Extract a github action to reduce the number of references to our MSRV and
stable (to be pinned in the next commit).
While at it, use the MSRV for macOS builds; this means that we'll be less
like accidentally to break the macOS build when bumping the MSRV. I don't
think there is a reason for using 1.73 specifically, other than "it's the
highest we can use on old macOS", so using an even older one should be fine.
We have a mixture of 2 and 4 space indent.
4 benchmarks/driver.sh
2 build_tools/check.sh
4 build_tools/git_version_gen.sh
4 build_tools/mac_notarize.sh
2 build_tools/make_pkg.sh
2 build_tools/make_tarball.sh
2 build_tools/make_vendor_tarball.sh
4 docker/docker_run_tests.sh
4 osx/install.sh
2 tests/test_functions/sphinx-shared.sh
Our editorconfig file specifies 2, with no explicit reason.
Our fish and Python scripts use 4, so let's use that.
Some changes fix actual problems, e.g. missing spaces in square bracket tests,
and backticks unintentionally causing code execution when intended as formatting.
Others, such as conservative quoting probably work fine in the old version in
most situations, but it's nice to have some additional safety.
Using `{ ..; }` instead of `(..)` is just a small performance enhancement.
Many of these issues were identified by shellcheck, which might be useful in CI
as well.
+ Adds a preinstall script to wipe out whatever the last .pkg
installed. This should avoid systems that have mad many updates
getting into strange states autoloading things that no longer
exist. Fixes#2963
+ Run add-shell with ${DSTVOLUME} prepended to the path - the
installer lets users intall onto any volume, so it's plausible
not installed onto /
+ Use `logger` instead of rando /tmp files for logging - stuff
should show up in Console.
+ make_pkg makes the pkg and also fish.app - the former was being
built with -j12 already, make the latter do so as well.
Previously we used a hacked up 'xar' tool for signing packages,
since productsign produced a package that could not be installed on
macOS 10.11. That was fixed in Xcode 12.5 so we can just use Apple's
tools again.
See #7656.
Also see https://developer.apple.com/forums/thread/664842
As spotted in #7656, macOS installer files built on Big Sur fail signature
verification on macOS 10.11. This is because Big Sur productsign no longer
supplies the SHA-1 hash, and 10.11 does not know how to read the SHA-256
hash.
Replace the productsign flow with a flow based on
http://users.wfu.edu/cottrell/productsign/productsign_linux.html . This
uses the xar tool to digitally sign the installer packages, with both
SHA-1 and SHA-256 hashes.
The xar tool is somewhat tricky to build, so is checked in (as binary!)
compiled for Mac.
To build a Mac package, run make_pkg.sh (which invokes the signing flow)
followed by mac_notarize.sh which adds the notarization.
