This now fails when the app is signed with a new certificate
create from our new Apple organization but is not notarized:
```
tmp/macos/dist/Status.app: rejected
source=Unnotarized Developer ID
```
I actually have absolutely no idea why this verification worked
with the old certificate, but it did.
For that reason I'm moving it to after notarization.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Fixes this failure:
```
error MSB8020: The build tools for Visual Studio 2017 (Platform Toolset = 'v141') cannot be found.
To build using the v141 build tools, please install Visual Studio 2017 build tools.
```
Signed-off-by: Jakub Sokołowski <jakub@status.im>
If we don't installe Go separately this is what happens:
```
PS C:\Users\jenkins> scoop install --global 7zip git dos2unix findutils wget rcedit inno-setup make cmake gcc go@1.20.4
Couldn't find manifest for 'C:\Users\admin\scoop\buckets\main\bucket\go.json7zip git dos2unix findutils wget rcedit inno-setup make cmake gc
```
Seems like some kind of parsing issue with providing a version.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Otherwise we get failures like:
```
parse error: Invalid numeric literal at line 1, column 11
```
Which results in `stderr` logs being included in `$OUT`.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Currently the `nimbus-build-system` exists twice in each checked out
`status-desktop` reposity, and each contains the `Nim-csources-v1`
submodule, which weights close to 900MB each:
https://github.com/nim-lang/csources_v1
Because of this each `status-destop` clone takes up 4 GB of disk space
after the cleanup has run, which is not okay.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Right now we don't see what's actually happening:
```
!!! Notariztion Error
{"tool-version":"5.4211.13411","tool-path":"\/Applications\/Xcode.app\/Contents\/SharedFrameworks\/ContentDeliveryServices.framework\/Versions\/A\/Frameworks\/AppStoreService.framework","os-version":"12.3.1","product-errors":[{"message":"You supplied an invalid RequestUUID: null","userInfo":{"NSLocalizedFailureReason":"Apple Services operation failed.","NSLocalizedRecoverySuggestion":"You supplied an invalid RequestUUID: null","NSLocalizedDescription":"You supplied an invalid RequestUUID: null"},"code":1515}],"warnings":[{"message":"altool has been deprecated for notarization and starting in late 2023 will no longer be supported by the Apple notary service. You should start using notarytool to notarize your software.","userInfo":{"NSLocalizedDescription":"altool has been deprecated for notarization and starting in late 2023 will no longer be supported by the Apple notary service. You should start using notarytool to notarize your software."},"code":-1030}]}
make: *** [notarize-macos] Error 1
```
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Please do not run 20 different things in a single stage.
It makes debugging much harder than it needs to be, since now you can
see at a glance the startup of which container fails easily.
Changes:
- Starting of Ganache and Nim-Waku containers extracted to separate stages
- Cleanup of containers moved to `cleanup` step after tests are executed
- Many variables moved to `enrivonment` section for job and some stages
- The `throttle` effect narrowed down just to the `Tests` stage and not whole job
- RPC API is used to get the Multiaddress of Nim-Waku node instead of hardcoding key
- Removed no longer necessary `status-go` history node related files
- `Jenkinsfile.uitests` was renamed to `Jenkinsfile.e2e` to match CI job names
Signed-off-by: Jakub Sokołowski <jakub@status.im>
It needs to be separate script, because once the submodules are broken
and the `variables.mk` file is not available from `nimbus-build-system`
then we cannot even call `make clean-git` successfully because it will
be caught by the `if` clause that checks for `variables.mk`.
Possible fix for issues with submodules not being updated in some
windows release builds.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Fixes the following build error:
```
protocol\messenger.go:5957:6: missing function body
protocol\messenger.go:5957:16: syntax error: unexpected [, expecting (
protocol\messenger.go:5959:2: syntax error: non-declaration statement outside function body
note: module requires Go 1.18
```
Signed-off-by: Jakub Sokołowski <jakub@status.im>
- qml_base.ts is created as a reference point for translators
- qml_en.ts is a minimal overlay translation, providing just the needed
plural forms
- adjust the script to generate the above TS files
- fixup some leftover qsTrId() calls and the qmake file
- handle `SOURCES` recursively, rather than spelling all the paths out;
most of them were outdated and some still missing
- let the Python script skip existing translations (in case we need to
manually add plurals)
- updated qml_en.ts as a result of these changes
Stats:
```
Updating '../../ui/i18n/qml_en.ts'...
Found 1703 source text(s) (109 new and 1594 already existing)
Kept 35 obsolete entries
Same-text heuristic provided 35 translation(s)
```
Otherwise the OpenSSL installation fails due to lack of `mojave` key:
```
% brew info --json=v1 openssl@1.1 | jq '.[0].bottle.stable.files.mojave'
null
```
Because of changes in bottle definition:
6de466c3e5
Also added check for lack of URL and `-S` to `curl` to see errors.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
With these changes it will be easier to maintain, i.e. to add/remove bottles
just modify the `BOTTLES :=` list.
`brew update` is removed from `scripts/fetch-brew-bottle.sh` and instead done
in an [order-only
prerequisite](https://www.gnu.org/software/make/manual/html_node/Prerequisite-Types.html). This
allows multiple bottles to be fetched in parallel (e.g. `make -j16`) without
overlapping invocations of `brew update` (which causes script failure).
Adds `scripts/sign-linux-file.sh` which expectes the following variables set:
* `LINUX_GPG_PRIVATE_KEY_FILE` - Path to the GPG export of private key.
* `LINUX_GPG_PRIVATE_KEY_PASS` - Password necessary to use the private key.
Given a file it creates a file with a `.asc` suffix containing the signature:
```
> wget -q https://status-im-prs.ams3.digitaloceanspaces.com/StatusIm-210809-104514-156806-pr.tar.gz
> tar xvf StatusIm-210809-104514-156806-pr.tar.gz
StatusIm-210809-104514-156806-pr.AppImage
StatusIm-210809-104514-156806-pr.AppImage.asc
> gpg --verify StatusIm-210809-104514-156806-pr.AppImage.asc
gpg: assuming signed data in 'StatusIm-210809-104514-156806-pr.AppImage'
gpg: Signature made Mon 09 Aug 2021 12:54:49 PM CEST using RSA key ID E20B4DFD
gpg: Good signature from "Status.im Devel Signing (GPG key for signing Status.im development builds.) <devel@status.im>" [ultimate]
Primary key fingerprint: BBF0 5F92 536B ED19 30A9 FD44 009F B3BF E20B 4DFD
```
Issue: https://github.com/status-im/infra-ci/issues/25
Requires: https://github.com/status-im/status-jenkins-lib/pull/32
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This introduces an automated MacOS notarization process for Jenkins CI.
The process involves:
* Uploading the signed DMG file to the notary service
* Checking periodically if the scanning process has completed
* Stapling the successful scan ticket to the DMG file
This is done by the `scripts/notarize-macos-pkg.sh` via the `make notarize-macos` target.
The whole process is described in more details in `docs/macos_notarization.md`.
Depends on: https://github.com/status-im/status-jenkins-lib/pull/27
Resolves: https://github.com/status-im/status-desktop/issues/2169
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This introduces the `scripts/sign-windows-bin.sh` script which is used
by the `Makefile` to sign application libraries and executables. It also
implements the logic necessary to distinguish between different types of
builds: release and non-release builds.
Some other changes:
* Refactore the `Makefile` target that creates the Windows ZIP to make less verbose.
* Added `Microsoft.VisualStudio.Component.Windows10SDK.10240` to VisualStudio component
* Added `BUILD_TYPE` parameter to `Jenkinsfile`s for different platform builds
Signed-off-by: Jakub Sokołowski <jakub@status.im>
It's not supported to run `brew update` multiple times simultaenously. A better
fix for this can be implemented, but for now in the Makefile have target
`bottles/pcre` depend on target `bottles/openssl` so that they run serially
when `-jN` is passed to `make`.
I was originally going to change `brew update >/dev/null` to
`brew update >/dev/null || true` but decided the Makefile change provides a
better guarantee that simultaenous `brew` commands won't interfere with each
other. In the process, I revised some of the script's `echo` output just a bit.
Now You can source the script with .(dot) and use individual functions.
This also makes it easier to use in `infra-ci` Ansible roles.
Signed-off-by: Jakub Sokołowski <jakub@status.im>