diff --git a/.circleci/config.yml b/.circleci/config.yml index 97f9319a6..4bd732967 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -179,9 +179,31 @@ jobs: shell: powershell.exe command: | ./scripts/windows-signing.ps1 + - persist_to_workspace: + root: './build' + paths: + - 'dist' - store_artifacts: path: './build/dist' destination: 'build/dist' + package-sign-mac: + macos: + xcode: "11.3" + working_directory: /Users/distiller/project + environment: + FL_OUTPUT_DIR: output + FASTLANE_LANE: test + shell: /bin/bash --login -o pipefail + steps: + - checkout + - attach_workspace: + at: '.' + - run: + command: | + sh ./scripts/mac-signing.sh + - store_artifacts: + path: './dist' + destination: 'build/dist' workflows: version: 2 check: @@ -253,6 +275,15 @@ workflows: - 'package-sign-windows': requires: - 'release' + filters: + tags: + only: /.*/ + - 'package-sign-mac': + requires: + - 'package-sign-windows' + filters: + tags: + only: /.*/ nightly: jobs: - 'linter' @@ -288,4 +319,4 @@ workflows: filters: branches: only: - - master \ No newline at end of file + - master diff --git a/assets/icon.icns b/assets/icon.icns new file mode 100644 index 000000000..339a8daef Binary files /dev/null and b/assets/icon.icns differ diff --git a/info.plist b/info.plist new file mode 100644 index 000000000..e1267df8c --- /dev/null +++ b/info.plist @@ -0,0 +1,16 @@ + + + + + CFBundleExecutable + telegraf_entry_mac + CFBundleIconFile + icon.icns + CFBundleIdentifier + com.influxdata.telegraf + NSHighResolutionCapable + + LSUIElement + + + \ No newline at end of file diff --git a/scripts/mac-signing.sh b/scripts/mac-signing.sh new file mode 100644 index 000000000..dc0630fc8 --- /dev/null +++ b/scripts/mac-signing.sh @@ -0,0 +1,72 @@ +# Acquire the necessary certificates. +base64 -D -o MacCertificate.p12 <<< $MacCertificate +sudo security import MacCertificate.p12 -k /Library/Keychains/System.keychain -P $MacCertificatePassword -A +base64 -D -o AppleSigningAuthorityCertificate.cer <<< $AppleSigningAuthorityCertificate +sudo security import AppleSigningAuthorityCertificate.cer -k '/Library/Keychains/System.keychain' -A + +# Extract the built mac binary and sign it. +cd dist +tarFile=$(find . -name "*darwin_amd64.tar*") +tar -xzvf $tarFile +baseName=$(basename $tarFile .tar.gz) +cd $(find . -name "*telegraf-*" -type d) +cd usr/bin +codesign -s "Developer ID Application: InfluxData Inc. (M7DN9H35QT)" --timestamp --options=runtime telegraf +codesign -v telegraf + +# Reset back out to the main directory. +cd +cd project/dist +extractedFolder=$(find . -name "*telegraf-*" -type d) + +# Sign the 'telegraf entry' script, which is required to open Telegraf upon opening the .app bundle. +codesign -s "Developer ID Application: InfluxData Inc. (M7DN9H35QT)" --timestamp --options=runtime ../scripts/telegraf_entry_mac +codesign -v ../scripts/telegraf_entry_mac + +# Create the .app bundle. +mkdir Telegraf +cd Telegraf +mkdir Contents +cd Contents +mkdir MacOS +mkdir Resources +cd ../.. +cp ../info.plist Telegraf/Contents +cp -R "$extractedFolder"/ Telegraf/Contents/Resources +cp ../scripts/telegraf_entry_mac Telegraf/Contents/MacOS +cp ../assets/icon.icns Telegraf/Contents/Resources +chmod +x Telegraf/Contents/MacOS/telegraf_entry_mac +mv Telegraf Telegraf.app + +# Sign the entire .app bundle, and wrap it in a DMG. +codesign -s "Developer ID Application: InfluxData Inc. (M7DN9H35QT)" --timestamp --options=runtime --deep --force Telegraf.app +hdiutil create -size 500m -volname Telegraf -srcfolder Telegraf.app "$baseName".dmg +codesign -s "Developer ID Application: InfluxData Inc. (M7DN9H35QT)" --timestamp --options=runtime "$baseName".dmg + +# Send the DMG to be notarized. +uuid=$(xcrun altool --notarize-app --primary-bundle-id "com.influxdata.telegraf" --username "$AppleUsername" --password "$ApplePassword" --file "$baseName".dmg | awk '/RequestUUID/ { print $NF; }') +echo $uuid +if [[ $uuid == "" ]]; then + echo "Could not upload for notarization." + exit 1 +fi + +# Wait until the status returns something other than 'in progress'. +request_status="in progress" +while [[ "$request_status" == "in progress" ]]; do + sleep 10 + request_status=$(xcrun altool --notarization-info $uuid --username "$AppleUsername" --password "$ApplePassword" 2>&1 | awk -F ': ' '/Status:/ { print $2; }' ) +done + +if [[ $request_status != "success" ]]; then + echo "Failed to notarize." + exit 1 +fi + +# Attach the notarization to the DMG. +xcrun stapler staple "$baseName".dmg +rm -rf Telegraf.app +rm -rf $extractedFolder +ls + +echo "Signed and notarized!" diff --git a/scripts/telegraf_entry_mac b/scripts/telegraf_entry_mac new file mode 100644 index 000000000..2031d6c1f --- /dev/null +++ b/scripts/telegraf_entry_mac @@ -0,0 +1,13 @@ +#!/bin/bash +currentDir="$( cd "$(dirname "$0")" ; pwd -P )" + +if [[ $currentDir == *"AppTranslocation"* || $currentDir == *"Volumes"* ]]; then + osascript -e "display alert \"Please copy Telegraf to somewhere on your machine. It can't be run from the image.\" as critical" +else + cd $currentDir + osascript<