Some changes fix actual problems, e.g. missing spaces in square bracket tests,
and backticks unintentionally causing code execution when intended as formatting.
Others, such as conservative quoting probably work fine in the old version in
most situations, but it's nice to have some additional safety.
Using `{ ..; }` instead of `(..)` is just a small performance enhancement.
Many of these issues were identified by shellcheck, which might be useful in CI
as well.
+ Adds a preinstall script to wipe out whatever the last .pkg
installed. This should avoid systems that have mad many updates
getting into strange states autoloading things that no longer
exist. Fixes#2963
+ Run add-shell with ${DSTVOLUME} prepended to the path - the
installer lets users intall onto any volume, so it's plausible
not installed onto /
+ Use `logger` instead of rando /tmp files for logging - stuff
should show up in Console.
+ make_pkg makes the pkg and also fish.app - the former was being
built with -j12 already, make the latter do so as well.
Previously we used a hacked up 'xar' tool for signing packages,
since productsign produced a package that could not be installed on
macOS 10.11. That was fixed in Xcode 12.5 so we can just use Apple's
tools again.
See #7656.
Also see https://developer.apple.com/forums/thread/664842
As spotted in #7656, macOS installer files built on Big Sur fail signature
verification on macOS 10.11. This is because Big Sur productsign no longer
supplies the SHA-1 hash, and 10.11 does not know how to read the SHA-256
hash.
Replace the productsign flow with a flow based on
http://users.wfu.edu/cottrell/productsign/productsign_linux.html . This
uses the xar tool to digitally sign the installer packages, with both
SHA-1 and SHA-256 hashes.
The xar tool is somewhat tricky to build, so is checked in (as binary!)
compiled for Mac.
To build a Mac package, run make_pkg.sh (which invokes the signing flow)
followed by mac_notarize.sh which adds the notarization.
