jonasschnelli/gist:d744d3946ebe18ec64a46510d5cff967

## gistfile1.txt
---
name: "bitcoin-dmg-signer"
distro: "ubuntu"
suites:
- "bionic"
architectures:
- "amd64"
packages:
- "faketime"
remotes:
- "url": "https://github.com/bitcoin-core/bitcoin-detached-sigs.git"
  "dir": "signature"
files:
- "bitcoin-osx-unsigned.tar.gz"
- "signature-osx.tar.gz"
- "codesign_allocate_ow"
script: |
  set -e -o pipefail
  set -x
  WRAP_DIR=$HOME/wrapped
  mkdir -p ${WRAP_DIR}
  export PATH="$PWD":$PATH
  FAKETIME_PROGS="dmg genisoimage"

  # Create global faketime wrappers
  for prog in ${FAKETIME_PROGS}; do
    echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${prog}
    echo "REAL=\`which -a ${prog} | grep -v ${WRAP_DIR}/${prog} | head -1\`" >> ${WRAP_DIR}/${prog}
    echo "export LD_PRELOAD='/usr/\$LIB/faketime/libfaketime.so.1'" >> ${WRAP_DIR}/${prog}
    echo "export FAKETIME=\"${REFERENCE_DATETIME}\"" >> ${WRAP_DIR}/${prog}
    echo "\$REAL \$@" >> $WRAP_DIR/${prog}
    chmod +x ${WRAP_DIR}/${prog}
  done

  UNSIGNED=bitcoin-osx-unsigned.tar.gz
  SIGNED=bitcoin-osx-signed.dmg

  # copy local provided detached signature
  # allows testing signature before they have been pushed to the git repository
  if [ -e signature-osx.tar.gz ]; then
    mkdir -p signature
    cp signature-osx.tar.gz signature/
    tar -xzf signature/signature-osx.tar.gz -C signature
  fi

  tar -xf ${UNSIGNED}
  if [ -e codesign_allocate_ow ]; then
    cp -f codesign_allocate_ow codesign_allocate
  fi
  OSX_VOLNAME="$(cat osx_volname)"
  ./detached-sig-apply.sh ${UNSIGNED} signature/osx
  ${WRAP_DIR}/genisoimage -no-cache-inodes -D -l -probe -V "${OSX_VOLNAME}" -no-pad -r -dir-mode 0755 -apple -o uncompressed.dmg signed-app
  ${WRAP_DIR}/dmg dmg uncompressed.dmg ${OUTDIR}/${SIGNED}
	---
	name: "bitcoin-dmg-signer"
	distro: "ubuntu"
	suites:
	- "bionic"
	architectures:
	- "amd64"
	packages:
	- "faketime"
	remotes:
	- "url": "https://github.com/bitcoin-core/bitcoin-detached-sigs.git"
	"dir": "signature"
	files:
	- "bitcoin-osx-unsigned.tar.gz"
	- "signature-osx.tar.gz"
	- "codesign_allocate_ow"
	script: \|
	set -e -o pipefail
	set -x
	WRAP_DIR=$HOME/wrapped
	mkdir -p ${WRAP_DIR}
	export PATH="$PWD":$PATH
	FAKETIME_PROGS="dmg genisoimage"

	# Create global faketime wrappers
	for prog in ${FAKETIME_PROGS}; do
	echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${prog}
	echo "REAL=\`which -a ${prog} \| grep -v ${WRAP_DIR}/${prog} \| head -1\`" >> ${WRAP_DIR}/${prog}
	echo "export LD_PRELOAD='/usr/\$LIB/faketime/libfaketime.so.1'" >> ${WRAP_DIR}/${prog}
	echo "export FAKETIME=\"${REFERENCE_DATETIME}\"" >> ${WRAP_DIR}/${prog}
	echo "\$REAL \$@" >> $WRAP_DIR/${prog}
	chmod +x ${WRAP_DIR}/${prog}
	done

	UNSIGNED=bitcoin-osx-unsigned.tar.gz
	SIGNED=bitcoin-osx-signed.dmg

	# copy local provided detached signature
	# allows testing signature before they have been pushed to the git repository
	if [ -e signature-osx.tar.gz ]; then
	mkdir -p signature
	cp signature-osx.tar.gz signature/
	tar -xzf signature/signature-osx.tar.gz -C signature
	fi

	tar -xf ${UNSIGNED}
	if [ -e codesign_allocate_ow ]; then
	cp -f codesign_allocate_ow codesign_allocate
	fi
	OSX_VOLNAME="$(cat osx_volname)"
	./detached-sig-apply.sh ${UNSIGNED} signature/osx
	${WRAP_DIR}/genisoimage -no-cache-inodes -D -l -probe -V "${OSX_VOLNAME}" -no-pad -r -dir-mode 0755 -apple -o uncompressed.dmg signed-app
	${WRAP_DIR}/dmg dmg uncompressed.dmg ${OUTDIR}/${SIGNED}