#!/bin/bash # # USAGE # osx-app [-s] [-l /path/to/libraries] # # This script attempts to build an Wireshark.app bundle for macOS, resolving # dynamic libraries, etc. # It strips the executable and libraries if '-s' is given. # The Info.plist file can be found in the base wireshark directory once # configure has been run. # # AUTHORS # Kees Cook # Michael Wybrow # Jean-Olivier Irisson # # Copyright (C) 2005 Kees Cook # Copyright (C) 2005-2007 Michael Wybrow # Copyright (C) 2007 Jean-Olivier Irisson # # Released under GNU GPL, read the file 'COPYING' for more information # # Thanks to GNUnet's "build_app" script for help with library dep resolution. # https://gnunet.org/svn/GNUnet/contrib/OSX/build_app # # NB: # This originally came from Inkscape; Inkscape's configure script has an # "--enable-osxapp", which causes some of Inkscape's installation data # files to have macOS-ish paths under Contents/Resources of the bundle # or under /Library/Application Support. We don't have such an option; # we just put them in "bin", "etc", "lib", and "share" directories # under Contents/Resources, rather than in the "bin", "etc", "lib", # and "share" directories under the installation directory. # # Defaults strip=false exclude_prefixes="/System/|/Library/|/usr/lib/|/usr/X11/|/opt/X11/|@rpath|@executable_path" # Bundle always has the same name. Version information is stored in # the Info.plist file which is filled in by the configure script. bundle="Wireshark.app" # Location for libraries (tools/macos-setup.sh defaults to whatever the # various support libraries use as their standard installation location, # which is /usr/local) if [ -z "$LIBPREFIX" ]; then LIBPREFIX="/usr/local" fi # Help message #---------------------------------------------------------- help() { echo -e " Create an app bundle for macOS USAGE $0 [-s] [-l /path/to/libraries] OPTIONS -h,--help Display this help message. -s Strip the libraries and executables from debugging symbols. -l,--libraries Specify the path to the libraries Wireshark depends on (typically /sw or /opt/local). By default it is /usr/local. EXAMPLE $0 -s -l /opt/local " } # Parse command line arguments #---------------------------------------------------------- while [ "$1" != "" ] do case $1 in -s) strip=true ;; -l|--libraries) LIBPREFIX="$2" shift 1 ;; -h|--help) help exit 0 ;; *) echo "Invalid command line option: $1" exit 2 ;; esac shift 1 done # Safety tests if [ ! -e "$LIBPREFIX" ]; then echo "Cannot find the directory containing the libraries: $LIBPREFIX" >&2 exit 1 fi if [ ! -d "$bundle" ] ; then echo "$bundle not found" >&2 exit 1 fi qt_frameworks_dir=$( "@QT_QMAKE_EXECUTABLE@" -query QT_INSTALL_LIBS ) if [ ! -d "$qt_frameworks_dir" ] ; then echo "Can't find the Qt frameworks directory" >&2 exit 1 fi # # Leave the Qt frameworks out of the special processing. # exclude_prefixes="$exclude_prefixes|$qt_frameworks_dir" # Package paths pkgexec="$bundle/Contents/MacOS" #pkgres="$bundle/Contents/Resources" pkglib="$bundle/Contents/Frameworks" pkgplugin="$bundle/Contents/PlugIns/wireshark/@VERSION_MAJOR@.@VERSION_MINOR@" # Set the 'macosx' directory, usually the current directory. #resdir=$( pwd ) # # Get a list of all binaries in the bundle. # Treat all plain files with read and execute permissions for all as # binaries. # bundle_binary_list=$( find $pkgexec -type f -perm -0555 -print ) echo -e "\\nFixing up $bundle...\\n" # Find out libs we need from Fink, MacPorts, or from a custom install # (i.e. $LIBPREFIX), then loop until no changes. a=1 nfiles=0 endl=true while $endl; do echo -e "Looking for dependencies. Round $a" # # To find dependencies, we: # # run otool -L on all the binaries in the bundle, and on all # the shared libraries in the $pkglib directory, to find all # the libraries they depend on (we don't bother with the # frameworks, as the only frameworks we ship are the Qt # frameworks, which don't depend on any libraries that # don't ship with the OS, and as it's hard to find the # framework libraries under $pkglib without getting # non-framework files); # # filter out all lines that don't contain "compatibility" to # remove lines of output that don't correspond to dependencies; # # use cut to extract the library name from the output; # # replace "libssh" with "/usr/local/lib/libssh" because # libssh, for some reason, has its "install name" set to # just libssh.4.dylib, rather than /usr/local/lib/libssh.4.dylib, # when built by tools/macos-setup.sh; # # strip out system libraries, as we don't bundle them with # Wireshark; # # eliminate duplicates. # libs="$( # shellcheck disable=SC2086 otool -L $bundle_binary_list "$pkglib"/*.dylib 2>/dev/null \ | grep -F compatibility \ | cut -d\( -f1 \ | sed '1,$s;^ libssh; /usr/local/lib/libssh;' \ | grep -E -v "$exclude_prefixes" \ | sort \ | uniq \ )" # shellcheck disable=SC2086 cp -vn $libs "$pkglib" (( a++ )) # shellcheck disable=SC2012 nnfiles=$( ls "$pkglib" | wc -l ) if (( nnfiles == nfiles )); then endl=false else nfiles=$nnfiles fi done chmod 755 "$pkglib"/*.dylib # Strip libraries and executables if requested #---------------------------------------------------------- if [ "$strip" = "true" ]; then echo -e "\\nStripping debugging symbols...\\n" strip -x "$pkglib"/*.dylib strip -ur "$bundle_binary_list" fi # # This may not work on Qt 5.5.0 or 5.5.1: # https://bugreports.qt.io/browse/QTBUG-47868 # "@QT_MACDEPLOYQT_EXECUTABLE@" "$bundle" -no-strip -verbose=2 || exit 1 # # The build process added to the Wireshark binary an rpath entry # pointing to the directory containing the Qt frameworks; remove # that entry from the Wireshark binary in the package. # /usr/bin/install_name_tool -delete_rpath "$qt_frameworks_dir" $pkgexec/Wireshark # NOTE: we must rpathify *all* files, *including* Qt libraries etc., # rpathify_file () { # Fix a given executable, library, or plugin to be relocatable if [ ! -f "$1" ]; then return 0; fi # # OK, what type of file is this? # if ! filetype=$( otool -hv "$1" | grep -E MH_MAGIC | awk '{print $5}' ; exit "${PIPESTATUS[0]}" ) ; then echo "Unable to rpathify $1 in $( pwd ): file type failed." exit 1 fi case "$filetype" in EXECUTE|DYLIB|BUNDLE) # # Executable, library, or plugin. (Plugins # can be either DYLIB or BUNDLE; shared # libraries are DYLIB.) # # For DYLIB and BUNDLE, fix the shared # library identification. # if [[ "$filetype" = "DYLIB" || "$filetype" = "BUNDLE" ]]; then echo "Changing shared library identification of $1" base=$( echo "$1" | awk -F/ '{print $NF}' ) # # The library will end up in a directory in # the rpath; this is what we should change its # ID to. # to=@rpath/$base /usr/bin/install_name_tool -id "$to" "$1" # # If we're a library and we depend on something in # @executable_path/../Frameworks, replace that with # @rpath. # otool -L "$1" | grep @executable_path/../Frameworks | awk '{print $1}' | \ while read -r dep_lib ; do base=$( echo "$dep_lib" | awk -F/ '{print $NF}' ) to="@rpath/$base" echo "Changing reference to $dep_lib to $to in $1" /usr/bin/install_name_tool -change "$dep_lib" "$to" "$1" done fi # # Find our local rpaths and remove them. # otool -l "$1" | grep -A2 LC_RPATH \ | awk '$1=="path" && $2 !~ /^@/ {print $2}' \ | grep -E -v "$exclude_prefixes" | \ while read -r lc_rpath ; do echo "Stripping LC_RPATH $lc_rpath from $1" install_name_tool -delete_rpath "$lc_rpath" "$1" done # # Add -Wl,-rpath,@executable_path/../Frameworks # to the rpath, so it'll find the bundled # frameworks and libraries if they're referred # to by @rpath/, rather than having a wrapper # script tweak DYLD_LIBRARY_PATH. # if [[ "$filetype" = "EXECUTE" ]]; then if [ -d ../Frameworks ] ; then framework_path=../Frameworks elif [ -d ../../Frameworks ] ; then framework_path=../../Frameworks else echo "Unable to find relative path to Frameworks for $1 from $( pwd )" exit 1 fi echo "Adding @executable_path/$framework_path to rpath of $1" /usr/bin/install_name_tool -add_rpath @executable_path/$framework_path "$1" fi # # Show the minimum supported version of macOS # for each executable or library # if [[ "$filetype" = "EXECUTE" || "$filetype" = "DYLIB" ]] && [[ "$VERSION" -ge "7" ]] ; then echo "Minimum macOS version for $1:" otool -l "$1" | grep -A3 LC_VERSION_MIN_MACOSX fi # # Get the list of dynamic libraries on which this # file depends, and select only the libraries that # are in $LIBPREFIX, as those are the only ones # that we'll be shipping in the app bundle; the # other libraries are system-supplied or supplied # as part of X11, will be expected to be on the # system on which the bundle will be installed, # and should be referred to by their full pathnames. # libs="$( otool -L "$1" \ | grep -F compatibility \ | cut -d\( -f1 \ | grep -E -v "$exclude_prefixes" \ | sort \ | uniq \ )" for lib in $libs; do # # Get the file name of the library. # base=$( echo "$lib" | awk -F/ '{print $NF}' ) # # The library will end up in a directory in # the rpath; this is what we should change its # file name to. # to=@rpath/$base # # Change the reference to that library. # echo "Changing reference to $lib to $to in $1" /usr/bin/install_name_tool -change "$lib" "$to" "$1" done ;; esac } rpathify_dir () { # # Make sure we *have* that directory # if [ -d "$1" ]; then (cd "$1" || exit 1 echo "rpathifying $1" # # Make sure we *have* files to fix # # shellcheck disable=SC2086 files=$( ls $2 2>/dev/null ) if [ ! -z "$files" ]; then for file in $files; do rpathify_file "$file" "$( pwd )" done else echo "no files found in $1" fi ) rf_ret=$? if [ $rf_ret -ne 0 ] ; then exit $rf_ret ; fi fi } rpathify_files () { # # Fix bundle deps # rpathify_dir "$pkglib" "*.dylib" rpathify_dir "$pkgexec" "*" for plugindir in "$pkgplugin"/* do rpathify_dir "$plugindir" "*" done rpathify_dir "$pkgexec/extcap" "*" } if [ ${#LIBPREFIX} -ge "6" ]; then # If the LIBPREFIX path is long enough to allow # path rewriting, then do this. # 6 is the length of @rpath, which replaces LIBPREFIX. rpathify_files else echo "Could not rewrite dylib paths for bundled libraries. This requires" >&2 echo "the support libraries to be installed in a PREFIX of at least 6 characters in length." >&2 echo "" >&2 exit 1 fi echo "Dsymifying executables" if [ -z "$bundle_binary_list" ] ; then echo "No executables specified for dsymifying." exit 1 fi for binary in $bundle_binary_list ; do if [ -e "$binary" ];then dsymutil "$binary" fi done echo "Dsymifying frameworks" for framework in "$pkglib"/*.framework/Versions/*/* ; do if [ -f "$framework" ];then dsymutil "$framework" fi done echo "Dsymifying libraries" for library in "$pkglib"/*.dylib ; do # # Squelch warnings, in case the .o files from building # support libraries aren't around any more. # dsymutil "$library" | grep -E -v 'unable to open object file' done echo "Dsymifying plugins" for plugin in "$pkgplugin"/*/*.so ; do dsymutil "$plugin" done codesign_file () { codesign --sign "Developer ID Application: $CODE_SIGN_IDENTITY" --verbose "$1" codesign --verify --verbose "$1" || exit 1 spctl --assess --type execute "$1" || exit 1 } if [ -n "$CODE_SIGN_IDENTITY" ] ; then security find-identity -v -s "$CODE_SIGN_IDENTITY" -p codesigning echo "Signing executables" if [ -z "$bundle_binary_list" ] ; then echo "No executables specified for code signing." exit 1 fi for binary in $bundle_binary_list ; do if [ -e "$binary" ];then codesign_file "$binary" fi done echo "Signing frameworks" for framework in "$pkglib"/*.framework/Versions/*/* ; do codesign_file "$framework" done echo "Signing libraries" for library in "$pkglib"/*.dylib ; do codesign_file "$library" done echo "Signing plugins" for plugin in "$pkgplugin"/*/*.so ; do codesign_file "$plugin" done echo "Signing $bundle" codesign_file "$bundle" else echo "Code signing not performed (no identity)" fi exit 0