Fedora Media Writer Building and Signing
Description
Whenever a new version of Fedora Media Writer is available, it is required to build and code sign it.
Action
Windows
#. Get a windows code signing key from private ansible repository. It is in the ansible-private/files/code-signing/ directory
-
Convert the .cert formatted certificate to .pxf format:
$ openssl pkcs12 -export -in code-signing.crt -inkey code-signing.key -out authenticode.pfx
-
Clone the Fedora Media Writer git repo:
$ git clone https://github.com/MartinBriza/MediaWriter.git
-
Checkout the release tag for which the executable to be created:
$ git checkout tags/<release_number>
-
The script to build and sign the executable is available at dist/win/build.sh
-
Get the mingw-mediawriter from koji. Make sure the version is the one that needs building and signing.
-
Install the remaining packages that are listed under PACKAGES variable in build.sh script.
-
Export CERTPATH to the location where the .pfx file is located and make sure its named as authenticode.pfx and export CERTPASS to the file that contains the password used in creating .pvk file.
-
Run the build.sh script:
$ ./build.sh
Verification
The FedoraMediaWriter-win32-<release_number>.exe is located under dist/win/ directory.
Build:
-
install xcode 8.1 from apple store.
-
- install qt for mac from
-
http://download.qt.io/official_releases/qt/5.7/5.7.0/qt-opensource-mac-x64-clang-5.7.0.dmg
-
Open a terminal and run the following commands
- :
-
$ git clone https://github.com/MartinBriza/MediaWriter $ cd MediaWriter $ mkdir build $ cd build $ $QT_PREFIX/$QT_VERSION/clang64/bin/qmake .. $ make $ cp build/helper/mac/helper.app/Contents/MacOS/helper build/app/FedoraMediaWriter.app/Contents/MacOS/ $ cd build/app $ $QT_PREFIX/$QT_VERSION/clang_64/bin/macdeployqt "Fedora Media Writer.app" -executable="Fedora Media Writer.app/Contents/MacOS/helper" -qmldir="../../app"
Prepare certificates
This only needs to happen once per build machine, and prepares the certificates by requesting them from Apple.
-
Install Xcode from the Mac App store
-
Start Xcode
-
Press Command-, (or in the menu bar click Xcode → Preferences)
-
Go to Accounts tab
-
Click the plus button and sign in
-
Select the new account
-
Select the correct team
-
Click View Details
-
Under "Signing Identities", find "Developer ID Application"
-
Click Create
-
Wait until the button disappears
-
Done
Sign and DMG
-
Open a terminal
-
cd to the root directory of the FMW project
-
Run the following bash script:
#/bin/bash security -v unlock-keychain login.keychain # First sign all dynamic libraries (dylib's) cd "build/app/Fedora Media Writer.app" for dylib in $(find . -name "*dylib") do codesign -s "Developer ID Application: Fedora Gilmore" -v $dylib done # Now sign framework bundles for framework in $(find . -name "*framework") do codesign -s "Developer ID Application: Fedora Gilmore" -v $framework done # Sign the two binaries codesign -s "Developer ID Application: Fedora Gilmore" -v Contents/MacOS/helper codesign -s "Developer ID Application: Fedora Gilmore" -v "Contents/MacOS/Fedora Media Writer" # Sign the app bundle codesign -s "Developer ID Application: Fedora Gilmore" -v . # Create the dmg cd .. rm -f FedoraMediaWriter-osx-*.dmg hdiutil create -srcfolder "Fedora Media Writer.app" -format UDCO -imagekey zlib-level=9 -scrub \ -volname FedoraMediaWriter-osx FedoraMediaWriter-osx-$(git describe --tags).dmg
Want to help? Learn how to contribute to Fedora Docs ›