Add code to generate notarized dmg and zip

Sam Bingner · Sam Bingner · commit 95e894d2bc1d · 2023-04-04T23:59:53.000-10:00
diff --git a/.gitignore b/.gitignore
@@ -40,6 +40,7 @@ USBFlux/build
 USBFlux/USBFlux.xcodeproj/project.xcworkspace/xcshareddata/
 USBFlux/USBFlux.xcodeproj/project.xcworkspace/xcuserdata/
 USBFlux/USBFlux.xcodeproj/xcuserdata/
+build/
 *.zip
 *.dmg
 create-dmg
diff --git a/Makefile.notarize b/Makefile.notarize
@@ -0,0 +1,67 @@
+COMMIT=$(shell git rev-parse HEAD || echo nogit)
+APPLE_ID := id@corellium.com
+TEAM_ID := TTAVJYQ72B
+APP_PASSWORD := ""
+VER := $(shell grep AC_INIT configure.ac |cut -d "[" -f3 |cut -d "]" -f 1)
+
+.PHONY: all clean
+all: build/USBFlux-$(COMMIT).dmg build/USBFlux-onsite-$(COMMIT).dmg build/USBFlux-$(COMMIT).zip build/USBFlux-onsite-$(COMMIT).zip
+
+create-dmg/create-dmg:
+	rm -rf create-dmg
+	curl -L https://github.com/nikias/create-dmg/archive/master.zip > create-dmg.zip
+	unzip create-dmg.zip
+	mv create-dmg-master create-dmg
+	rm -f create-dmg.zip
+	chmod 755 create-dmg/create-dmg
+
+build/onsite build/cloud:
+	mkdir -p $@
+
+build/%/README: README | build/%
+	cp $^ $@
+
+build/%/README.md: README.md | build/%
+	cp $^ $@
+
+build/%/Applications: | build/%
+	ln -s /Applications $@
+
+USBFlux/build/usbflux/Release/USBFlux.app: tools/usbfluxctl usbfluxd/usbfluxd USBFlux/USBFlux.xcodeproj $(wildcard USBFlux/USBFlux/*)
+	xcodebuild -project USBFlux/USBFlux.xcodeproj -target USBFlux -configuration Release OBJROOT=build/usbflux SYMROOT=build/usbflux
+
+build/onsite/USBFlux.app build/cloud/USBFlux.app: USBFlux/build/usbflux/Release/USBFlux.app | build/onsite build/cloud
+	rm -rf "$(dir $@)/tmp"
+	mkdir -p "$(dir $@)/tmp"
+	cp -a $< "$(dir $@)/tmp"
+	if [ "$@" == build/onsite/USBFlux.app ]; then touch "$(dir $@)"/tmp/USBFlux.app/Contents/Resources/domain.conf; fi
+	codesign --options runtime --timestamp --force --sign "Developer ID Application: Corellium, Inc (TTAVJYQ72B)" --requirements "=designated => anchor apple generic  and identifier \"$$self.identifier\" and ((cert leaf[field.1.2.840.113635.100.6.1.9] exists) or ( certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists  and certificate leaf[subject.OU] = \"TTAVJYQ72B\" ))" "$(dir $@)/tmp/$(notdir $@)"/Contents/Resources/usbfluxctl "$(dir $@)/tmp/$(notdir $@)"/Contents/Resources/usbfluxd
+	codesign --options runtime --timestamp --force --sign "Developer ID Application: Corellium, Inc (TTAVJYQ72B)" --requirements "=designated => anchor apple generic  and identifier \"$$self.identifier\" and ((cert leaf[field.1.2.840.113635.100.6.1.9] exists) or ( certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists  and certificate leaf[subject.OU] = \"TTAVJYQ72B\" ))" "$(dir $@)/tmp/$(notdir $@)"
+	cd "$(dir $@)"/tmp; zip -r USBFlux.zip USBFlux.app
+	xcrun notarytool submit --wait --apple-id $(APPLE_ID) --team-id $(TEAM_ID)  --password "$(APP_PASSWORD)" "$(dir $@)"/tmp/USBFlux.zip
+	xcrun stapler staple "$(dir $@)"/tmp/USBFlux.app
+	mv "$(dir $@)"/tmp/USBFlux.app $@
+	rm -rf "$(dir $@)"/tmp
+
+build/USBFlux.dmg: build/cloud/USBFlux.app build/cloud/README build/cloud/README.md build/cloud/Applications | create-dmg/create-dmg
+	./create-dmg/create-dmg --no-internet-enable --volname "USBFlux $(VER)" --volicon USBFlux/VolumeIcon.icns --background USBFlux/background.png --window-size 800 421 --icon-size 128 --icon USBFlux.app 0 0 --icon "Applications" 340 0 --icon USBFlux.pdf 0 200 $@ $(dir $^)
+
+build/USBFlux-onsite.dmg: build/onsite/USBFlux.app build/onsite/README build/onsite/README.md build/onsite/Applications | create-dmg/create-dmg
+	./create-dmg/create-dmg --no-internet-enable --volname "USBFlux $(VER)" --volicon USBFlux/VolumeIcon.icns --background USBFlux/background.png --window-size 800 421 --icon-size 128 --icon USBFlux.app 0 0 --icon "Applications" 340 0 --icon USBFlux.pdf 0 200 $@ $(dir $^)
+
+build/USBFlux.zip: build/cloud/USBFlux.app build/cloud/README build/cloud/README.md | create-dmg/create-dmg
+	rm -f $@
+	cd build/cloud; zip -r ../$(notdir $@) $(notdir $^)
+
+build/USBFlux-onsite.zip: build/onsite/USBFlux.app build/onsite/README build/onsite/README.md | create-dmg/create-dmg
+	rm -f $@
+	cd build/onsite; zip -r ../$(notdir $@) $(notdir $^)
+
+build/%-$(COMMIT).dmg: build/%.dmg
+	ln $^ $@
+
+build/%-$(COMMIT).zip: build/%.zip
+	ln $^ $@
+
+clean:
+	rm -rf USBFlux/build/usbflux build/
diff --git a/USBFlux/USBFlux.xcodeproj/project.pbxproj b/USBFlux/USBFlux.xcodeproj/project.pbxproj
@@ -17,6 +17,7 @@
 		04D7270C215BD74000B29E2E /* Corellium.m in Sources */ = {isa = PBXBuildFile; fileRef = 04D7270B215BD74000B29E2E /* Corellium.m */; };
 		04D7270F215C13E800B29E2E /* PasswordEntry.m in Sources */ = {isa = PBXBuildFile; fileRef = 04D7270E215C13E800B29E2E /* PasswordEntry.m */; };
 		04D72717215C53DB00B29E2E /* SimpleTextInput.m in Sources */ = {isa = PBXBuildFile; fileRef = 04D72716215C53DB00B29E2E /* SimpleTextInput.m */; };
+		22D9900629DD6228006728CF /* usbfluxctl in Resources */ = {isa = PBXBuildFile; fileRef = 22D9900529DD6228006728CF /* usbfluxctl */; };
 		DB0E4FBB223588E0003C07CF /* STHTTPRequest.m in Sources */ = {isa = PBXBuildFile; fileRef = DB0E4FB9223588E0003C07CF /* STHTTPRequest.m */; };
 /* End PBXBuildFile section */
 
@@ -38,6 +39,7 @@
 		04D7270E215C13E800B29E2E /* PasswordEntry.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = PasswordEntry.m; sourceTree = "<group>"; };
 		04D72715215C53DB00B29E2E /* SimpleTextInput.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SimpleTextInput.h; sourceTree = "<group>"; };
 		04D72716215C53DB00B29E2E /* SimpleTextInput.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = SimpleTextInput.m; sourceTree = "<group>"; };
+		22D9900529DD6228006728CF /* usbfluxctl */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.executable"; name = usbfluxctl; path = ../tools/usbfluxctl; sourceTree = "<group>"; };
 		DB0E4FB9223588E0003C07CF /* STHTTPRequest.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = STHTTPRequest.m; sourceTree = "<group>"; };
 		DB0E4FBA223588E0003C07CF /* STHTTPRequest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = STHTTPRequest.h; sourceTree = "<group>"; };
 /* End PBXFileReference section */
@@ -56,6 +58,7 @@
 		0430E92920BEF9F00047F28C = {
 			isa = PBXGroup;
 			children = (
+				22D9900529DD6228006728CF /* usbfluxctl */,
 				047357A320DB2A9F0089445A /* terminate.sh */,
 				0430E95320C02E5B0047F28C /* usbfluxd */,
 				0430E93420BEF9F00047F28C /* USBFlux */,
@@ -120,7 +123,7 @@
 		0430E92A20BEF9F00047F28C /* Project object */ = {
 			isa = PBXProject;
 			attributes = {
-				LastUpgradeCheck = 0930;
+				LastUpgradeCheck = 1330;
 				ORGANIZATIONNAME = Corellium;
 				TargetAttributes = {
 					0430E93120BEF9F00047F28C = {
@@ -160,6 +163,7 @@
 				0430E95220C00CA30047F28C /* AuthIcon.png in Resources */,
 				0430E93C20BEF9F10047F28C /* MainMenu.xib in Resources */,
 				0430E95420C02E5B0047F28C /* usbfluxd in Resources */,
+				22D9900629DD6228006728CF /* usbfluxctl in Resources */,
 				047357A420DB2A9F0089445A /* terminate.sh in Resources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
@@ -220,6 +224,7 @@
 				CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
 				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
 				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
 				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
 				CLANG_WARN_STRICT_PROTOTYPES = YES;
 				CLANG_WARN_SUSPICIOUS_MOVE = YES;
@@ -280,13 +285,15 @@
 				CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
 				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
 				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
 				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
 				CLANG_WARN_STRICT_PROTOTYPES = YES;
 				CLANG_WARN_SUSPICIOUS_MOVE = YES;
 				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
 				CLANG_WARN_UNREACHABLE_CODE = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				CODE_SIGN_IDENTITY = "Mac Developer";
+				CODE_SIGN_INJECT_BASE_ENTITLEMENTS = NO;
 				CODE_SIGN_STYLE = Automatic;
 				COPY_PHASE_STRIP = NO;
 				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
@@ -315,6 +322,7 @@
 				CODE_SIGN_STYLE = Manual;
 				COMBINE_HIDPI_IMAGES = YES;
 				DEVELOPMENT_TEAM = TTAVJYQ72B;
+				ENABLE_HARDENED_RUNTIME = YES;
 				INFOPLIST_FILE = USBFlux/Info.plist;
 				LD_RUNPATH_SEARCH_PATHS = (
 					"$(inherited)",
@@ -335,6 +343,7 @@
 				CODE_SIGN_STYLE = Manual;
 				COMBINE_HIDPI_IMAGES = YES;
 				DEVELOPMENT_TEAM = TTAVJYQ72B;
+				ENABLE_HARDENED_RUNTIME = YES;
 				INFOPLIST_FILE = USBFlux/Info.plist;
 				LD_RUNPATH_SEARCH_PATHS = (
 					"$(inherited)",
