Skip to content

Commit

Permalink
Updates for macOS build documentation for AppNeta
Browse files Browse the repository at this point in the history
  • Loading branch information
fklassen committed Dec 4, 2023
1 parent a8ec7d7 commit bebf71c
Showing 1 changed file with 154 additions and 51 deletions.
205 changes: 154 additions & 51 deletions README.appneta.md
Original file line number Diff line number Diff line change
@@ -1,85 +1,190 @@
MacOS
=====

References:
-----------
References
----------

* Code Signing:
* https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html
* https://developer.apple.com/library/archive/technotes/tn2206/_index.html
* <https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html>
* <https://developer.apple.com/library/archive/technotes/tn2206/_index.html>

* Notarizing
* https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution
* <https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution>

Prereq:
-------
Prerequisites
-------------

sudo gem install asciidoctor
pip3 install dmgbuild
brew install pkgconfig sparkle doxygen libp11 libgnutils gettext asciidoctor docbook docbook-xsl
brew install --cask libndi
```shell
sudo gem install asciidoctor
pip3 install dmgbuild
brew install pkgconfig sparkle doxygen libp11 libgnutils gettext asciidoctor docbook docbook-xsl
brew install --cask libndi
```

Build:
------
Build
-----

Run one time only, or if moving to a new Wireshark revision
* Run one time only, or if moving to a new Wireshark revision

```shell
tools/macos-setup.sh --install-optional
```

Here are some exports - CODE_SIGN_IDENTITY as per 'security find-identity -p codesigning -v login.keychain'
* Here are some exports

export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:/Users/<identity>/Qt5.12.4/5.12.4/clang_64/lib/pkgconfig
export CMAKE_PREFIX_PATH=/Users/<identity>/Qt5.12.4/5.12.4/clang_64/lib/cmake
export CODE_SIGN_IDENTITY="AppNeta Inc"
PATH=/Users/<identity>/Qt5.12.4/5.12.4/clang_64/bin:/Library/Frameworks/Python.framework/Versions/3.7/bin/:$PATH
export PATH
```shell
export PKG_CONFIG_PATH=/opt/homebrew/lib/pkgconfig
export CMAKE_PREFIX_PATH=/opt/homebrew/opt/qt@6
export PATH=/usr/local/opt/qt@6/bin:$PATH
```

* Choose a code signing certificate
* in this example I want to use certificate #4 which was most recently created in XCode Preferences

```shell
❯ security find-identity -p codesigning -v login.keychain
1) 02BD99C3D9CE9E301DF3D9D2E1C6148DFE95AC79 "Apple Development: [email protected] (PZ339J2MU7)"
2) AA173803B28511E3EE2D222D1054A63A7B1938DB "Apple Development: Fred Klassen (VRZWY3PKS3)"
3) 0E3D74157F689870D378A291EBC3B1C927BA28D2 "Mac Developer: Fred Klassen (VRZWY3PKS3)"
4) 8FE4FBC459A9DA4B372D15A8F606D9B976DE339B "Apple Development: Fred Klassen (VRZWY3PKS3)"
4 valid identities found
```

* for clarity I use `8FE4FBC459A9DA4B372D15A8F606D9B976DE339B` but could also select `Apple Development: Fred Klassen (VRZWY3PKS3)`
* Build
```shell
mkdir build; cd build
cmake -DCMAKE_OSX_DEPLOYMENT_TARGET=13.0 -G Ninja ..
ninja
ninja app_bundle
cmake --build .
```
* Build an app bundle and sign it
```shell
cmake --build . --target wireshark_app_bundle
codesign --sign "8FE4FBC459A9DA4B372D15A8F606D9B976DE339B" --prefix "org.broadcom.appneta" \
--entitlements ~/git/wireshark/packaging/macosx/entitlements.plist --timestamp --verbose --deep -f \
run/Wireshark.app
```
* Test and note any error messages regarding missing libraries
```shell
run/Wireshark.app/Contents/MacOS/Wireshark --help
run/Wireshark.app/Contents/MacOS/Wireshark
```
* often QtDBus.framework is missing so copy it (must use `ditto` not `cp -r`)
```shell
pushd run/Wireshark.app/Contests/Frameworks
ditto /opt/homebrew/Cellar/qt//6.6.0/lib/QtDBus.framework QtDBus.framework
codesign --sign "8FE4FBC459A9DA4B372D15A8F606D9B976DE339B" --prefix "org.broadcom.appneta" --entitlements ~/git/wireshark/packaging/macosx/entitlements.plist --timestamp --verbose -f --deep QtDBus.framework
popd
```
* if libraries are missing, it may be easier to install upstream official build and copy those libraries as they have updated @rpath
```shell
pushd run/Wireshark.app/Contests/Frameworks
ditto /Applications/Wireshark_orig.app/Contents/Frameworks/libgnutls.30.dylib libgnutls.30.dylib
codesign --sign "8FE4FBC459A9DA4B372D15A8F606D9B976DE339B" --prefix "org.broadcom.appneta" --entitlements ~/git/wireshark/packaging/macosx/entitlements.plist --timestamp --verbose -f libgnutls.30.dylib
popd
```
* Make a backup copy of `run/Wireshark.app` as the next command will break it
```shell
mkdir -p ~/data
ditto run/Wireshark.app ~/data/
```
Notarize:
---------
* Make the install `.dmg` file
```shell
cmake --build . --target wireshark_dmg
```
* Replace a broken `Wireshark.app` in the dmg bundle with the working one
```shell
pushd run
hdiutil convert Wireshark\ 4.2.0.appneta.58\ Arm\ 64.dmg -format UDRW -o Wireshark\ 4.2.0.appneta.58\ Arm\ 64-rw.dmg
hdiutil resize -size 500M Wireshark\ 4.2.0.appneta.58\ Arm\ 64-rw.dmg
hdiutil attach Wireshark\ 4.2.0.appneta.58\ Arm\ 64-rw.dmg
rm -rf /Volumes/Wireshark\ 4.2.0.appneta.58/Wireshark.app
ditto ~/data/Wireshark.app /Volumes/Wireshark\ 4.2.0.appneta.58/Wireshark.app
```
* At this point you will use Finder to unmount the `.dmg` bundle
* Now convert R/W bundle to R/O
```shell
hdiutil convert Wireshark\ 4.2.0.appneta.58\ Arm\ 64-rw.dmg -format UDRO -o ~/data/Wireshark\ 4.2.0.appneta.58\ Arm\ 64.dmg
popd
```
* Code sign the new bundle
```shell
codesign --sign "8FE4FBC459A9DA4B372D15A8F606D9B976DE339B" --prefix "org.broadcom.appneta" --entitlements ~/git/wireshark/packaging/macosx/entitlements.plist --timestamp --verbose -f Wireshark\ 4.2.0.appneta.58\ Arm\ 64.dmg
```
* Test the new installer program
Notarize - optional (only supported on TC build machines)
---------------------------------------------------------
At this point you may want to notarize the app_bundle - you will require an
application-specific password - https://support.apple.com/en-us/HT204397
application-specific password - <https://support.apple.com/en-us/HT204397>
cd run
ditto -ck --keepParent Wireshark.app Wireshark.zip
xcrun altool --notarize-app --primary-bundle-id "com.appneta.wireshark.app" --username <apple id> --password <app-specific password> --file Wireshark.zip
```shell
cd run
ditto -ck --keepParent Wireshark.app Wireshark.zip
xcrun altool --notarize-app --primary-bundle-id "com.appneta.wireshark.app" --username <apple id> --password <app-specific password> --file Wireshark.zip
```
Wait up to 5 minutes for success - check using this command
xcrun altool --notarize-history 0 --username <apple id> --password <app-specific password>
```shell
xcrun altool --notarize-history 0 --username <apple id> --password <app-specific password>
```
Staple the notarization result so app can be verified as notarized when offline
xcrun stapler staple Wireshark.app
cd ..
```shell
xcrun stapler staple Wireshark.app
cd ..
```
macOS Notarize Package
----------------------
macOS Package:
--------------
* this probably will break `Wireshark.app` but it is here for reference
cd run
../packaging/macosx/osx-dmg.sh
xcrun altool --notarize-app --primary-bundle-id "com.appneta.wireshark.dmg" --username <apple id> --password <app-specific password> --file Wireshark\ <version>\ Intel\ 64.dmg
xcrun altool --notarize-history 0 --username <apple id> --password <app-specific password>
xcrun stapler staple Wireshark\ <version>\ Intel\ 64.dmg
cd ..
```shell
cd run
../packaging/macosx/osx-dmg.sh
xcrun altool --notarize-app --primary-bundle-id "com.appneta.wireshark.dmg" --username <apple id> --password <app-specific password> --file Wireshark\ <version>\ Intel\ 64.dmg
xcrun altool --notarize-history 0 --username <apple id> --password <app-specific password>
xcrun stapler staple Wireshark\ <version>\ Intel\ 64.dmg
cd ..
```
Linux
=====
To build Linux debug:
To build Linux debug
---------------------
mkdir -p build-debug
cd build-debug
cmake -DCMAKE_BUILD_TYPE=Debug ..
make -j6
```shell
mkdir -p build-debug
cd build-debug
cmake -DCMAKE_BUILD_TYPE=Debug ..
make -j6
```
Make Linux Package:
Make Linux Package
------------------
Update version in CMakeList.txt and debian/changelog
Expand All @@ -89,8 +194,8 @@ Update version in CMakeList.txt and debian/changelog
Once packages are made, do something like:
$ cd /tmp/wireshark_3.4.2.appneta.50_repo
$ dpkg-scanpackages . | xz -c > Packages.xz
cd /tmp/wireshark_3.4.2.appneta.50_repo
dpkg-scanpackages . | xz -c > Packages.xz
Optionally you can move directory and install packages locally
... in /etc/apt/sources.list.d/wireshark.list ...
Expand All @@ -104,8 +209,8 @@ Windows
* Set up as per [install guide](https://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.html).
No need to install Git, CMake, Python or Perl on Windows Dev machine. Install Qt5 not Qt6.
* I had to open a regular Command Prompt and run
* I had to open a regular Command Prompt and run
`"C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\VC\Auxiliary\Build\vcvars64.bat"`
rather than open a "x64 Native Tools Command Prompt for VS 2019".
Expand All @@ -127,5 +232,3 @@ Windows
* Make
> msbuild /m /p:Configuration=RelWithDebInfo Wireshark.sln

0 comments on commit bebf71c

Please sign in to comment.