diff --git a/.cirrus.yml b/.cirrus.yml index 5136a6d8f6..654931547c 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -351,6 +351,7 @@ osx_alt_build_task: - cd contrib/pkginstaller - make ARCH=amd64 NO_CODESIGN=1 pkginstaller - make ARCH=aarch64 NO_CODESIGN=1 pkginstaller + - make ARCH=universal NO_CODESIGN=1 pkginstaller # Produce a new repo.tbz artifact for consumption by dependent tasks. repo_prep_script: *repo_prep repo_artifacts: *repo_artifacts diff --git a/.github/workflows/mac-pkg.yml b/.github/workflows/mac-pkg.yml index 6fdb681052..fe220caa7e 100644 --- a/.github/workflows/mac-pkg.yml +++ b/.github/workflows/mac-pkg.yml @@ -67,6 +67,7 @@ jobs: URI="https://github.com/containers/podman/releases/download/${{steps.getversion.outputs.version}}" ARM_FILE="podman-installer-macos-arm64.pkg" AMD_FILE="podman-installer-macos-amd64.pkg" + UNIVERSAL_FILE="podman-installer-macos-universal.pkg" status=$(curl -s -o /dev/null -w "%{http_code}" "${URI}/${ARM_FILE}") if [[ "$status" == "404" ]] ; then @@ -83,10 +84,19 @@ jobs: echo "::warning::AMD installer already exists, skipping" echo "buildamd=false" >> $GITHUB_OUTPUT fi + + status=$(curl -s -o /dev/null -w "%{http_code}" "${URI}/${UNIVERSAL_FILE}") + if [[ "$status" == "404" ]] ; then + echo "builduniversal=true" >> $GITHUB_OUTPUT + else + echo "::warning::Universal installer already exists, skipping" + echo "builduniversal=false" >> $GITHUB_OUTPUT + fi - name: Checkout Version if: >- steps.check.outputs.buildamd == 'true' || steps.check.outputs.buildarm == 'true' || + steps.check.outputs.builduniversal == 'true' || steps.actual_dryrun.outputs.dryrun == 'true' uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: @@ -96,6 +106,7 @@ jobs: if: >- steps.check.outputs.buildamd == 'true' || steps.check.outputs.buildarm == 'true' || + steps.check.outputs.builduniversal == 'true' || steps.actual_dryrun.outputs.dryrun == 'true' uses: actions/setup-go@v5 with: @@ -104,6 +115,7 @@ jobs: if: >- steps.check.outputs.buildamd == 'true' || steps.check.outputs.buildarm == 'true' || + steps.check.outputs.builduniversal == 'true' || steps.actual_dryrun.outputs.dryrun == 'true' run: | echo $APPLICATION_CERTIFICATE | base64 --decode -o appcert.p12 @@ -129,10 +141,17 @@ jobs: run: | make ARCH=amd64 notarize &> /dev/null cd out && shasum -a 256 podman-installer-macos-amd64.pkg >> shasums + - name: Build and Sign Universal + if: steps.check.outputs.builduniversal == 'true' || steps.actual_dryrun.outputs.dryrun == 'true' + working-directory: contrib/pkginstaller + run: | + make ARCH=universal notarize &> /dev/null + cd out && shasum -a 256 podman-installer-macos-universal.pkg >> shasums - name: Artifact if: >- steps.check.outputs.buildamd == 'true' || steps.check.outputs.buildarm == 'true' || + steps.check.outputs.builduniversal == 'true' || steps.actual_dryrun.outputs.dryrun == 'true' uses: actions/upload-artifact@v4 with: @@ -144,7 +163,8 @@ jobs: if: >- steps.actual_dryrun.outputs.dryrun == 'false' && (steps.check.outputs.buildamd == 'true' || - steps.check.outputs.buildarm == 'true') + steps.check.outputs.buildarm == 'true'|| + steps.check.outputs.builduniversal == 'true' ) env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | diff --git a/contrib/pkginstaller/.gitignore b/contrib/pkginstaller/.gitignore index 5e597ab071..fb6313afb6 100644 --- a/contrib/pkginstaller/.gitignore +++ b/contrib/pkginstaller/.gitignore @@ -1,6 +1,6 @@ out Distribution welcome.html -tmp-download +tmp-bin .vscode root diff --git a/contrib/pkginstaller/Makefile b/contrib/pkginstaller/Makefile index f6355732ea..3f0722b1e6 100644 --- a/contrib/pkginstaller/Makefile +++ b/contrib/pkginstaller/Makefile @@ -11,22 +11,22 @@ VFKIT_VERSION ?= 0.5.1 GVPROXY_RELEASE_URL ?= https://github.com/containers/gvisor-tap-vsock/releases/download/v$(GVPROXY_VERSION)/gvproxy-darwin VFKIT_RELEASE_URL ?= https://github.com/crc-org/vfkit/releases/download/v$(VFKIT_VERSION)/vfkit-unsigned PACKAGE_DIR ?= out/packaging -TMP_DOWNLOAD ?= tmp-download +TMP_BIN ?= tmp-bin PACKAGE_ROOT ?= root PKG_NAME := podman-installer-macos-$(GOARCH).pkg default: pkginstaller podman_version: - make -C ../../ test/version/version + make -B -C ../../ test/version/version -$(TMP_DOWNLOAD)/gvproxy: - mkdir -p $(TMP_DOWNLOAD) - cd $(TMP_DOWNLOAD) && curl -sLo gvproxy $(GVPROXY_RELEASE_URL) +$(TMP_BIN)/gvproxy: + mkdir -p $(TMP_BIN) + cd $(TMP_BIN) && curl -sLo gvproxy $(GVPROXY_RELEASE_URL) -$(TMP_DOWNLOAD)/vfkit: - mkdir -p $(TMP_DOWNLOAD) - cd $(TMP_DOWNLOAD) && curl -sLo vfkit $(VFKIT_RELEASE_URL) +$(TMP_BIN)/vfkit: + mkdir -p $(TMP_BIN) + cd $(TMP_BIN) && curl -sLo vfkit $(VFKIT_RELEASE_URL) packagedir: podman_version package_root Distribution welcome.html mkdir -p $(PACKAGE_DIR) @@ -42,10 +42,10 @@ packagedir: podman_version package_root Distribution welcome.html cp ../../LICENSE $(PACKAGE_DIR)/Resources/LICENSE.txt cp vfkit.entitlements $(PACKAGE_DIR)/ -package_root: clean-pkgroot $(TMP_DOWNLOAD)/gvproxy $(TMP_DOWNLOAD)/vfkit +package_root: clean-pkgroot $(TMP_BIN)/gvproxy $(TMP_BIN)/vfkit mkdir -p $(PACKAGE_ROOT)/podman/bin - cp $(TMP_DOWNLOAD)/gvproxy $(PACKAGE_ROOT)/podman/bin/ - cp $(TMP_DOWNLOAD)/vfkit $(PACKAGE_ROOT)/podman/bin/ + cp $(TMP_BIN)/gvproxy $(PACKAGE_ROOT)/podman/bin/ + cp $(TMP_BIN)/vfkit $(PACKAGE_ROOT)/podman/bin/ chmod a+x $(PACKAGE_ROOT)/podman/bin/* mkdir $(PACKAGE_ROOT)/podman/config cp ../../pkg/machine/ocipull/policy.json $(PACKAGE_ROOT)/podman/config/policy.json @@ -64,7 +64,7 @@ notarize: _notarize .PHONY: clean clean-pkgroot clean: - rm -rf $(TMP_DOWNLOAD) $(PACKAGE_ROOT) $(PACKAGE_DIR) Distribution welcome.html ../../test/version/version + rm -rf $(TMP_BIN) $(PACKAGE_ROOT) $(PACKAGE_DIR) out Distribution welcome.html ../../test/version/version clean-pkgroot: rm -rf $(PACKAGE_ROOT) $(PACKAGE_DIR) Distribution welcome.html diff --git a/contrib/pkginstaller/README.md b/contrib/pkginstaller/README.md index ff16629cc7..c33bcd77e0 100644 --- a/contrib/pkginstaller/README.md +++ b/contrib/pkginstaller/README.md @@ -1,13 +1,13 @@ ## How to build ```sh -$ make ARCH= NO_CODESIGN=1 pkginstaller +$ make ARCH= NO_CODESIGN=1 pkginstaller # or to create signed pkg -$ make ARCH= CODESIGN_IDENTITY= PRODUCTSIGN_IDENTITY= pkginstaller +$ make ARCH= CODESIGN_IDENTITY= PRODUCTSIGN_IDENTITY= pkginstaller # or to prepare a signed and notarized pkg for release -$ make ARCH= CODESIGN_IDENTITY= PRODUCTSIGN_IDENTITY= NOTARIZE_USERNAME= NOTARIZE_PASSWORD= NOTARIZE_TEAM= notarize +$ make ARCH= CODESIGN_IDENTITY= PRODUCTSIGN_IDENTITY= NOTARIZE_USERNAME= NOTARIZE_PASSWORD= NOTARIZE_TEAM= notarize ``` The generated pkg will be written to `out/podman-macos-installer-*.pkg`. diff --git a/contrib/pkginstaller/package.sh b/contrib/pkginstaller/package.sh index d3567463ad..09111f812a 100755 --- a/contrib/pkginstaller/package.sh +++ b/contrib/pkginstaller/package.sh @@ -10,6 +10,8 @@ NO_CODESIGN=${NO_CODESIGN:-0} HELPER_BINARIES_DIR="/opt/podman/bin" MACHINE_POLICY_JSON_DIR="/opt/podman/config" +tmpBin="contrib/pkginstaller/tmp-bin" + binDir="${BASEDIR}/root/podman/bin" version=$(cat "${BASEDIR}/VERSION") @@ -17,13 +19,46 @@ arch=$(cat "${BASEDIR}/ARCH") function build_podman() { pushd "$1" - make GOARCH="${goArch}" podman-remote HELPER_BINARIES_DIR="${HELPER_BINARIES_DIR}" MACHINE_POLICY_JSON_DIR="${MACHINE_POLICY_JSON_DIR}" - make GOARCH="${goArch}" podman-mac-helper - cp bin/darwin/podman "contrib/pkginstaller/out/packaging/${binDir}/podman" - cp bin/darwin/podman-mac-helper "contrib/pkginstaller/out/packaging/${binDir}/podman-mac-helper" + + case ${goArch} in + universal) + build_fat + cp "${tmpBin}/podman-universal" "contrib/pkginstaller/out/packaging/${binDir}/podman" + cp "${tmpBin}/podman-mac-helper-universal" "contrib/pkginstaller/out/packaging/${binDir}/podman-mac-helper" + ;; + + amd64 | arm64) + build_podman_arch ${goArch} + cp "${tmpBin}/podman-${goArch}" "contrib/pkginstaller/out/packaging/${binDir}/podman" + cp "${tmpBin}/podman-mac-helper-${goArch}" "contrib/pkginstaller/out/packaging/${binDir}/podman-mac-helper" + ;; + *) + echo -n "Unknown arch: ${goArch}" + ;; + esac + popd } +function build_podman_arch(){ + make -B GOARCH="$1" podman-remote HELPER_BINARIES_DIR="${HELPER_BINARIES_DIR}" MACHINE_POLICY_JSON_DIR="${MACHINE_POLICY_JSON_DIR}" + make -B GOARCH="$1" podman-mac-helper + mkdir -p "${tmpBin}" + cp bin/darwin/podman "${tmpBin}/podman-$1" + cp bin/darwin/podman-mac-helper "${tmpBin}/podman-mac-helper-$1" +} + +function build_fat(){ + echo "Building ARM Podman" + build_podman_arch "arm64" + echo "Building AMD Podman" + build_podman_arch "amd64" + + echo "Creating universal binary" + lipo -create -output "${tmpBin}/podman-universal" "${tmpBin}/podman-arm64" "${tmpBin}/podman-amd64" + lipo -create -output "${tmpBin}/podman-mac-helper-universal" "${tmpBin}/podman-mac-helper-arm64" "${tmpBin}/podman-mac-helper-amd64" +} + function sign() { local opts="" entitlements="${BASEDIR}/$(basename "$1").entitlements" @@ -39,6 +74,7 @@ if [ "${goArch}" = aarch64 ]; then fi build_podman "../../../../" + sign "${binDir}/podman" sign "${binDir}/gvproxy" sign "${binDir}/vfkit"