-
Notifications
You must be signed in to change notification settings - Fork 128
174 lines (147 loc) · 9.99 KB
/
macOS.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
name: macOS
on: [push, pull_request]
env:
PYTHON_VER: '3.8.2'
PYTHON_VER_SHORT: '3.8'
PYTHON_VER_SHORT_COMPACT: '38'
PYOTHERSIDE_VER: '1.5.9'
OPENSSL_VER: '1.1.1g'
LIBYUBIKEY_VER: '1.13'
LIBYKPERS_VER: '1.20.0'
LIBUSB_VER: '1.0.23'
jobs:
build:
runs-on: macos-latest
steps:
- uses: actions/checkout@v1
- name: Install dependencies from homebrew
run: |
brew update
brew install swig qt zlib curl coreutils
brew link qt -f
- name: Setup GPG
run: |
gpg --keyserver hkps://keys.openpgp.org --recv-keys 0A3B0262BCA1705307D5FF06BCA00FD4B2168C0A 2D347EA6AA65421D e3ff2839c048b25c084debe9b26995e310250568
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 8657ABB260F056B1E5190839D9C4D26D0E604491
- name: Build OpenSSL
run: |
wget https://www.openssl.org/source/openssl-${OPENSSL_VER}.tar.gz
wget https://www.openssl.org/source/openssl-${OPENSSL_VER}.tar.gz.asc
gpg --verify openssl-${OPENSSL_VER}.tar.gz.asc
tar -xzvf openssl-${OPENSSL_VER}.tar.gz
cd openssl-${OPENSSL_VER}
sudo env MACOSX_DEPLOYMENT_TARGET=10.13 ./config --prefix=/opt/openssl
sudo env MACOSX_DEPLOYMENT_TARGET=10.13 make
sudo make install
- name: Build Python as a framework
run: |
wget https://www.python.org/ftp/python/${PYTHON_VER}/Python-${PYTHON_VER}.tgz
wget https://www.python.org/ftp/python/${PYTHON_VER}/Python-${PYTHON_VER}.tgz.asc
gpg --verify Python-${PYTHON_VER}.tgz.asc
tar -xzvf Python-${PYTHON_VER}.tgz
cd Python-${PYTHON_VER}
# Make sure gettext is not installed when configuring Python,
# otherwise it seems to break the linking for PyOtherSide build later.
# Re-intall after, because it's needed for wget.
brew uninstall gettext --ignore-dependencies
./configure MACOSX_DEPLOYMENT_TARGET=10.13 CPPFLAGS="-I/opt/openssl/include" LDFLAGS="-L/opt/openssl/lib" CC=clang --enable-framework --with-openssl=/opt/openssl --enable-optimizations
sudo make altinstall
brew reinstall gettext
- name: Install python dependencies from source
run: |
sudo env MACOSX_DEPLOYMENT_TARGET=10.13 CFLAGS="-I/opt/openssl/include" LDFLAGS="-L/opt/openssl/lib" /Library/Frameworks/Python.framework/Versions/3.8/bin/pip3.8 install cryptography --no-binary :all: --ignore-installed --force-reinstall --no-cache
/Library/Frameworks/Python.framework/Versions/3.8/bin/pip3.8 download pyscard --no-binary :all:
tar -xvf pyscard*
cd pyscard*
patch setup.py ../.github/workflows/macos-pyscard-patch.patch
cd ..
- name: Change id for bundled Python
run: sudo sed -i '' 's/org.python.python/com.yubico.python/g' /Library/Frameworks/Python.framework/Versions/3.8/Resources/Python.app/Contents/Info.plist
- name: Build PyOtherSide QML plugin
run: |
wget https://github.com/thp/pyotherside/archive/${PYOTHERSIDE_VER}.tar.gz
echo "189cb0b973e40fcb6b95fd51b0bcd6cc8494b514d49ffe966ec488cf05bbf51e ${PYOTHERSIDE_VER}.tar.gz" | sha256sum -c -
tar -xzvf ${PYOTHERSIDE_VER}.tar.gz
echo "DEFINES += QT_NO_DEBUG_OUTPUT" >> pyotherside-${PYOTHERSIDE_VER}/src/src.pro
cd pyotherside-${PYOTHERSIDE_VER}
qmake PYTHON_CONFIG=/Library/Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/bin/python${PYTHON_VER_SHORT}-config
make
sudo make install
- name: Build libyubikey
run: |
wget https://developers.yubico.com/yubico-c/Releases/libyubikey-${LIBYUBIKEY_VER}.tar.gz
wget https://developers.yubico.com/yubico-c/Releases/libyubikey-${LIBYUBIKEY_VER}.tar.gz.sig
gpg --verify libyubikey-${LIBYUBIKEY_VER}.tar.gz.sig
tar -xzvf libyubikey-${LIBYUBIKEY_VER}.tar.gz
cd libyubikey-${LIBYUBIKEY_VER}
sudo env MACOSX_DEPLOYMENT_TARGET=10.13 ./configure --with-backend=osx --prefix=/opt/libyubikey
sudo env MACOSX_DEPLOYMENT_TARGET=10.13 make install
- name: Build libykpers
run: |
wget https://developers.yubico.com/yubikey-personalization/Releases/ykpers-${LIBYKPERS_VER}.tar.gz
wget https://developers.yubico.com/yubikey-personalization/Releases/ykpers-${LIBYKPERS_VER}.tar.gz.sig
gpg --verify ykpers-${LIBYKPERS_VER}.tar.gz.sig
tar -xzvf ykpers-${LIBYKPERS_VER}.tar.gz
cd ykpers-${LIBYKPERS_VER}
sudo env MACOSX_DEPLOYMENT_TARGET=10.13 ./configure --disable-dependency-tracking --disable-silent-rules --with-backend=osx --with-libyubikey-prefix=/opt/libyubikey --prefix=/opt/ykpers
sudo env MACOSX_DEPLOYMENT_TARGET=10.13 make install
- name: Build libusb
run: |
wget https://github.com/libusb/libusb/releases/download/v${LIBUSB_VER}/libusb-${LIBUSB_VER}.tar.bz2
echo "db11c06e958a82dac52cf3c65cb4dd2c3f339c8a988665110e0d24d19312ad8d libusb-${LIBUSB_VER}.tar.bz2" | sha256sum -c -
tar -xzvf libusb-${LIBUSB_VER}.tar.bz2
cd libusb-${LIBUSB_VER}
./configure --disable-dependency-tracking --prefix=/opt/libusb
sudo env MACOSX_DEPLOYMENT_TARGET=10.13 make install
- name: Build yubioath-desktop
run: |
qmake
make
macdeployqt yubioath-desktop.app/ -qmldir=qml/ -appstore-compliant
- name: Copy over dynamic libraries
run: |
sudo find /opt/libyubikey/ -name '*.dylib' -exec cp '{}' yubioath-desktop.app/Contents/Frameworks/ ';'
sudo find /opt/ykpers/ -name '*.dylib' -exec cp '{}' yubioath-desktop.app/Contents/Frameworks/ ';'
sudo find /opt/openssl/ -name '*.dylib' -exec cp '{}' yubioath-desktop.app/Contents/Frameworks/ ';'
sudo find /opt/libusb/ -name '*.dylib' -exec cp '{}' yubioath-desktop.app/Contents/Frameworks/ ';'
- name: Copy over Python.framework to app bundle
run: |
cp -a /Library/Frameworks/Python.framework yubioath-desktop.app/Contents/Frameworks/
sudo find yubioath-desktop.app/Contents/Frameworks/Python.framework -name '*.pyc' -delete
sudo find yubioath-desktop.app/Contents/Frameworks/Python.framework -name '__pycache__' -delete
- name: Point pyotherside to relative Python
run: |
sudo install_name_tool -change /Library/Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/Python @executable_path/../Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/Python yubioath-desktop.app/Contents/PlugIns/quick/libpyothersideplugin.dylib
- name: Point custom Python share objects to relative openssl dylibs
run: |
sudo install_name_tool -change /opt/openssl/lib/libcrypto.1.1.dylib @executable_path/../Frameworks/libcrypto.1.1.dylib yubioath-desktop.app/Contents/Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/lib/python${PYTHON_VER_SHORT}/lib-dynload/_ssl.cpython-${PYTHON_VER_SHORT_COMPACT}-darwin.so
sudo install_name_tool -change /opt/openssl/lib/libssl.1.1.dylib @executable_path/../Frameworks/libssl.1.1.dylib yubioath-desktop.app/Contents/Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/lib/python${PYTHON_VER_SHORT}/lib-dynload/_ssl.cpython-${PYTHON_VER_SHORT_COMPACT}-darwin.so
sudo install_name_tool -change /opt/openssl/lib/libcrypto.1.1.dylib @executable_path/../Frameworks/libcrypto.1.1.dylib yubioath-desktop.app/Contents/Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/lib/python${PYTHON_VER_SHORT}/lib-dynload/_hashlib.cpython-${PYTHON_VER_SHORT_COMPACT}-darwin.so
sudo install_name_tool -change /opt/openssl/lib/libssl.1.1.dylib @executable_path/../Frameworks/libssl.1.1.dylib yubioath-desktop.app/Contents/Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/lib/python${PYTHON_VER_SHORT}/lib-dynload/_hashlib.cpython-${PYTHON_VER_SHORT_COMPACT}-darwin.so
sudo install_name_tool -change /opt/openssl/lib/libcrypto.1.1.dylib @executable_path/../Frameworks/libcrypto.1.1.dylib yubioath-desktop.app/Contents/Frameworks/libssl.1.1.dylib
sudo install_name_tool -change /opt/openssl/lib/libcrypto.1.1.dylib @executable_path/../Frameworks/libcrypto.1.1.dylib yubioath-desktop.app/Contents/Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/lib/python${PYTHON_VER_SHORT}/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so
sudo install_name_tool -change /opt/openssl/lib/libssl.1.1.dylib @executable_path/../Frameworks/libssl.1.1.dylib yubioath-desktop.app/Contents/Frameworks/Python.framework/Versions/${PYTHON_VER_SHORT}/lib/python${PYTHON_VER_SHORT}/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so
- name: Point ykpers dependencies to relative dylibs
run: |
sudo install_name_tool -change /opt/libyubikey/lib/libyubikey.0.dylib @executable_path/../Frameworks/libyubikey.0.dylib yubioath-desktop.app/Contents/Frameworks/libykpers-1.1.dylib
sudo install_name_tool -change /opt/libyubikey/lib/libyubikey.0.dylib @executable_path/../Frameworks/libyubikey.0.dylib yubioath-desktop.app/Contents/Frameworks/libykpers-1.dylib
- name: Rename and archive app bundle
run: |
export REF=$(echo ${GITHUB_REF} | cut -d '/' -f 3)
mv yubioath-desktop.app Yubico\ Authenticator.app
tar -czf yubioath-desktop-${REF}.app.tar.gz Yubico\ Authenticator.app
mkdir deploy
mv yubioath-desktop-${REF}.app.tar.gz deploy
- name: Uninstall runtime dependencies
run: |
brew uninstall openssl@1.1 python libusb --ignore-dependencies
sudo rm -rf /usr/local/Cellar/qt
- name: Run GUI
run: |
./Yubico\ Authenticator.app/Contents/MacOS/yubioath-desktop --version
./Yubico\ Authenticator.app/Contents/MacOS/yubioath-desktop --help
- name: Upload artifact
uses: actions/upload-artifact@v1
with:
name: yubioath-desktop-macos-app-bundle
path: deploy