not found in the JAR" + fi + cd .. + rm -rf temp_gluegen + else + echo "gluegen-rt-natives-macosx-universal.jar not found" + fi # For mac-universal.lib - mkdir -p temp_sqlitejdbc - cd temp_sqlitejdbc - unzip ../Specify_macos/Specify\ Installer.app/Contents/Resources/app/0.dat/libs/sqlitejdbc.jar - codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --timestamp mac-universal.lib - zip -u ../Specify_macos/Specify\ Installer.app/Contents/Resources/app/0.dat/libs/sqlitejdbc.jar mac-universal.lib - cd .. - rm -rf temp_sqlitejdbc + SQLITE_JAR=$(find . -name "sqlitejdbc.jar") + if [ -n "$SQLITE_JAR" ]; then + mkdir -p temp_sqlitejdbc + cd temp_sqlitejdbc + unzip "../$SQLITE_JAR" + if [ -f "mac-universal.lib" ]; then + codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --timestamp mac-universal.lib + zip -u "../$SQLITE_JAR" mac-universal.lib + else + echo "mac-universal.lib not found in the JAR" + fi + cd .. + rm -rf temp_sqlitejdbc + else + echo "sqlitejdbc.jar not found" + fi env: APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - name: Re-sign the application run: | - codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --timestamp Specify_macos/Specify\ Installer.app + APP_PATH=$(find . -name "*.app" -type d) + if [ -n "$APP_PATH" ]; then + codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --timestamp "$APP_PATH" + else + echo "No .app directory found" + exit 1 + fi env: APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - name: Create new DMG run: | - hdiutil create -volname "Specify Installer" -srcfolder Specify_macos/Specify\ Installer.app -ov -format UDZO Specify_macos_signed.dmg + APP_PATH=$(find . -name "*.app" -type d) + hdiutil create -volname "Specify Installer" -srcfolder "$APP_PATH" -ov -format UDZO Specify_macos_signed.dmg - name: Notarize the Mac package run: | From bfc3083c74db068bde9af5093ede3ba19b600bd6 Mon Sep 17 00:00:00 2001 From: Grant Fitzsimmons <37256050+grantfitzsimmons@users.noreply.github.com> Date: Thu, 29 Aug 2024 13:07:09 -0500 Subject: [PATCH 6/6] Update build.yml --- .github/workflows/build.yml | 34 ++++++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f7b799f67..db83e1f7d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -98,6 +98,25 @@ jobs: pwd echo "Contents of current directory:" ls -R + echo "Searching for DMG file:" + find . -name "*.dmg" + echo "Searching for APP file:" + find . -name "*.app" -type d + + - name: Extract DMG if present + run: | + DMG_FILE=$(find . -name "*.dmg") + if [ -n "$DMG_FILE" ]; then + echo "DMG file found: $DMG_FILE" + hdiutil attach "$DMG_FILE" + MOUNT_POINT=$(hdiutil info | grep -B 1 "Specify" | grep "/Volumes/" | awk '{print $1}') + echo "Mount point: $MOUNT_POINT" + cp -R "$MOUNT_POINT"/*.app ./Specify.app + hdiutil detach "$MOUNT_POINT" + else + echo "No DMG file found" + exit 1 + fi - name: Sign binaries in JAR files run: | @@ -141,11 +160,10 @@ jobs: - name: Re-sign the application run: | - APP_PATH=$(find . -name "*.app" -type d) - if [ -n "$APP_PATH" ]; then - codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --timestamp "$APP_PATH" + if [ -d "./Specify.app" ]; then + codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --timestamp "./Specify.app" else - echo "No .app directory found" + echo "Specify.app not found" exit 1 fi env: @@ -153,8 +171,12 @@ jobs: - name: Create new DMG run: | - APP_PATH=$(find . -name "*.app" -type d) - hdiutil create -volname "Specify Installer" -srcfolder "$APP_PATH" -ov -format UDZO Specify_macos_signed.dmg + if [ -d "./Specify.app" ]; then + hdiutil create -volname "Specify Installer" -srcfolder "./Specify.app" -ov -format UDZO Specify_macos_signed.dmg + else + echo "Specify.app not found" + exit 1 + fi - name: Notarize the Mac package run: |