add a script to build the dmg from a tar file containing the signed app

.github/workflows/upload-dmg.yml

@@ -29,17 +29,9 @@ jobs:
             run: |
               APP_URL=$( [ "${{ matrix.arch }}" == "arm64" ] && echo "${{  github.event.inputs.arm-signed-archive-url }}" || echo "${{  github.event.inputs.signed-archive-url }}" )
               curl -O $APP_URL
-              tar -xf *.tgz
-              # move PharoLauncher.app to the current directory
-              find . -name PharoLauncher.app -print0 | xargs -0 -I{} mv {} .
-              chmod +x PharoLauncher.app/Contents/MacOS/Pharo PharoLauncher.app/Contents/Resources/pharo-launcher || true
-              mv mac-installer-background.png background.png
-              ARCHITECTURE=${{ matrix.arch }} VERSION=${{ github.event.inputs.pharo-launcher-version }} APP_NAME=PharoLauncher SHOULD_SIGN=false ./mac/build-dmg.sh
-              generated_dmg=$(echo *.dmg)
-              mv "$generated_dmg" "PharoLauncher-${{ github.event.inputs.pharo-launcher-version }}.dmg"
-              generated_dmg=$(echo *.dmg)
-              md5 "$generated_dmg" > "$generated_dmg.md5sum"
-    
+              SIGNED_TAR_FILE=$(echo *.tar)
+              ./mac/build-dmg-from-tar.sh --arch ${{ matrix.arch }} --version ${{ github.event.inputs.pharo-launcher-version }} $SIGNED_TAR_FILE
+
           - uses: actions/upload-artifact@v4
             with:
                 name: PharoLauncher-mac-installer-${{ github.event.inputs.pharo-launcher-version }}-${{ matrix.arch == '64' && 'x64' || matrix.arch }}

mac/build-dmg-from-tar.sh

@@ -0,0 +1,76 @@
+#!/usr/bin/env bash
+
+set -ex
+
+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+
+# Default values
+ARCH=""
+VERSION=""
+TAR_FILE=""
+
+# Function to show usage
+usage() {
+    echo "Usage: $0 --arch <architecture> --version <version> <tar-file>"
+    exit 1
+}
+
+# Parse arguments
+while [[ "$#" -gt 0 ]]; do
+    case "$1" in
+        --arch)
+            ARCH="$2"
+            shift 2
+            ;;
+        --version)
+            VERSION="$2"
+            shift 2
+            ;;
+        --help)
+            usage
+            ;;
+        *)
+            if [[ -z "$TAR_FILE" ]]; then
+                TAR_FILE="$1"
+            else
+                echo "Unexpected argument: $1"
+                usage
+            fi
+            shift
+            ;;
+    esac
+done
+
+# Validate inputs
+if [[ -z "$ARCH" || -z "$VERSION" || -z "$TAR_FILE" ]]; then
+    echo "Error: Missing required arguments."
+    usage
+fi
+
+if [[ ! -f "$TAR_FILE" ]]; then
+    echo "Error: TAR file does not exist."
+    exit 1
+fi
+
+move_pharo_launcher_app_to_the_current_directory() {
+  find . -name PharoLauncher.app -print0 | xargs -0 -I{} mv {} .
+}
+
+clean_up() {
+  echo "Cleaning up temporary files."
+  rm -rf "$TMP_DIR"
+}
+
+TMP_DIR=$(mktemp -d)
+tar -xf "$TAR_FILE" -C "$TMP_DIR"
+pushd "$TMP_DIR"
+move_pharo_launcher_app_to_the_current_directory
+chmod +x PharoLauncher.app/Contents/MacOS/Pharo PharoLauncher.app/Contents/Resources/pharo-launcher || true
+ARCHITECTURE=$ARCH VERSION=$VERSION APP_NAME=PharoLauncher "$SCRIPT_DIR"/build-dmg.sh
+generated_dmg=$(echo *.dmg)
+popd
+mv "$TMP_DIR"/"$generated_dmg" "PharoLauncher-${VERSION}-${ARCH}.dmg"
+generated_dmg=$(echo *.dmg)
+md5 "$generated_dmg" > "$generated_dmg.md5sum"
+echo "DMG created: $generated_dmg"
+clean_up

mac/build-dmg.sh

@@ -6,7 +6,7 @@ set -ex
 # application in /Applications.
 
 # I can be run independently of the whole Pharo Launcher app building.
-# e.g. DMG_BACKGROUND_IMG=~/dev/rmod/pharo-launcher/mac-installer-background.png VERSION=2b89478 APP_NAME=PharoLauncher SHOULD_SIGN=false ~/dev/rmod/pharo-launcher/mac/build-dmg.sh
+# e.g. VERSION=2b89478 APP_NAME=PharoLauncher build-dmg.sh
 
 # This script is taken from Andy Maloney
 # http://asmaloney.com/2013/07/howto/packaging-a-mac-os-x-application-using-a-dmg/
@@ -15,7 +15,7 @@ set -ex
 # At some point, I could replace this script with https://github.com/LinusU/node-appdmg
 readonly APP_NAME=${APP_NAME:-"Pharo"}
 readonly VERSION=${VERSION:-"3.0.0"}
-DMG_BACKGROUND_IMG=${DMG_BACKGROUND_IMG:-"background.png"}
+DMG_BACKGROUND_IMG=${DMG_BACKGROUND_IMG:-"mac-installer-background.png"}
 
 # Indicate the vertical pixel where the icons (Pharo and Applications)
 # will be positioned
@@ -33,12 +33,12 @@ check_background_image_DPI_and_convert_it_if_not_72_by_72() {
     if [ $(echo " $_BACKGROUND_IMAGE_DPI_H != 72.0 " | bc) -eq 1 -o $(echo " $_BACKGROUND_IMAGE_DPI_W != 72.0 " | bc) -eq 1 ]; then
        echo "WARNING: The background image's DPI is not 72.  This will result in distorted backgrounds on Mac OS X 10.7+."
        echo "         I will convert it to 72 DPI for you."
-       
+
        local _DMG_BACKGROUND_BASENAME="${DMG_BACKGROUND_IMG##*/}"
        local _DMG_BACKGROUND_TMP="${_DMG_BACKGROUND_BASENAME%.*}"_dpifix."${DMG_BACKGROUND_IMG##*.}"
 
        sips -s dpiWidth 72 -s dpiHeight 72 ${DMG_BACKGROUND_IMG} --out ${_DMG_BACKGROUND_TMP}
-       
+
        DMG_BACKGROUND_IMG="${_DMG_BACKGROUND_TMP}"
     fi
 }
@@ -56,7 +56,7 @@ copy_over_the_stuff_we_want_in_the_final_disk_image_to_our_staging_dir() {
 compute_dmg_size() {
     # figure out how big our DMG needs to be
     #  assumes our contents are at least 1M!
-    SIZE=`du -sh "${STAGING_DIR}" | sed 's/\([0-9\.]*\)M\(.*\)/\1/'` 
+    SIZE=`du -sh "${STAGING_DIR}" | sed 's/\([0-9\.]*\)M\(.*\)/\1/'`
     SIZE=`echo "${SIZE} + 2.0" | bc | awk '{print int($1+0.5)}'`
 
     if [ $? -ne 0 ]; then
@@ -65,55 +65,6 @@ compute_dmg_size() {
     fi
 }
 
-function sign_mac_app() {
-  # This function expects that following environment variables are available:
-  # - PHARO_CERT_PASSWORD
-  # - PHARO_SIGN_IDENTITY
-  local keychain_name=macos-ci-build.keychain
-  local keychain_password=ci
-  local app_dir=$1
-  local cert_pass=${PHARO_CERT_PASSWORD}
-  local pharo_sign_password=${PHARO_CERT_PASSWORD}
-  local sign_identity=${PHARO_SIGN_IDENTITY}
-
-  # Get and Uncompress certificates
-  local deploy_dir="./deploy"
-  wget --quiet --directory-prefix="${deploy_dir}" https://github.com/OpenSmalltalk/opensmalltalk-vm/raw/Cog/deploy/pharo/pharo.cer.enc
-  wget --quiet --directory-prefix="${deploy_dir}" https://github.com/OpenSmalltalk/opensmalltalk-vm/raw/Cog/deploy/pharo/pharo.p12.enc
-  local path_cer="${deploy_dir}/pharo.cer"
-  local path_p12="${deploy_dir}/pharo.p12"
-  openssl aes-256-cbc -k "${pharo_sign_password}" -in "${path_cer}.enc" -out "${path_cer}" -d
-  openssl aes-256-cbc -k "${pharo_sign_password}" -in "${path_p12}.enc" -out "${path_p12}" -d
-
-  echo "Signing app bundle..."
-  # Set up keychain
-  security delete-keychain "${keychain_name}" || true
-  security create-keychain -p ${keychain_password} "${keychain_name}"
-  # add keychain to the search list
-  security list-keychains -d user -s "${keychain_name}"
-  security default-keychain -s "${keychain_name}"
-  security unlock-keychain -p ${keychain_password} "${keychain_name}"
-  security set-keychain-settings -t 3600 -u "${keychain_name}"
-  # Importing certificate
-  security import "${path_cer}" -k ~/Library/Keychains/"${keychain_name}" -T /usr/bin/codesign
-  # Importing identity
-  security import "${path_p12}" -k ~/Library/Keychains/"${keychain_name}" -P "${cert_pass}" -T /usr/bin/codesign
-  # Set ACL on keychain. To avoid to get codesign to yield an errSecInternalComponent you need to get the partition list (ACLs) correct.
-  # See https://code-examples.net/en/q/1344e6a
-  security set-key-partition-list -S apple-tool:,apple: -s -k ${keychain_password} "${keychain_name}"
-  # debug
-  echo "${sign_identity}" >> "id.txt"
-  # Invoke codesign
-  if [[ -d "${app_dir}/Contents/MacOS/Plugins" ]]; then # Pharo.app does not (yet) have its plugins in Resources dir
-    rm -rf "${app_dir}/Contents/MacOS/Plugins/pkgconfig" # Should be fixed in VM build
-    codesign -s "${sign_identity}" --keychain "${keychain_name}" --force --deep "${app_dir}/Contents/MacOS/Plugins/"*
-  fi
-  codesign -s "${sign_identity}"  --keychain "${keychain_name}" --force --deep "${app_dir}"
-  # Remove sensitive files again
-  rm -rf "${path_cer}" "${path_p12}"
-  security delete-keychain "${keychain_name}"
-}
-
 create_the_temp_DMG_file() {
     hdiutil create -srcfolder "${STAGING_DIR}" -volname "${VOL_NAME}" -fs HFS+ \
           -fsargs "-c c=64,a=16,e=16" -format UDRW -size ${SIZE}M "${DMG_TMP}"
@@ -192,9 +143,6 @@ check_background_image_DPI_and_convert_it_if_not_72_by_72
 clear_out_any_old_data
 copy_over_the_stuff_we_want_in_the_final_disk_image_to_our_staging_dir
 compute_dmg_size
-if [ "$SHOULD_SIGN" = true ] ; then
-  sign_mac_app "${STAGING_DIR}"/"${APP_NAME}.app"
-fi
 create_the_temp_DMG_file
 mount_temp_DMG_and_save_the_device
 add_a_link_to_the_Applications_dir