keepassxc
/
release-tool
1471 строка · 47.2 Кб
1#!/usr/bin/env bash2#3# KeePassXC Release Preparation Helper4# Copyright (C) 2021 KeePassXC team <https://keepassxc.org/>5#6# This program is free software: you can redistribute it and/or modify7# it under the terms of the GNU General Public License as published by8# the Free Software Foundation, either version 2 or (at your option)9# version 3 of the License.10#11# This program is distributed in the hope that it will be useful,12# but WITHOUT ANY WARRANTY; without even the implied warranty of13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the14# GNU General Public License for more details.15#16# You should have received a copy of the GNU General Public License17# along with this program. If not, see <http://www.gnu.org/licenses/>.18printf "\e[1m\e[32mKeePassXC\e[0m Release Preparation Helper\n"20printf "Copyright (C) 2021 KeePassXC Team <https://keepassxc.org/>\n\n"21set -eE -o pipefail23if [ "$(uname -s)" == "Linux" ]; then25OS_LINUX="1"26elif [ "$(uname -s)" == "Darwin" ]; then27OS_MACOS="1"28elif [ "$(uname -o)" == "Msys" ]; then29OS_WINDOWS="1"30fi31# -----------------------------------------------------------------------33# global default values34# -----------------------------------------------------------------------35RELEASE_NAME=""36APP_NAME="KeePassXC"37SRC_DIR="."38GPG_KEY="CFB4C2166397D0D2"39GPG_GIT_KEY=""40OUTPUT_DIR="release"41SOURCE_BRANCH=""42TAG_NAME=""43DOCKER_IMAGE=""44DOCKER_CONTAINER_NAME="keepassxc-build-container"45CMAKE_GENERATOR="Unix Makefiles"46CMAKE_OPTIONS=""47CPACK_GENERATORS="WIX;ZIP"48COMPILER="g++"49MAKE_OPTIONS="-j$(getconf _NPROCESSORS_ONLN)"50BUILD_PLUGINS="all"51INSTALL_PREFIX="/usr/local"52ORIG_BRANCH=""53ORIG_CWD="$(pwd)"54MACOSX_DEPLOYMENT_TARGET=10.1555TIMESTAMP_SERVER="http://timestamp.sectigo.com"56# -----------------------------------------------------------------------58# helper functions59# -----------------------------------------------------------------------60printUsage() {61local cmd62if [ -z "$1" ] || [ "help" == "$1" ]; then63cmd="COMMAND"64elif [ "check" == "$1" ] || [ "merge" == "$1" ] || [ "build" == "$1" ] || [ "gpgsign" == "$1" ] || \65[ "appsign" == "$1" ] || [ "notarize" == "$1" ] || [ "appimage" == "$1" ] || [ "i18n" == "$1" ]; then66cmd="$1"67else68logError "Unknown command: '$1'\n"69cmd="COMMAND"70fi71printf "\e[1mUsage:\e[0m $(basename "$0") $cmd [OPTIONS, ...]\n"73if [ "COMMAND" == "$cmd" ]; then75cat << EOF76Commands:78check Perform a dry-run check, nothing is changed79merge Merge release branch into main branch and create release tags80build Build and package binary release from sources81gpgsign Sign previously compiled release packages with GPG82appsign Sign binaries with code signing certificates on Windows and macOS83notarize Submit macOS application DMG for notarization84help Show help for the given command85i18n Update translation files and pull from or push to Transifex86EOF87elif [ "merge" == "$cmd" ]; then88cat << EOF89Merge release branch into main branch and create release tags91Options:93-v, --version Release version number or name (required)94-a, --app-name Application name (default: '${APP_NAME}')95-s, --source-dir Source directory (default: '${SRC_DIR}')96-k, --key GPG key used to sign the merge commit and release tag,97leave empty to let Git choose your default key98(default: '${GPG_GIT_KEY}')99-r, --release-branch Source release branch to merge from (default: 'release/VERSION')100-t, --tag-name Override release tag name (defaults to version number)101-h, --help Show this help102EOF103elif [ "build" == "$cmd" ]; then104cat << EOF105Build and package binary release from sources107Options:109-v, --version Release version number or name (required)110-a, --app-name Application name (default: '${APP_NAME}')111-s, --source-dir Source directory (default: '${SRC_DIR}')112-o, --output-dir Output directory where to build the release113(default: '${OUTPUT_DIR}')114-t, --tag-name Release tag to check out (defaults to version number)115-b, --build Build sources after exporting release116-d, --docker-image Use the specified Docker image to compile the application.117The image must have all required build dependencies installed.118This option has no effect if --build is not set.119--container-name Docker container name (default: '${DOCKER_CONTAINER_NAME}')120The container must not exist already121--snapcraft Create and use docker image to build snapcraft distribution.122This option has no effect if --docker-image is not set.123--appimage Build a Linux AppImage after compilation.124If this option is set, --install-prefix has no effect125--appsign Perform platform specific App Signing before packaging126--timestamp Explicitly set the timestamp server to use for appsign (default: '${TIMESTAMP_SERVER}')127--vcpkg Specify VCPKG toolchain file (example: ~/vcpkg/scripts/buildsystems/vcpkg.cmake)128-k, --key Specify the App Signing Key/Identity129--cmake-generator Override the default CMake generator (Default: Ninja)130-c, --cmake-options Additional CMake options for compiling the sources131--compiler Compiler to use (default: '${COMPILER}')132-m, --make-options Make options for compiling sources (default: '${MAKE_OPTIONS}')133-g, --generators Additional CPack generators (default: '${CPACK_GENERATORS}')134-i, --install-prefix Install prefix (default: '${INSTALL_PREFIX}')135-p, --plugins Space-separated list of plugins to build136(default: ${BUILD_PLUGINS})137--snapshot Don't checkout the release tag138-n, --no-source-tarball Don't build source tarball139-h, --help Show this help140EOF141elif [ "gpgsign" == "$cmd" ]; then142cat << EOF143Sign previously compiled release packages with GPG145Options:147-f, --files Files to sign (required)148-k, --key GPG key used to sign the files (default: '${GPG_KEY}')149-h, --help Show this help150EOF151elif [ "appsign" == "$cmd" ]; then152cat << EOF153Sign binaries with code signing certificates on Windows and macOS155Options:157-f, --files Files to sign (required)158-k, --key, -i, --identity159Signing Key or Apple Developer ID (required)160--timestamp Explicitly set the timestamp server to use for appsign (default: '${TIMESTAMP_SERVER}')161-u, --username Apple username for notarization (required on macOS)162-h, --help Show this help163EOF164elif [ "notarize" == "$cmd" ]; then165cat << EOF166Submit macOS application DMG for notarization168Options:170-f, --files Files to notarize (required)171-u, --username Apple username for notarization (required)172-c, --keychain Apple keychain entry name storing the notarization173app password (default: 'AC_PASSWORD')174-h, --help Show this help175EOF176elif [ "appimage" == "$cmd" ]; then177cat << EOF178Generate Linux AppImage from 'make install' AppDir180Options:182-a, --appdir Input AppDir (required)183-v, --version KeePassXC version184-o, --output-dir Output directory where to build the AppImage185(default: '${OUTPUT_DIR}')186-d, --docker-image Use the specified Docker image to build the AppImage.187The image must have all required build dependencies installed.188--container-name Docker container name (default: '${DOCKER_CONTAINER_NAME}')189The container must not exist already190--appsign Embed a PGP signature into the AppImage191-k, --key The PGP Signing Key192--verbosity linuxdeploy verbosity (default: 3)193-h, --help Show this help194EOF195elif [ "i18n" == "$cmd" ]; then196cat << EOF197Update translation files and pull from or push to Transifex199Subcommands:201tx-push Push source translation file to Transifex202tx-pull Pull updated translations from Transifex203lupdate Update source translation file from C++ sources204EOF205fi206}207logInfo() {209printf "\e[1m[ \e[34mINFO\e[39m ]\e[0m $1\n"210}211logWarn() {213printf "\e[1m[ \e[33mWARNING\e[39m ]\e[0m $1\n"214}215logError() {217printf "\e[1m[ \e[31mERROR\e[39m ]\e[0m $1\n" >&2218}219init() {221if [ -z "$RELEASE_NAME" ]; then222logError "Missing arguments, --version is required!\n"223printUsage "check"224exit 1225fi226if [ -z "$TAG_NAME" ]; then228TAG_NAME="$RELEASE_NAME"229fi230if [ -z "$SOURCE_BRANCH" ]; then232SOURCE_BRANCH="release/${RELEASE_NAME}"233fi234ORIG_CWD="$(pwd)"236SRC_DIR="$(realpath "$SRC_DIR")"237cd "$SRC_DIR" > /dev/null 2>&1238ORIG_BRANCH="$(git rev-parse --abbrev-ref HEAD 2> /dev/null)"239cd "$ORIG_CWD"240}241cleanup() {243logInfo "Checking out original branch..."244if [ "" != "$ORIG_BRANCH" ]; then245git checkout "$ORIG_BRANCH" > /dev/null 2>&1246fi247logInfo "Leaving source directory..."248cd "$ORIG_CWD"249}250exitError() {252cleanup253logError "$1"254exit 1255}256cmdExists() {258command -v "$1" &> /dev/null259}260checkSourceDirExists() {262if [ ! -d "$SRC_DIR" ]; then263exitError "Source directory '${SRC_DIR}' does not exist!"264fi265}266checkOutputDirDoesNotExist() {268if [ -e "$OUTPUT_DIR" ]; then269exitError "Output directory '$OUTPUT_DIR' already exists. Please choose a different location!"270fi271}272checkGitRepository() {274if [ ! -d .git ] || [ ! -f CHANGELOG.md ]; then275exitError "Source directory is not a valid Git repository!"276fi277}278checkReleaseDoesNotExist() {280if [ $(git tag -l $TAG_NAME) ]; then281exitError "Release '$RELEASE_NAME' (tag: '$TAG_NAME') already exists!"282fi283}284checkWorkingTreeClean() {286if ! git diff-index --quiet HEAD --; then287exitError "Current working tree is not clean! Please commit or unstage any changes."288fi289}290checkSourceBranchExists() {292if ! git rev-parse "$SOURCE_BRANCH" > /dev/null 2>&1; then293exitError "Source branch '$SOURCE_BRANCH' does not exist!"294fi295}296checkVersionInCMake() {298local app_name_upper="$(echo "$APP_NAME" | tr '[:lower:]' '[:upper:]')"299local major_num="$(echo ${RELEASE_NAME} | cut -f1 -d.)"300local minor_num="$(echo ${RELEASE_NAME} | cut -f2 -d.)"301local patch_num="$(echo ${RELEASE_NAME} | cut -f3 -d. | cut -f1 -d-)"302if ! grep -q "${app_name_upper}_VERSION_MAJOR \"${major_num}\"" CMakeLists.txt; then304exitError "${app_name_upper}_VERSION_MAJOR not updated to '${major_num}' in CMakeLists.txt!"305fi306if ! grep -q "${app_name_upper}_VERSION_MINOR \"${minor_num}\"" CMakeLists.txt; then308exitError "${app_name_upper}_VERSION_MINOR not updated to '${minor_num}' in CMakeLists.txt!"309fi310if ! grep -q "${app_name_upper}_VERSION_PATCH \"${patch_num}\"" CMakeLists.txt; then312exitError "${app_name_upper}_VERSION_PATCH not updated to '${patch_num}' in CMakeLists.txt!"313fi314}315checkChangeLog() {317if [ ! -f CHANGELOG.md ]; then318exitError "No CHANGELOG file found!"319fi320if ! grep -qEzo "## ${RELEASE_NAME} \([0-9]{4}-[0-9]{2}-[0-9]{2}\)" CHANGELOG.md; then322exitError "'CHANGELOG.md' has not been updated to the '${RELEASE_NAME}' release!"323fi324}325checkAppStreamInfo() {327if [ ! -f share/linux/org.keepassxc.KeePassXC.appdata.xml ]; then328exitError "No AppStream info file found!"329fi330if ! grep -qEzo "<release version=\"${RELEASE_NAME}\" date=\"[0-9]{4}-[0-9]{2}-[0-9]{2}\">" share/linux/org.keepassxc.KeePassXC.appdata.xml; then332exitError "'share/linux/org.keepassxc.KeePassXC.appdata.xml' has not been updated to the '${RELEASE_NAME}' release!"333fi334}335checkTransifexCommandExists() {337if ! cmdExists tx; then338exitError "Transifex tool 'tx' not installed! Please install it using 'pip install transifex-client'."339fi340}341checkSigntoolCommandExists() {343if ! cmdExists signtool; then344exitError "signtool command not found on the PATH! Add the Windows SDK binary folder to your PATH."345fi346}347checkXcodeSetup() {349if ! cmdExists xcrun; then350exitError "xcrun command not found on the PATH! Please check that you have correctly installed Xcode."351fi352if ! xcrun -f codesign > /dev/null 2>&1; then353exitError "codesign command not found. You may need to run 'sudo xcode-select -r' to set up Xcode."354fi355if ! xcrun -f altool > /dev/null 2>&1; then356exitError "altool command not found. You may need to run 'sudo xcode-select -r' to set up Xcode."357fi358if ! xcrun -f stapler > /dev/null 2>&1; then359exitError "stapler command not found. You may need to run 'sudo xcode-select -r' to set up Xcode."360fi361}362checkQt5LUpdateExists() {364if cmdExists lupdate && ! $(lupdate -version | grep -q "lupdate version 5\."); then365if ! cmdExists lupdate-qt5; then366exitError "Qt Linguist tool (lupdate-qt5) is not installed! Please install using 'apt install qttools5-dev-tools'"367fi368fi369}370performChecks() {372logInfo "Performing basic checks..."373checkSourceDirExists375logInfo "Changing to source directory..."377cd "${SRC_DIR}"378logInfo "Validating toolset and repository..."380checkTransifexCommandExists382checkQt5LUpdateExists383checkGitRepository384checkReleaseDoesNotExist385checkWorkingTreeClean386checkSourceBranchExists387logInfo "Checking out '${SOURCE_BRANCH}'..."389git checkout "$SOURCE_BRANCH" > /dev/null 2>&1390logInfo "Attempting to find '${RELEASE_NAME}' in various files..."392checkVersionInCMake394checkChangeLog395checkAppStreamInfo396logInfo "\e[1m\e[32mAll checks passed!\e[0m"398}399# re-implement realpath for OS X (thanks mschrag)401# https://superuser.com/questions/205127/402if ! cmdExists realpath; then403realpath() {404pushd . > /dev/null405if [ -d "$1" ]; then406cd "$1"407dirs -l +0408else409cd "$(dirname "$1")"410cur_dir=$(dirs -l +0)411if [ "$cur_dir" == "/" ]; then413echo "$cur_dir$(basename "$1")"414else415echo "$cur_dir/$(basename "$1")"416fi417fi418popd > /dev/null419}420fi421trap 'exitError "Exited upon user request."' SIGINT SIGTERM424trap 'exitError "Error occurred!"' ERR425# -----------------------------------------------------------------------428# check command429# -----------------------------------------------------------------------430check() {431while [ $# -ge 1 ]; do432local arg="$1"433case "$arg" in434-v|--version)435RELEASE_NAME="$2"436shift ;;437esac438shift439done440init442performChecks444cleanup446logInfo "Congrats! You can successfully merge, build, and sign KeepassXC."448}449# -----------------------------------------------------------------------451# merge command452# -----------------------------------------------------------------------453merge() {454while [ $# -ge 1 ]; do455local arg="$1"456case "$arg" in457-v|--version)458RELEASE_NAME="$2"459shift ;;460-a|--app-name)462APP_NAME="$2"463shift ;;464-s|--source-dir)466SRC_DIR="$2"467shift ;;468-k|--key|-g|--gpg-key)470GPG_GIT_KEY="$2"471shift ;;472--timestamp)474TIMESTAMP_SERVER="$2"475shift ;;476-r|--release-branch)478SOURCE_BRANCH="$2"479shift ;;480-t|--tag-name)482TAG_NAME="$2"483shift ;;484-h|--help)486printUsage "merge"487exit ;;488*)490logError "Unknown option '$arg'\n"491printUsage "merge"492exit 1 ;;493esac494shift495done496init498performChecks500# Update translations502i18n lupdate503i18n tx-pull504if [ 0 -ne $? ]; then506exitError "Updating translations failed!"507fi508if ! git diff-index --quiet HEAD --; then509git add -A ./share/translations/510logInfo "Committing changes..."511if [ -z "$GPG_GIT_KEY" ]; then512git commit -m "Update translations"513else514git commit -m "Update translations" -S"$GPG_GIT_KEY"515fi516fi517local flags="-Pzo"519if [ -n "$OS_MACOS" ]; then520flags="-Ezo"521fi522CHANGELOG=$(grep ${flags} "## ${RELEASE_NAME} \([0-9]{4}-[0-9]{2}-[0-9]{2}\)\n\n(.|\n)+?\n\n## " CHANGELOG.md \523| tail -n+3 | sed '$d' | sed 's/^### //')524COMMIT_MSG="Release ${RELEASE_NAME}"525logInfo "Creating tag '${TAG_NAME}'..."527if [ -z "$GPG_GIT_KEY" ]; then528git tag -a "$TAG_NAME" -m "$COMMIT_MSG" -m "${CHANGELOG}" -s529else530git tag -a "$TAG_NAME" -m "$COMMIT_MSG" -m "${CHANGELOG}" -s -u "$GPG_GIT_KEY"531fi532logInfo "Advancing 'latest' tag..."534if [ -z "$GPG_GIT_KEY" ]; then535git tag -sf -a "latest" -m "Latest stable release"536else537git tag -sf -u "$GPG_GIT_KEY" -a "latest" -m "Latest stable release"538fi539cleanup541logInfo "All done!"543logInfo "Don't forget to push the tags using \e[1mgit push --tags\e[0m."544}545# -----------------------------------------------------------------------547# appimage command548# -----------------------------------------------------------------------549appimage() {550local appdir551local build_appsign=false552local build_key553local verbosity="1"554while [ $# -ge 1 ]; do556local arg="$1"557case "$arg" in558-v|--version)559RELEASE_NAME="$2"560shift ;;561-a|--appdir)563appdir="$2"564shift ;;565-o|--output-dir)567OUTPUT_DIR="$2"568shift ;;569-d|--docker-image)571DOCKER_IMAGE="$2"572shift ;;573--container-name)575DOCKER_CONTAINER_NAME="$2"576shift ;;577--appsign)579build_appsign=true ;;580--verbosity)582verbosity=$2583shift ;;584-k|--key)586build_key="$2"587shift ;;588-h|--help)590printUsage "appimage"591exit ;;592*)594logError "Unknown option '$arg'\n"595printUsage "appimage"596exit 1 ;;597esac598shift599done600if [ -z "${appdir}" ]; then602logError "Missing arguments, --appdir is required!\n"603printUsage "appimage"604exit 1605fi606if [ ! -d "${appdir}" ]; then608exitError "AppDir does not exist, please create one with 'make install'!"609elif [ -e "${appdir}/AppRun" ]; then610exitError "AppDir has already been run through linuxdeploy, please create a fresh AppDir with 'make install'."611fi612appdir="$(realpath "$appdir")"614local out="${OUTPUT_DIR}"616if [ -z "$out" ]; then617out="."618fi619mkdir -p "$out"620local out_real="$(realpath "$out")"621cd "$out"622local linuxdeploy="linuxdeploy"624local linuxdeploy_cleanup625local linuxdeploy_plugin_qt="linuxdeploy-plugin-qt"626local linuxdeploy_plugin_qt_cleanup627local appimagetool="appimagetool"628local appimagetool_cleanup629logInfo "Testing for AppImage tools..."631local docker_test_cmd632if [ "" != "$DOCKER_IMAGE" ]; then633docker_test_cmd="docker run -it --user $(id -u):$(id -g) --rm ${DOCKER_IMAGE}"634fi635# Test if linuxdeploy and linuxdeploy-plugin-qt are installed637# on the system or inside the Docker container638if ! ${docker_test_cmd} which ${linuxdeploy} > /dev/null; then639logInfo "Downloading linuxdeploy..."640linuxdeploy="./linuxdeploy"641linuxdeploy_cleanup="rm -f ${linuxdeploy}"642if ! curl -Lf "https://github.com/linuxdeploy/linuxdeploy/releases/download/continuous/linuxdeploy-x86_64.AppImage" > "$linuxdeploy"; then643exitError "linuxdeploy download failed."644fi645chmod +x "$linuxdeploy"646fi647if ! ${docker_test_cmd} which ${linuxdeploy_plugin_qt} > /dev/null; then648logInfo "Downloading linuxdeploy-plugin-qt..."649linuxdeploy_plugin_qt="./linuxdeploy-plugin-qt"650linuxdeploy_plugin_qt_cleanup="rm -f ${linuxdeploy_plugin_qt}"651if ! curl -Lf "https://github.com/linuxdeploy/linuxdeploy-plugin-qt/releases/download/continuous/linuxdeploy-plugin-qt-x86_64.AppImage" > "$linuxdeploy_plugin_qt"; then652exitError "linuxdeploy-plugin-qt download failed."653fi654chmod +x "$linuxdeploy_plugin_qt"655fi656# appimagetool is always run outside a Docker container, so we can access our GPG keys658if ! cmdExists ${appimagetool}; then659logInfo "Downloading appimagetool..."660appimagetool="./appimagetool"661appimagetool_cleanup="rm -f ${appimagetool}"662if ! curl -Lf "https://github.com/AppImage/AppImageKit/releases/download/continuous/appimagetool-x86_64.AppImage" > "$appimagetool"; then663exitError "appimagetool download failed."664fi665chmod +x "$appimagetool"666fi667# Create custom AppRun wrapper669cat << 'EOF' > "${out_real}/KeePassXC-AppRun"670#!/usr/bin/env bash671export PATH="$(dirname $0)/usr/bin:${PATH}"673export LD_LIBRARY_PATH="$(dirname $0)/usr/lib:${LD_LIBRARY_PATH}"674if [ "$1" == "cli" ]; then676shift677exec keepassxc-cli "$@"678elif [ "$1" == "proxy" ]; then679shift680exec keepassxc-proxy "$@"681elif [ -v CHROME_WRAPPER ] || [ -v MOZ_LAUNCHED_CHILD ]; then682exec keepassxc-proxy "$@"683else684exec keepassxc "$@"685fi686EOF687chmod +x "${out_real}/KeePassXC-AppRun"688# Find .desktop files, icons, and binaries to deploy690local desktop_file="$(find "$appdir" -name "org.keepassxc.KeePassXC.desktop" | head -n1)"691local icon="$(find "$appdir" -path '*/application/256x256/apps/keepassxc.png' | head -n1)"692local executables="$(find "$appdir" -type f -executable -path '*/bin/keepassxc*' -print0 | xargs -0 -i printf " --executable={}")"693logInfo "Collecting libs and patching binaries..."695if [ -z "$DOCKER_IMAGE" ]; then696"$linuxdeploy" --verbosity=${verbosity} --plugin=qt --appdir="$appdir" --desktop-file="$desktop_file" \697--custom-apprun="${out_real}/KeePassXC-AppRun" --icon-file="$icon" ${executables}698else699docker run --name "$DOCKER_CONTAINER_NAME" --rm \700--cap-add SYS_ADMIN --security-opt apparmor:unconfined --device /dev/fuse -it \701-v "${out_real}:${out_real}:rw" \702-v "${appdir}:${appdir}:rw" \703-w "$out_real" \704--user $(id -u):$(id -g) \705"$DOCKER_IMAGE" \706bash -c "${linuxdeploy} --verbosity=${verbosity} --plugin=qt \707--appdir='${appdir}' --custom-apprun='${out_real}/KeePassXC-AppRun' \708--desktop-file='${desktop_file}' --icon-file='${icon}' ${executables}"709fi710if [ $? -ne 0 ]; then712exitError "AppDir deployment failed."713fi714logInfo "Creating AppImage..."716local appsign_flag=""717local appsign_key_flag=""718if ${build_appsign}; then719appsign_flag="--sign"720appsign_key_flag="--sign-key ${build_key}"721fi722local appimage_name="KeePassXC-x86_64.AppImage"723if [ "" != "$RELEASE_NAME" ]; then724appimage_name="KeePassXC-${RELEASE_NAME}-x86_64.AppImage"725echo "X-AppImage-Version=${RELEASE_NAME}" >> "$desktop_file"726fi727# Run appimagetool to package (and possibly sign) AppImage729# --no-appstream is required, since it may crash on newer systems730# see: https://github.com/AppImage/AppImageKit/issues/856731if ! "$appimagetool" --updateinformation "gh-releases-zsync|keepassxreboot|keepassxc|latest|KeePassXC-*-x86_64.AppImage.zsync" \732${appsign_flag} ${appsign_key_flag} --no-appstream "$appdir" "${out_real}/${appimage_name}"; then733exitError "AppImage creation failed."734fi735logInfo "Cleaning up temporary files..."737${linuxdeploy_cleanup}738${linuxdeploy_plugin_qt_cleanup}739${appimagetool_cleanup}740rm -f "${out_real}/KeePassXC-AppRun"741}742# -----------------------------------------------------------------------744# build command745# -----------------------------------------------------------------------746build() {747local build_source_tarball=true748local build_snapshot=false749local build_snapcraft=false750local build_appimage=false751local build_generators=""752local build_appsign=false753local build_key=""754local build_vcpkg=""755while [ $# -ge 1 ]; do757local arg="$1"758case "$arg" in759-v|--version)760RELEASE_NAME="$2"761shift ;;762-a|--app-name)764APP_NAME="$2"765shift ;;766-s|--source-dir)768SRC_DIR="$2"769shift ;;770-o|--output-dir)772OUTPUT_DIR="$2"773shift ;;774-t|--tag-name)776TAG_NAME="$2"777shift ;;778-d|--docker-image)780DOCKER_IMAGE="$2"781shift ;;782--container-name)784DOCKER_CONTAINER_NAME="$2"785shift ;;786--appsign)788build_appsign=true ;;789--timestamp)791TIMESTAMP_SERVER="$2"792shift ;;793-k|--key)795build_key="$2"796shift ;;797--snapcraft)799build_snapcraft=true ;;800--appimage)802build_appimage=true ;;803--cmake-generator)805CMAKE_GENERATOR="$2"806shift ;;807-c|--cmake-options)809CMAKE_OPTIONS="$2"810shift ;;811--compiler)813COMPILER="$2"814shift ;;815--vcpkg)817build_vcpkg="$2"818shift ;;819-m|--make-options)821MAKE_OPTIONS="$2"822shift ;;823-g|--generators)825build_generators="$2"826shift ;;827-i|--install-prefix)829INSTALL_PREFIX="$2"830shift ;;831-p|--plugins)833BUILD_PLUGINS="$2"834shift ;;835-n|--no-source-tarball)837build_source_tarball=false ;;838--snapshot)840build_snapshot=true ;;841-h|--help)843printUsage "build"844exit ;;845*)847logError "Unknown option '$arg'\n"848printUsage "build"849exit 1 ;;850esac851shift852done853init855# Resolve appsign key to absolute path if under Windows857if [[ "${build_key}" && -n "$OS_WINDOWS" ]]; then858build_key="$(realpath "${build_key}")"859fi860if [[ -f ${build_vcpkg} ]]; then862CMAKE_OPTIONS="${CMAKE_OPTIONS} -DCMAKE_TOOLCHAIN_FILE=${build_vcpkg} -DX_VCPKG_APPLOCAL_DEPS_INSTALL=ON"863fi864if ${build_snapshot}; then866TAG_NAME="HEAD"867local branch=`git rev-parse --abbrev-ref HEAD`868logInfo "Using current branch ${branch} to build..."869RELEASE_NAME="${RELEASE_NAME}-snapshot"870CMAKE_OPTIONS="${CMAKE_OPTIONS} -DKEEPASSXC_BUILD_TYPE=Snapshot -DOVERRIDE_VERSION=${RELEASE_NAME}"871else872checkWorkingTreeClean873if echo "$TAG_NAME" | grep -qE '\-(alpha|beta)[0-9]+$'; then874CMAKE_OPTIONS="${CMAKE_OPTIONS} -DKEEPASSXC_BUILD_TYPE=PreRelease"875logInfo "Checking out pre-release tag '${TAG_NAME}'..."876else877CMAKE_OPTIONS="${CMAKE_OPTIONS} -DKEEPASSXC_BUILD_TYPE=Release"878logInfo "Checking out release tag '${TAG_NAME}'..."879fi880if ! git checkout "$TAG_NAME" > /dev/null 2>&1; then882exitError "Failed to check out target branch."883fi884fi885if ! ${build_snapshot} && [ -d "$OUTPUT_DIR" ]; then887exitError "Output dir '${OUTPUT_DIR}' already exists."888fi889logInfo "Creating output directory..."891if ! mkdir -p "$OUTPUT_DIR"; then892exitError "Failed to create output directory!"893fi894OUTPUT_DIR="$(realpath "$OUTPUT_DIR")"895if ${build_source_tarball}; then897logInfo "Creating source tarball..."898local app_name_lower="$(echo "$APP_NAME" | tr '[:upper:]' '[:lower:]')"899local prefix="${app_name_lower}-${RELEASE_NAME}"900local tarball_name="${prefix}-src.tar"901git archive --format=tar "$TAG_NAME" --prefix="${prefix}/" --output="${OUTPUT_DIR}/${tarball_name}"903# add .version and .gitrev files to tarball905mkdir "${prefix}"906echo -n ${RELEASE_NAME} > "${prefix}/.version"907echo -n `git rev-parse --short=7 HEAD` > "${prefix}/.gitrev"908tar --append --file="${OUTPUT_DIR}/${tarball_name}" "${prefix}/.version" "${prefix}/.gitrev"909rm "${prefix}/.version" "${prefix}/.gitrev"910rmdir "${prefix}" 2> /dev/null911local xz="xz"913if ! cmdExists xz; then914logWarn "xz not installed. Falling back to bz2..."915xz="bzip2"916fi917$xz -6 -f "${OUTPUT_DIR}/${tarball_name}"918fi919logInfo "Creating build directory..."921mkdir -p "${OUTPUT_DIR}/build-release"922cd "${OUTPUT_DIR}/build-release"923logInfo "Configuring sources..."925for p in ${BUILD_PLUGINS}; do926CMAKE_OPTIONS="${CMAKE_OPTIONS} -DWITH_XC_$(echo $p | tr '[:lower:]' '[:upper:]')=On"927done928if [ -n "$OS_LINUX" ] && ${build_appimage}; then929CMAKE_OPTIONS="${CMAKE_OPTIONS} -DKEEPASSXC_DIST_TYPE=AppImage"930# linuxdeploy requires /usr as install prefix931INSTALL_PREFIX="/usr"932fi933if [ -n "$OS_MACOS" ]; then934type brew &> /dev/null 2>&1935if [ $? -eq 0 ]; then936INSTALL_PREFIX=$(brew --prefix)937fi938fi939# Do not build tests cases941CMAKE_OPTIONS="${CMAKE_OPTIONS} -DWITH_TESTS=OFF"942if [ "$COMPILER" == "g++" ]; then944export CC=gcc945elif [ "$COMPILER" == "clang++" ]; then946export CC=clang947else948export CC="$COMPILER"949fi950export CXX="$COMPILER"951if [ -z "$DOCKER_IMAGE" ]; then953if [ -n "$OS_MACOS" ]; then954# Building on macOS955export MACOSX_DEPLOYMENT_TARGET956logInfo "Configuring build..."958cmake -G "${CMAKE_GENERATOR}" -DCMAKE_BUILD_TYPE=Release -DCMAKE_OSX_ARCHITECTURES="$(uname -m)" \959-DCMAKE_INSTALL_PREFIX="${INSTALL_PREFIX}" ${CMAKE_OPTIONS} "$SRC_DIR"960logInfo "Compiling and packaging sources..."962cmake --build . -- ${MAKE_OPTIONS}963cpack -G "DragNDrop"964# Appsign the executables if desired966if ${build_appsign}; then967logInfo "Signing executable files"968appsign "-f" "./${APP_NAME}-${RELEASE_NAME}.dmg" "-k" "${build_key}"969fi970mv "./${APP_NAME}-${RELEASE_NAME}.dmg" "../${APP_NAME}-${RELEASE_NAME}-$(uname -m).dmg"972elif [ -n "$OS_WINDOWS" ]; then973# Building on Windows with Msys2974logInfo "Configuring build..."975cmake -DCMAKE_BUILD_TYPE=Release -G "${CMAKE_GENERATOR}" -DCMAKE_INSTALL_PREFIX="${INSTALL_PREFIX}" \976${CMAKE_OPTIONS} "$SRC_DIR"977logInfo "Compiling and packaging sources..."979cmake --build . --config "Release" -- ${MAKE_OPTIONS}980# Appsign the executables if desired982if ${build_appsign} && [ -f "${build_key}" ]; then983logInfo "Signing executable files"984appsign "-f" $(find src | grep -Ei 'keepassxc.*(\.exe|\.dll)$') "-k" "${build_key}"985fi986# Call cpack directly instead of calling make package.988# This is important because we want to build the MSI when making a989# release.990cpack -G "${CPACK_GENERATORS};${build_generators}"991mv "${APP_NAME}-"*.* ../993else994mkdir -p "${OUTPUT_DIR}/KeePassXC.AppDir"995# Building on Linux without Docker container997logInfo "Configuring build..."998cmake -DCMAKE_BUILD_TYPE=Release ${CMAKE_OPTIONS} \999-DCMAKE_INSTALL_PREFIX="${INSTALL_PREFIX}" "$SRC_DIR"1000logInfo "Compiling sources..."1002make ${MAKE_OPTIONS}1003logInfo "Installing to bin dir..."1005make DESTDIR="${OUTPUT_DIR}/KeePassXC.AppDir" install/strip1006fi1007else1008if ${build_snapcraft}; then1009logInfo "Building snapcraft docker image..."1010sudo docker image build -t "$DOCKER_IMAGE" "$(realpath "$SRC_DIR")/ci/snapcraft"1012logInfo "Launching Docker contain to compile snapcraft..."1014sudo docker run --name "$DOCKER_CONTAINER_NAME" --rm -it --user $(id -u):$(id -g) \1016-v "$(realpath "$SRC_DIR"):/keepassxc" -w "/keepassxc" \1017"$DOCKER_IMAGE" snapcraft1018else1019mkdir -p "${OUTPUT_DIR}/KeePassXC.AppDir"1020logInfo "Launching Docker container to compile sources..."1022docker run --name "$DOCKER_CONTAINER_NAME" --rm \1024--cap-add SYS_ADMIN --security-opt apparmor:unconfined --device /dev/fuse \1025--user $(id -u):$(id -g) \1026-e "CC=${CC}" -e "CXX=${CXX}" -it \1027-v "$(realpath "$SRC_DIR"):/keepassxc/src:ro" \1028-v "$(realpath "$OUTPUT_DIR"):/keepassxc/out:rw" \1029"$DOCKER_IMAGE" \1030bash -c "cd /keepassxc/out/build-release && \1031cmake -DCMAKE_BUILD_TYPE=Release ${CMAKE_OPTIONS} \1032-DCMAKE_INSTALL_PREFIX=${INSTALL_PREFIX} /keepassxc/src && \1033make ${MAKE_OPTIONS} && make DESTDIR=/keepassxc/out/KeePassXC.AppDir install/strip"1034fi1035if [ 0 -ne $? ]; then1037exitError "Docker build failed!"1038fi1039logInfo "Build finished, Docker container terminated."1041fi1042if [ -n "$OS_LINUX" ] && ${build_appimage}; then1044local appsign_flag=""1045local appsign_key_flag=""1046local docker_image_flag=""1047local docker_container_name_flag=""1048if ${build_appsign}; then1049appsign_flag="--appsign"1050appsign_key_flag="-k ${build_key}"1051fi1052if [ "" != "${DOCKER_IMAGE}" ]; then1053docker_image_flag="-d ${DOCKER_IMAGE}"1054docker_container_name_flag="--container-name ${DOCKER_CONTAINER_NAME}"1055fi1056appimage -a "${OUTPUT_DIR}/KeePassXC.AppDir" -o "${OUTPUT_DIR}" \1057${appsign_flag} ${appsign_key_flag} ${docker_image_flag} ${docker_container_name_flag}1058fi1059cleanup1061logInfo "All done!"1063}1064# -----------------------------------------------------------------------1066# gpgsign command1067# -----------------------------------------------------------------------1068gpgsign() {1069local sign_files=()1070while [ $# -ge 1 ]; do1072local arg="$1"1073case "$arg" in1074-f|--files)1075while [ "${2:0:1}" != "-" ] && [ $# -ge 2 ]; do1076sign_files+=("$2")1077shift1078done ;;1079-k|--key|-g|--gpg-key)1081GPG_KEY="$2"1082shift ;;1083-h|--help)1085printUsage "gpgsign"1086exit ;;1087*)1089logError "Unknown option '$arg'\n"1090printUsage "gpgsign"1091exit 1 ;;1092esac1093shift1094done1095if [ -z "${sign_files}" ]; then1097logError "Missing arguments, --files is required!\n"1098printUsage "gpgsign"1099exit 11100fi1101for f in "${sign_files[@]}"; do1103if [ ! -f "$f" ]; then1104exitError "File '${f}' does not exist or is not a file!"1105fi1106logInfo "Signing file '${f}' using release key..."1108gpg --output "${f}.sig" --armor --local-user "$GPG_KEY" --detach-sig "$f"1109if [ 0 -ne $? ]; then1111exitError "Signing failed!"1112fi1113logInfo "Creating digest for file '${f}'..."1115local rp="$(realpath "$f")"1116local bname="$(basename "$f")"1117(cd "$(dirname "$rp")"; sha256sum "$bname" > "${bname}.DIGEST")1118done1119logInfo "All done!"1121}1122# -----------------------------------------------------------------------1124# appsign command1125# -----------------------------------------------------------------------1126appsign() {1127local sign_files=()1128local key1129while [ $# -ge 1 ]; do1131local arg="$1"1132case "$arg" in1133-f|--files)1134while [ "${2:0:1}" != "-" ] && [ $# -ge 2 ]; do1135sign_files+=("$2")1136shift1137done ;;1138-k|--key|-i|--identity)1140key="$2"1141shift ;;1142-h|--help)1144printUsage "appsign"1145exit ;;1146*)1148logError "Unknown option '$arg'\n"1149printUsage "appsign"1150exit 1 ;;1151esac1152shift1153done1154if [ -z "${key}" ]; then1156logError "Missing arguments, --key is required!\n"1157printUsage "appsign"1158exit 11159fi1160if [ -z "${sign_files}" ]; then1162logError "Missing arguments, --files is required!\n"1163printUsage "appsign"1164exit 11165fi1166for f in "${sign_files[@]}"; do1168if [ ! -e "${f}" ]; then1169exitError "File '${f}' does not exist!"1170fi1171done1172if [ -n "$OS_MACOS" ]; then1174checkXcodeSetup1175local orig_dir="$(pwd)"1177local real_src_dir="$(realpath "${SRC_DIR}")"1178for f in "${sign_files[@]}"; do1179if [[ ${f: -4} == '.dmg' ]]; then1180logInfo "Unpacking disk image '${f}'..."1181local tmp_dir="/tmp/KeePassXC_${RANDOM}"1182mkdir -p ${tmp_dir}/mnt1183if ! hdiutil attach -quiet -noautoopen -mountpoint ${tmp_dir}/mnt "${f}"; then1184exitError "DMG mount failed!"1185fi1186cd ${tmp_dir}1187cp -a ./mnt ./app1188hdiutil detach -quiet ${tmp_dir}/mnt1189local app_dir_tmp="./app/KeePassXC.app"1190if [ ! -d "$app_dir_tmp" ]; then1192cd "${orig_dir}"1193exitError "Unpacking failed!"1194fi1195elif [[ ${f: -4} == '.app' ]]; then1196local app_dir_tmp="$f"1197else1198logWarn "Skipping non-app file '${f}'..."1199continue1200fi1201logInfo "Signing libraries and frameworks..."1203if ! find "$app_dir_tmp" \( -name '*.dylib' -o -name '*.so' -o -name '*.framework' \) -print0 | xargs -0 \1204xcrun codesign --sign "${key}" --verbose --force --options runtime; then1205cd "${orig_dir}"1206exitError "Signing failed!"1207fi1208logInfo "Signing executables..."1209if ! find "${app_dir_tmp}/Contents/MacOS" \( -type f -not -name KeePassXC \) -print0 | xargs -0 \1210xcrun codesign --sign "${key}" --verbose --force --options runtime; then1211cd "${orig_dir}"1212exitError "Signing failed!"1213fi1214# Sign main executable with additional entitlements1215if ! xcrun codesign --sign "${key}" --verbose --force --options runtime --entitlements \1216"${real_src_dir}/share/macosx/keepassxc.entitlements" "${app_dir_tmp}/Contents/MacOS/KeePassXC"; then1217cd "${orig_dir}"1218exitError "Signing failed!"1219fi1220if [[ ${f: -4} == '.dmg' ]]; then1222logInfo "Repacking disk image..."1223hdiutil create \1224-volname "KeePassXC" \1225-size $((1000 * ($(du -sk ./app | cut -f1) + 5000))) \1226-srcfolder ./app \1227-fs HFS+ \1228-fsargs "-c c=64,a=16,e=16" \1229-format UDBZ \1230"${tmp_dir}/$(basename "${f}")"1231cd "${orig_dir}"1233cp -f "${tmp_dir}/$(basename "${f}")" "${f}"1234rm -Rf ${tmp_dir}1235fi1236logInfo "File '${f}' successfully signed."1238done1239elif [ -n "$OS_WINDOWS" ]; then1241if [[ ! -f "${key}" ]]; then1242exitError "Appsign key file was not found! (${key})"1243fi1244logInfo "Using appsign key ${key}."1246IFS=$'\n' read -s -r -p "Key password: " password1247echo1248for f in "${sign_files[@]}"; do1250ext=${f: -4}1251if [[ $ext == ".msi" || $ext == ".exe" || $ext == ".dll" ]]; then1252# Make sure we can find the signtool1253checkSigntoolCommandExists1254# osslsigncode does not succeed at signing MSI files at this time...1256logInfo "Signing file '${f}' using Microsoft signtool..."1257signtool sign -f "${key}" -p "${password}" -d "KeePassXC" -td sha256 \1258-fd sha256 -tr "${TIMESTAMP_SERVER}" "${f}"1259if [ 0 -ne $? ]; then1261exitError "Signing failed!"1262fi1263else1264logInfo "Skipping non-executable file '${f}'..."1265fi1266done1267else1269exitError "Unsupported platform for code signing!\n"1270fi1271logInfo "All done!"1273}1274# -----------------------------------------------------------------------1277# notarize command1278# -----------------------------------------------------------------------1279notarize() {1280local notarize_files=()1281local ac_username1282local ac_keychain="AC_PASSWORD"1283while [ $# -ge 1 ]; do1285local arg="$1"1286case "$arg" in1287-f|--files)1288while [ "${2:0:1}" != "-" ] && [ $# -ge 2 ]; do1289notarize_files+=("$2")1290shift1291done ;;1292-u|--username)1294ac_username="$2"1295shift ;;1296-c|--keychain)1298ac_keychain="$2"1299shift ;;1300-h|--help)1302printUsage "notarize"1303exit ;;1304*)1306logError "Unknown option '$arg'\n"1307printUsage "notarize"1308exit 1 ;;1309esac1310shift1311done1312if [ -z "$OS_MACOS" ]; then1314exitError "Notarization is only supported on macOS!"1315fi1316if [ -z "${notarize_files}" ]; then1318logError "Missing arguments, --files is required!\n"1319printUsage "notarize"1320exit 11321fi1322if [ -z "$ac_username" ]; then1324logError "Missing arguments, --username is required!"1325printUsage "notarize"1326exit 11327fi1328for f in "${notarize_files[@]}"; do1330if [[ ${f: -4} != '.dmg' ]]; then1331logWarn "Skipping non-DMG file '${f}'..."1332continue1333fi1334logInfo "Submitting disk image '${f}' for notarization..."1336local status1337status="$(xcrun altool --notarize-app \1338--primary-bundle-id "org.keepassxc.keepassxc" \1339--username "${ac_username}" \1340--password "@keychain:${ac_keychain}" \1341--file "${f}")"1342if [ 0 -ne $? ]; then1344logError "Submission failed!"1345exitError "Error message:\n${status}"1346fi1347local ticket="$(echo "${status}" | grep -oE '[a-f0-9-]+$')"1349logInfo "Submission successful. Ticket ID: ${ticket}."1350logInfo "Waiting for notarization to finish (this may take a while)..."1352while true; do1353echo -n "."1354status="$(xcrun altool --notarization-info "${ticket}" \1356--username "${ac_username}" \1357--password "@keychain:${ac_keychain}" 2> /dev/null)"1358if echo "$status" | grep -q "Status Code: 0"; then1360logInfo "\nNotarization successful."1361break1362elif echo "$status" | grep -q "Status Code"; then1363logError "\nNotarization failed!"1364exitError "Error message:\n${status}"1365fi1366sleep 51368done1369logInfo "Stapling ticket to disk image..."1371xcrun stapler staple "${f}"1372if [ 0 -ne $? ]; then1374exitError "Stapling failed!"1375fi1376logInfo "Disk image successfully notarized."1378done1379}1380# -----------------------------------------------------------------------1383# i18n command1384# -----------------------------------------------------------------------1385i18n() {1387local cmd="$1"1388if [ -z "$cmd" ]; then1389logError "No subcommand specified.\n"1390printUsage i18n1391exit 11392elif [ "$cmd" != "tx-push" ] && [ "$cmd" != "tx-pull" ] && [ "$cmd" != "lupdate" ]; then1393logError "Unknown subcommand: '${cmd}'\n"1394printUsage i18n1395exit 11396fi1397shift1398checkGitRepository1400if [ "$cmd" == "lupdate" ]; then1402if [ ! -d share/translations ]; then1403logError "Command must be called from repository root directory."1404exit 11405fi1406checkQt5LUpdateExists1408logInfo "Updating source translation file..."1410LUPDATE=lupdate-qt51411if ! command -v $LUPDATE > /dev/null; then1412LUPDATE=lupdate1413fi1414$LUPDATE -no-ui-lines -disable-heuristic similartext -locations none -extensions c,cpp,h,js,mm,qrc,ui \1415-no-obsolete src -ts share/translations/keepassxc_en.ts $@1416return 01418fi1419checkTransifexCommandExists1421local branch="$(git branch --show-current 2>&1)"1423local real_branch="$branch"1424if [[ "$branch" =~ ^release/ ]]; then1425logInfo "Release branch, setting language resource to master branch."1426branch="master"1427elif [ "$branch" != "develop" ] && [ "$branch" != "master" ]; then1428logError "Must be on master or develop branch!"1429exit 11430fi1431local resource="keepassxc.share-translations-keepassxc-en-ts--${branch}"1432if [ "$cmd" == "tx-push" ]; then1434echo -e "This will push the \e[1m'en'\e[0m source file from the current branch to Transifex:\n" >&21435echo -e " \e[1m${real_branch}\e[0m -> \e[1m${resource}\e[0m\n" >&21436echo -n "Continue? [y/N] " >&21437read -r yesno1438if [ "$yesno" != "y" ] && [ "$yesno" != "Y" ]; then1439logError "Push aborted."1440exit 11441fi1442logInfo "Pushing source translation file to Transifex..."1444tx push -s --use-git-timestamps -r "$resource" $@1445elif [ "$cmd" == "tx-pull" ]; then1447logInfo "Pulling updated translations from Transifex..."1448tx pull -af --minimum-perc=60 -r "$resource" $@1449fi1450}1451# -----------------------------------------------------------------------1454# parse global command line1455# -----------------------------------------------------------------------1456MODE="$1"1457shift || true1458if [ -z "$MODE" ]; then1459logError "Missing arguments!\n"1460printUsage1461exit 11462elif [ "help" == "$MODE" ]; then1463printUsage "$1"1464exit1465elif [ "check" == "$MODE" ] || [ "merge" == "$MODE" ] || [ "build" == "$MODE" ] \1466|| [ "gpgsign" == "$MODE" ] || [ "appsign" == "$MODE" ]|| [ "notarize" == "$MODE" ] \1467|| [ "appimage" == "$MODE" ]|| [ "i18n" == "$MODE" ]; then1468${MODE} "$@"1469else1470printUsage "$MODE"1471fi1472