131 lines
4.3 KiB
Bash
Executable File
131 lines
4.3 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
set -euo pipefail
|
|
|
|
if [[ "$(uname)" != "Darwin" ]] ; then
|
|
echo "This should be run on macOS"
|
|
exit 1
|
|
fi
|
|
|
|
go version
|
|
export GO111MODULE=on
|
|
|
|
# build 'cloudflared-darwin-amd64.tgz'
|
|
mkdir -p artifacts
|
|
FILENAME="$(pwd)/artifacts/cloudflared-darwin-amd64.tgz"
|
|
PKGNAME="$(pwd)/artifacts/cloudflared-amd64.pkg"
|
|
TARGET_DIRECTORY=".build"
|
|
BINARY_NAME="cloudflared"
|
|
VERSION=$(git describe --tags --always --dirty="-dev")
|
|
PRODUCT="cloudflared"
|
|
CODE_SIGN_PRIV="code_sign.pk12"
|
|
CODE_SIGN_CERT="code_sign.cer"
|
|
INSTALLER_PRIV="installer.pk12"
|
|
INSTALLER_CERT="installer.cer"
|
|
export PATH="$PATH:/usr/local/bin"
|
|
mkdir -p ../src/github.com/cloudflare/
|
|
cp -r . ../src/github.com/cloudflare/cloudflared
|
|
cd ../src/github.com/cloudflare/cloudflared
|
|
GOCACHE="$PWD/../../../../" GOPATH="$PWD/../../../../" CGO_ENABLED=1 make cloudflared
|
|
|
|
# TODO: AUTH-2653 - The CFD_CODE_SIGN_KEY and CFD_INSTALLER_KEY are "doubly" gpg encrypted.
|
|
# this needs to be fixed, but I don't have access to the keys to do it.
|
|
# The private keys are on from Dane's laptop
|
|
|
|
# # Add code signing private key to the key chain
|
|
# if [[ -n "${CFD_CODE_SIGN_KEY:-}" ]]; then
|
|
# if [[ -n "${CFD_CODE_SIGN_PASS:-}" ]]; then
|
|
# # write private key to disk and then import it keychain
|
|
# echo -n -e ${CFD_CODE_SIGN_KEY} | base64 -D > ${CODE_SIGN_PRIV}
|
|
# security import ${CODE_SIGN_PRIV} -A -P "${CFD_CODE_SIGN_PASS}"
|
|
# rm ${CODE_SIGN_PRIV}
|
|
# fi
|
|
# fi
|
|
|
|
# # Add code signing certificate to the key chain
|
|
# if [[ -n "${CFD_CODE_SIGN_CERT:-}" ]]; then
|
|
# # write certificate to disk and then import it keychain
|
|
# echo -n -e ${CFD_CODE_SIGN_CERT} | base64 -D > ${CODE_SIGN_CERT}
|
|
# security import ${CODE_SIGN_CERT}
|
|
# rm ${CODE_SIGN_CERT}
|
|
# fi
|
|
|
|
# # Add package signing private key to the key chain
|
|
# if [[ -n "${CFD_INSTALLER_KEY:-}" ]]; then
|
|
# if [[ -n "${CFD_INSTALLER_PASS:-}" ]]; then
|
|
# # write private key to disk and then import it into the keychain
|
|
# echo -n -e ${CFD_INSTALLER_KEY} | base64 -D > ${INSTALLER_PRIV}
|
|
# security import ${INSTALLER_PRIV} -A -P "${CFD_INSTALLER_PASS}"
|
|
# rm ${INSTALLER_PRIV}
|
|
# fi
|
|
# fi
|
|
|
|
# # Add package signing certificate to the key chain
|
|
# if [[ -n "${CFD_INSTALLER_CERT:-}" ]]; then
|
|
# # write certificate to disk and then import it keychain
|
|
# echo -n -e ${CFD_INSTALLER_CERT} | base64 -D > ${INSTALLER_CERT}
|
|
# security import ${INSTALLER_CERT}
|
|
# rm ${INSTALLER_CERT}
|
|
# fi
|
|
|
|
# # get the code signing certificate name
|
|
# if [[ -n "${CFD_CODE_SIGN_NAME:-}" ]]; then
|
|
# CODE_SIGN_NAME="${CFD_CODE_SIGN_NAME}"
|
|
# else
|
|
# if [[ -n "$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Application:")" ]]; then
|
|
# CODE_SIGN_NAME=$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Application:")
|
|
# else
|
|
# CODE_SIGN_NAME=""
|
|
# fi
|
|
# fi
|
|
|
|
# # get the package signing certificate name
|
|
# if [[ -n "${CFD_INSTALLER_NAME:-}" ]]; then
|
|
# PKG_SIGN_NAME="${CFD_INSTALLER_NAME}"
|
|
# else
|
|
# if [[ -n "$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Installer:")" ]]; then
|
|
# PKG_SIGN_NAME=$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Installer:")
|
|
# else
|
|
# PKG_SIGN_NAME=""
|
|
# fi
|
|
# fi
|
|
|
|
# # sign the cloudflared binary
|
|
# if [[ -n "${CODE_SIGN_NAME:-}" ]]; then
|
|
# codesign -s "${CODE_SIGN_NAME}" -f -v --timestamp --options runtime ${BINARY_NAME}
|
|
# fi
|
|
|
|
|
|
# creating build directory
|
|
mkdir "${TARGET_DIRECTORY}"
|
|
mkdir "${TARGET_DIRECTORY}/contents"
|
|
cp -r ".mac_resources/scripts" "${TARGET_DIRECTORY}/scripts"
|
|
|
|
# copy cloudflared into the build directory
|
|
cp ${BINARY_NAME} "${TARGET_DIRECTORY}/contents/${PRODUCT}"
|
|
|
|
# compress cloudflared into a tar and gzipped file
|
|
tar czf "$FILENAME" "${BINARY_NAME}"
|
|
|
|
# build the installer package
|
|
if [[ -n "${PKG_SIGN_NAME:-}" ]]; then
|
|
pkgbuild --identifier com.cloudflare.${PRODUCT} \
|
|
--version ${VERSION} \
|
|
--scripts ${TARGET_DIRECTORY}/scripts \
|
|
--root ${TARGET_DIRECTORY}/contents \
|
|
--install-location /usr/local/bin \
|
|
--sign "${PKG_SIGN_NAME}" \
|
|
${PKGNAME}
|
|
else
|
|
pkgbuild --identifier com.cloudflare.${PRODUCT} \
|
|
--version ${VERSION} \
|
|
--scripts ${TARGET_DIRECTORY}/scripts \
|
|
--root ${TARGET_DIRECTORY}/contents \
|
|
--install-location /usr/local/bin \
|
|
${PKGNAME}
|
|
fi
|
|
|
|
|
|
# cleaning up the build directory
|
|
rm -rf $TARGET_DIRECTORY
|