Unlock keychain in build_script stage.

Add python binary for xcode-select.
2024-09-16 13:54:41 +02:00 · 2023-09-14 20:36:54 +03:00 · 2023-09-14 20:30:58 +03:00
2 changed files with 20 additions and 15 deletions
--- a/.cirrus.yml
+++ b/.cirrus.yml
@ -200,11 +200,11 @@ macos_task_template: &MACOS_TASK_TEMPLATE
    # with a UI dialog asking for the certificate password, which we can't
    # use in a headless CI environment
    # Create the keychain with a password ($MACOS_CI_KEYCHAIN_PWD)
-    - security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
+    - security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" $HOME/Library/Keychains/build.keychain
    # Make the custom keychain default, so xcodebuild will use it for signing
-    - security default-keychain -s build.keychain
+    - security default-keychain -s $HOME/Library/Keychains/build.keychain
    # Unlock the keychain
-    - security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
+    - security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" $HOME/Library/Keychains/build.keychain
    # Check if System.keychain is not cluttered
    # good: 60K
    # bad: 25MB
@ -217,13 +217,13 @@ macos_task_template: &MACOS_TASK_TEMPLATE
    - curl https://www.apple.com/certificateauthority/DeveloperIDG2CA.cer --output $HOME/DeveloperIDG2CA.cer --silent
    - sudo security import $HOME/DeveloperIDG2CA.cer -k /Library/Keychains/System.keychain -T /usr/bin/codesign
    # 3) Developer ID
-    - security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
+    - security import certificate.p12 -k $HOME/Library/Keychains/build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
    # Delete the files, we no longer need them
    - rm $HOME/AppleWWDRCAG3.cer
    - rm $HOME/DeveloperIDG2CA.cer
    - rm certificate.p12
    # Set the partition list (sort of like an access control list)
-    - security set-key-partition-list -S "apple-tool:,apple:,codesign:" -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
+    - security set-key-partition-list -S "apple-tool:,apple:,codesign:" -s -k "$MACOS_CI_KEYCHAIN_PWD" $HOME/Library/Keychains/build.keychain
    # Echo the identity, just so that we know it worked.
    # This won't display anything secret.
    - security find-identity -v -p codesigning
@ -256,6 +256,7 @@ macos_task_template: &MACOS_TASK_TEMPLATE
    - sudo ln -s /Library/Developer/CommandLineTools/usr/bin/python3 /Library/Developer/CommandLineTools/usr/bin/python
    - whereis python
    - pwd
+    - security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" $HOME/Library/Keychains/build.keychain
    - conan profile new valentina
    - conan profile update settings.build_type=Release valentina
    - conan profile update settings.os=Macos valentina
--- a/appveyor.yml
+++ b/appveyor.yml
@ -623,11 +623,11 @@ for:
    # with a UI dialog asking for the certificate password, which we can't
    # use in a headless CI environment
    # Create the keychain with a password ($MACOS_CI_KEYCHAIN_PWD)
-    - security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
+    - security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" $HOME/Library/Keychains/build.keychain
    # Make the custom keychain default, so xcodebuild will use it for signing
-    - security default-keychain -s build.keychain
+    - security default-keychain -s $HOME/Library/Keychains/build.keychain
    # Unlock the keychain
-    - security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
+    - security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" $HOME/Library/Keychains/build.keychain
    # Check if System.keychain is not cluttered
    # good: 60K
    # bad: 25MB
@ -640,13 +640,13 @@ for:
    - curl https://www.apple.com/certificateauthority/DeveloperIDG2CA.cer --output $HOME/DeveloperIDG2CA.cer --silent
    - sudo security import $HOME/DeveloperIDG2CA.cer -k /Library/Keychains/System.keychain -T /usr/bin/codesign
    # 3) Developer ID
-    - security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
+    - security import certificate.p12 -k $HOME/Library/Keychains/build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
    # Delete the files, we no longer need them
    - rm $HOME/AppleWWDRCAG3.cer
    - rm $HOME/DeveloperIDG2CA.cer
    - rm certificate.p12
    # Set the partition list (sort of like an access control list)
-    - security set-key-partition-list -S "apple-tool:,apple:,codesign:" -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
+    - security set-key-partition-list -S "apple-tool:,apple:,codesign:" -s -k "$MACOS_CI_KEYCHAIN_PWD" $HOME/Library/Keychains/build.keychain
    # Echo the identity, just so that we know it worked.
    # This won't display anything secret.
    - security find-identity -v -p codesigning
@ -659,6 +659,7 @@ for:
    - python3 --version
    - whereis python3
    - sudo ln -s -f /usr/bin/python3 /usr/local/bin/python
+    - sudo ln -s /Library/Developer/CommandLineTools/usr/bin/python3 /Library/Developer/CommandLineTools/usr/bin/python
    - whereis python
    - |-

@ -727,6 +728,7 @@ for:

  build_script:
    - pwd
+    - security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" $HOME/Library/Keychains/build.keychain
    - conan install . -s os=Macos -s os.version=${MACOS_DEPLOYMENT_TARGET} --build=missing
    - qbs setup-toolchains --detect
    - qbs config --list profiles
@ -798,11 +800,11 @@ for:
    # with a UI dialog asking for the certificate password, which we can't
    # use in a headless CI environment
    # Create the keychain with a password ($MACOS_CI_KEYCHAIN_PWD)
-    - security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
+    - security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" $HOME/Library/Keychains/build.keychain
    # Make the custom keychain default, so xcodebuild will use it for signing
-    - security default-keychain -s build.keychain
+    - security default-keychain -s $HOME/Library/Keychains/build.keychain
    # Unlock the keychain
-    - security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
+    - security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" $HOME/Library/Keychains/build.keychain
    # Check if System.keychain is not cluttered
    # good: 60K
    # bad: 25MB
@ -815,13 +817,13 @@ for:
    - curl https://www.apple.com/certificateauthority/DeveloperIDG2CA.cer --output $HOME/DeveloperIDG2CA.cer --silent
    - sudo security import $HOME/DeveloperIDG2CA.cer -k /Library/Keychains/System.keychain -T /usr/bin/codesign
    # 3) Developer ID
-    - security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
+    - security import certificate.p12 -k $HOME/Library/Keychains/build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
    # Delete the files, we no longer need them
    - rm $HOME/AppleWWDRCAG3.cer
    - rm $HOME/DeveloperIDG2CA.cer
    - rm certificate.p12
    # Set the partition list (sort of like an access control list)
-    - security set-key-partition-list -S "apple-tool:,apple:,codesign:" -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
+    - security set-key-partition-list -S "apple-tool:,apple:,codesign:" -s -k "$MACOS_CI_KEYCHAIN_PWD" $HOME/Library/Keychains/build.keychain
    # Echo the identity, just so that we know it worked.
    # This won't display anything secret.
    - security find-identity -v -p codesigning
@ -834,6 +836,7 @@ for:
    - python3 --version
    - whereis python3
    - sudo ln -s -f /usr/bin/python3 /usr/local/bin/python
+    - sudo ln -s /Library/Developer/CommandLineTools/usr/bin/python3 /Library/Developer/CommandLineTools/usr/bin/python
    - whereis python
    - sudo python3 -m pip install --upgrade pip
    - pip3 install --user --upgrade pip dropbox conan==1.60
@ -846,6 +849,7 @@ for:

  build_script:
    - pwd
+    - security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" $HOME/Library/Keychains/build.keychain
    - conan install . -s os=Macos -s os.version=${MACOS_DEPLOYMENT_TARGET} --build=missing
    - qbs setup-toolchains --detect
    - qbs config --list profiles
Author	SHA1	Message	Date
Roman Telezhynskyi	1227e6c4e3	Unlock keychain in build_script stage.	2023-09-14 20:36:54 +03:00
Roman Telezhynskyi	e4e412947f	Add python binary for xcode-select.	2023-09-14 20:30:58 +03:00