hugo/bDS2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5e99cb7a0995d57031fcd2b624ea7f7892e48ba4
bDS2/lib/bds/mac_bundle.ex

243 lines
8.0 KiB
Elixir
Raw Blame History

defmodule BDS.MacBundle do
@moduledoc """
Assembles a self-contained, ad-hoc-signed macOS `.app` bundle for bDS2.
The bundle wraps the `:bds` Elixir release (which already embeds ERTS), a
red-pen `AppIcon.icns` (`BDS.MacBundle.Icon`), and the wxWidgets dylibs the
`:wx` NIF needs, relocated to run on a clean Mac (`BDS.MacBundle.Dylibs`). Its
`Info.plist` registers the `bds2://` URL scheme so the OS forwards blogmark
deep links to the running app (`Desktop.Env` → `BDS.Desktop.DeepLink`).
Layout:
BDS2.app/Contents/
Info.plist PkgInfo
MacOS/bds2 # launcher script (execs the release)
Resources/AppIcon.icns
Resources/rel/ # the mix release (ERTS bundled)
Frameworks/ # relocated wx + transitive dylibs
"""
alias BDS.MacBundle.Dylibs
@identifier "de.rfc1437.bds2"
@display_name "Blogging Desktop Server"
@executable "bds2"
@icon_name "AppIcon"
@scheme "bds2"
@min_system "13.0"
@release_name "bds"
@app_dir_name "BDS2.app"
@doc "Render the `Info.plist` XML for the bundle."
@spec info_plist(keyword()) :: String.t()
def info_plist(opts \\ []) do
assigns = [
identifier: Keyword.get(opts, :identifier, @identifier),
name: Keyword.get(opts, :name, @display_name),
executable: Keyword.get(opts, :executable, @executable),
icon: Keyword.get(opts, :icon, @icon_name),
scheme: Keyword.get(opts, :scheme, @scheme),
min_system: Keyword.get(opts, :min_system, @min_system),
version: Keyword.get(opts, :version, "0.0.0")
]
EEx.eval_file(template_path("Info.plist.eex"), assigns)
end
@doc "Render the `Contents/MacOS` launcher shell script."
@spec launcher(keyword()) :: String.t()
def launcher(opts \\ []) do
assigns = [
identifier: Keyword.get(opts, :identifier, @identifier),
name: Keyword.get(opts, :name, @display_name),
release_name: Keyword.get(opts, :release_name, @release_name)
]
EEx.eval_file(template_path("launcher.sh.eex"), assigns)
end
@doc """
Assemble the `.app` from a built release directory.
Options:
* `:release_dir` — path to the `:bds` release (required)
* `:output_dir` — where to place `BDS2.app` (required)
* `:icns_path` — path to `AppIcon.icns` (required)
* `:version` — version string for `Info.plist` (default "0.0.0")
* `:skip_dylibs` — skip wx dylib relocation (tests; default false)
* `:skip_codesign`— skip ad-hoc codesign (tests; default false)
"""
@spec assemble(keyword()) :: {:ok, String.t()} | {:error, term()}
def assemble(opts) do
release_dir = Keyword.fetch!(opts, :release_dir)
output_dir = Keyword.fetch!(opts, :output_dir)
icns_path = Keyword.fetch!(opts, :icns_path)
version = Keyword.get(opts, :version, "0.0.0")
app = Path.join(output_dir, @app_dir_name)
contents = Path.join(app, "Contents")
macos = Path.join(contents, "MacOS")
resources = Path.join(contents, "Resources")
frameworks = Path.join(contents, "Frameworks")
rel = Path.join(resources, "rel")
File.rm_rf!(app)
Enum.each([macos, resources, frameworks], &File.mkdir_p!/1)
with {:ok, _} <- File.cp_r(release_dir, rel),
:ok <- File.cp(icns_path, Path.join(resources, "#{@icon_name}.icns")),
:ok <- File.write(Path.join(contents, "Info.plist"), info_plist(version: version)),
:ok <- File.write(Path.join(contents, "PkgInfo"), "APPL????"),
:ok <- write_launcher(Path.join(macos, @executable)),
:ok <- maybe_relocate_dylibs(rel, frameworks, opts),
:ok <- maybe_codesign(app, opts) do
{:ok, app}
end
end
@doc "Locate the wxWidgets NIF (`wxe_driver.so`) inside a release tree."
@spec wx_nif_path(String.t()) :: String.t() | nil
def wx_nif_path(release_dir) do
release_dir
|> Path.join("lib/wx-*/priv/wxe_driver.so")
|> Path.wildcard()
|> List.first()
end
defp write_launcher(path) do
with :ok <- File.write(path, launcher()) do
File.chmod(path, 0o755)
end
end
defp maybe_relocate_dylibs(_rel, _frameworks, opts) do
if Keyword.get(opts, :skip_dylibs, false) do
:ok
else
relocate_dylibs(opts[:release_dir], opts)
end
end
defp relocate_dylibs(release_dir, opts) do
app = Path.join(opts[:output_dir], @app_dir_name)
frameworks = Path.join(app, "Contents/Frameworks")
case wx_nif_path(Path.join(app, "Contents/Resources/rel")) do
nil ->
{:error, {:wx_nif_not_found, release_dir}}
nif ->
prefix = "@loader_path/" <> relative_up(Path.dirname(nif), frameworks)
case Dylibs.bundle(nif, frameworks, prefix) do
{:ok, _copied} -> :ok
error -> error
end
end
end
@doc """
Compute a `../`-style relative path from `from_dir` to `to` (both absolute),
e.g. the path from the wx NIF's directory up to `Contents/Frameworks`.
"""
@spec relative_up(String.t(), String.t()) :: String.t()
def relative_up(from_dir, to) do
from = Path.split(Path.expand(from_dir))
target = Path.split(Path.expand(to))
{rest_from, rest_to} = drop_common(from, target)
(List.duplicate("..", length(rest_from)) ++ rest_to) |> Path.join()
end
defp drop_common([h | from], [h | to]), do: drop_common(from, to)
defp drop_common(from, to), do: {from, to}
defp maybe_codesign(app, opts) do
if Keyword.get(opts, :skip_codesign, false), do: :ok, else: codesign(app)
end
# Mach-O magic numbers (thin 32/64-bit, both endiannesses, and fat) as the
# first four bytes appear on disk.
@macho_magics [
<<0xCF, 0xFA, 0xED, 0xFE>>,
<<0xCE, 0xFA, 0xED, 0xFE>>,
<<0xFE, 0xED, 0xFA, 0xCF>>,
<<0xFE, 0xED, 0xFA, 0xCE>>,
<<0xCA, 0xFE, 0xBA, 0xBE>>,
<<0xBE, 0xBA, 0xFE, 0xCA>>
]
@doc """
Ad-hoc codesign the bundle.
`codesign --deep` only recurses into nested *bundles* and the main executable;
it ignores the loose Mach-O files the release ships — `beam.smp`, `erlexec`,
and every NIF `.so`/`.dylib` under `Resources/rel/…`. Those keep their original
*linker-signed* ad-hoc signatures, which the macOS code-signing monitor rejects
once the files are copied into a new bundle (the process is SIGKILLed with
"Code Signature Invalid" the moment it `dlopen`s such a NIF).
So we sign every Mach-O explicitly with a fresh ad-hoc signature (inside-out),
then seal the outer bundle and verify it.
"""
@spec codesign(String.t()) :: :ok | {:error, term()}
def codesign(app) do
with :ok <- sign_machos(macho_files(app)),
:ok <- run("codesign", ["--force", "--sign", "-", "--timestamp=none", app]) do
run("codesign", ["--verify", "--strict", app])
end
end
@doc """
List every Mach-O file under `root`, detected by magic number. These are the
loose binaries `codesign --deep` skips and that must be signed individually.
"""
@spec macho_files(String.t()) :: [String.t()]
def macho_files(root) do
root |> regular_files() |> Enum.filter(&macho?/1)
end
defp regular_files(path) do
case File.ls(path) do
{:ok, entries} ->
Enum.flat_map(entries, fn entry ->
full = Path.join(path, entry)
case File.lstat(full) do
{:ok, %File.Stat{type: :directory}} -> regular_files(full)
{:ok, %File.Stat{type: :regular}} -> [full]
_ -> []
end
end)
{:error, _} ->
[]
end
end
defp macho?(file) do
case File.open(file, [:read, :binary], &IO.binread(&1, 4)) do
{:ok, magic} when magic in @macho_magics -> true
_ -> false
end
end
defp sign_machos(files) do
Enum.reduce_while(files, :ok, fn file, :ok ->
case run("codesign", ["--force", "--sign", "-", "--timestamp=none", file]) do
:ok -> {:cont, :ok}
error -> {:halt, error}
end
end)
end
defp run(cmd, args) do
case System.cmd(cmd, args, stderr_to_stdout: true) do
{_out, 0} -> :ok
{out, status} -> {:error, {:command_failed, cmd, status, out}}
end
end
defp template_path(name), do: Path.join(:code.priv_dir(:bds), "desktop/macos/#{name}")
end
Reference in New Issue View Git Blame Copy Permalink