diff --git a/contrib/pkginstaller/Makefile b/contrib/pkginstaller/Makefile index a742bfe0e1..b9ac4b44ec 100644 --- a/contrib/pkginstaller/Makefile +++ b/contrib/pkginstaller/Makefile @@ -8,8 +8,10 @@ else endif GVPROXY_VERSION ?= 0.7.3 VFKIT_VERSION ?= 0.5.1 +KRUNKIT_VERSION ?= 0.1.1 GVPROXY_RELEASE_URL ?= https://github.com/containers/gvisor-tap-vsock/releases/download/v$(GVPROXY_VERSION)/gvproxy-darwin VFKIT_RELEASE_URL ?= https://github.com/crc-org/vfkit/releases/download/v$(VFKIT_VERSION)/vfkit-unsigned +KRUNKIT_RELEASE_URL ?= https://github.com/containers/krunkit/releases/download/v$(KRUNKIT_VERSION)/krunkit-podman-unsigned-$(KRUNKIT_VERSION).tgz PACKAGE_DIR ?= out/packaging TMP_BIN ?= tmp-bin PACKAGE_ROOT ?= root @@ -28,6 +30,10 @@ $(TMP_BIN)/vfkit: mkdir -p $(TMP_BIN) cd $(TMP_BIN) && curl -sLo vfkit $(VFKIT_RELEASE_URL) +$(TMP_BIN)/krunkit.tgz: + mkdir -p $(TMP_BIN) + cd $(TMP_BIN) && curl -sLo krunkit.tgz $(KRUNKIT_RELEASE_URL) + packagedir: podman_version package_root Distribution welcome.html mkdir -p $(PACKAGE_DIR) cp -r Resources $(PACKAGE_DIR)/ @@ -41,11 +47,13 @@ packagedir: podman_version package_root Distribution welcome.html echo -n $(ARCH) > $(PACKAGE_DIR)/ARCH cp ../../LICENSE $(PACKAGE_DIR)/Resources/LICENSE.txt cp vfkit.entitlements $(PACKAGE_DIR)/ + cp krunkit.entitlements $(PACKAGE_DIR)/ -package_root: clean-pkgroot $(TMP_BIN)/gvproxy $(TMP_BIN)/vfkit +package_root: clean-pkgroot $(TMP_BIN)/gvproxy $(TMP_BIN)/vfkit $(TMP_BIN)/krunkit.tgz mkdir -p $(PACKAGE_ROOT)/podman/bin cp $(TMP_BIN)/gvproxy $(PACKAGE_ROOT)/podman/bin/ cp $(TMP_BIN)/vfkit $(PACKAGE_ROOT)/podman/bin/ + tar xf $(TMP_BIN)/krunkit.tgz -C $(PACKAGE_ROOT)/podman chmod a+x $(PACKAGE_ROOT)/podman/bin/* # Leaving for future considerations # mkdir $(PACKAGE_ROOT)/podman/config diff --git a/contrib/pkginstaller/krunkit.entitlements b/contrib/pkginstaller/krunkit.entitlements new file mode 100644 index 0000000000..a967593e0e --- /dev/null +++ b/contrib/pkginstaller/krunkit.entitlements @@ -0,0 +1,10 @@ + + + + + com.apple.security.hypervisor + + com.apple.security.cs.disable-library-validationr + + + diff --git a/contrib/pkginstaller/package.sh b/contrib/pkginstaller/package.sh index 8a3496beeb..4d2cd7cd48 100755 --- a/contrib/pkginstaller/package.sh +++ b/contrib/pkginstaller/package.sh @@ -13,6 +13,7 @@ MACHINE_POLICY_JSON_DIR="/opt/podman/config" tmpBin="contrib/pkginstaller/tmp-bin" binDir="${BASEDIR}/root/podman/bin" +libDir="${BASEDIR}/root/podman/lib" version=$(cat "${BASEDIR}/VERSION") arch=$(cat "${BASEDIR}/ARCH") @@ -65,7 +66,10 @@ function sign() { if [ -f "${entitlements}" ]; then opts="--entitlements ${entitlements}" fi - codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force ${opts} "$1" + if [ ! "${NO_CODESIGN}" -eq "1" ]; then + opts="$opts --options runtime" + fi + codesign --deep --sign "${CODESIGN_IDENTITY}" --timestamp --force ${opts} "$1" } goArch="${arch}" @@ -80,6 +84,12 @@ sign "${binDir}/gvproxy" sign "${binDir}/vfkit" sign "${binDir}/podman-mac-helper" +sign "${binDir}/krunkit" +sign "${libDir}/libkrun-efi.dylib" +sign "${libDir}/libvirglrenderer.1.dylib" +sign "${libDir}/libepoxy.0.dylib" +sign "${libDir}/libMoltenVK.dylib" + pkgbuild --identifier com.redhat.podman --version "${version}" \ --scripts "${BASEDIR}/scripts" \ --root "${BASEDIR}/root" \