forked from git-for-windows/git
-
Notifications
You must be signed in to change notification settings - Fork 92
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fixup! release: add Mac OSX installer build
- Loading branch information
1 parent
3ec106e
commit 85fac44
Showing
9 changed files
with
634 additions
and
66 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,116 @@ | ||
SHELL := /bin/bash | ||
SUDO := sudo | ||
C_INCLUDE_PATH := /usr/include | ||
CPLUS_INCLUDE_PATH := /usr/include | ||
LD_LIBRARY_PATH := /usr/lib | ||
|
||
OSX_VERSION := $(shell sw_vers -productVersion) | ||
TARGET_FLAGS := -mmacosx-version-min=$(OSX_VERSION) -DMACOSX_DEPLOYMENT_TARGET=$(OSX_VERSION) | ||
|
||
ARCH := x86_64 | ||
ARCH_CODE := x86_64 | ||
ARCH_FLAGS_x86_64 := -arch x86_64 | ||
|
||
CFLAGS := $(TARGET_FLAGS) $(ARCH_FLAGS_${ARCH_CODE}) | ||
LDFLAGS := $(TARGET_FLAGS) $(ARCH_FLAGS_${ARCH_CODE}) | ||
|
||
PREFIX := /usr/local | ||
GIT_PREFIX := $(PREFIX)/git | ||
|
||
BUILD_CODE := intel-$(ARCH_CODE) | ||
BUILD_DIR := $(GITHUB_WORKSPACE)/payload | ||
DESTDIR := $(PWD)/stage/git-$(BUILD_CODE)-$(VERSION) | ||
SUBMAKE := $(MAKE) C_INCLUDE_PATH="$(C_INCLUDE_PATH)" CPLUS_INCLUDE_PATH="$(CPLUS_INCLUDE_PATH)" LD_LIBRARY_PATH="$(LD_LIBRARY_PATH)" TARGET_FLAGS="$(TARGET_FLAGS)" CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" NO_GETTEXT=1 NO_DARWIN_PORTS=1 prefix=$(GIT_PREFIX) GIT_BUILT_FROM_COMMIT="$(GIT_BUILT_FROM_COMMIT)" DESTDIR=$(DESTDIR) | ||
CORES := $(shell bash -c "sysctl hw.ncpu | awk '{print \$$2}'") | ||
|
||
.PHONY: image pkg payload | ||
|
||
.SECONDARY: | ||
|
||
$(DESTDIR)$(GIT_PREFIX)/VERSION-$(VERSION)-$(BUILD_CODE): | ||
rm -f $(BUILD_DIR)/git-$(VERSION)/osx-installed* | ||
mkdir -p $(DESTDIR)$(GIT_PREFIX) | ||
touch $@ | ||
|
||
$(BUILD_DIR)/git-$(VERSION)/osx-built-keychain: | ||
cd $(BUILD_DIR)/git-$(VERSION)/contrib/credential/osxkeychain; $(SUBMAKE) CFLAGS="$(CFLAGS) -g -O2 -Wall" | ||
touch $@ | ||
|
||
$(BUILD_DIR)/git-$(VERSION)/osx-built: | ||
[ -d $(DESTDIR)$(GIT_PREFIX) ] && $(SUDO) rm -rf $(DESTDIR) || echo ok | ||
cd $(BUILD_DIR)/git-$(VERSION); $(SUBMAKE) -j $(CORES) all strip | ||
touch $@ | ||
|
||
$(BUILD_DIR)/git-$(VERSION)/osx-installed-bin: $(BUILD_DIR)/git-$(VERSION)/osx-built $(BUILD_DIR)/git-$(VERSION)/osx-built-keychain | ||
cd $(BUILD_DIR)/git-$(VERSION); $(SUBMAKE) install | ||
cp $(BUILD_DIR)/git-$(VERSION)/contrib/credential/osxkeychain/git-credential-osxkeychain $(DESTDIR)$(GIT_PREFIX)/bin/git-credential-osxkeychain | ||
mkdir -p $(DESTDIR)$(GIT_PREFIX)/contrib/completion | ||
cp $(BUILD_DIR)/git-$(VERSION)/contrib/completion/git-completion.bash $(DESTDIR)$(GIT_PREFIX)/contrib/completion/ | ||
cp $(BUILD_DIR)/git-$(VERSION)/contrib/completion/git-completion.zsh $(DESTDIR)$(GIT_PREFIX)/contrib/completion/ | ||
cp $(BUILD_DIR)/git-$(VERSION)/contrib/completion/git-prompt.sh $(DESTDIR)$(GIT_PREFIX)/contrib/completion/ | ||
# This is needed for Git-Gui, GitK | ||
mkdir -p $(DESTDIR)$(GIT_PREFIX)/lib/perl5/site_perl | ||
[ ! -f $(DESTDIR)$(GIT_PREFIX)/lib/perl5/site_perl/Error.pm ] && cp $(BUILD_DIR)/git-$(VERSION)/perl/private-Error.pm $(DESTDIR)$(GIT_PREFIX)/lib/perl5/site_perl/Error.pm || echo done | ||
ruby scripts/symlink-git-hardlinks.rb $(DESTDIR) | ||
touch $@ | ||
|
||
$(BUILD_DIR)/git-$(VERSION)/osx-installed-man: $(BUILD_DIR)/git-$(VERSION)/osx-installed-bin | ||
mkdir -p $(DESTDIR)$(GIT_PREFIX)/share/man | ||
cp -R $(GITHUB_WORKSPACE)/manpages/ $(DESTDIR)$(GIT_PREFIX)/share/man | ||
touch $@ | ||
|
||
$(BUILD_DIR)/git-$(VERSION)/osx-built-subtree: | ||
cd $(BUILD_DIR)/git-$(VERSION)/contrib/subtree; $(SUBMAKE) XML_CATALOG_FILES="$(XML_CATALOG_FILES)" all git-subtree.1 | ||
touch $@ | ||
|
||
$(BUILD_DIR)/git-$(VERSION)/osx-installed-subtree: $(BUILD_DIR)/git-$(VERSION)/osx-built-subtree | ||
mkdir -p $(DESTDIR) | ||
cd $(BUILD_DIR)/git-$(VERSION)/contrib/subtree; $(SUBMAKE) XML_CATALOG_FILES="$(XML_CATALOG_FILES)" install install-man | ||
touch $@ | ||
|
||
$(BUILD_DIR)/git-$(VERSION)/osx-installed-assets: $(BUILD_DIR)/git-$(VERSION)/osx-installed-bin | ||
mkdir -p $(DESTDIR)$(GIT_PREFIX)/etc | ||
cp assets/etc/gitconfig.default $(DESTDIR)$(GIT_PREFIX)/etc/gitconfig | ||
cat assets/etc/gitconfig.osxkeychain >> $(DESTDIR)$(GIT_PREFIX)/etc/gitconfig | ||
cp assets/uninstall.sh $(DESTDIR)$(GIT_PREFIX)/uninstall.sh | ||
sh -c "echo .DS_Store >> $(DESTDIR)$(GIT_PREFIX)/share/git-core/templates/info/exclude" | ||
mkdir -p $(DESTDIR)$(PREFIX)/bin | ||
cd $(DESTDIR)$(PREFIX)/bin; find ../git/bin -type f -exec ln -sf {} \; | ||
for man in man1 man3 man5 man7; do mkdir -p $(DESTDIR)$(PREFIX)/share/man/$$man; (cd $(DESTDIR)$(PREFIX)/share/man/$$man; ln -sf ../../../git/share/man/$$man/* ./); done | ||
touch $@ | ||
|
||
$(BUILD_DIR)/git-$(VERSION)/osx-installed: $(DESTDIR)$(GIT_PREFIX)/VERSION-$(VERSION)-$(BUILD_CODE) $(BUILD_DIR)/git-$(VERSION)/osx-installed-man $(BUILD_DIR)/git-$(VERSION)/osx-installed-assets $(BUILD_DIR)/git-$(VERSION)/osx-installed-subtree | ||
$(SUDO) chown -R root:wheel $(DESTDIR)$(GIT_PREFIX) | ||
find $(DESTDIR)$(GIT_PREFIX) -type d -exec chmod ugo+rx {} \; | ||
find $(DESTDIR)$(GIT_PREFIX) -type f -exec chmod ugo+r {} \; | ||
touch $@ | ||
|
||
$(BUILD_DIR)/git-$(VERSION)/osx-built-assert-$(ARCH_CODE): $(BUILD_DIR)/git-$(VERSION)/osx-built | ||
ifeq ("$(ARCH_CODE)", "universal") | ||
File $(BUILD_DIR)/git-$(VERSION)/git | ||
File $(BUILD_DIR)/git-$(VERSION)/contrib/credential/osxkeychain/git-credential-osxkeychain | ||
else | ||
[ "$$(File $(BUILD_DIR)/git-$(VERSION)/git | cut -f 5 -d' ')" == "$(ARCH_CODE)" ] | ||
[ "$$(File $(BUILD_DIR)/git-$(VERSION)/contrib/credential/osxkeychain/git-credential-osxkeychain | cut -f 5 -d' ')" == "$(ARCH_CODE)" ] | ||
endif | ||
touch $@ | ||
|
||
disk-image/VERSION-$(VERSION)-$(ARCH_CODE): | ||
rm -f disk-image/*.pkg disk-image/VERSION-* disk-image/.DS_Store | ||
mkdir disk-image | ||
touch "$@" | ||
|
||
disk-image/git-$(VERSION)-$(BUILD_CODE).pkg: disk-image/VERSION-$(VERSION)-$(ARCH_CODE) | ||
pkgbuild --identifier com.git.pkg --version $(VERSION) --root ../../build_artifacts$(PREFIX) --scripts scripts --install-location $(PREFIX) --component-plist ./assets/git-components.plist disk-image/git-$(VERSION)-$(BUILD_CODE).pkg | ||
|
||
git-%-$(BUILD_CODE).dmg: | ||
rm -f git-$(VERSION)-$(BUILD_CODE)*.dmg | ||
hdiutil create git-$(VERSION)-$(BUILD_CODE).uncompressed.dmg -fs HFS+ -srcfolder ../../disk-image -volname "Git $(VERSION) Intel $(ARCH)" -ov | ||
hdiutil convert -format UDZO -o $@ git-$(VERSION)-$(BUILD_CODE).uncompressed.dmg | ||
rm -f git-$(VERSION)-$(BUILD_CODE).uncompressed.dmg | ||
|
||
payload: $(BUILD_DIR)/git-$(VERSION)/osx-installed $(BUILD_DIR)/git-$(VERSION)/osx-built-assert-$(ARCH_CODE) | ||
|
||
pkg: disk-image/git-$(VERSION)-$(BUILD_CODE).pkg | ||
|
||
image: git-$(VERSION)-$(BUILD_CODE).dmg |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
[core] | ||
excludesfile = ~/.gitignore | ||
legacyheaders = false # >git 1.5 | ||
quotepath = false | ||
|
||
[user] | ||
# name = your name | ||
# email = your@name | ||
|
||
[mergetool] | ||
keepBackup = true | ||
|
||
[push] | ||
default = simple # [ matching | simple ] | ||
|
||
[color] | ||
ui = auto | ||
interactive = auto | ||
|
||
[repack] | ||
usedeltabaseoffset = true # >git 1.5 | ||
|
||
[alias] | ||
s = status | ||
a = !git add . && git status | ||
au = !git add -u . && git status | ||
aa = !git add . && git add -u . && git status | ||
c = commit | ||
cm = commit -m | ||
ca = commit --amend # careful | ||
ac = !git add . && git commit | ||
acm = !git add . && git commit -m | ||
l = log --graph --all --pretty=format:'%C(yellow)%h%C(cyan)%d%Creset %s %C(white)- %an, %ar%Creset' | ||
ll = log --stat --abbrev-commit | ||
lg = log --color --graph --pretty=format:'%C(bold white)%h%Creset -%C(bold green)%d%Creset %s %C(bold green)(%cr)%Creset %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative | ||
llg = log --color --graph --pretty=format:'%C(bold white)%H %d%Creset%n%s%n%+b%C(bold blue)%an <%ae>%Creset %C(bold green)%cr (%ci)' --abbrev-commit | ||
d = diff | ||
master = checkout master | ||
spull = svn rebase | ||
spush = svn dcommit | ||
alias = !git config --list | grep 'alias\\.' | sed 's/alias\\.\\([^=]*\\)=\\(.*\\)/\\1\\\t => \\2/' | sort | ||
|
||
[include] # as of 1.7.10 https://github.com/git/git/commit/9b25a0b52e09400719366f0a33d0d0da98bbf7b0 | ||
path = ~/.gitcinclude | ||
path = .githubconfig | ||
path = .gitcredential | ||
|
||
#[github] | ||
# user = | ||
# token = | ||
|
||
[diff] | ||
# git does copy/rename *detection*. if you want it to track copies/renames: | ||
# http://stackoverflow.com/questions/1043388/record-file-copy-operation-with-git | ||
# renames = copies | ||
|
||
[diff "exif"] | ||
textconv = exif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
[credential] | ||
helper = osxkeychain |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | ||
<plist version="1.0"> | ||
<array> | ||
<dict> | ||
<key>BundleHasStrictIdentifier</key> | ||
<true/> | ||
<key>BundleIsRelocatable</key> | ||
<false/> | ||
<key>BundleIsVersionChecked</key> | ||
<true/> | ||
<key>BundleOverwriteAction</key> | ||
<string>upgrade</string> | ||
<key>RootRelativeBundlePath</key> | ||
<string>git/share/git-gui/lib/Git Gui.app</string> | ||
</dict> | ||
</array> | ||
</plist> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
#!/bin/bash -e | ||
if [ ! -r "/usr/local/git" ]; then | ||
echo "Git doesn't appear to be installed via this installer. Aborting" | ||
exit 1 | ||
fi | ||
|
||
if [ "$1" != "--yes" ]; then | ||
echo "This will uninstall git by removing /usr/local/git/, and symlinks" | ||
printf "Type 'yes' if you are sure you wish to continue: " | ||
read response | ||
else | ||
response="yes" | ||
fi | ||
|
||
if [ "$response" == "yes" ]; then | ||
# remove all of the symlinks we've created | ||
pkgutil --files com.git.pkg | grep bin | while read f; do | ||
if [ -L /usr/local/$f ]; then | ||
sudo rm /usr/local/$f | ||
fi | ||
done | ||
|
||
# forget receipts. | ||
pkgutil --packages | grep com.git.pkg | xargs -I {} sudo pkgutil --forget {} | ||
echo "Uninstalled" | ||
|
||
# The guts all go here. | ||
sudo rm -rf /usr/local/git/ | ||
else | ||
echo "Aborted" | ||
exit 1 | ||
fi | ||
|
||
exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,138 @@ | ||
import argparse | ||
import json | ||
import os | ||
import glob | ||
import pprint | ||
import subprocess | ||
import sys | ||
import re | ||
|
||
parser = argparse.ArgumentParser(description='Sign binaries for macOS') | ||
parser.add_argument('path', help='Path to file for signing') | ||
parser.add_argument('keycode', help='Platform-specific key code for signing') | ||
parser.add_argument('opcode', help='Platform-specific operation code for signing') | ||
# Setting nargs=argparse.REMAINDER allows us to pass in params that begin with `--` | ||
parser.add_argument('--params', nargs=argparse.REMAINDER, help='Parameters for signing') | ||
args = parser.parse_args() | ||
|
||
esrp_tool = os.path.join("esrp", "tools", "EsrpClient.exe") | ||
|
||
aad_id = os.environ['AZURE_AAD_ID'].strip() | ||
# We temporarily need two AAD IDs, as we're using an SSL certificate associated | ||
# with an older App Registration until we have the required hardware to approve | ||
# the new certificate in SSL Admin. | ||
aad_id_ssl = os.environ['AZURE_AAD_ID_SSL'].strip() | ||
workspace = os.environ['GITHUB_WORKSPACE'].strip() | ||
|
||
source_location = args.path | ||
files = glob.glob(os.path.join(source_location, "*")) | ||
|
||
print("Found files:") | ||
pprint.pp(files) | ||
|
||
auth_json = { | ||
"Version": "1.0.0", | ||
"AuthenticationType": "AAD_CERT", | ||
"TenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", | ||
"ClientId": f"{aad_id}", | ||
"AuthCert": { | ||
"SubjectName": f"CN={aad_id_ssl}.microsoft.com", | ||
"StoreLocation": "LocalMachine", | ||
"StoreName": "My" | ||
}, | ||
"RequestSigningCert": { | ||
"SubjectName": f"CN={aad_id}", | ||
"StoreLocation": "LocalMachine", | ||
"StoreName": "My" | ||
} | ||
} | ||
|
||
input_json = { | ||
"Version": "1.0.0", | ||
"SignBatches": [ | ||
{ | ||
"SourceLocationType": "UNC", | ||
"SourceRootDirectory": source_location, | ||
"DestinationLocationType": "UNC", | ||
"DestinationRootDirectory": workspace, | ||
"SignRequestFiles": [], | ||
"SigningInfo": { | ||
"Operations": [ | ||
{ | ||
"KeyCode": f"{args.keycode}", | ||
"OperationCode": f"{args.opcode}", | ||
"Parameters": {}, | ||
"ToolName": "sign", | ||
"ToolVersion": "1.0", | ||
} | ||
] | ||
} | ||
} | ||
] | ||
} | ||
|
||
# add files to sign | ||
for f in files: | ||
name = os.path.basename(f) | ||
input_json["SignBatches"][0]["SignRequestFiles"].append( | ||
{ | ||
"SourceLocation": name, | ||
"DestinationLocation": os.path.join("signed", name), | ||
} | ||
) | ||
|
||
# add parameters to input.json (e.g. enabling the hardened runtime for macOS) | ||
if args.params is not None: | ||
i = 0 | ||
while i < len(args.params): | ||
input_json["SignBatches"][0]["SigningInfo"]["Operations"][0]["Parameters"][args.params[i]] = args.params[i + 1] | ||
i += 2 | ||
|
||
policy_json = { | ||
"Version": "1.0.0", | ||
"Intent": "production release", | ||
"ContentType": "binary", | ||
} | ||
|
||
configs = [ | ||
("auth.json", auth_json), | ||
("input.json", input_json), | ||
("policy.json", policy_json), | ||
] | ||
|
||
for filename, data in configs: | ||
with open(filename, 'w') as fp: | ||
json.dump(data, fp) | ||
|
||
# Run ESRP Client | ||
esrp_out = "esrp_out.json" | ||
result = subprocess.run( | ||
[esrp_tool, "sign", | ||
"-a", "auth.json", | ||
"-i", "input.json", | ||
"-p", "policy.json", | ||
"-o", esrp_out, | ||
"-l", "Verbose"], | ||
capture_output=True, | ||
text=True, | ||
cwd=workspace) | ||
|
||
# Scrub log before printing | ||
log = re.sub(r'^.+Uploading.*to\s*destinationUrl\s*(.+?),.+$', | ||
'***', | ||
result.stdout, | ||
flags=re.IGNORECASE|re.MULTILINE) | ||
print(log) | ||
|
||
if result.returncode != 0: | ||
print("Failed to run ESRPClient.exe") | ||
sys.exit(1) | ||
|
||
if os.path.isfile(esrp_out): | ||
print("ESRP output json:") | ||
with open(esrp_out, 'r') as fp: | ||
pprint.pp(json.load(fp)) | ||
|
||
for file in files: | ||
if os.path.isfile(os.path.join("signed", file)): | ||
print(f"Success!\nSigned {file}") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
# Install ESRP client | ||
az storage blob download --file esrp.zip --account-key "$env:AZURE_STORAGE_KEY" --account-name msftgitesrp --container microsoft-esrp-client --name microsoft.esrpclient.1.2.76.nupkg | ||
Expand-Archive -Path esrp.zip -DestinationPath .\esrp | ||
|
||
# Install certificates | ||
az keyvault secret download --vault-name "$env:AZURE_VAULT" --name "$env:AUTH_CERT" --file out.pfx | ||
certutil -f -importpfx out.pfx | ||
Remove-Item out.pfx | ||
|
||
az keyvault secret download --vault-name "$env:AZURE_VAULT" --name "$env:REQUEST_SIGNING_CERT" --file out.pfx | ||
certutil -f -importpfx out.pfx | ||
Remove-Item out.pfx |
Oops, something went wrong.