-
Notifications
You must be signed in to change notification settings - Fork 64
MacOS X build and dmg guide
Currently working on macOS 10.13+ and scap-workbench v1-2.
This guide describes guidelines how to create the .dmg image of released SCAP Workbench for modern MacOS X versions.
You need the Xcode developer binaries which will bring build utilities with it. To install:
$ xcode-select --install
There are several ways to get Qt5, pcre and other libraries required to build the app. I recommend using Homebrew - http://brew.sh/ - it's messy but quick and simple. To install Homebrew:
$ /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
To install the current list of dependencies used to build the app:
$ brew install jq qt5 asciidoc pkg-config doxygen opendbx popt swig cmake wget libgcrypt upx node
If you already have those installed run
brew update||brew upgrade <package>to get the latest versions.
Once QT5 is installed - make sure to update your PATH to include it:
$ export PATH="/usr/local/opt/qt/bin:$PATH"
Install appdmg - https://github.com/LinusU/node-appdmg - for creating our resultant DMG image. This used to be done by using AppleScript, but due to security features that were added in macOS 10.14+ (mojave), this was no longer an option. Appdmg provides a much simpler mechanism for creating the DMG.
$ npm install -g appdmg
npm is provided by the node package installed above.
In this step we will install OpenSCAP. Currently we have to use master branch to have OSX support. Master branch could be sometimes broken, maybe you need to fix it. Make sure you merge all the branches up to get all the latest fixes!
$ git clone --depth 1 https://github.com/openscap/openscap.git -b master
$ pushd openscap/build
$ cmake -DENABLE_PROBES=FALSE ../
$ make -j 4
$ make install
$ popd
Now we will build latest SCAP Workbench. This step requires OpenSCAP to have been successfully installed.
./build-for-osx.sh
SSG is part of SCAP Workbench .dmg package. We will unpack it and move to the Workbench build directory.
Grab the latest SSG:
$ REL_TAG=`curl -s "https://github.com/ComplianceAsCode/content/releases/latest" | grep -o 'tag/[v.0-9]*' | awk -F/ '{print $2}'`
$ REL_TAG_NUM=`echo ${REL_TAG} | cut -d"v" -f2`
$ DWN_LINK=https://github.com/ComplianceAsCode/content/releases/download/${REL_TAG}/scap-security-guide-${REL_TAG_NUM}.zip
$ if [ -z "${DWN_LINK}" ]; then echo 'Could not get the ZIP URL! It is empty!'; exit 1; fi
$ wget "${DWN_LINK}" -O ssg.zip
Move the SSG's:
$ mkdir -p `pwd`/build-osx/scap-workbench.app/Contents/Resources/ssg/ && unzip ssg.zip && cp -a scap-security-guide-*/* `pwd`/build-osx/scap-workbench.app/Contents/Resources/ssg/
Now we need to create the custom SCAP Workbench DMG to include our background and icons.
$ cd build-osx && bash osx-create-dmg.sh
Mount the image and try running SCAP Workbench with and without installing it into Applications. When mounted, there should appear some instruction to install the scap-workbench.
NOTE: On macOS 10.14+ (Mojave+), you may get an untrusted message from Apple when launching for the first time:
_“scap-workbench” cannot be opened because the developer cannot be verified._
Select Cancel -> Open System Preferences -> Security & Privacy -> General. SelectOpen Anywaysto launch the app.
- (Optional) Upload the .dmg image to github release
This is optional because this part has been automated in our CI pipeline. Manually do this in the event you needed to create a new image to overwrite an existing released image.
- IMPORTANT Change the www.open-scap.org download link
Go to https://www.open-scap.org/wp-admin/tools.php?page=redirection.php
Look for /tools/scap-workbench/download-osx and make sure it points to the uploaded DMG.