Skip to content

Commit

Permalink
resources: Update macos release scripts
Browse files Browse the repository at this point in the history
  • Loading branch information
aveenismail committed Nov 30, 2023
1 parent 563e0c3 commit 04e914a
Show file tree
Hide file tree
Showing 2 changed files with 58 additions and 62 deletions.
41 changes: 25 additions & 16 deletions .github/workflows/macos_release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
RELEASE_VERSION: 2.3.1
steps:
- name: checkout
uses: actions/checkout@v2
uses: actions/checkout@v3

- name: Install prerequisites
run: |
Expand All @@ -22,68 +22,77 @@ jobs:
run: |
set -x
./resources/make_src_dist.sh $RELEASE_VERSION
cd ..
mkdir artifact
mv $GITHUB_WORKSPACE/yubico-piv-tool-$RELEASE_VERSION.tar.gz artifact/
mkdir $GITHUB_WORKSPACE/artifact
mv $GITHUB_WORKSPACE/yubico-piv-tool-$RELEASE_VERSION.tar.gz $GITHUB_WORKSPACE/artifact/
ls $GITHUB_WORKSPACE/artifact/
- name: Upload artifact
uses: actions/upload-artifact@v1
uses: actions/upload-artifact@v3
with:
name: yubico-piv-tool-src
path: ../artifact
path: artifact

job_2:
name: Build pkg from source
needs: job_1
runs-on: macos-latest
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
- os: macos-latest
arch: amd
- os: macos-latest-xlarge
arch: arm
env:
RELEASE_VERSION: 2.3.1
SO_VERSION: 2
steps:
- name: Download source from job_1
uses: actions/download-artifact@v1
uses: actions/download-artifact@v3
with:
name: yubico-piv-tool-src

- name: Extract source
run: |
set -x
cd yubico-piv-tool-src
tar xf yubico-piv-tool-$RELEASE_VERSION.tar.gz
- name: Install prerequisites
run: |
set -x
brew install pkg-config check gengetopt help2man
brew install pkg-config check gengetopt help2man openssl
- name: Build MacOS binaries
env:
ARCH: ${{ matrix.arch }}
run: |
set -x
export INSTALL_PREFIX=/usr/local
cd yubico-piv-tool-src/yubico-piv-tool-$RELEASE_VERSION
./resources/macos/make_release_binaries.sh $RELEASE_VERSION $SO_VERSION $INSTALL_PREFIX
cd yubico-piv-tool-$RELEASE_VERSION
./resources/macos/make_release_binaries.sh $ARCH $RELEASE_VERSION $SO_VERSION $INSTALL_PREFIX
mkdir $GITHUB_WORKSPACE/artifact
mv resources/macos/yubico-piv-tool-$RELEASE_VERSION-mac.zip $GITHUB_WORKSPACE/artifact/
- name: Create installer
run: |
set -x
cd yubico-piv-tool-src/yubico-piv-tool-$RELEASE_VERSION
cd yubico-piv-tool-$RELEASE_VERSION
./resources/macos/make_installer.sh $RELEASE_VERSION $GITHUB_WORKSPACE/artifact/yubico-piv-tool-$RELEASE_VERSION-mac.zip
- name: Install yubico-piv-tool from installer
run: |
set -x
cd yubico-piv-tool-src/yubico-piv-tool-$RELEASE_VERSION/resources/macos
cd yubico-piv-tool-$RELEASE_VERSION/resources/macos
sudo installer -verbose -store -pkg "$PWD/yubico-piv-tool-$RELEASE_VERSION.pkg" -target /
yubico-piv-tool --help | grep "Usage: yubico-piv-tool"
cp $PWD/yubico-piv-tool-$RELEASE_VERSION.pkg $GITHUB_WORKSPACE/artifact/
- name: Upload artifact
uses: actions/upload-artifact@v1
uses: actions/upload-artifact@v3
with:
name: yubico-piv-tool-mac
name: yubico-piv-tool-mac-${{ matrix.arch }}64
path: artifact
79 changes: 33 additions & 46 deletions resources/macos/make_release_binaries.sh
Original file line number Diff line number Diff line change
@@ -1,20 +1,22 @@
#!/bin/bash
# Script to produce an OS X binaries
# This script has to be run from the source directory
if [ "$#" -ne 3 ]; then
if [ "$#" -ne 4 ]; then
echo "This script build the binaries to be installed on a MacOS. This script should be run from the main project directory"
echo ""
echo " Usage: ./resources/macos/make_release_binaries.sh <Release version> <SO version> <Value of CMAKE_INSTALL_PREFIX>"
echo "";
echo " Usage: ./resources/macos/make_release_binaries.sh <Arch> <Release version> <SO version> <Value of CMAKE_INSTALL_PREFIX>"
echo ""
echo "Arch : 'amd' or 'arm'"
echo "Release version : Full yubico-piv-tool version, tex 2.1.0"
echo "SO version : The version of the ykpiv library, tex 2"
echo "Value of CMAKE_INSTALL_PREFIX : The value of the CMAKE_INSTALL_PREFIX, tex /usr/local. Can be displayed by running 'cmake -L | grep CMAKE_INSTALL_PREFIX'"
exit 0
fi

VERSION=$1 # Full yubico-piv-tool version, tex 2.1.0
SO_VERSION=$2
CMAKE_INSTALL_PREFIX=$3 # The value of the CMAKE_INSTALL_PREFIX, tex /usr/local. Can be displayed by running "cmake -L | grep CMAKE_INSTALL_PREFIX"
ARCH = $1
VERSION=$2 # Full yubico-piv-tool version, tex 2.1.0
SO_VERSION=$3
CMAKE_INSTALL_PREFIX=$4 # The value of the CMAKE_INSTALL_PREFIX, tex /usr/local. Can be displayed by running "cmake -L | grep CMAKE_INSTALL_PREFIX"

echo "Release version : $VERSION"
echo "SO version: $SO_VERSION"
Expand All @@ -23,6 +25,18 @@ echo "Working directory: $PWD"

set -x

if [ "$ARCH" == "amd" ]; then
BREW_LIB="/usr/local/opt"
#BREW_CELLAR="/usr/local/Cellar"
elif [ "$ARCH" == "arm" ]; then
BREW_LIB="/opt/homebrew/opt"
#BREW_CELLAR="/opt/homebrew/Cellar"
else
echo "Unknown architecture"
exit
fi


PACKAGE=yubico-piv-tool
OPENSSLVERSION=1.1.1f
CFLAGS="-mmacosx-version-min=10.6"
Expand All @@ -42,53 +56,26 @@ LICENSE_DIR=$PKG_DIR/licenses
rm -rf $PKG_DIR
mkdir -p $PKG_DIR $INSTALL_DIR $BUILD_DIR $LICENSE_DIR $FINAL_INSTALL_DIR

cd $PKG_DIR

# Download openssl if it's not already in this directory
if [ ! -f $MAC_DIR/openssl-$OPENSSLVERSION.tar.gz ]
then
curl -L -O "https://www.openssl.org/source/openssl-$OPENSSLVERSION.tar.gz"
else
echo Using already existing openssl-$OPENSSLVERSION.tar.gz
cp $MAC_DIR/openssl-$OPENSSLVERSION.tar.gz .
fi

# unpack and install openssl into its remporary root
tar xfz openssl-$OPENSSLVERSION.tar.gz
cd openssl-$OPENSSLVERSION
./Configure darwin64-x86_64-cc shared no-ssl2 no-ssl3 --prefix=$FINAL_INSTALL_DIR $CFLAGS
make all install_sw VERSION="$OPENSSLVERSION"

# Copy the OpenSSL license to include it in the installer
cp LICENSE $LICENSE_DIR/openssl.txt

# Removed unused OpenSSL files
rm -rf $FINAL_INSTALL_DIR/ssl
rm -rf $FINAL_INSTALL_DIR/bin
rm -rf $FINAL_INSTALL_DIR/lib/engines*
rm -rf $FINAL_INSTALL_DIR/lib/libssl*
rm $FINAL_INSTALL_DIR/lib/pkgconfig/libssl.pc
rm $FINAL_INSTALL_DIR/lib/pkgconfig/openssl.pc

# Build yubico-piv-tool and install it in $INSTALL_DIR
cd $BUILD_DIR
CFLAGS=$CFLAGS PKG_CONFIG_PATH=$FINAL_INSTALL_DIR/lib/pkgconfig cmake $SOURCE_DIR -DCMAKE_BUILD_TYPE=Release
CFLAGS=$CFLAGS PKG_CONFIG_PATH=$BREW_LIB/openssl/lib/pkgconfig cmake $SOURCE_DIR -DCMAKE_BUILD_TYPE=Release
make
env DESTDIR="$INSTALL_DIR" make install;

# Remove OpenSSL pkgconfig files. Now we've build yubico-piv-tool and not longer need them
rm -rf $FINAL_INSTALL_DIR/lib/pkgconfig
cp "$BREW_LIB/openssl/lib/libcrypto.3.dylib" "$FINAL_INSTALL_DIR/lib"
chmod +w "$FINAL_INSTALL_DIR/lib/libcrypto.3.dylib"
cp -r $BREW_LIB/openssl/include/openssl "$FINAL_INSTALL_DIR/include"

# Fix paths
chmod u+w $FINAL_INSTALL_DIR/lib/libcrypto.1.1.dylib
install_name_tool -id @loader_path/libcrypto.1.1.dylib $FINAL_INSTALL_DIR/lib/libcrypto.1.1.dylib
install_name_tool -id @loader_path/libykpiv.$SO_VERSION.dylib $FINAL_INSTALL_DIR/lib/libykpiv.$SO_VERSION.dylib
install_name_tool -id @loader_path/libykcs11.$SO_VERSION.dylib $FINAL_INSTALL_DIR/lib/libykcs11.$SO_VERSION.dylib
install_name_tool -change $FINAL_INSTALL_DIR/lib/libcrypto.1.1.dylib @loader_path/libcrypto.1.1.dylib $FINAL_INSTALL_DIR/lib/libykpiv.$SO_VERSION.dylib
install_name_tool -change $FINAL_INSTALL_DIR/lib/libcrypto.1.1.dylib @loader_path/libcrypto.1.1.dylib $FINAL_INSTALL_DIR/lib/libykcs11.$SO_VERSION.dylib
install_name_tool -change $FINAL_INSTALL_DIR/lib/libcrypto.1.1.dylib @executable_path/../lib/libcrypto.1.1.dylib $FINAL_INSTALL_DIR/bin/yubico-piv-tool
install_name_tool -change $FINAL_INSTALL_DIR/lib/libykpiv.$SO_VERSION.dylib @loader_path/libykpiv.$SO_VERSION.dylib $FINAL_INSTALL_DIR/lib/libykcs11.$SO_VERSION.dylib
install_name_tool -change $FINAL_INSTALL_DIR/lib/libykpiv.$SO_VERSION.dylib @executable_path/../lib/libykpiv.$SO_VERSION.dylib $FINAL_INSTALL_DIR/bin/yubico-piv-tool;
install_name_tool -id "@loader_path/../lib/libcrypto.3.dylib" "$FINAL_INSTALL_DIR/lib/libcrypto.3.dylib"

install_name_tool -change $BREW_LIB/openssl@3/lib/libcrypto.3.dylib @loader_path/../lib/libcrypto.3.dylib $FINAL_INSTALL_DIR/lib/libykpiv.$VERSION.dylib
install_name_tool -change $BREW_LIB/openssl@3/lib/libcrypto.3.dylib @loader_path/../lib/libcrypto.3.dylib $FINAL_INSTALL_DIR/lib/libykcs11.$VERSION.dylib
install_name_tool -change $BREW_LIB/openssl@3/lib/libcrypto.3.dylib @loader_path/../lib/libcrypto.3.dylib $FINAL_INSTALL_DIR/bin/yubico-piv-tool

install_name_tool -rpath "$FINAL_INSTALL_DIR/lib" "@loader_path/../lib" "$FINAL_INSTALL_DIR/bin/yubihsm-shell"

if otool -L $FINAL_INSTALL_DIR/lib/*.dylib $FINAL_INSTALL_DIR/bin/* | grep '$FINAL_INSTALL_DIR' | grep -q compatibility; then
echo "something is incorrectly linked!";
exit 1;
Expand All @@ -100,7 +87,7 @@ cp COPYING $LICENSE_DIR/$PACKAGE.txt
mv $LICENSE_DIR $FINAL_INSTALL_DIR/

cd $INSTALL_DIR
zip -r $MAC_DIR/$PACKAGE-$VERSION-mac.zip .
zip -r $MAC_DIR/$PACKAGE-$VERSION-mac-$ARCH.zip .

cd $MAC_DIR
rm -rf $PKG_DIR

0 comments on commit 04e914a

Please sign in to comment.