#!/bin/bash set -euo pipefail if [[ "$(uname)" != "Darwin" ]] ; then echo "This should be run on macOS" exit 1 fi go version export GO111MODULE=on # build 'cloudflared-darwin-amd64.tgz' mkdir -p artifacts FILENAME="$(pwd)/artifacts/cloudflared-darwin-amd64.tgz" PKGNAME="$(pwd)/artifacts/cloudflared-amd64.pkg" TARGET_DIRECTORY=".build" BINARY_NAME="cloudflared" VERSION=$(git describe --tags --always --dirty="-dev") PRODUCT="cloudflared" CODE_SIGN_PRIV="code_sign.pk12" CODE_SIGN_CERT="code_sign.cer" INSTALLER_PRIV="installer.pk12" INSTALLER_CERT="installer.cer" export PATH="$PATH:/usr/local/bin" mkdir -p ../src/github.com/cloudflare/ cp -r . ../src/github.com/cloudflare/cloudflared cd ../src/github.com/cloudflare/cloudflared GOCACHE="$PWD/../../../../" GOPATH="$PWD/../../../../" CGO_ENABLED=1 make cloudflared # Add code signing private key to the key chain if [[ -z "${CFD_CODE_SIGN_KEY}" ]]; then # write private key to disk and then import it keychain echo -n -e ${CFD_CODE_SIGN_KEY} | base64 -D > ${CODE_SIGN_PRIV} security import ${CODE_SIGN_PRIV} -A -P "${CFD_CODE_SIGN_PASS}" rm ${CODE_SIGN_PRIV} else exit 1 fi # Add code signing certificate to the key chain if [[ -z "${CFD_CODE_SIGN_CERT}" ]]; then # write certificate to disk and then import it keychain echo -n -e ${CFD_CODE_SIGN_CERT} | base64 -D > ${CODE_SIGN_CERT} security import ${CODE_SIGN_CERT} rm ${CODE_SIGN_CERT} else exit 1 fi # Add package signing private key to the key chain if [[ -z "${CFD_INSTALLER_KEY}" ]]; then # write private key to disk and then import it into the keychain echo -n -e ${CFD_INSTALLER_KEY} | base64 -D > ${INSTALLER_PRIV} security import ${INSTALLER_PRIV} -A -P "${CFD_INSTALLER_PASS}" rm ${INSTALLER_PRIV} else exit 1 fi # Add package signing certificate to the key chain if [[ -z "${CFD_INSTALLER_CERT}" ]]; then # write certificate to disk and then import it keychain echo -n -e ${CFD_INSTALLER_CERT} | base64 -D > ${INSTALLER_CERT} security import ${INSTALLER_CERT} rm ${INSTALLER_CERT} else exit 1 fi # get the code signing certificate name if [[ -z "${CFD_CODE_SIGN_NAME}" ]]; then CODE_SIGN_NAME=$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Application:") else CODE_SIGN_NAME="${CFD_CODE_SIGN_NAME}" fi # get the package signing certificate name if [[ -z "${CFD_INSTALLER_NAME}" ]]; then PKG_SIGN_NAME=$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Installer:") else PKG_SIGN_NAME="${CFD_INSTALLER_NAME}" fi # sign the cloudflared binary codesign -s "${CODE_SIGN_NAME}" -f -v --timestamp --options runtime ${BINARY_NAME} # creating build directory mkdir ${TARGET_DIRECTORY} mkdir ${TARGET_DIRECTORY}/contents cp -r .mac_resources/scripts ${TARGET_DIRECTORY}/scripts # copy cloudflared into the build directory cp ${BINARY_NAME} {$TARGET_DIRECTORY}/contents/${PRODUCT} # compress cloudflared into a tar and gzipped file tar czf "$FILENAME" ${BINARY_NAME} # build the installer package pkgbuild --identifier com.cloudflare.${PRODUCT} \ --version ${VERSION} \ --scripts ${TARGET_DIRECTORY}/scripts \ --root ${TARGET_DIRECTORY}/contents \ --install-location /usr/local/bin \ --sign "${PKG_SIGN_NAME}" \ ${PKGNAME} # cleaning up the build directory rm -rf $TARGET_DIRECTORY