diff --git a/scripts/electron-package.sh b/scripts/electron-package.sh deleted file mode 100755 index f92c1387..00000000 --- a/scripts/electron-package.sh +++ /dev/null @@ -1,170 +0,0 @@ -#!/bin/bash - -usage() { - echo "Usage: $0 -v -d [-n]" - echo - echo "version: commit-ish to check out and build" - echo "config directory: a path to a directory containing" - echo "config.json, a json config file to ship with the build" - echo "and env.sh, a file to source environment variables" - echo "from." - echo "-n: build with no config file." - echo - echo "The update_base_url value from config.json is used to set up auto-update." - echo - echo "Environment variables:" - echo " OSSLSIGNCODE_SIGNARGS: Arguments to pass to osslsigncode when signing" - echo " NOTARIZE_APPLE_ID: Apple ID to use for notarisation. The password for" - echo " this account must be set in NOTARIZE_CREDS in the keychain." -} - -confdir= -version= -skipcfg=0 -while getopts "d:v:n" opt; do - case $opt in - d) - confdir=$OPTARG - ;; - v) - version=$OPTARG - ;; - n) - skipcfg=1 - ;; - \?) - echo "Invalid option: -$OPTARG" >&2 - usage - exit - ;; - esac -done - -if [ -z "$version" ]; then - echo "No version supplied" - usage - exit -fi - -conffile="$confdir/config.json" - -if [ -z "$conffile" ] && [ "$skipcfg" = 0 ]; then - echo "No config file given. Use -c to supply a config file or" - echo "-n to build with no config file (and no auto update)." - exit -fi - -if [ -n "$conffile" ]; then - update_base_url=`jq -r .update_base_url $conffile` - - if [ -z "$update_base_url" ]; then - echo "No update URL supplied. Use update_base_url: null if you really" - echo "want a build with no auto-update." - usage - exit - fi - # Make sure the base URL ends in a slash if it doesn't already - update_base_url=`echo $update_base_url | sed -e 's#\([^\/]\)$#\1\/#'` -fi - -if [ ! -f package.json ]; then - echo "No package.json found. This script must be run from" - echo "the riot-web directory." - exit -fi - -[ -f "$confdir/env.sh" ] && . "$confdir/env.sh" - -if [ -z "$NOTARIZE_APPLE_ID" ]; then - echo "NOTARIZE_APPLE_ID is not set" - exit -fi - -osslsigncode -h 2> /dev/null -if [ $? -ne 255 ]; then # osslsigncode exits with 255 after printing usage... - echo "osslsigncode not found" - exit -fi - -# Test that altool can get its credentials for notarising the mac app -xcrun altool -u "$NOTARIZE_APPLE_ID" -p '@keychain:NOTARIZE_CREDS' --list-apps || exit - -# Get the token password: we'll need it later, but get it now so we fail early if it's not there -token_password=`security find-generic-password -s riot_signing_token -w` -if [ $? -ne 0 ]; then - echo "riot_signing_token not found in keychain" - exit -fi - -set -e - -echo "Building $version using Update base URL $update_base_url" - -projdir=`pwd` -builddir=`mktemp -d 2>/dev/null || mktemp -d -t 'buildtmp'` -pushd "$builddir" - -git clone "$projdir" . -git checkout "$version" - -# Figure out what version we're building -vername=`jq -r .version package.json` - -if [ -n "$conffile" ]; then - popd - cp "$conffile" "$builddir/" - pushd "$builddir" -fi - -# We use Git branch / commit dependencies for some packages, and Yarn seems -# to have a hard time getting that right. See also -# https://github.com/yarnpkg/yarn/issues/4734. As a workaround, we clean the -# global cache here to ensure we get the right thing. -yarn cache clean -yarn install -yarn build:electron - -popd - -distdir="$builddir/electron_app/dist" -pubdir="$projdir/electron_app/pub" -rm -r "$pubdir" || true -mkdir -p "$pubdir" -rm -r "$projdir/electron_app/dist" || true -mkdir -p "$projdir/electron_app/dist" - -# Install packages: what the user downloads the first time, -# (DMGs for mac, exe installer for windows) -mkdir -p "$pubdir/install/macos" -cp $distdir/*.dmg "$pubdir/install/macos/" - -mkdir -p "$pubdir/install/win32/ia32/" -cp $distdir/squirrel-windows-ia32/*.exe "$pubdir/install/win32/ia32/" - -mkdir -p "$pubdir/install/win32/x64/" -cp $distdir/squirrel-windows/*.exe "$pubdir/install/win32/x64/" - -# Packages for auto-update -mkdir -p "$pubdir/update/macos" -cp $distdir/*-mac.zip "$pubdir/update/macos/" -echo "$vername" > "$pubdir/update/macos/latest" - -mkdir -p "$pubdir/update/win32/ia32/" -cp $distdir/squirrel-windows-ia32/*.nupkg "$pubdir/update/win32/ia32/" -cp $distdir/squirrel-windows-ia32/RELEASES "$pubdir/update/win32/ia32/" - -mkdir -p "$pubdir/update/win32/x64/" -cp $distdir/squirrel-windows/*.nupkg "$pubdir/update/win32/x64/" -cp $distdir/squirrel-windows/RELEASES "$pubdir/update/win32/x64/" - -# Move the deb to the main project dir's dist folder -# (just the 64 bit one - the 32 bit one still gets built because -# it's one arch argument for all platforms and we still want 32 bit -# windows, but 32 bit linux is unsupported as of electron 4 and no -# longer appears to work). -cp $distdir/*_amd64.deb "$projdir/electron_app/dist/" - -rm -rf "$builddir" - -echo "$pubdir can now be hosted on your web server." -echo "deb archives are in electron_app/dist/ - these should be added into your debian repository" diff --git a/scripts/electron_afterSign.js b/scripts/electron_afterSign.js deleted file mode 100644 index 0aeedb73..00000000 --- a/scripts/electron_afterSign.js +++ /dev/null @@ -1,30 +0,0 @@ -const { notarize } = require('electron-notarize'); - -exports.default = async function(context) { - const { electronPlatformName, appOutDir } = context; - - if (electronPlatformName === 'darwin') { - const appName = context.packager.appInfo.productFilename; - // We get the password from keychain. The keychain stores - // user IDs too, but apparently altool can't get the user ID - // from the keychain, so we need to get it from the environment. - const userId = process.env.NOTARIZE_APPLE_ID; - if (userId === undefined) { - console.warn( - "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n" + - "! Skipping macOS notarisation. !\n" + - "! User ID not found, set NOTARIZE_APPLE_ID. !\n" + - "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!", - ); - return; - } - - console.log("Notarising macOS app. This may be some time."); - return await notarize({ - appBundleId: 'im.riot.app', - appPath: `${appOutDir}/${appName}.app`, - appleId: userId, - appleIdPassword: '@keychain:NOTARIZE_CREDS', - }); - } -}; diff --git a/scripts/electron_winSign.js b/scripts/electron_winSign.js deleted file mode 100644 index 65aa6a07..00000000 --- a/scripts/electron_winSign.js +++ /dev/null @@ -1,77 +0,0 @@ -const { exec, execFile } = require('child_process'); -const fs = require('fs'); -const path = require('path'); -const shellescape = require('shell-escape'); - -exports.default = async function(options) { - const inPath = options.path; - const appOutDir = path.dirname(inPath); - - // get the token passphrase from the keychain - let tokenPassphrase; - try { - tokenPassphrase = await new Promise((resolve, reject) => { - execFile( - 'security', - ['find-generic-password', '-s', 'riot_signing_token', '-w'], - {}, - (err, stdout) => { - if (err) { - reject(err); - } else { - resolve(stdout.trim()); - } - }, - ); - }); - } catch (err) { - console.warn( - "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n" + - "! Skipping Windows signing. !\n" + - "! Signing token not found in keychain. !\n" + - "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!", - ); - return; - } - - return new Promise((resolve, reject) => { - let cmdLine = 'osslsigncode sign '; - if (process.env.OSSLSIGNCODE_SIGNARGS) { - cmdLine += process.env.OSSLSIGNCODE_SIGNARGS + ' '; - } - const tmpFile = path.join( - appOutDir, - 'tmp_' + Math.random().toString(36).substring(2, 15) + '.exe', - ); - const args = [ - '-h', options.hash, - '-pass', tokenPassphrase, - '-in', inPath, - '-out', tmpFile, - ]; - if (options.isNest) args.push('-nest'); - cmdLine += shellescape(args); - - let signStdout; - const signproc = exec(cmdLine, {}, (error, stdout) => { - signStdout = stdout; - }); - signproc.on('exit', (code) => { - if (code !== 0) { - console.log("Running", cmdLine); - console.log(signStdout); - console.error("osslsigncode failed with code " + code); - reject("osslsigncode failed with code " + code); - return; - } - fs.rename(tmpFile, inPath, (err) => { - if (err) { - console.error("Error renaming file", err); - reject(err); - } else { - resolve(); - } - }); - }); - }); -};