Download and install Python 3.8.7 from https://www.python.org/downloads/release/python-387/. I downloaded python-3.8.7-macosx10.9.pkg.
Make sure you have poetry installed (pip3 install --user poetry), then install dependencies:
poetry installHere's how you run GPG Sync, without having to build an app bundle:
poetry run ./dev_scripts/gpgsyncHere's how you build an app bundle:
poetry run install/build_mac.pyNow you should have dist/GPG Sync.app.
To build a .pkg for distribution:
poetry run install/build_mac.py --with-codesignNow you should have dist/GPGSync.pkg.
Download Python 3.8.7, 32-bit (x86) from https://www.python.org/downloads/release/python-387/. I downloaded python-3.8.7.exe. When installing it, make sure to check the "Add Python 3.8 to PATH" checkbox on the first page of the installer.
Open a command prompt and cd to the gpgsync folder. If you don't have it already, install poetry (pip install poetry). Then install dependencies:
poetry installAfter that you can launch GPG Sync during development with:
poetry run python dev_scripts\gpgsync -vGPG Sync uses PyInstaller to turn the python source code into Windows executable .exe file. Malware developers also use PyInstaller, and some anti-virus vendors have included snippets of PyInstaller code in their virus definitions. To avoid this, you have to compile the Windows PyInstaller bootloader yourself instead of using the pre-compiled one that comes with PyInstaller.
Here's how to compile the PyInstaller bootloader:
Download and install Microsoft Build Tools for Visual Studio 2019. I downloaded vs_buildtools.exe. In the installer, check the box next to "Visual C++ build tools". Click "Individual components", and under "Compilers, build tools and runtimes", check "Windows Universal CRT SDK". Then click install. When installation is done, you may have to reboot your computer.
Then, enable the 32-bit Visual C++ Toolset on the Command Line like this:
cd "C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\VC\Auxiliary\Build"
vcvars32.bat
Change to a folder where you keep source code, and clone the PyInstaller git repo:
git clone https://github.com/pyinstaller/pyinstaller.git
git checkout v4.2
And compile the bootloader, following these instructions. To compile, run this:
cd bootloader
python waf distclean all --target-arch=32bit --msvc_targets=x86
Finally, install the PyInstaller module into your virtual environment:
cd ..\..\gpgsync
poetry shell
cd ..\pyinstaller
python setup.py install
exit
Now the next time you use PyInstaller to build GPG Sync, the .exe file should not be flagged as malicious by anti-virus.
These instructions include adding folders to the path in Windows. To do this, go to Start and type "advanced system settings", and open "View advanced system settings" in the Control Panel. Click Environment Variables. Under "System variables" double-click on Path. From there you can add and remove folders that are available in the PATH.
Download and install the standalone Windows 10 SDK.
Add the following directories to the path:
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\x86
Finally, open a command prompt, cd into the gpgsync directory, and run:
poetry run pyinstaller install\pyinstaller.specgpgsync.exe and all of their supporting files will get created inside the dist folder.
- Go to http://nsis.sourceforge.net/Download and download the latest NSIS. I downloaded
nsis-3.06.1-setup.exe. - Add
C:\Program Files (x86)\NSISto the path.
Now install the Processes NSIS plugin.
- Go to https://nsis.sourceforge.io/NsProcess_plugin and download NsProcess. I downloaded
nsProcess_1_6.7z(with sha256 hashfc19fc66a5219a233570fafd5daeb0c9b85387b379f6df5ac8898159a57c5944) - Decompress it. You will probably need 7-Zip
- Copy
nsProcess_1.6/Plugin/*.dlltoC:\Program Files (x86)\NSIS\Plugins\x86-ansi - Copy
nsProcess_1.6/Include/ncProcess.nshtoC:\Program Files (x86)\NSIS\Include
If you want to sign binaries with Authenticode:
- You'll need a code signing certificate. I got an open source code signing certificate from Certum.
- Once you get a code signing key and certificate and covert it to a pfx file, import it into your certificate store.
Note that you must have a codesigning certificate installed in order to use the install\build_exe.bat script, because it codesigns gpgsync.exe, uninstall.exe, and gpgsync-setup.exe.
Open a command prompt, cd to the gpgsync directory, and run:
poetry run install\build_exe.batThis will prompt you to codesign three binaries and execute one unsigned binary. When you're done clicking through everything you will have dist\gpgsync-setup.exe.
Debian / Ubuntu / Mint
Install dependencies:
sudo apt install -y python-all dh-python python3-pytest python3-pytest-runner python3-stdeb python3-pyside2.qtcore python3-pyside2.qtwidgets python3-pyside2.qtgui python3-requests python3-socks python3-packaging python3-dateutil gnupg2Make and install a .deb:
./install/build_deb.sh
sudo apt install deb_dist/gpgsync_*.debFedora
Install dependencies:
sudo dnf install -y rpm-build python3-pytest-runner python3-pyside2 python3-requests python3-packaging python3-dateutil gnupg2Make and install a .rpm:
./install/build_rpm.sh
sudo dnf install dist/gpgsync-*-1.noarch.rpmThere are make commands to build for the latest stable of debian (stretch)
and fedora (27):
make build-fedora27-rpmor
make build-debianstretch-debFrom the gpgsync folder run:
python setup.py pytestNote that one of the tests will fail if you don't have SOCKS5 proxy server listening on port 9050 (e.g. Tor installed).
This section documents the release process. Unless you're a GPG Sync developer making a release, you'll probably never need to follow it.
Before making a release, all of these should be complete:
share/versionshould have the correct versioninstall/gpgsync.nsishould have the correct version, for the Windows installerCHANGELOG.mdshould be updated to include a list of all major changes since the last release- There must be a PGP-signed git tag for the version, e.g. for GPG Sync 0.3.4, the tag must be
v0.3.4
The first step for the macOS and Windows releases is the same:
Verify the release git tag:
git fetch
git tag -v v$VERSIONIf the tag verifies successfully, check it out:
git checkout v$VERSION
To make a macOS release, go to macOS build machine:
- Build machine should be running macOS 10.13
- Verify and checkout the git tag for this release
- Run
poetry run ./install/build_app.sh; this will makedist/GPG Sync.appbut won't codesign it - Copy
dist/GPG Sync.appfrom the build machine to thedistfolder on the release machine
Then move to the macOS release machine:
- Release machine should be running the latest version of macOS, and must have:
- Apple-trusted
Developer ID Application: FIRST LOOK PRODUCTIONS, INC.andDeveloper ID Installer: FIRST LOOK PRODUCTIONS, INC.code-signing certificates installed - An app-specific Apple ID password saved in the login keychain called
gpgsync-notarize
- Apple-trusted
- Verify and checkout the git tag for this release
- Run
poetry run ./install/build_pkg.sh; this will make a codesigned installer package calleddist/GPGSync-$VERSION.pkg - Notarize it:
xcrun altool --notarize-app --primary-bundle-id "org.firstlook.gpgsync" -u "micah@firstlook.org" -p "@keychain:gpgsync-notarize" --file GPGSync-$VERSION.pkg - Wait for it to get approved, check status with:
xcrun altool --notarization-history 0 -u "micah@firstlook.org" -p "@keychain:gpgsync-notarize" - After it's approved, staple the ticket:
xcrun stapler staple GPGSync-$VERSION.pkg
This process ends up with the final file:
dist/GPGSync-$VERSION.pkg
To make a Windows release, go to Windows build machine:
- Build machine should be running Windows 10, and have the Windows codesigning certificate installed
- Verify and checkout the git tag for this release
- Run
install\build_exe.bat; this will make a codesigned installer package calleddist\gpgsync-setup.exe - Rename
gpgsync-setup.exetogpgsync-$VERSION-setup.exe
This process ends up with the final file:
gpgsync-$VERSION-setup.exe
To publish the release:
- Create a new release on GitHub, put the changelog in the description of the release, and upload the Windows and macOS installers
- Make a PR to homebrew-cask to update the macOS version