| Summary: | Notarization of MacOS PKG Installer as Apple Store package - Use Craft Continuous Deployment System. | ||
|---|---|---|---|
| Product: | [Applications] digikam | Reporter: | Dennis Gnad <bluedrago> |
| Component: | Bundle-MacOS | Assignee: | Digikam Developers <digikam-bugs-null> |
| Status: | REOPENED --- | ||
| Severity: | wishlist | CC: | caulier.gilles, metzpinguin |
| Priority: | NOR | ||
| Version: | 7.6.0 | ||
| Target Milestone: | --- | ||
| Platform: | macOS (DMG) | ||
| OS: | macOS | ||
| URL: | https://www.theimpostersyndrome.dev/posts/macospackaging/ | ||
| Latest Commit: | Version Fixed In: | ||
| Sentry Crash Report: | |||
|
Description
Dennis Gnad
2006-01-15 19:23:43 UTC
You might be right, but this isn't the proper medium to discuss it. You should better use a mailing list. I'm agree with Joern. There are any subjects to discut about digiKam/krita. Please use the digikam-devel@kde.org ML I'm closing this file. We will waiting you on ML... Gilles Caulier The digiKam PKG installer for MacOS must be notarized to Apple Store. Right Access to devices as camera must be turnedon. It's well explained to the url given on metadata of this bug entry. Gilles Caulier One excelent link about notarization process for MacOS : https://oozou.com/blog/scripting-notarization-for-macos-app-distribution-38 Krita osxdeploy.sh script has the process to notarize the application: https://invent.kde.org/graphics/krita/-/blob/master/packaging/macos/osxdeploy.sh#L101 The Krita package installer is signed: bash-3.2$ pwd /Applications/krita.app/Contents/_CodeSignature bash-3.2$ ls -al total 2312 drwxr-xr-x@ 3 gilles admin 96 6 jan 18:03 . drwxr-xr-x@ 10 gilles admin 320 6 jan 18:03 .. -rw-r--r--@ 1 gilles admin 1181949 6 jan 18:03 CodeResources bash-3.2$ more CodeResources <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>files</key> <dict> <key>Resources/applications/krita_brush.desktop</key> <data> 793KrrUooGp7IDPQJGo4ci/7g10= </data> <key>Resources/applications/krita_csv.desktop</key> <data> DkAUeRH3HS6gsXRS/SRWVloYS/I= </data> <key>Resources/applications/krita_exr.desktop</key> <data> ryIivlt6RYRJLmzM4CL57uZ5AC4= </data> <key>Resources/applications/krita_gif.desktop</key> <data> QWJ6o1r7OSSqQl8m7QBXC7EKma0= </data> <key>Resources/applications/krita_heif.desktop</key> <data> 6shvvt83IW8UfvK94ClRuD70vsY= </data> <key>Resources/applications/krita_heightmap.desktop</key> <data> n60p7nj+9ifvrTIujfuc/HhLT4s= </data> <key>Resources/applications/krita_jp2.desktop</key> <data> cb0S02CkULYzBBalAt9wd7iX6MY= </data> <key>Resources/applications/krita_jpeg.desktop</key> <data> 08j/aK8MLE1U9s/WH5sbZxbY1Gs= </data> bash-3.2$ New system admin request of KDE phabricator : https://phabricator.kde.org/T15249 title: How to notarize a KDE application as digiKam for MacOS The Apple developer official documentation about notarization for MacOS: https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution?language=objc An interesting thread about notarization cost with Apple developer account : https://developer.apple.com/forums/thread/121113 To resume, if i understand well the Apple puzzle: To notarize an application for MacOS, this must be done through an Apple developer account, you need to pay 99 euros by year, for a proprietary or an open source application, published to Apple Store, or not... Reponse from KDE admin about notarization process : "You will need to look into making Digikam build using Craft, and then request to be setup within the Binary Factory. The same applies for producing signed Windows binaries - we only support these being generated via Craft on the Binary Factory." Hi Maik, Good news : the factory can build successfully the MacOS target, but it fail at packaging stage : https://binary-factory.kde.org/view/MacOS/job/Digikam_Nightly_macos/848/consoleFull The reason is ??? Gilles The reason might be that boost is not correctly present in the craft system: image directory /Users/packaging/Craft/BinaryFactory/macos-64-clang/build/libs/boost/boost-system/image-RelWithDebInfo-1.76.0 does not exist! Maik There is something that i don't understand. binary factory use common infrastructure to build application and package. There are already few KDE applications packaged for MacOS. So my question is why this infrastructure is a puzzle ? Gilles For exemple, Dolphin is compiled and packaged for MacOS in the same way, without dysfunction: https://binary-factory.kde.org/view/MacOS/job/Dolphin_Nightly_macos/635/consoleFull Gilles If i'm not too wrong, the compilation and packaging configuration is located here : https://invent.kde.org/packaging/craft-blueprints-kde/-/blob/master/extragear/digikam/digikam.py For Dolphin, the configuration is located here : https://invent.kde.org/packaging/craft-blueprints-kde/-/tree/master/kde/applications/dolphin Q: excepted the blacklist rules, what's the difference ? Gilles I re-open the system admin request from Phabricator : https://phabricator.kde.org/T15249 Wait and see the response... Gilles Hi Maik, this is the response from KDE admin : "I've run the cleanup job now which will hopefully resolve that error, however please note that issues with Craft are something that Sysadmin doesn't look after." So, i just start a new build to see if package stage pass fine. Gilles As Ben report that the problem is not relevant of system admin, i created a new generic file in Phabricator with some Craft team in CC: https://phabricator.kde.org/T15568 Gilles Hi Maik, I understand why Craft do not package the Apple bundle after the whole compilation. The problem was to force libboost dependency which override the virtual env while packaging. Now the packaging stage start. It's broken while parsing the dependencies tree of all binary files. More extra deps are necessary to be defined (current libass is missing for media player) So it's on the good way to finalize the Craft MacOS packaging soon. Best Gilles Hi Gilles, I see you are fight with the MSVC build... Best Maik To be honest, I don't know what's i do. Craft is a completely obscure tool with plenty of side effects and black holes. I try to get inspirations from other applications crafted. I don't receive feedback from Craft team, so we are alone to fight... Gilles Maik, VoilĂ , it's done (the first one completed) : https://binary-factory.kde.org/view/MacOS/job/Digikam_Nightly_macos/875/ There is no guaranty that DMG can be installed safety and run properly. This is the next stage to do, and of course we must check to see if DMG is signed and ready for the Apple Store... Note : Craft do not support yet libmarble, so no geolocation will be available. I have a patch for Craft to validate with the team... Gilles Maik, I just tested the DMG generated by Craft Binary Factory, and it's signed and can be installed safety under MacOS. No security validation is ask to user. The digiKam packaged do not yet run as marble dependency is not yet include in the bundle. Gilles Yes, same for the Windows bundle, KF5Akonadi and libmarble is reported as missing DLL. Maik A note about the native Apple Silicon architecture of the digiKam PKG. I receive a message from the maintainer of QElectroTech application, a free software to create electric diagrams based on Qt. Until now they only provide this application for Intel Apple computers, but they switch to Apple silicon and compile the PKG for M1/M2 arm64 cpu using the digiKam packaging scripts based on Macports, and it work... https://qelectrotech.org/forum/viewtopic.php?id=2393 This want mean than the script are mostly ready for packaging digiKam for Apple Silicon. Gilles |