1. Okapi Framework Avatar Okapi Framework
  2. Okapi and localization
  3. Okapi

Wiki

Clone wiki

Okapi / MacBuilds

View History

Starting with M32, Mac OS X release builds are distributed as a signed DMG (disk image) file rather than a ZIP archive. This is done so that the Okapi applications can be run without problem under OS X's "Gatekeeper" security model. To this end, we do two things:

  • Codesign the .app files, so that Gatekeeper trusts them to run (with an initial confirmation) when they are downloaded from the internet. Without this, the applications may not be runnable without relaxing system security settings.
  • Codesign the .dmg archive, so that Gatekeeper does not subject Okapi to Path Randomization in Sierra (or later versions).

Building and signing the DMG require OS X-specific tools to be installed:

  • The DMG is built using hdiutil
  • The signing is done using codesign, which is part of the Xcode command-line tools

Because these tools are not available on all platforms (and in particular, are not currently available on our Linux-based cloudbees instance), the build scripts will still produce a ZIP archive of the Mac applications as a backup.

Building and Signing the Applications

If you are working on a Mac, the build_okapi-apps.xml script will build the DMG distribution when it is run. This can be done by running any of the following from the deployment/maven directory:

  • ./update-and-rebuild-macosx.sh
  • ant
  • ant -f build_okapi-apps.xml

The target that generates the the DMG is called macDMG. The target that generates the alternate ZIP-based distribution is called zipLinuxMac (it also generates the ZIP distribution for Linux builds).

If you have the Xcode tools installed and have an active Apple Developer ID, you can additionally sign the apps and DMG as part of the build. This requires you to set up a signing profile. This can be managed through Xcode, or done directly through the Developer site:

  • Create a "Developer ID Application" certificate tied to your account in the Apple Developer Portal and install it in your local keychain, as described here.
  • If you have only installed the Xcode command-line tools, but not Xcode itself, you may need to additionally install the "Developed ID Certificate" intermediate cert from https://www.apple.com/certificateauthority/.

Now you can pass your Developer ID to codesign via an ant variable:

ant -DcodesignId="Developer ID Application: [your organization]"

or use the OKAPI_CODESIGN_ID environment variable, which is honored by the update-and-rebuild-macosx.sh script:

export OKAPI_CODESIGN_ID="Developer ID Application: [your organization]"
./update-and-rebuild-macosx.sh

Updated