Create a Mac OS Trust1Connector API package

This page will describe the steps to create a Mac OS API package.

Prerequisites

For creating a package we need the following components:

• A device running Mac OS

• XCode: https://developer.apple.com/xcode/

• wget: Install using brew (https://brew.sh/): brew install wget

• unzip: Install using brew (https://brew.sh/): brew install unzip

• packages: Install packages (http://s.sudre.free.fr/Software/Packages/about.html)

• An Apple Developer account

Internet access towards Google cloud storage environment is a requirement, see the introduction for more information

Step 1: Preparation

for the first step make sure all assets are updated for your version, environment and naming (application naming, installation folder, logos, ...). For this you can look at Mac OS introduction

application.conf is a file that needs to be provided by Trust1Team. We will need the following information to create a valid application.conf;

• Distribution service URL

• Distribution service Public key

• Domain of the Trust1Connector (t1c.t1t.io) -- this needs to map to localhost

• SSL certificate of the Trust1Connector domain -- Trust1Team will put this in a keystore

t1c.conf needs to be updated with a valid API key for the specified version and environment.

Step 2: Apple Developer Application Bundle ID & Certificates

You should create 3 new application identifiers. The names may be chosen freely but the identifiers must follow the package naming convention, being the reverse organisation domain name + application name in lowercase, e.g. com.t1t as reverse organization domain and t1c as application name. The component identifier values following this may not be altered:

1. *.api: The Trust1Connector API application identifier.

2. *.api.dialog: The Trust1Connector OS dialog application identifier.

3. *.grpc: The Trust1Connector Sandbox application identifier.

The package also needs to be updated in all the following scripts;

• post_install.sh

• pre_install.sh

• uninstall.sh

• installer.pkgproj -> update com.t1t.t1c. entries to desired package

• api_Info.plist

• grpc_Info.plist

• *.api.plist -> rename to {package}.api.plist

• *.grpc.plist -> rename to {package}.grpc.plist

And in the package.sh you need to update the PACKAGE_NAME

The certificates for Developer ID Application and Developer ID Installer should be imported in your login keychain

The certificate private key access control should also be set to allow access to all applications prior to creating the package.

Right click the private key and select 'Get Info'

On the 'Access Control' tab, select 'Allow all applications to access this item' and save your changes

Step 3: Packaging Script

the file 1_FULL_PACKAGE.sh in the folder /_mac is everything you need to create your package. It will fetch all needed resources from the cloud and copy all resources needed from the local repository to create an dmg installer.

Signing

Do not forget to update the sign command to your desired method.

For MacOS this is more envolved, you need to update the developer settings found below. Make sure if you update the package name all the scripts are updated. Make sure the steps above are also executed.

Step 4: Execute the script

Be sure to update the package.sh script with the proper credentials

DEV_ACCOUNT=""
DEV_PASSWORD=""
DEV_TEAM=""

The credentials above should be filled accordingly.

Property	Description
DEV_ACCOUNT	The password for the Apple developer account
DEV_PASSWORD	The team ID mentioned in the Apple Developer certificates
DEV_TEAM	The e-mail associated with your Apple developer account

Execute the bash script with the appropriate arguments for your package.

Creating the package

Arguments

The arguments are in a fixed order and must all be provided:

Parameter	Description
Customer	name of the customer configuration folder in which to retrieve the scripts and assets (lowercase)
environment	The package installer's environment. Can be dev, acc, or prod.
Keychain password	The password for the current user's keychain, in which the Apple developer certificates were imported.

Parameter	description
Release Version	Version of the release used to determine which folders to look into
API Version	Version of the T1C API will most of the time be the same as release version, but you will be notified should this diverge when we communicate the release of a new version.
Environment	The package installer's environment. Can be dev, acc, or prod.
Keychain Password	The password for the current user's keychain, in which the Apple developer certificates were imported.
Customer Name	name of the customer configuration folder in which to retrieve the scripts and assets (lowercase)
Application Name	The application name, can contain upper- or lowercase characters, but must not contain any whitespaces
Package Name	The package name. This value must be the value configured in step 2.
Apple Developer Account	The e-mail associated with your Apple developer account
Apple Developer Password	The password for the Apple developer account
Apple Developer Team	The team ID mentioned in the Apple Developer certificates

Example

./1_FULL_PACKAGE.sh trust1team dev {{password}}

This process may take a while to complete, especially the notarisation and stapling process at the end.