mirror of https://github.com/oxen-io/lokinet
Various cmake build cleanups/refactors
- Added contrib/macos/README.txt with description of the cancer happening here. - Add provisioningprofiles that Apple wants to make things work properly - Made the entitlements files match the provisioningprofiles - Remove configured entitlements files; we *can't* change any of the things here because they are closedly tied to the provisioningprofiles -- which means if someone wants to build their own Lokinet, they have to replace a bunch of crap and change application IDs throughout. This is the hostile-to-open-source Apple way. - Remove unused old lokinet binary, as we're no longer using it on macos - Use a POST_BUILD rather than install to copy things around into the right places - Convert all the configure_file's to consistently use @ONLY - Misc cleanups
This commit is contained in:
parent
5edd045c9b
commit
0bb00baacf
|
@ -22,7 +22,7 @@ cmake \
|
|||
-DFORCE_OXENMQ_SUBMODULE=ON \
|
||||
-DSUBMODULE_CHECK=OFF \
|
||||
-DWITH_LTO=OFF \
|
||||
-DCMAKE_INSTALL_PREFIX=$(pwd) \
|
||||
-DCMAKE_BUILD_TYPE=Release \
|
||||
$@ ..
|
||||
"$@" \
|
||||
..
|
||||
ninja install && ninja sign
|
||||
|
|
|
@ -21,7 +21,7 @@
|
|||
<string>lokinet</string>
|
||||
|
||||
<key>CFBundleVersion</key>
|
||||
<string>${LOKINET_VERSION}</string>
|
||||
<string>@LOKINET_VERSION@</string>
|
||||
|
||||
<key>ITSAppUsesNonExemptEncryption</key>
|
||||
<false/>
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
This directory contains the magical incantations and random voodoo symbols needed to coax an Apple
|
||||
build. There's no reason builds have to be this stupid, except that Apple wants to funnel everyone
|
||||
into the no-CI, no-help, undocumented, non-toy-apps-need-not-apply modern Apple culture.
|
||||
|
||||
This is disgusting.
|
||||
|
||||
|
||||
|
||||
|
||||
These two files, in particular, are the very worst manifestations of this Apple cancer: they are
|
||||
required for proper permissions to run on macOS, are undocumented, and can only be regenerated
|
||||
through the entirely closed source Apple Developer backend:
|
||||
|
||||
lokinet.provisionprofile
|
||||
lokinet-extension.provisionprofile
|
||||
|
||||
This is actively hostile to open source development, but that is nothing new for Apple.
|
||||
|
||||
If you are reading this to try to build Lokinet for yourself for an Apple operating system and
|
||||
simultaneously care about open source, privacy, or freedom then you, my friend, are a walking
|
||||
contradiction: you are trying to get Lokinet to work on a platform that actively despises open
|
||||
source, privacy, and freedom. Even Windows is a better choice in all of these categories than
|
||||
Apple.
|
|
@ -0,0 +1,32 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
|
||||
<key>com.apple.developer.networking.networkextension</key>
|
||||
<array>
|
||||
<string>packet-tunnel-provider-systemextension</string>
|
||||
<string>app-proxy-provider-systemextension</string>
|
||||
<string>content-filter-provider-systemextension</string>
|
||||
<string>dns-proxy-systemextension</string>
|
||||
<string>dns-settings</string>
|
||||
</array>
|
||||
|
||||
<key>com.apple.developer.networking.vpn.api</key>
|
||||
<array>
|
||||
<string>allow-vpn</string>
|
||||
</array>
|
||||
|
||||
<key>com.apple.application-identifier</key>
|
||||
<string>SUQ8J2PCT7.com.loki-project.lokinet.network-extension</string>
|
||||
|
||||
<key>keychain-access-groups</key>
|
||||
<array>
|
||||
<string>SUQ8J2PCT7.*</string>
|
||||
</array>
|
||||
|
||||
<key>com.apple.developer.team-identifier</key>
|
||||
<string>SUQ8J2PCT7</string>
|
||||
|
||||
</dict>
|
||||
</plist>
|
|
@ -1,25 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>com.apple.developer.networking.networkextension</key>
|
||||
<array>
|
||||
<string>packet-tunnel-provider</string>
|
||||
</array>
|
||||
<!--
|
||||
<key>com.apple.developer.networking.vpn.api</key>
|
||||
<array>
|
||||
<string>allow-vpn</string>
|
||||
</array>
|
||||
<key>com.apple.security.app-sandbox</key>
|
||||
<true/>
|
||||
|
||||
<key>com.apple.security.application-groups</key>
|
||||
<array>
|
||||
<string>${CODESIGN_TEAM_ID}.com.loki-project.lokinet.network-extension</string>
|
||||
</array>
|
||||
-->
|
||||
<key>com.apple.security.network.client</key>
|
||||
<true/>
|
||||
</dict>
|
||||
</plist>
|
Binary file not shown.
|
@ -0,0 +1,32 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
|
||||
<key>com.apple.developer.networking.networkextension</key>
|
||||
<array>
|
||||
<string>packet-tunnel-provider-systemextension</string>
|
||||
<string>app-proxy-provider-systemextension</string>
|
||||
<string>content-filter-provider-systemextension</string>
|
||||
<string>dns-proxy-systemextension</string>
|
||||
<string>dns-settings</string>
|
||||
</array>
|
||||
|
||||
<key>com.apple.developer.networking.vpn.api</key>
|
||||
<array>
|
||||
<string>allow-vpn</string>
|
||||
</array>
|
||||
|
||||
<key>com.apple.application-identifier</key>
|
||||
<string>SUQ8J2PCT7.com.loki-project.lokinet</string>
|
||||
|
||||
<key>keychain-access-groups</key>
|
||||
<array>
|
||||
<string>SUQ8J2PCT7.*</string>
|
||||
</array>
|
||||
|
||||
<key>com.apple.developer.team-identifier</key>
|
||||
<string>SUQ8J2PCT7</string>
|
||||
|
||||
</dict>
|
||||
</plist>
|
|
@ -1,24 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>com.apple.developer.networking.networkextension</key>
|
||||
<array>
|
||||
<string>packet-tunnel-provider</string>
|
||||
</array>
|
||||
<!--
|
||||
<key>com.apple.developer.networking.vpn.api</key>
|
||||
<array>
|
||||
<string>allow-vpn</string>
|
||||
</array>
|
||||
<key>com.apple.security.app-sandbox</key>
|
||||
<true/>
|
||||
<key>com.apple.security.application-groups</key>
|
||||
<array>
|
||||
<string>${CODESIGN_TEAM_ID}.com.loki-project.lokinet</string>
|
||||
</array>
|
||||
-->
|
||||
<key>com.apple.security.network.client</key>
|
||||
<true/>
|
||||
</dict>
|
||||
</plist>
|
Binary file not shown.
|
@ -1,6 +1,10 @@
|
|||
#!/usr/bin/env bash
|
||||
set -e
|
||||
codesign --verbose=4 --force -s "${CODESIGN_KEY}" --entitlements "${NETEXT_ENTITLEMENTS}" --deep --timestamp --options=runtime "${SIGN_TARGET}/Contents/Frameworks/lokinet-extension.framework"
|
||||
for file in "${SIGN_TARGET}/Contents/MacOS/Lokinet" "${SIGN_TARGET}" ; do
|
||||
codesign --verbose=4 --force -s "${CODESIGN_KEY}" --entitlements "${LOKINET_ENTITLEMENTS}" --deep --timestamp --options=runtime "$file"
|
||||
codesign --verbose=4 --force -s "@CODESIGN_KEY@" \
|
||||
--entitlements "@PROJECT_SOURCE_DIR@/contrib/macos/lokinet-extension.entitlements.plist" \
|
||||
--deep --strict --timestamp --options=runtime "@SIGN_TARGET@/Contents/Frameworks/lokinet-extension.framework"
|
||||
for file in "@SIGN_TARGET@/Contents/MacOS/lokinet" "@SIGN_TARGET@" ; do
|
||||
codesign --verbose=4 --force -s "@CODESIGN_KEY@" \
|
||||
--entitlements "@PROJECT_SOURCE_DIR@/contrib/macos/lokinet.entitlements.plist" \
|
||||
--deep --strict --timestamp --options=runtime "$file"
|
||||
done
|
||||
|
|
|
@ -4,8 +4,6 @@ if(APPLE)
|
|||
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/Lokinet.modulemap.in ${CMAKE_CURRENT_BINARY_DIR}/swift/LokinetExtension/module.modulemap ESCAPE_QUOTES @ONLY)
|
||||
target_include_directories(lokinet PUBLIC ${CMAKE_CURRENT_BINARY_DIR}/swift)
|
||||
target_link_libraries(lokinet PUBLIC lokinet-extension)
|
||||
add_executable(lokinet-old lokinet.cpp)
|
||||
enable_lto(lokinet-old)
|
||||
else()
|
||||
add_executable(lokinet lokinet.cpp)
|
||||
add_executable(lokinet-vpn lokinet-vpn.cpp)
|
||||
|
@ -42,10 +40,9 @@ if(NOT APPLE)
|
|||
endif()
|
||||
endif()
|
||||
|
||||
if(APPLE)
|
||||
set(exetargets lokinet-old lokinet)
|
||||
else()
|
||||
set(exetargets lokinet lokinet-vpn lokinet-bootstrap)
|
||||
set(exetargets lokinet)
|
||||
if(NOT APPLE)
|
||||
list(APPEND exetargets lokinet-vpn lokinet-bootstrap)
|
||||
endif()
|
||||
|
||||
foreach(exe ${exetargets})
|
||||
|
@ -65,7 +62,7 @@ foreach(exe ${exetargets})
|
|||
add_log_tag(${exe})
|
||||
if(should_install)
|
||||
if(APPLE)
|
||||
install(TARGETS ${exe} BUNDLE DESTINATION "${CMAKE_BINARY_DIR}" COMPONENT lokinet)
|
||||
install(TARGETS ${exe} BUNDLE DESTINATION "${PROJECT_BINARY_DIR}" COMPONENT lokinet)
|
||||
else()
|
||||
install(TARGETS ${exe} RUNTIME DESTINATION bin COMPONENT lokinet)
|
||||
endif()
|
||||
|
@ -73,48 +70,50 @@ foreach(exe ${exetargets})
|
|||
endforeach()
|
||||
|
||||
if(APPLE)
|
||||
# add_custom_command(TARGET lokinet
|
||||
# POST_BUILD
|
||||
# COMMAND ${CMAKE_COMMAND} -E echo "setting rpath"
|
||||
# COMMAND ${CMAKE_INSTALL_NAME_TOOL} -add_rpath "@executable_path/../Frameworks/" $<TARGET_FILE:lokinet>
|
||||
# )
|
||||
|
||||
set(CODESIGN_KEY "" CACHE STRING "codesign the macos app using this key identity")
|
||||
|
||||
add_custom_target(icons ALL
|
||||
COMMAND ${PROJECT_SOURCE_DIR}/contrib/macos/mk-icns.sh ${PROJECT_SOURCE_DIR}/contrib/lokinet.svg ${CMAKE_CURRENT_BINARY_DIR}/lokinet.icns
|
||||
DEPENDS ${PROJECT_SOURCE_DIR}/contrib/lokinet.svg ${PROJECT_SOURCE_DIR}/contrib/macos/mk-icns.sh)
|
||||
add_dependencies(lokinet icons lokinet-extension)
|
||||
install(TARGETS lokinet-extension FRAMEWORK DESTINATION "${CMAKE_CURRENT_BINARY_DIR}/Lokinet.app/Contents/Frameworks" COMPONENT lokinet)
|
||||
add_custom_command(TARGET lokinet
|
||||
POST_BUILD
|
||||
COMMAND ${CMAKE_COMMAND} -E echo "setting rpath"
|
||||
COMMAND ${CMAKE_COMMAND} -E echo ${CMAKE_INSTALL_NAME_TOOL} -add_rpath "@executable_path/../Frameworks/" $<TARGET_FILE:lokinet>
|
||||
COMMAND ${CMAKE_INSTALL_NAME_TOOL} -add_rpath "@executable_path/../Frameworks/" $<TARGET_FILE:lokinet>
|
||||
COMMAND mkdir -p $<TARGET_BUNDLE_DIR:lokinet>/Contents/Frameworks
|
||||
COMMAND cp -au $<TARGET_BUNDLE_DIR:lokinet-extension> $<TARGET_BUNDLE_DIR:lokinet>/Contents/Frameworks/
|
||||
COMMAND ${CMAKE_COMMAND} -E copy_if_different ${PROJECT_SOURCE_DIR}/contrib/macos/lokinet.provisionprofile
|
||||
$<TARGET_BUNDLE_DIR:lokinet>/Contents/embedded.provisionprofile
|
||||
)
|
||||
|
||||
set_target_properties(lokinet
|
||||
PROPERTIES
|
||||
MACOSX_BUNDLE TRUE
|
||||
MACOSX_BUNDLE_INFO_STRING "Lokinet IP Packet Onion Router"
|
||||
MACOSX_BUNDLE_BUNDLE_NAME "Lokinet"
|
||||
MACOSX_BUNDLE_BUNDLE_VERSION "${LOKINET_VERSION}"
|
||||
MACOSX_BUNDLE_LONG_VERSION_STRING "${lokinet_VERSION}.$lokinet_VERSION_MINOR}"
|
||||
MACOSX_BUNDLE_LONG_VERSION_STRING "${lokinet_VERSION}"
|
||||
MACOSX_BUNDLE_SHORT_VERSION_STRING "${lokinet_VERSION_MAJOR}.${lokinet_VERSION_MINOR}"
|
||||
MACOSX_BUNDLE_GUI_IDENTIFIER "com.loki-project.lokinet"
|
||||
MACOSX_BUNDLE_INFO_PLIST "${CMAKE_SOURCE_DIR}/contrib/macos/Info.plist"
|
||||
MACOSX_BUNDLE_INFO_PLIST "${PROJECT_SOURCE_DIR}/contrib/macos/Info.plist"
|
||||
MACOSX_BUNDLE_ICON_FILE "${CMAKE_CURRENT_BINARY_DIR}/lokinet.icns"
|
||||
MACOSX_BUNDLE_COPYRIGHT "© 2021, The Loki Project")
|
||||
option(CODESIGN_KEY "codesign all the shit with this key" OFF)
|
||||
if (CODESIGN_KEY AND CODESIGN_TEAM_ID)
|
||||
MACOSX_BUNDLE_COPYRIGHT "© 2021, The Oxen Project")
|
||||
if (CODESIGN_KEY)
|
||||
message(STATUS "codesigning with ${CODESIGN_KEY}")
|
||||
set(SIGN_TARGET "${CMAKE_CURRENT_BINARY_DIR}/Lokinet.app")
|
||||
configure_file("${CMAKE_SOURCE_DIR}/contrib/macos/lokinet.entitlements.plist.in"
|
||||
"${CMAKE_BINARY_DIR}/lokinet.entitlements.plist")
|
||||
configure_file("${CMAKE_SOURCE_DIR}/contrib/macos/lokinet-extension.entitlements.plist.in"
|
||||
"${CMAKE_BINARY_DIR}/lokinet-extension.entitlements.plist")
|
||||
set(LOKINET_ENTITLEMENTS "${CMAKE_BINARY_DIR}/lokinet.entitlements.plist")
|
||||
set(NETEXT_ENTITLEMENTS "${CMAKE_BINARY_DIR}/lokinet-extension.entitlements.plist")
|
||||
set(SIGN_TARGET "${CMAKE_CURRENT_BINARY_DIR}/lokinet.app")
|
||||
configure_file(
|
||||
"${PROJECT_SOURCE_DIR}/contrib/macos/sign.sh.in"
|
||||
"${CMAKE_BINARY_DIR}/sign.sh")
|
||||
"${PROJECT_BINARY_DIR}/sign.sh"
|
||||
@ONLY)
|
||||
add_custom_target(
|
||||
sign
|
||||
DEPENDS "${CMAKE_BINARY_DIR}/sign.sh" lokinet lokinet-extension
|
||||
COMMAND "${CMAKE_BINARY_DIR}/sign.sh"
|
||||
DEPENDS "${PROJECT_BINARY_DIR}/sign.sh" lokinet lokinet-extension
|
||||
COMMAND "${PROJECT_BINARY_DIR}/sign.sh"
|
||||
)
|
||||
else()
|
||||
message(STATUS "will not codesign")
|
||||
message(WARNING "Not codesigning: CODESIGN_KEY is not set")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
|
|
|
@ -272,19 +272,16 @@ if(APPLE)
|
|||
# god made apple so that man may suffer
|
||||
find_library(NETEXT NetworkExtension REQUIRED)
|
||||
find_library(COREFOUNDATION CoreFoundation REQUIRED)
|
||||
|
||||
|
||||
add_library(lokinet-extension SHARED
|
||||
framework.mm
|
||||
${CMAKE_SOURCE_DIR}/include/lokinet-extension.hpp)
|
||||
target_include_directories(lokinet-extension PUBLIC
|
||||
${CMAKE_CURRENT_SOURCE_DIR})
|
||||
framework.mm)
|
||||
target_link_libraries(lokinet-extension PUBLIC
|
||||
liblokinet
|
||||
${COREFOUNDATION}
|
||||
${NETEXT})
|
||||
|
||||
configure_file(${CMAKE_SOURCE_DIR}/contrib/macos/LokinetExtension.Info.plist.in
|
||||
${CMAKE_CURRENT_BINARY_DIR}/LokinetExtension.Info.plist)
|
||||
configure_file(${PROJECT_SOURCE_DIR}/contrib/macos/LokinetExtension.Info.plist.in
|
||||
${CMAKE_CURRENT_BINARY_DIR}/LokinetExtension.Info.plist @ONLY)
|
||||
|
||||
set_target_properties(lokinet-extension PROPERTIES
|
||||
FRAMEWORK TRUE
|
||||
|
@ -296,6 +293,13 @@ if(APPLE)
|
|||
# "compatibility version" in semantic format in Mach-O binary file
|
||||
SOVERSION ${lokinet_VERSION}
|
||||
PUBLIC_HEADER ${CMAKE_SOURCE_DIR}/include/lokinet-extension.hpp)
|
||||
|
||||
add_custom_command(TARGET lokinet-extension
|
||||
POST_BUILD
|
||||
COMMAND ${CMAKE_COMMAND} -E copy_if_different ${PROJECT_SOURCE_DIR}/contrib/macos/lokinet-extension.provisionprofile
|
||||
$<TARGET_BUNDLE_DIR:lokinet-extension>/Versions/Current/embedded.provisionprofile
|
||||
)
|
||||
|
||||
|
||||
endif()
|
||||
|
||||
|
|
Loading…
Reference in New Issue