gershnik
diff --git a/‎.github/workflows/build.yml‎
Lines changed: 6 additions & 1 deletion b/‎.github/workflows/build.yml‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎.github/workflows/publish.yml‎
Lines changed: 6 additions & 2 deletions b/‎.github/workflows/publish.yml‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.vscode/settings.json‎
Lines changed: 1 addition & 0 deletions b/‎.vscode/settings.json‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 4 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎CMakeLists.txt‎
Lines changed: 8 additions & 2 deletions b/‎CMakeLists.txt‎
Lines changed: 8 additions & 2 deletions
diff --git a/‎installers/mac/build.py‎
Lines changed: 52 additions & 8 deletions b/‎installers/mac/build.py‎
Lines changed: 52 additions & 8 deletions
diff --git a/‎installers/mac/distribution.xml‎
Lines changed: 1 addition & 1 deletion b/‎installers/mac/distribution.xml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎installers/mac/notarize‎
Lines changed: 24 additions & 88 deletions b/‎installers/mac/notarize‎
Lines changed: 24 additions & 88 deletions
diff --git a/‎installers/mac/scripts/postinstall‎
Lines changed: 2 additions & 2 deletions b/‎installers/mac/scripts/postinstall‎
Lines changed: 2 additions & 2 deletions
@@ -96,6 +96,7 @@ jobs:
     - name: Setup Linux
       if: runner.os == 'Linux'
       run: |
+        sudo apt-get update
         sudo apt-get install -y libsystemd-dev
         if [[ '${{ matrix.os }}' == 'ubuntu-20.04' ]]; then
           echo "CC=gcc-10"  >> $GITHUB_ENV
@@ -105,7 +106,11 @@ jobs:
     - name: Build
       run: |
           cmake -E make_directory out
-          cmake -S . -B out -DCMAKE_BUILD_TYPE=RelWithDebInfo "-DCMAKE_OSX_ARCHITECTURES=x86_64;arm64" -DFETCHCONTENT_QUIET=OFF 
+          cmake -S . -B out \
+            -DCMAKE_BUILD_TYPE=RelWithDebInfo \
+            "-DCMAKE_OSX_ARCHITECTURES=x86_64;arm64" \
+            -DWSDDN_MACOS_BUILD_WRAPPER=ON \
+            -DFETCHCONTENT_QUIET=OFF 
           installers/${{ matrix.installer }}/build.py . out
 
 
 
@@ -101,6 +101,7 @@ jobs:
     - name: Setup Linux
       if: runner.os == 'Linux'
       run: |
+        sudo apt-get update
         sudo apt-get install -y libsystemd-dev
         if [[ '${{ matrix.os }}' == 'ubuntu-20.04' ]]; then
           echo "CC=gcc-10"  >> $GITHUB_ENV
@@ -110,8 +111,11 @@ jobs:
     - name: Configure
       run: |
           cmake -E make_directory out
-          cd out
-          cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo "-DCMAKE_OSX_ARCHITECTURES=x86_64;arm64" -DFETCHCONTENT_QUIET=OFF ..
+          cmake -S . -B out \
+            -DCMAKE_BUILD_TYPE=RelWithDebInfo \
+            "-DCMAKE_OSX_ARCHITECTURES=x86_64;arm64" \
+            -DWSDDN_MACOS_BUILD_WRAPPER=ON \
+            -DFETCHCONTENT_QUIET=OFF
           
 
     - name: Make Distribution
 
@@ -6,4 +6,5 @@ __pycache__/
 
 LLDBInitFile
 .DS_Store
+env.cmake
 
@@ -3,6 +3,7 @@
     "cmake.buildDirectory": "${workspaceFolder}/out/vscode/${buildKit}",
     "cmake.configureSettings": {
         "CMAKE_OSX_ARCHITECTURES": ["x86_64", "arm64"],
+        "WSDDN_MACOS_BUILD_WRAPPER": "ON",
         "FETCHCONTENT_QUIET": "OFF"
     },
     "cmake.configureOnOpen": true,
 
@@ -5,6 +5,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ## Unreleased
 
+### Fixed:
+- macOS: Corrected `_wsddn` group definition so it is no longer removed from `_wsddn` user on macOS upgrade and no longer shown as available user group in Settings.
+- macOS: Made the macOS warning about startup software say "wsddn.app" rather than "Eugene Gershnik" (my developer account name).
+
 ## [1.3] - 2023-05-27
 
 ### Added
 
@@ -36,7 +36,7 @@ if (${CMAKE_SYSTEM_NAME} STREQUAL "Darwin")
     set(WSDDN_BUNDLE_IDENTIFIER "io.github.gershnik.wsddn" CACHE STRING "macOS bundle identifier")
 endif()
 
-
+option(WSDDN_MACOS_BUILD_WRAPPER "whether to build a macos wrapper bundle" OFF)
 
 set_property(GLOBAL PROPERTY USE_FOLDERS ON)
 
@@ -101,7 +101,6 @@ PRIVATE
 
 target_compile_options(wsddn 
 PRIVATE
-    $<$<CXX_COMPILER_ID:MSVC>:/utf-8;/W4;/WX>
     $<$<CXX_COMPILER_ID:Clang>:-Wall;-Wextra;-pedantic;-ftemplate-backtrace-limit=0>
     $<$<CXX_COMPILER_ID:AppleClang>:-Wall;-Wextra;-pedantic;-fpch-instantiate-templates;-ftemplate-backtrace-limit=0>
     $<$<CXX_COMPILER_ID:GNU>:-Wall;-Wextra;-pedantic>   
@@ -110,6 +109,8 @@ PRIVATE
 target_link_options(wsddn 
 PRIVATE
     "$<$<CXX_COMPILER_ID:AppleClang>:-Wl,-object_path_lto,${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_CFG_INTDIR}/lto.o>"
+    "$<$<CXX_COMPILER_ID:AppleClang>:-Wl,-cache_path_lto,${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_CFG_INTDIR}/LTOCache>"
+    "$<$<CXX_COMPILER_ID:AppleClang>:-Wl,-no_adhoc_codesign;-Wl,-reproducible>"
 )
 
 target_compile_definitions(wsddn
@@ -282,5 +283,10 @@ if (GROFF_PATH)
     )
 endif()
 
+if (${CMAKE_SYSTEM_NAME} STREQUAL "Darwin" AND WSDDN_MACOS_BUILD_WRAPPER)
+
+    add_subdirectory(installers/mac/wrapper wrapper)
+
+endif()
 
 include(cmake/install.cmake)
@@ -7,6 +7,8 @@
 import os
 import subprocess
 import shutil
+import plistlib
+import re
 from pathlib import Path
 
 IDENTIFIER='io.github.gershnik.wsddn'
@@ -18,8 +20,8 @@
 from common import VERSION, parseCommandLine, buildCode, installCode, copyTemplated, uploadResults
 
 args = parseCommandLine()
-srcdir = args.srcdir
-builddir = args.builddir
+srcdir: Path = args.srcdir
+builddir: Path = args.builddir
 
 buildCode(builddir)
 
@@ -30,14 +32,17 @@
 
 installCode(builddir, stagedir / 'usr/local')
 
-if args.sign:
-    subprocess.run(['codesign', '--force', '--sign', 'Developer ID Application', '-o', 'runtime', '--timestamp', 
-                     stagedir / 'usr/local/bin/wsddn'], check=True)
-
 ignoreCrap = shutil.ignore_patterns('.DS_Store')
 
-shutil.copytree(srcdir / 'config/mac', stagedir, dirs_exist_ok=True, ignore=ignoreCrap)
+supdir = stagedir / "Library/Application Support/wsddn"
+supdir.mkdir(parents=True)
+
+appDir = supdir / "wsddn.app"
+shutil.copytree(builddir / "wrapper/wsddn.app", appDir, ignore=ignoreCrap)
 
+subprocess.run(['/usr/bin/strip', '-u', '-r', appDir/ 'Contents/MacOS/wsddn'], check=True)
+
+(stagedir / 'usr/local/bin').mkdir(parents=True, exist_ok=True)
 shutil.copy(mydir / 'wsddn-uninstall', stagedir / 'usr/local/bin')
 
 copyTemplated(mydir.parent / 'wsddn.conf', stagedir / 'etc/wsddn.conf.sample', {
@@ -52,11 +57,38 @@
     'VERSION': VERSION
 })
 
+resdir = appDir / "Contents/Resources"
+if args.sign:
+    subprocess.run(['codesign', '--force', '--sign', 'Developer ID Application', '-o', 'runtime', '--timestamp', 
+                        stagedir / 'usr/local/bin/wsddn'], check=True)
+    subprocess.run(['codesign', '--force', '--sign', 'Developer ID Application', '-o', 'runtime', '--timestamp', 
+                    '--preserve-metadata=entitlements', 
+                        appDir], check=True)
+else:
+    subprocess.run(['codesign', '--force', '--sign', '-', '-o', 'runtime', '--timestamp=none', 
+                        stagedir / 'usr/local/bin/wsddn'], check=True)
+    subprocess.run(['codesign', '--force', '--sign', '-', '-o', 'runtime', '--timestamp=none', 
+                    '--preserve-metadata=entitlements', 
+                        appDir], check=True)
+
 
 packagesdir = workdir / 'packages'
 packagesdir.mkdir()
+
+subprocess.run(['pkgbuild', 
+                '--analyze', 
+                '--root', str(stagedir),
+                str(packagesdir/'component.plist')
+            ], check=True)
+with open(packagesdir/'component.plist', "rb") as src:
+    components = plistlib.load(src, fmt=plistlib.FMT_XML)
+for component in components:
+    component['BundleIsRelocatable'] = False
+with open(packagesdir/'component.plist', "wb") as dest:
+    plistlib.dump(components, dest, fmt=plistlib.FMT_XML)
 subprocess.run(['pkgbuild', 
                 '--root',       str(stagedir), 
+                '--component-plist', str(packagesdir/'component.plist'),
                 '--scripts',    str(mydir / 'scripts'),
                 '--identifier', IDENTIFIER, 
                 '--version',    VERSION,
@@ -76,7 +108,19 @@
 
 if args.sign:
     subprocess.run(['productsign', '--sign', 'Developer ID Installer', workdir / 'wsddn.pkg', installer], check=True)
-    subprocess.run([mydir / 'notarize', '--user', os.environ['NOTARIZE_USER'], '--password', '@env:NOTARIZE_PWD', installer], check=True)
+    pattern = re.compile(r'^\s*1. Developer ID Installer: .*\(([0-9A-Z]{10})\)$')
+    teamId = None
+    for line in subprocess.run(['pkgutil', '--check-signature', installer], 
+                               check=True, stdout=subprocess.PIPE).stdout.decode('utf-8').splitlines():
+        m = pattern.match(line)
+        if m:
+            teamId = m.group(1)
+            break
+    if teamId is None:
+        print('Unable to find team ID from signature', file=sys.stderr)
+        sys.exit(1)
+    subprocess.run([mydir / 'notarize', '--user', os.environ['NOTARIZE_USER'], '--password', os.environ['NOTARIZE_PWD'], 
+                    '--team', teamId, installer], check=True)
     print('Signature Info')
     res1 = subprocess.run(['pkgutil', '--check-signature', installer])
     print('\nAssesment')
 
@@ -3,7 +3,7 @@
     Copyright (c) 2022, Eugene Gershnik
     SPDX-License-Identifier: BSD-3-Clause
 -->
-<installer-gui-script minSpecVersion="1">
+<installer-gui-script minSpecVersion="2">
     <title>WS-Discovery Host Daemon</title>
     <organization>io.github.gershnik</organization>
     <domains enable_localSystem="true"/>
 
@@ -1,118 +1,54 @@
 #!/usr/bin/env -S python3 -u
 
 import sys
-
-MIN_PYTHON = (3, 7)
-if sys.version_info < MIN_PYTHON:
-    print("This script requires Python version " + {'.'.join([str(n) for n in MIN_PYTHON])} + " or greater")
-    sys.exit(1)
-
-
 import argparse
 import subprocess
-import time
+import json
 from pathlib import Path
-from uuid import uuid4 as uuid
-import plistlib
-
 
 
-def callAlTool(cmd, outPlistPath):
-    fullCmd = ['xcrun', 'altool'] + cmd + ['--output-format', 'xml']
-    with open(outPlistPath, 'wt') as outPlist:
-        callRes = subprocess.call(fullCmd, stdout=outPlist)
-    with open(outPlistPath, 'rb') as outPlist: 
-        try:
-            resp = plistlib.load(outPlist)
-        except plistlib.InvalidFileException:
-            if callRes:
-                print(f"Command '{fullCmd}' returned non-zero exit status {callRes}", file = sys.stderr)
-            else:
-                print(f"output file {outPlistPath} is invalid", file = sys.stderr)
-            sys.exit(1)
-    return resp
+def callNotaryTool(cmd):
+    fullCmd = ['xcrun', 'notarytool'] + cmd + ['-f', 'json']
+    output = subprocess.run(fullCmd, check=True, stdout=subprocess.PIPE).stdout.decode('utf-8')
+    print(output)
+    return json.loads(output)
 
-def getAlToolErrors(resp):
-    errors = resp.get('product-errors', [])
-    if len(errors) == 0:
-        return None
-    return errors
 
-def abortOnAlTooolErrors(errors):
-    if not errors:
-        return
-    for err in errors:
-        print(f"{err['code']}: {err['message']}", file = sys.stderr)
-        sys.exit(1)
-
-
-def notarize(package, username, password):
+def notarize(package, username, team, password):
     print("Starting...")
     workDir = package.parent
-    uploadId = str(uuid())
-    print(f"Uploading to Apple to notarize with Bundle ID {uploadId}")
-    uploadPlistPath = workDir/'upload-info.plist'
-    uploadResponse = callAlTool([ '--notarize-app', 
-                                  '--primary-bundle-id', uploadId, '--username', username, '--password', password, 
-                                  '--file', str(package)
-                                ],
-                                uploadPlistPath)
-    errors = getAlToolErrors(uploadResponse)
-    abortOnAlTooolErrors(errors)
-    requestId = uploadResponse['notarization-upload']['RequestUUID']
-    print(f"Uploading succeeded, Request ID: {requestId}")
-
-    success = False
-    startTime = time.time()
-    while True:
-        time.sleep(30)
-        print("Checking progress...")
-        statusPath = workDir/'upload-status.plist'
-        infoResponse = callAlTool(['--notarization-info', requestId, '-u', username, '-p', password],
-                                  statusPath)
-        errors = getAlToolErrors(infoResponse)
-        if errors and errors[0]['code'] == 1519: #Could not find the RequestUUID
-            elapsedTime = time.time() - startTime
-            if elapsedTime > 60 * 10:
-                print('Timeout waiting for request ID to become valid')
-                sys.exit(1)
-            continue
-        abortOnAlTooolErrors(errors)
-        status = infoResponse['notarization-info']['Status']
-        print(f"Status: {status}")
-        if status == 'in progress':
-            continue
-        if status == 'success':
-            success = True
-        break
+    print(f"Uploading to Apple to notarize")
+    submission = callNotaryTool(['submit', str(package),
+                                 '--apple-id', username, '--team-id', team, '--password', password, 
+                                 '--wait'])
+    success = (submission['status'] == 'Accepted')
+    submissionId = submission['id']
     print("Downloading log file")
-    subprocess.check_call(['curl', '-s', '-L', infoResponse['notarization-info']['LogFileURL'], '-o', workDir/'notarization-log.json'])
-    if not success:
-        log = (workDir/'notarization-log.json').read_text()
-        print(f"Notarization log:\n{log}")
+    callNotaryTool(['log', submissionId, 
+                    '--apple-id', username, '--team-id', team, '--password', password, 
+                    workDir/'notarization-log.json'])
+    log = (workDir/'notarization-log.json').read_text()
+    print(f"Notarization log:\n{log}")
+    if not success:    
         sys.exit(1) 
     print("Stapling")
     subprocess.check_call(['xcrun', 'stapler', 'staple', f"{package}"])
     print("Done")
 
 def main(): 
     parser = argparse.ArgumentParser(description='''
-Notarize Mac app
+Notarize Mac software
 ''')
     parser.add_argument(dest='package', 
                         help=f'Package to notarize')
     parser.add_argument('--user', dest='username', type=str, required = True,
                         help='Username')
     parser.add_argument('--password', dest='password', type=str, required = True,
-                        help='''
-Application password configured for your Apple ID (not your Apple ID password)
-Alternatively to entering <password> in plaintext, it may also be specified using a '@keychain:'
-or '@env:' prefix followed by a keychain password item name or environment variable name.
-Example: '-p @keychain:<name>' uses the password stored in the keychain password item named <name>.
-Example: '-p @env:<variable>'  uses the value in the environment variable named <variable>
-''')
+                        help='Application password configured for your Apple ID (not your Apple ID password)')
+    parser.add_argument('--team', dest='team', type=str, required = True,
+                        help='Team ID')
     args = parser.parse_args()
-    notarize(Path(args.package), args.username, args.password)
+    notarize(Path(args.package), args.username, args.team, args.password)
 
 if __name__ == "__main__":
     main()
@@ -7,6 +7,6 @@ if [[ ! -f "$CONF" ]]; then
      cp $CONF.sample $CONF
 fi
 
-/bin/launchctl load -w "/Library/LaunchDaemons/io.github.gershnik.wsddn.plist"
-
+/Library/Application\ Support/wsddn/wsddn.app/Contents/MacOS/wsddn -i
 
+/bin/launchctl load -w "/Library/LaunchDaemons/io.github.gershnik.wsddn.plist"
Original file line number	Diff line number	Diff line change
`@@ -6,4 +6,5 @@ __pycache__/`
`6`	`6`
`7`	`7`	`LLDBInitFile`
`8`	`8`	`.DS_Store`
	`9`	`+env.cmake`
`9`	`10`