From 9a7850e9414377b1f14d72bd3951c11489b4de5f Mon Sep 17 00:00:00 2001 From: Paul Wessel Date: Sat, 6 Jan 2024 21:14:24 +0100 Subject: [PATCH] Add -s to build-release to allow signing with default no signing (#8260) * Add -s to build-relese to allow signing with default no signing We now need to psas -s if Paul or Max is to sign the bundle. Default is no signing. * Update build-release.sh * Update .gitignore --- .gitignore | 2 ++ admin/ConfigReleaseBuild.cmake | 5 ---- admin/ConfigReleaseBuildSigning.cmake | 34 +++++++++++++++++++++++++++ admin/build-release.sh | 28 ++++++++++++++-------- 4 files changed, 54 insertions(+), 15 deletions(-) create mode 100644 admin/ConfigReleaseBuildSigning.cmake diff --git a/.gitignore b/.gitignore index be568e189b8..9579a3846a8 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,5 @@ doc/examples/**/*.mp4 doc/examples/**/*.png doc/examples/**/*.gif .vscode +cmake/ConfigUser.cmake.orig +cmake/ConfigUserAdvanced.cmake.orig diff --git a/admin/ConfigReleaseBuild.cmake b/admin/ConfigReleaseBuild.cmake index edd6a340857..658a229ae54 100644 --- a/admin/ConfigReleaseBuild.cmake +++ b/admin/ConfigReleaseBuild.cmake @@ -25,10 +25,5 @@ set (CMAKE_C_FLAGS "-Wextra ${CMAKE_C_FLAGS}") # Include all the external executables and shared libraries # The add_macOS_cpack.txt is created by build-release.sh and placed in build if (APPLE) - # Try to codesign the Apple Bundle application if Paul or Meghan is building it - if (($ENV{USER} STREQUAL "pwessel") OR ($ENV{USER} STREQUAL "meghanj") AND GMT_PUBLIC_RELEASE) - set (CPACK_BUNDLE_APPLE_CERT_APP "Developer ID Application: University of Hawaii (B8Y298FMLQ)") - set (CPACK_BUNDLE_APPLE_CODESIGN_PARAMETER "--deep -f --options runtime") - endif () set (EXTRA_INCLUDE_EXES "${CMAKE_BINARY_DIR}/add_macOS_cpack.txt") endif (APPLE) diff --git a/admin/ConfigReleaseBuildSigning.cmake b/admin/ConfigReleaseBuildSigning.cmake new file mode 100644 index 00000000000..cd4b2421da4 --- /dev/null +++ b/admin/ConfigReleaseBuildSigning.cmake @@ -0,0 +1,34 @@ +# +# Use this file as ConfigUser.cmake when building the release +# Make sure GMT_GSHHG_SOURCE and GMT_DCW_SOURCE are defined in +# your environment and pointing to the latest releases. +# Unless you are Paul, make sure GMT_REPO_DIR is defined in +# your environment. +# +#------------------------------------------------------------- +set (CMAKE_BUILD_TYPE Release) +if ($ENV{USER} STREQUAL "pwessel") + set (CMAKE_INSTALL_PREFIX "gmt-${GMT_PACKAGE_VERSION}") +else () + set (CMAKE_INSTALL_PREFIX "$ENV{GMT_REPO_DIR}/build/gmt-${GMT_PACKAGE_VERSION}") +endif() +set (GSHHG_ROOT "$ENV{GMT_GSHHG_SOURCE}") +set (DCW_ROOT "$ENV{GMT_DCW_SOURCE}") + +#set (GMT_USE_THREADS TRUE) +set (GMT_ENABLE_OPENMP TRUE) + +# recommended even for release build +set (CMAKE_C_FLAGS "-Wall -Wdeclaration-after-statement ${CMAKE_C_FLAGS}") +# extra warnings +set (CMAKE_C_FLAGS "-Wextra ${CMAKE_C_FLAGS}") +# Include all the external executables and shared libraries +# The add_macOS_cpack.txt is created by build-release.sh and placed in build +if (APPLE) + # Try to codesign the Apple Bundle application if Paul or Max is building it + if (($ENV{USER} STREQUAL "pwessel") OR ($ENV{USER} STREQUAL "mjones") AND GMT_PUBLIC_RELEASE) + set (CPACK_BUNDLE_APPLE_CERT_APP "Developer ID Application: University of Hawaii (B8Y298FMLQ)") + set (CPACK_BUNDLE_APPLE_CODESIGN_PARAMETER "--deep -f --options runtime") + endif () + set (EXTRA_INCLUDE_EXES "${CMAKE_BINARY_DIR}/add_macOS_cpack.txt") +endif (APPLE) diff --git a/admin/build-release.sh b/admin/build-release.sh index bedc3608523..75cc9039b74 100755 --- a/admin/build-release.sh +++ b/admin/build-release.sh @@ -50,20 +50,23 @@ if [ "X${1}" = "X-p" ]; then do_ftp=1 elif [ "X${1}" = "X-m" ]; then do_ftp=2 +elif [ "X${1}" = "X-s" ]; then + signing=1 elif [ "X${1}" = "X-t" ]; then release=0 elif [ $# -gt 0 ]; then cat <<- EOF >&2 - Usage: build-release.sh [-p|m|t] + Usage: build-release.sh [-p|m|s|t] build-release.sh must be run from top-level gmt directory. Will create the release compressed tarballs and (under macOS) the bundle. Requires you have set GMT_PACKAGE_VERSION_* and GMT_PUBLIC_RELEASE in cmake/ConfigDefaults.cmake. Requires GMT_GSHHG_SOURCE and GMT_DCW_SOURCE to be set in the environment. - Passing -p means we copy the files to the SOEST ftp directory - Passing -m means only copy the macOS bundle to the SOEST ftp directory + Passing -p means we copy the files to the SOEST ftp directory. + Passing -m means only copy the macOS bundle to the SOEST ftp directory. + Passing -s means an authorized user will try to sign the bundle [no signing]. Passing -t means test the build-release script without requiring GMT_PUBLIC_RELEASE - [Default places no files in the SOEST ftp directory] + [Default places no files in the SOEST ftp directory]. EOF exit 1 fi @@ -122,13 +125,13 @@ if [ "X${GMT_DCW_SOURCE}" = "X" ]; then exit 1 fi -if [ $release -eq 1 ] && [ $(egrep -c '^set \(GMT_PUBLIC_RELEASE TRUE\)' cmake/ConfigDefault.cmake) -eq 0 ]; then +if [ ${release} -eq 1 ] && [ $(egrep -c '^set \(GMT_PUBLIC_RELEASE TRUE\)' cmake/ConfigDefault.cmake) -eq 0 ]; then echo "build-release.sh: Need to set GMT_PUBLIC_RELEASE to TRUE in cmake/ConfigDefault.cmake" >&2 exit 1 fi G_ver=$(gs --version) -echo "build-release.sh: You will be including Ghostscript version $G_ver" +echo "build-release.sh: You will be including Ghostscript version ${G_ver}" echo "build-release.sh: Running admin/gs-check.sh to ensure it passes our transparency test" >&2 err=$(admin/gs_check.sh | grep Total | awk '{print $3}') if [ "X${err}" = "X0.0" ]; then @@ -143,13 +146,18 @@ if [ -f cmake/ConfigUserAdvanced.cmake.orig ] || [ -f cmake/ConfigUserAdvanced.c echo 'build-release.sh: Error: Backup CMake Configuration file(s) already exist' >&2 exit 1 fi -if [ -f cmake/ConfigUser.cmake ]; then +if [ -f cmake/ConfigUser.cmake ]; then # Save original file cp cmake/ConfigUser.cmake cmake/ConfigUser.cmake.orig fi if [ -f cmake/ConfigUserAdvanced.cmake ]; then cp cmake/ConfigUserAdvanced.cmake cmake/ConfigUserAdvanced.cmake.orig fi -cp -f admin/ConfigReleaseBuild.cmake cmake/ConfigUser.cmake +if [ ${signing} -eq 1 ]; then + echo "build-release.sh: User ${USER} will try to sign the bundle" >&2 + cp -f admin/ConfigReleaseBuildSigning.cmake cmake/ConfigUser.cmake +else + cp -f admin/ConfigReleaseBuild.cmake cmake/ConfigUser.cmake +fi # 2a. Make build dir and configure it rm -rf build mkdir build @@ -195,7 +203,7 @@ shasum -a 256 gmt-${Version}-* reset_config # 10. Paul or Meghan may place the candidate products on the pwessel/release ftp site -if [ $do_ftp -eq 1 ]; then # Place file in pwessel SOEST ftp release directory and set permissions +if [ ${do_ftp} -eq 1 ]; then # Place file in pwessel SOEST ftp release directory and set permissions type=$(uname -m) echo "build-release.sh: Placing gmt-${Version}-src.tar.* on the ftp site" >&2 scp gmt-${Version}-src.tar.* ${GMT_FTP_URL}:${GMT_FTP_DIR} @@ -205,7 +213,7 @@ if [ $do_ftp -eq 1 ]; then # Place file in pwessel SOEST ftp release directory a fi ssh ${USER}@${GMT_FTP_URL} "chmod o+r,g+rw ${GMT_FTP_DIR}/gmt-*" fi -if [ $do_ftp -eq 2 ]; then # Place M1 bundle file on ftp +if [ ${do_ftp} -eq 2 ]; then # Place M1 bundle file on ftp type=$(uname -m) if [ -f gmt-${Version}-darwin-${type}.dmg ]; then echo "build-release.sh: Placing gmt-${Version}-darwin-${type}.dmg on the ftp site" >&2