tools/mac/scripts: minor improvements

* don't move into itself
* use `PKG_NAME` variable instead of `${APP_NAME}.pkg`
* cleanup sign.sh
* add `SCRIPT_VERBOSE` env variable to control `set -x`

(cherry picked from commit 45a9853b23)

jb/project/tools/mac/scripts/notarize.sh

@@ -2,6 +2,7 @@
 
 #immediately exit script with an error if a command fails
 set -euo pipefail
+[[ "${SCRIPT_VERBOSE:-}" == "1" ]] && set -x
 
 APP_PATH=$1
 

jb/project/tools/mac/scripts/sign.sh

@@ -1,10 +1,16 @@
 #!/bin/bash
 
+#immediately exit script with an error if a command fails
 set -euo pipefail
-set -x
+[[ "${SCRIPT_VERBOSE:-}" == "1" ]] && set -x
+
+if [[ $# -lt 5  ]]; then
+  echo "Usage: $0 AppDirectory AppName BundleId CertificateID InstallerCertificateID"
+  exit 1
+fi
 
 APPLICATION_PATH=$1
-APP_NAME=$2
+PKG_NAME=$2
 BUNDLE_ID=$3
 JB_DEVELOPER_CERT=$4
 JB_INSTALLER_CERT=$5
@@ -22,10 +28,6 @@ else
   PRODUCTSIGN_UTILITY="$SCRIPT_DIR/productsign.sh"
 fi
 
-if [[ -z "$APPLICATION_PATH" ]] || [[ -z "$JB_DEVELOPER_CERT" ]]; then
-  echo "Usage: $0 AppDirectory CertificateID"
-  exit 1
-fi
 if [[ ! -d "$APPLICATION_PATH" ]]; then
   echo "AppDirectory '$APPLICATION_PATH' does not exist or not a directory"
   exit 1
@@ -35,9 +37,6 @@ function log() {
   echo "$(date '+[%H:%M:%S]') $*"
 }
 
-#immediately exit script with an error if a command fails
-set -euo pipefail
-
 # Cleanup files left from previous sign attempt (if any)
 find "$APPLICATION_PATH" -name '*.cstemp' -exec rm '{}' \;
 
@@ -98,12 +97,6 @@ for f in \
   fi
 done
 
-#log "Signing executable..."
-#codesign --timestamp \
-#    -v -s "$JB_DEVELOPER_CERT" --options=runtime \
-#    --force \
-#    --entitlements entitlements.xml "$APPLICATION_PATH/Contents/MacOS/idea"
-
 log "Signing whole app..."
 if [ "$JB_SIGN" = true ]; then
   tar -pczvf tmp-to-sign.tar.gz --exclude='man' -C "$(dirname "$APPLICATION_PATH")" "$(basename "$APPLICATION_PATH")"
@@ -123,20 +116,14 @@ fi
 
 BUILD_NAME="$(basename "$APPLICATION_PATH")"
 
-log "Creating $APP_NAME.pkg..."
-rm -rf "$APP_NAME.pkg"
+log "Creating $PKG_NAME..."
+rm -rf "$PKG_NAME"
 
 mkdir -p unsigned
 pkgbuild --identifier $BUNDLE_ID --root $APPLICATION_PATH \
-    --install-location /Library/Java/JavaVirtualMachines/${BUILD_NAME} unsigned/${APP_NAME}.pkg
-log "Signing $APP_NAME.pkg..."
-"$PRODUCTSIGN_UTILITY" --timestamp --sign "$JB_INSTALLER_CERT" unsigned/${APP_NAME}.pkg ${APP_NAME}.pkg
-
-#log "Signing whole app..."
-#codesign --timestamp \
-#  -v -s "$JB_DEVELOPER_CERT" --options=runtime \
-#  --force \
-#  --entitlements entitlements.xml $APP_NAME.pkg
+    --install-location /Library/Java/JavaVirtualMachines/${BUILD_NAME} unsigned/${PKG_NAME}
+log "Signing $PKG_NAME..."
+"$PRODUCTSIGN_UTILITY" --timestamp --sign "$JB_INSTALLER_CERT" unsigned/${PKG_NAME} ${PKG_NAME}
 
 log "Verifying java is not broken"
 find "$APPLICATION_PATH" \

jb/project/tools/mac/scripts/signapp.sh

@@ -2,7 +2,7 @@
 
 #immediately exit script with an error if a command fails
 set -euo pipefail
-set -x
+[[ "${SCRIPT_VERBOSE:-}" == "1" ]] && set -x
 
 export COPY_EXTENDED_ATTRIBUTES_DISABLE=true
 export COPYFILE_DISABLE=true
@@ -45,6 +45,7 @@ fi
 log "$INPUT_FILE extracted and removed"
 
 APP_NAME=$(basename "$INPUT_FILE" | awk -F".tar" '{ print $1 }')
+PKG_NAME="$APP_NAME.pkg"
 APPLICATION_PATH=$EXPLODED/$(ls $EXPLODED)
 
 find "$APPLICATION_PATH/Contents/Home/bin" \
@@ -84,7 +85,7 @@ limit=3
 set +e
 while [[ $attempt -le $limit ]]; do
   log "Signing (attempt $attempt) $APPLICATION_PATH ..."
-  "$SCRIPT_DIR/sign.sh" "$APPLICATION_PATH" "$APP_NAME" "$BUNDLE_ID" "$CODESIGN_STRING" "$JB_INSTALLER_CERT"
+  "$SCRIPT_DIR/sign.sh" "$APPLICATION_PATH" "$PKG_NAME" "$BUNDLE_ID" "$CODESIGN_STRING" "$JB_INSTALLER_CERT"
   ec=$?
   if [[ $ec -ne 0 ]]; then
     ((attempt += 1))
@@ -106,10 +107,10 @@ set -e
 
 if [ "$NOTARIZE" = "yes" ]; then
   log "Notarizing..."
-  "$SCRIPT_DIR/notarize.sh" "$APP_NAME.pkg"
+  "$SCRIPT_DIR/notarize.sh" "$PKG_NAME"
   log "Stapling..."
   xcrun stapler staple "$APPLICATION_PATH" ||:
-  xcrun stapler staple "$APP_NAME.pkg" ||:
+  xcrun stapler staple "$PKG_NAME" ||:
 else
   log "Notarization disabled"
   log "Stapling disabled"
@@ -122,7 +123,11 @@ log "Zipping $BUILD_NAME to $INPUT_FILE ..."
   if test -d $BACKUP_JMODS/jmods; then
     mv $BACKUP_JMODS/jmods $APPLICATION_PATH/Contents/Home
   fi
-  mv $APPLICATION_PATH $EXPLODED/$BUILD_NAME
+  if [[ "$APPLICATION_PATH" != "$EXPLODED/$BUILD_NAME" ]]; then
+    mv $APPLICATION_PATH $EXPLODED/$BUILD_NAME
+  else
+    echo "No move, source == destination: $APPLICATION_PATH"
+  fi
 
   tar -pczvf $INPUT_FILE --exclude='man' -C $EXPLODED $BUILD_NAME
   log "Finished zipping"