Bug 120192

Summary: Notarization of MacOS PKG Installer as Apple Store package - Use Craft Continuous Deployment System.
Product: [Applications] digikam Reporter: Dennis Gnad <bluedrago>
Component: Bundle-MacOSAssignee: Digikam Developers <digikam-bugs-null>
Status: REOPENED ---    
Severity: wishlist CC: caulier.gilles, metzpinguin
Priority: NOR    
Version: 7.6.0   
Target Milestone: ---   
Platform: macOS (DMG)   
OS: macOS   
URL: https://www.theimpostersyndrome.dev/posts/macospackaging/
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Dennis Gnad 2006-01-15 19:23:43 UTC
Version:           0.8.0 (using KDE KDE 3.4.3)

If you would work togethet with the krita devs, it would be beneficial for both parties. It's quite a bad idea to invent the wheel two times, as the digikam image viewer is growing more and more into an advanced photo editor, with distortion correction and all that photography related stuff, krita could have big use of it.
Of course digikam would also benefit, for example from the advanced color managment options krita offers.

I don't really know, how easy or hard it is too bring them together, but kde handles such stuff quite good, doesn't it?
Comment 1 Joern Ahrens 2006-01-15 19:53:21 UTC
You might be right, but this isn't the proper medium to discuss it. You should better use a mailing list.
Comment 2 caulier.gilles 2006-01-15 19:56:40 UTC
I'm agree with Joern. There are any subjects to discut about digiKam/krita. Please use the digikam-devel@kde.org ML

I'm closing this file. We will waiting you on ML...

Gilles Caulier
Comment 3 caulier.gilles 2022-02-01 13:40:42 UTC
The digiKam PKG installer for MacOS must be notarized to Apple Store. Right Access to devices as camera must be turnedon. It's well explained to the url given on metadata of this bug entry.

Gilles Caulier
Comment 4 caulier.gilles 2022-02-01 16:29:48 UTC
One excelent link about notarization process for MacOS :

https://oozou.com/blog/scripting-notarization-for-macos-app-distribution-38
Comment 5 caulier.gilles 2022-02-01 16:43:59 UTC
Krita osxdeploy.sh script has the process to notarize the application:

https://invent.kde.org/graphics/krita/-/blob/master/packaging/macos/osxdeploy.sh#L101

The Krita package installer is signed:

bash-3.2$ pwd
/Applications/krita.app/Contents/_CodeSignature
bash-3.2$ ls -al
total 2312
drwxr-xr-x@  3 gilles  admin       96  6 jan 18:03 .
drwxr-xr-x@ 10 gilles  admin      320  6 jan 18:03 ..
-rw-r--r--@  1 gilles  admin  1181949  6 jan 18:03 CodeResources
bash-3.2$ more CodeResources 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>files</key>
        <dict>
                <key>Resources/applications/krita_brush.desktop</key>
                <data>
                793KrrUooGp7IDPQJGo4ci/7g10=
                </data>
                <key>Resources/applications/krita_csv.desktop</key>
                <data>
                DkAUeRH3HS6gsXRS/SRWVloYS/I=
                </data>
                <key>Resources/applications/krita_exr.desktop</key>
                <data>
                ryIivlt6RYRJLmzM4CL57uZ5AC4=
                </data>
                <key>Resources/applications/krita_gif.desktop</key>
                <data>
                QWJ6o1r7OSSqQl8m7QBXC7EKma0=
                </data>
                <key>Resources/applications/krita_heif.desktop</key>
                <data>
                6shvvt83IW8UfvK94ClRuD70vsY=
                </data>
                <key>Resources/applications/krita_heightmap.desktop</key>
                <data>
                n60p7nj+9ifvrTIujfuc/HhLT4s=
                </data>
                <key>Resources/applications/krita_jp2.desktop</key>
                <data>
                cb0S02CkULYzBBalAt9wd7iX6MY=
                </data>
                <key>Resources/applications/krita_jpeg.desktop</key>
                <data>
                08j/aK8MLE1U9s/WH5sbZxbY1Gs=
                </data>
bash-3.2$
Comment 6 caulier.gilles 2022-02-01 17:00:57 UTC
New system admin request of KDE phabricator : 

https://phabricator.kde.org/T15249
title: How to notarize a KDE application as digiKam for MacOS
Comment 7 caulier.gilles 2022-02-01 17:16:13 UTC
The Apple developer official documentation about notarization for MacOS:

https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution?language=objc
Comment 8 caulier.gilles 2022-02-01 17:23:24 UTC
An interesting thread about notarization cost with Apple developer account :

https://developer.apple.com/forums/thread/121113
Comment 9 caulier.gilles 2022-02-01 17:31:37 UTC
To resume, if i understand well the Apple puzzle: 

To notarize an application for MacOS, this must be done through an Apple developer account, you need to pay 99 euros by year, for a proprietary or an open source application, published to Apple Store, or not...
Comment 10 caulier.gilles 2022-02-01 17:51:55 UTC
Reponse from KDE admin about notarization process : 

"You will need to look into making Digikam build using Craft, and then request to be setup within the Binary Factory.
The same applies for producing signed Windows binaries - we only support these being generated via Craft on the Binary Factory."
Comment 11 caulier.gilles 2022-06-01 04:50:37 UTC
Hi Maik,

Good news : the factory can build successfully the MacOS target, but it fail at packaging stage :

https://binary-factory.kde.org/view/MacOS/job/Digikam_Nightly_macos/848/consoleFull

The reason is ???

Gilles
Comment 12 Maik Qualmann 2022-06-01 05:57:53 UTC
The reason might be that boost is not correctly present in the craft system:

image directory /Users/packaging/Craft/BinaryFactory/macos-64-clang/build/libs/boost/boost-system/image-RelWithDebInfo-1.76.0 does not exist!

Maik
Comment 13 caulier.gilles 2022-06-01 07:28:23 UTC
There is something that i don't understand. binary factory use common infrastructure to build application and package. There are already few KDE applications packaged for MacOS. So my question is why this infrastructure is a puzzle ?

Gilles
Comment 14 caulier.gilles 2022-06-01 07:32:09 UTC
For exemple, Dolphin is compiled and packaged for MacOS in the same way, without dysfunction:

https://binary-factory.kde.org/view/MacOS/job/Dolphin_Nightly_macos/635/consoleFull 

Gilles
Comment 15 caulier.gilles 2022-06-01 07:42:28 UTC
If i'm not too wrong, the compilation and packaging configuration is located here :

https://invent.kde.org/packaging/craft-blueprints-kde/-/blob/master/extragear/digikam/digikam.py

For Dolphin, the configuration is located here :

https://invent.kde.org/packaging/craft-blueprints-kde/-/tree/master/kde/applications/dolphin

Q: excepted the blacklist rules, what's the difference ?

Gilles
Comment 16 caulier.gilles 2022-06-01 10:39:27 UTC
I re-open the system admin request from Phabricator :

https://phabricator.kde.org/T15249

Wait and see the response...

Gilles
Comment 17 caulier.gilles 2022-06-05 07:54:54 UTC
Hi Maik,

this is the response from KDE admin :

"I've run the cleanup job now which will hopefully resolve that error, however please note that issues with Craft are something that Sysadmin doesn't look after."

So, i just start a new build to see if package stage pass fine.

Gilles
Comment 18 caulier.gilles 2022-06-05 10:13:44 UTC
As Ben report that the problem is not relevant of system admin, i created a new generic file in Phabricator with some Craft team in CC:

https://phabricator.kde.org/T15568

Gilles
Comment 19 caulier.gilles 2022-06-06 12:30:52 UTC
Hi Maik,

I understand why Craft do not package the Apple bundle after the whole compilation. The problem was to force libboost dependency which override the virtual env while packaging.

Now the packaging stage start. It's broken while parsing the dependencies tree of all binary files. More extra deps are necessary to be defined (current libass is missing for media player)

So it's on the good way to finalize the Craft MacOS packaging soon.

Best

Gilles
Comment 20 Maik Qualmann 2022-06-06 16:56:17 UTC
Hi Gilles,

I see you are fight with the MSVC build...

Best

Maik
Comment 21 caulier.gilles 2022-06-06 17:21:32 UTC
To be honest, I don't know what's i do. Craft is a completely obscure tool with plenty of side effects and black holes.

I try to get inspirations from other applications crafted. I don't receive feedback from Craft team, so we are alone to fight...

Gilles
Comment 22 caulier.gilles 2022-06-07 11:29:35 UTC
Maik,

VoilĂ , it's done (the first one completed) : https://binary-factory.kde.org/view/MacOS/job/Digikam_Nightly_macos/875/

There is no guaranty that DMG can be installed safety and run properly. This is the next stage to do, and of course we must check to see if DMG is signed and ready for the Apple Store...

Note : Craft do not support yet libmarble, so no geolocation will be available. I have a patch for Craft to validate with the team...

Gilles
Comment 23 caulier.gilles 2022-06-14 15:11:36 UTC
Maik,

I just tested the DMG generated by Craft Binary Factory, and it's signed and can be installed safety under MacOS. No security validation is ask to user.

The digiKam packaged do not yet run as marble dependency is not yet include in the bundle.

Gilles
Comment 24 Maik Qualmann 2022-06-14 15:17:09 UTC
Yes, same for the Windows bundle, KF5Akonadi and libmarble is reported as missing DLL.

Maik
Comment 25 caulier.gilles 2023-06-02 05:41:21 UTC
A note about the native Apple Silicon architecture of the digiKam PKG. I receive a message from the maintainer of QElectroTech application, a free software to create electric diagrams based on Qt. Until now they only provide this application for Intel Apple computers, but they switch to Apple silicon and compile the PKG for M1/M2 arm64 cpu using the digiKam packaging scripts based on Macports, and it work...

https://qelectrotech.org/forum/viewtopic.php?id=2393

This want mean than the script are mostly ready for packaging digiKam for Apple Silicon.

Gilles