github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
3de8a1e405720e2e1f7650986aecedf154c3041b
firezone/scripts/build/lib.sh
Jamil 3de8a1e405 fix(apple/iOS): Use pointer directly for libresolv API calls (#9038) 
Somewhere between Xcode 16.0 and Xcode 16.3, the API for the libresolv
functions we call changed slightly, and we can now pass the return value
of `__res_9_state()` directly to the `res_9_ninit`, `res_9_ndestroy` and
`res_9_getservers` functions.
2025-05-06 03:32:35 +00:00

94 lines
2.6 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -e
# See https://docs.github.com/en/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development
function setup_runner() {
local app_profile="$1"
local app_profile_file="$2"
local ne_profile="$3"
local ne_profile_file="$4"
# Use the latest version of Xcode - matches what we typically use for development
sudo xcode-select --switch "$(ls -d /Applications/Xcode*.app | sort -V | tail -n 1)"
profiles_path="$HOME/Library/Developer/Xcode/UserData/Provisioning Profiles"
keychain_pass=$(openssl rand -base64 32)
keychain_path="$(mktemp -d)/app-signing.keychain-db"
# Install provisioning profiles
mkdir -p "$profiles_path"
base64_decode "$app_profile" "$profiles_path/$app_profile_file"
base64_decode "$ne_profile" "$profiles_path/$ne_profile_file"
# Create a keychain to use for signing
security create-keychain -p "$keychain_pass" "$keychain_path"
# Set it as the default keychain so Xcode can find the signing certs
security default-keychain -s "$keychain_path"
# Ensure it stays unlocked during the build
security set-keychain-settings -lut 21600 "$keychain_path"
# Unlock the keychain for use
security unlock-keychain -p "$keychain_pass" "$keychain_path"
# Install signing certs
install_cert \
"$BUILD_CERT" \
"$BUILD_CERT_PASS" \
"$keychain_pass" \
"$keychain_path"
install_cert \
"$INSTALLER_CERT" \
"$INSTALLER_CERT_PASS" \
"$keychain_pass" \
"$keychain_path"
install_cert \
"$STANDALONE_BUILD_CERT" \
"$STANDALONE_BUILD_CERT_PASS" \
"$keychain_pass" \
"$keychain_path"
install_cert \
"$STANDALONE_INSTALLER_CERT" \
"$STANDALONE_INSTALLER_CERT_PASS" \
"$keychain_pass" \
"$keychain_path"
}
function base64_decode() {
local input_stdin="$1"
local output_path="$2"
echo -n "$input_stdin" | base64 --decode -o "$output_path"
}
function install_cert() {
local cert_path
local cert="$1"
local pass="$2"
local keychain_pass="$3"
local keychain_path="$4"
cert_path="$(mktemp -d)/cert.p12"
base64_decode "$cert" "$cert_path"
# Import cert into keychain
security import "$cert_path" \
-P "$pass" \
-A \
-t cert \
-f pkcs12 \
-k "$keychain_path"
# Prevent the keychain from asking for password to access the cert
security set-key-partition-list \
-S apple-tool:,apple: \
-k "$keychain_pass" \
"$keychain_path"
# Clean up
rm "$cert_path"
}
Reference in New Issue View Git Blame Copy Permalink