oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 08:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #254 from anchore/updates-to-mac-releases

Browse Source 
Updates for macOS release process
This commit is contained in:
Dan Luhring 2020-11-06 13:49:54 -05:00 committed by GitHub
commit 3699a917fd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 30 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.goreleaser.yaml
View File

@ -51,7 +51,7 @@ builds:
-X github.com/anchore/syft/internal/version.buildDate={{.Date}} -X github.com/anchore/syft/internal/version.buildDate={{.Date}}
-X github.com/anchore/syft/internal/version.gitTreeState={{.Env.BUILD_GIT_TREE_STATE}} -X github.com/anchore/syft/internal/version.gitTreeState={{.Env.BUILD_GIT_TREE_STATE}}
hooks: hooks:
post: ./.github/scripts/mac-sign-and-notarize.sh "{{.IsSnapshot}}" "gon.hcl" "./dist/syft_{{.Tag}}_{{.Target}}.dmg" post: ./.github/scripts/mac-sign-and-notarize.sh "{{.IsSnapshot}}" "gon.hcl" "./dist/syft_{{.Version}}_{{.Target}}.dmg"
signs: signs:
- artifacts: checksum - artifacts: checksum

9
README.md
View File

@ -54,7 +54,7 @@ Where the `format`s available are:
## Installation ## Installation
**Recommended** **Recommended (macOS and Linux)**
```bash ```bash
# install the latest version to /usr/local/bin # install the latest version to /usr/local/bin
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
@ -63,17 +63,12 @@ curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b <SOME_BIN_PATH> <RELEASE_VERSION> curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b <SOME_BIN_PATH> <RELEASE_VERSION>
``` ```
**macOS** **Homebrew (macOS)**
```bash ```bash
brew tap anchore/syft brew tap anchore/syft
brew install syft brew install syft
``` ```
You may experience a "macOS cannot verify app is free from malware" error upon running Syft because it is not yet signed and notarized. You can override this using `xattr`.
```bash
xattr -rd com.apple.quarantine syft
```
## Configuration ## Configuration
Configuration search paths: Configuration search paths:

40
install.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
set -e set -e
# Code generated by godownloader on 2020-08-10T20:55:46Z. DO NOT EDIT. # Code generated by godownloader on 2020-08-10T20:55:46Z.
# #
usage() { usage() {
@ -45,11 +45,16 @@ parse_args() {
execute() { execute() {
tmpdir=$(mktemp -d) tmpdir=$(mktemp -d)
log_debug "downloading files into ${tmpdir}" log_debug "downloading files into ${tmpdir}"
http_download "${tmpdir}/${TARBALL}" "${TARBALL_URL}" http_download "${tmpdir}/${ARCHIVE}" "${ARCHIVE_URL}"
http_download "${tmpdir}/${CHECKSUM}" "${CHECKSUM_URL}" http_download "${tmpdir}/${CHECKSUM}" "${CHECKSUM_URL}"
hash_sha256_verify "${tmpdir}/${TARBALL}" "${tmpdir}/${CHECKSUM}"
# macOS has its own secure verification mechanism, and checksums.txt is not used.
if [ "$OS" != "darwin" ]; then
hash_sha256_verify "${tmpdir}/${ARCHIVE}" "${tmpdir}/${CHECKSUM}"
fi
srcdir="${tmpdir}" srcdir="${tmpdir}"
(cd "${tmpdir}" && untar "${TARBALL}") (cd "${tmpdir}" && unpack "${ARCHIVE}")
test ! -d "${BINDIR}" && install -d "${BINDIR}" test ! -d "${BINDIR}" && install -d "${BINDIR}"
for binexe in $BINARIES; do for binexe in $BINARIES; do
if [ "$OS" = "windows" ]; then if [ "$OS" = "windows" ]; then
@ -89,6 +94,7 @@ tag_to_version() {
adjust_format() { adjust_format() {
# change format (tar.gz or zip) based on OS # change format (tar.gz or zip) based on OS
case ${OS} in case ${OS} in
darwin) FORMAT=dmg ;;
windows) FORMAT=zip ;; windows) FORMAT=zip ;;
esac esac
true true
@ -221,18 +227,26 @@ uname_arch_check() {
log_crit "uname_arch_check '$(uname -m)' got converted to '$arch' which is not a GOARCH value. Please file bug report at https://github.com/client9/shlib" log_crit "uname_arch_check '$(uname -m)' got converted to '$arch' which is not a GOARCH value. Please file bug report at https://github.com/client9/shlib"
return 1 return 1
} }
untar() { unpack() {
tarball=$1 archive=$1
case "${tarball}" in case "${archive}" in
*.tar.gz | *.tgz) tar --no-same-owner -xzf "${tarball}" ;; *.tar.gz | *.tgz) tar --no-same-owner -xzf "${archive}" ;;
*.tar) tar --no-same-owner -xf "${tarball}" ;; *.tar) tar --no-same-owner -xf "${archive}" ;;
*.zip) unzip "${tarball}" ;; *.zip) unzip "${archive}" ;;
*.dmg) extract_from_dmg "${archive}" ;;
*) *)
log_err "untar unknown archive format for ${tarball}" log_err "unpack unknown archive format for ${archive}"
return 1 return 1
;; ;;
esac esac
} }
extract_from_dmg() {
dmg_file=$1
mount_point="/Volumes/tmp-dmg"
hdiutil attach -quiet -mountpoint "${mount_point}" "${dmg_file}"
cp -fR "${mount_point}/" ./
hdiutil detach -quiet -force "${mount_point}"
}
http_download_curl() { http_download_curl() {
local_file=$1 local_file=$1
source_url=$2 source_url=$2
@ -366,8 +380,8 @@ adjust_arch
log_info "found version: ${VERSION} for ${TAG}/${OS}/${ARCH}" log_info "found version: ${VERSION} for ${TAG}/${OS}/${ARCH}"
NAME=${PROJECT_NAME}_${VERSION}_${OS}_${ARCH} NAME=${PROJECT_NAME}_${VERSION}_${OS}_${ARCH}
TARBALL=${NAME}.${FORMAT} ARCHIVE=${NAME}.${FORMAT}
TARBALL_URL=${GITHUB_DOWNLOAD}/${TAG}/${TARBALL} ARCHIVE_URL=${GITHUB_DOWNLOAD}/${TAG}/${ARCHIVE}
CHECKSUM=${PROJECT_NAME}_${VERSION}_checksums.txt CHECKSUM=${PROJECT_NAME}_${VERSION}_checksums.txt
CHECKSUM_URL=${GITHUB_DOWNLOAD}/${TAG}/${CHECKSUM} CHECKSUM_URL=${GITHUB_DOWNLOAD}/${TAG}/${CHECKSUM}