JBR-4082 create JBR & JBRSDK installer packages

jb/project/tools/mac/scripts/mkimages.sh

@@ -57,6 +57,8 @@ function do_configure {
       $WITH_DEBUG_LEVEL \
       --with-vendor-name="${VENDOR_NAME}" \
       --with-vendor-version-string="${VENDOR_VERSION_STRING}" \
+      --with-macosx-bundle-name-base=${VENDOR_VERSION_STRING} \
+      --with-macosx-bundle-id-base="com.jetbrains.jbr" \
       --with-jvm-features=shenandoahgc \
       --with-version-pre= \
       --with-version-build="${JDK_BUILD_NUMBER}" \
@@ -74,6 +76,8 @@ function do_configure {
       $WITH_DEBUG_LEVEL \
       --with-vendor-name="$VENDOR_NAME" \
       --with-vendor-version-string="$VENDOR_VERSION_STRING" \
+      --with-macosx-bundle-name-base=${VENDOR_VERSION_STRING} \
+      --with-macosx-bundle-id-base="com.jetbrains.jbr" \
       --with-jvm-features=shenandoahgc \
       --with-version-pre= \
       --with-version-build="$JDK_BUILD_NUMBER" \

jb/project/tools/mac/scripts/notarize.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash -x
 
 APP_DIRECTORY=$1
 APPL_USER=$2
@@ -54,17 +54,15 @@ function altool-upload() {
 #immediately exit script with an error if a command fails
 set -euo pipefail
 
-file="$APP_NAME.zip"
+#file="$APP_NAME.zip"
 
-log "Zipping $file..."
-rm -rf "$file"
-ditto -c -k --sequesterRsrc --keepParent "$APP_DIRECTORY" "$file"
+#log "Zipping $file..."
+#rm -rf "$file"
+#ditto -c -k --sequesterRsrc --keepParent "$APP_DIRECTORY" "$file"
 
-log "Notarizing $file..."
+log "Notarizing $APP_NAME..."
 rm -rf "altool.init.out" "altool.check.out"
-altool-upload "$file"
-
-rm -rf "$file"
+altool-upload "$APP_NAME"
 
 notarization_info="$(grep -e "RequestUUID" "altool.init.out" | grep -oE '([0-9a-f-]{36})')"
 

jb/project/tools/mac/scripts/sign.sh

@@ -1,14 +1,17 @@
-#!/bin/bash
+#!/bin/bash -x
 
-APP_DIRECTORY=$1
-JB_CERT=$2
+APPLICATION_PATH=$1
+APP_NAME=$2
+BUNDLE_ID=$3
+JB_DEVELOPER_CERT=$4
+JB_INSTALLER_CERT=$5
 
-if [[ -z "$APP_DIRECTORY" ]] || [[ -z "$JB_CERT" ]]; then
+if [[ -z "$APPLICATION_PATH" ]] || [[ -z "$JB_DEVELOPER_CERT" ]]; then
   echo "Usage: $0 AppDirectory CertificateID"
   exit 1
 fi
-if [[ ! -d "$APP_DIRECTORY" ]]; then
-  echo "AppDirectory '$APP_DIRECTORY' does not exist or not a directory"
+if [[ ! -d "$APPLICATION_PATH" ]]; then
+  echo "AppDirectory '$APPLICATION_PATH' does not exist or not a directory"
   exit 1
 fi
 
@@ -20,43 +23,30 @@ function log() {
 set -euo pipefail
 
 # Cleanup files left from previous sign attempt (if any)
-find "$APP_DIRECTORY" -name '*.cstemp' -exec rm '{}' \;
+find "$APPLICATION_PATH" -name '*.cstemp' -exec rm '{}' \;
 
 log "Signing libraries and executables..."
 # -perm +111 searches for executables
 for f in \
-   "Contents/Home/bin" \
-   "Contents/Home/lib"; do
-  if [ -d "$APP_DIRECTORY/$f" ]; then
-    find "$APP_DIRECTORY/$f" \
-      -type f \( -name "*.jnilib" -o -name "*.dylib" -o -name "*.so" -o -perm +111 \) \
-      -exec codesign --timestamp --force \
-      -v -s "$JB_CERT" --options=runtime \
+  "Contents/Home/lib" "Contents/MacOS" \
+  "Contents/Home/Frameworks" \
+  "Contents/Frameworks"; do
+  if [ -d "$APPLICATION_PATH/$f" ]; then
+    find "$APPLICATION_PATH/$f" \
+      -type f \( -name "*.jnilib" -o -name "*.dylib" -o -name "*.so" -o -name "*.tbd" -o -name "*.node" -o -perm +111 \) \
+      -exec codesign --timestamp \
+      -v -s "$JB_DEVELOPER_CERT" --options=runtime --force \
       --entitlements entitlements.xml {} \;
   fi
 done
 
-if [ -d "$APP_DIRECTORY/Contents/Frameworks" ]; then
-  log "Signing frameworks..."
-  for f in $APP_DIRECTORY/Contents/Frameworks/*; do
-    find "$f" \
-      -type f \( -name "*.jnilib" -o -name "*.dylib" -o -name "*.so" \) \
-      -exec codesign --timestamp --force \
-      -v -s "$JB_CERT" \
-      --entitlements entitlements.xml {} \;
-    codesign --timestamp --force \
-      -v -s "$JB_CERT" --options=runtime \
-      --entitlements entitlements.xml "$f"
-  done
-fi
-
 log "Signing libraries in jars in $PWD"
 
 # todo: add set -euo pipefail; into the inner sh -c
 # `-e` prevents `grep -q && printf` loginc
 # with `-o pipefail` there's no input for 'while' loop
-find "$APP_DIRECTORY" -name '*.jar' \
-  -exec sh -c "set -u; unzip -l \"\$0\" | grep -q -e '\.dylib\$' -e '\.jnilib\$' -e '\.so\$' -e '^jattach\$' && printf \"\$0\0\" " {} \; |
+find "$APPLICATION_PATH" -name '*.jar' \
+  -exec sh -c "set -u; unzip -l \"\$0\" | grep -q -e '\.dylib\$' -e '\.jnilib\$' -e '\.so\$' -e '\.tbd\$' -e '^jattach\$' && printf \"\$0\0\" " {} \; |
   while IFS= read -r -d $'\0' file; do
     log "Processing libraries in $file"
 
@@ -67,12 +57,13 @@ find "$APP_DIRECTORY" -name '*.jar' \
     cp "$file" jarfolder && (cd jarfolder && jar xf "$filename" && rm "$filename")
 
     find jarfolder \
-      -type f \( -name "*.jnilib" -o -name "*.dylib" -o -name "*.so" -o -name "jattach" \) \
-      -exec codesign --timestamp --force \
-      -v -s "$JB_CERT" --options=runtime \
+      -type f \( -name "*.jnilib" -o -name "*.dylib" -o -name "*.so" -o -name "*.tbd" -o -name "jattach" \) \
+      -exec codesign --timestamp \
+      --force \
+      -v -s "$JB_DEVELOPER_CERT" --options=runtime \
       --entitlements entitlements.xml {} \;
 
-    (cd jarfolder; zip -q -r -o ../jar.jar .)
+    (cd jarfolder; zip -q -r -o -0 ../jar.jar .)
     mv jar.jar "$file"
   done
 
@@ -80,28 +71,41 @@ rm -rf jarfolder jar.jar
 
 log "Signing other files..."
 for f in \
-  "Contents/MacOS"; do
-  if [ -d "$APP_DIRECTORY/$f" ]; then
-    find "$APP_DIRECTORY/$f" \
-      -type f \( -name "*.jnilib" -o -name "*.dylib" -o -name "*.so" -o -perm +111 \) \
-      -exec codesign --timestamp --force \
-      -v -s "$JB_CERT" --options=runtime \
+  "Contents/Home/bin"; do
+  if [ -d "$APPLICATION_PATH/$f" ]; then
+    find "$APPLICATION_PATH/$f" \
+      -type f \( -name "*.jnilib" -o -name "*.dylib" -o -name "*.so" -o -name "*.tbd" -o -perm +111 \) \
+      -exec codesign --timestamp \
+      -v -s "$JB_DEVELOPER_CERT" --options=runtime --force \
       --entitlements entitlements.xml {} \;
   fi
 done
 
 #log "Signing executable..."
 #codesign --timestamp \
-#    -v -s "$JB_CERT" --options=runtime \
+#    -v -s "$JB_DEVELOPER_CERT" --options=runtime \
 #    --force \
-#    --entitlements entitlements.xml "$APP_DIRECTORY/Contents/MacOS/idea"
+#    --entitlements entitlements.xml "$APPLICATION_PATH/Contents/MacOS/idea"
 
 log "Signing whole app..."
 codesign --timestamp \
-  -v -s "$JB_CERT" --options=runtime \
+  -v -s "$JB_DEVELOPER_CERT" --options=runtime \
   --force \
-  --entitlements entitlements.xml "$APP_DIRECTORY"
+  --entitlements entitlements.xml "$APPLICATION_PATH"
+
+BUILD_NAME=$(echo $APPLICATION_PATH | awk -F"/" '{ print $2 }')
+
+log "Creating $APP_NAME.pkg..."
+rm -rf "$APP_NAME.pkg"
+pkgbuild --identifier $BUNDLE_ID --sign "$JB_INSTALLER_CERT" --root $APPLICATION_PATH \
+    --install-location /Library/Java/JavaVirtualMachines/${BUILD_NAME} ${APP_NAME}.pkg
+
+#log "Signing whole app..."
+#codesign --timestamp \
+#  -v -s "$JB_DEVELOPER_CERT" --options=runtime \
+#  --force \
+#  --entitlements entitlements.xml $APP_NAME.pkg
 
 log "Verifying java is not broken"
-find "$APP_DIRECTORY" \
+find "$APPLICATION_PATH" \
   -type f -name 'java' -perm +111 -exec {} -version \;

jb/project/tools/mac/scripts/signapp.sh

@@ -12,8 +12,9 @@ BACKUP_JMODS=$2.backup
 USERNAME=$3
 PASSWORD=$4
 CODESIGN_STRING=$5
-NOTARIZE=$6
-BUNDLE_ID=$7
+JB_INSTALLER_CERT=$6
+NOTARIZE=$7
+BUNDLE_ID=$8
 
 cd "$(dirname "$0")"
 
@@ -33,7 +34,7 @@ mkdir "$BACKUP_JMODS"
 log "Unzipping $INPUT_FILE to $EXPLODED ..."
 tar -xzvf "$INPUT_FILE" --directory $EXPLODED
 BUILD_NAME="$(ls "$EXPLODED")"
-sed -i '' s/BNDL/APPL/ $EXPLODED/$BUILD_NAME/Contents/Info.plist
+#sed -i '' s/BNDL/APPL/ $EXPLODED/$BUILD_NAME/Contents/Info.plist
 rm -f $EXPLODED/$BUILD_NAME/Contents/CodeResources
 rm "$INPUT_FILE"
 if test -d $EXPLODED/$BUILD_NAME/Contents/Home/jmods; then
@@ -42,7 +43,9 @@ fi
 
 log "$INPUT_FILE extracted and removed"
 
-APPLICATION_PATH="$EXPLODED/$BUILD_NAME"
+APP_NAME=$(echo ${INPUT_FILE} | awk -F".tar" '{ print $1 }')
+APPLICATION_PATH=$(sed "s/osx-//" <<< "$EXPLODED/$APP_NAME")
+mv $EXPLODED/$BUILD_NAME $APPLICATION_PATH
 
 find "$APPLICATION_PATH/Contents/Home/bin" \
   -maxdepth 1 -type f -name '*.jnilib' -print0 |
@@ -79,7 +82,7 @@ limit=3
 set +e
 while [[ $attempt -le $limit ]]; do
   log "Signing (attempt $attempt) $APPLICATION_PATH ..."
-  ./sign.sh "$APPLICATION_PATH" "$CODESIGN_STRING"
+  ./sign.sh "$APPLICATION_PATH" "$APP_NAME" "$BUNDLE_ID" "$CODESIGN_STRING" "$JB_INSTALLER_CERT"
   ec=$?
   if [[ $ec -ne 0 ]]; then
     ((attempt += 1))
@@ -92,6 +95,7 @@ while [[ $attempt -le $limit ]]; do
     log "Signing done"
     codesign -v "$APPLICATION_PATH" -vvvvv
     log "Check sign done"
+    spctl -a -v $APPLICATION_PATH
     ((attempt += limit))
   fi
 done
@@ -102,13 +106,12 @@ if [ "$NOTARIZE" = "yes" ]; then
   log "Notarizing..."
   # shellcheck disable=SC1090
   source "$HOME/.notarize_token"
-  APP_NAME=$(echo ${INPUT_FILE} | awk -F"." '{ print $1 }')
   # Since notarization tool uses same file for upload token we have to trick it into using different folders, hence fake root
   # Also it leaves copy of zip file in TMPDIR, so notarize.sh overrides it and uses FAKE_ROOT as location for temp TMPDIR
   FAKE_ROOT="$(pwd)/fake-root"
   mkdir -p "$FAKE_ROOT"
   echo "Notarization will use fake root: $FAKE_ROOT"
-  ./notarize.sh "$APPLICATION_PATH" "$APPLE_USERNAME" "$APPLE_PASSWORD" "$APP_NAME" "$BUNDLE_ID" "$FAKE_ROOT"
+  ./notarize.sh "$APPLICATION_PATH" "$APPLE_USERNAME" "$APPLE_PASSWORD" "$APP_NAME.pkg" "$BUNDLE_ID" "$FAKE_ROOT"
   rm -rf "$FAKE_ROOT"
 
   set +e
@@ -124,10 +127,11 @@ log "Zipping $BUILD_NAME to $INPUT_FILE ..."
   #cd "$EXPLODED"
   #ditto -c -k --sequesterRsrc --keepParent "$BUILD_NAME" "../$INPUT_FILE"
   if test -d $BACKUP_JMODS/jmods; then
-    mv $BACKUP_JMODS/jmods $EXPLODED/$BUILD_NAME/Contents/Home
+    mv $BACKUP_JMODS/jmods $APPLICATION_PATH/Contents/Home
   fi
+  mv $APPLICATION_PATH $EXPLODED/$BUILD_NAME
 
-  tar -pczvf $INPUT_FILE --exclude='*.dSYM' --exclude='man' -C $EXPLODED $BUILD_NAME
+  tar -pczvf $INPUT_FILE --exclude='man' -C $EXPLODED $BUILD_NAME
   log "Finished zipping"
 )
 rm -rf "$EXPLODED"