mirror of
https://github.com/Yubico/yubioath-flutter.git
synced 2024-11-22 08:22:16 +03:00
Update README
This commit is contained in:
Dain Nilsson
parent
3c33692e98
commit
8f3c8a317a
50
README.adoc
Normal file
50
README.adoc
Normal file
@ -0,0 +1,50 @@
|
||||
== Yubico Authenticator for Desktop
|
||||
|
||||
=== Requirements
|
||||
You will need the Flutter SDK with enabled desktop support, see:
|
||||
https://flutter.dev/desktop
|
||||
|
||||
Development has been done using the "Install from git" method of installing the
|
||||
SDK, from the "beta" channel.
|
||||
|
||||
You will also need to provide a compiled version of the ykman CLI. This can
|
||||
either be built locally (see the next section), or manually downloaded and
|
||||
placed in `build/<os>/ykman/`. Builds are available for download from GitHub
|
||||
Actions in the `yubikey-manager` project.
|
||||
|
||||
|
||||
=== Building the ykman CLI locally
|
||||
Requirements: Python >= 3.6 and Poetry.
|
||||
|
||||
The GUI requires a compiled version of the ykman CLI to run, which is build
|
||||
using pyinstaller from the yubikey-manager submodule in this repository. The
|
||||
`build-ykman.sh` (`build-ykman.bat` on Windows) script in this repository will
|
||||
take care of this, producing a build in `build/<os>/ykman` which will then be
|
||||
included in the main GUI. See the `yubikey-manager` project documentation for
|
||||
any build requirements needed in this step.
|
||||
|
||||
For faster development when making modifications to the CLI, you can skip the
|
||||
re-compilation step and instead set the `_YKMAN_PATH` environment variable to
|
||||
the location of a `ykman` executable to run:
|
||||
|
||||
_YKMAN_PATH="/path/to/ykman.exe" flutter run -d windows
|
||||
|
||||
|
||||
=== Running the app
|
||||
To start the app, run:
|
||||
|
||||
flutter run -d <os>
|
||||
|
||||
where <os> is "windows", "macos", or "linux". You can add the `--release` flag
|
||||
to run a release build instead of debug. Builds of the app will be create under
|
||||
`build/<os>/`.
|
||||
|
||||
|
||||
=== Running tests
|
||||
Tests can be run with the command:
|
||||
|
||||
flutter test
|
||||
|
||||
|
||||
=== Packaging for MacOS
|
||||
See link:doc/MacOS_Packaging.adoc[MacOS Packaging].
|
||||
16
README.md
16
README.md
@ -1,16 +0,0 @@
|
||||
# yubico_authenticator
|
||||
|
||||
A new Flutter project.
|
||||
|
||||
## Getting Started
|
||||
|
||||
This project is a starting point for a Flutter application.
|
||||
|
||||
A few resources to get you started if this is your first Flutter project:
|
||||
|
||||
- [Lab: Write your first Flutter app](https://flutter.dev/docs/get-started/codelab)
|
||||
- [Cookbook: Useful Flutter samples](https://flutter.dev/docs/cookbook)
|
||||
|
||||
For help getting started with Flutter, view our
|
||||
[online documentation](https://flutter.dev/docs), which offers tutorials,
|
||||
samples, guidance on mobile development, and a full API reference.
|
||||
83
doc/MacOS_Packaging.adoc
Normal file
83
doc/MacOS_Packaging.adoc
Normal file
@ -0,0 +1,83 @@
|
||||
== Packaging for MacOS
|
||||
Building the ykman CLI locally will result in an adhoc-signed build, which
|
||||
works for local development, but not for distribution. Before distributing it
|
||||
needs to be re-signed. Build the CLI by running `build-ykman.sh`, see the main
|
||||
README for details.
|
||||
|
||||
To distribute the app you will need the Yubico MacOS signing key. The method of
|
||||
signing differs depending on if the app should be distributed standalone
|
||||
(outside the App Store) or via the App Store.
|
||||
|
||||
|
||||
=== Standalone (Notarized)
|
||||
To distribute the app outside of the App Store, we need to sign it and Notarize
|
||||
it. For Notarization to work, we must enable "hardened runtime" by setting the
|
||||
`--options runtime` when signing.
|
||||
|
||||
==== Signing the ykman CLI
|
||||
The following commands can be done to re-sign the files using the Yubico
|
||||
signing key:
|
||||
|
||||
# Sign the main binary, with the entitlements:
|
||||
codesign -f --timestamp --options runtime --entitlements macos/ykman.entitlements --sign 'Application' build/macos/ykman/ykman
|
||||
|
||||
# Sign the dylib and so files, without entitlements:
|
||||
codesign -f --timestamp --options runtime --sign 'Application' $(find build/macos/ykman/ -name "*.dylib" -o -name "*.so")
|
||||
|
||||
# Sign the Python binary (if it exists), without entitlements:
|
||||
codesign -f --timestamp --options runtime --sign 'Application' build/macos/ykman/Python
|
||||
|
||||
==== Signing the GUI
|
||||
After signing the CLI, make a release build of the GUI and then re-sign it with
|
||||
the Yubico key:
|
||||
|
||||
codesign --timestamp --options runtime --sign 'Application' --entitlements macos/Runner/Release.entitlements --deep build/macos/Build/Products/Release/flutter_rpc_test.app
|
||||
|
||||
The app should now be properly signed, and needs to be Notarized. Create a zip file with the .app, and:
|
||||
|
||||
xcrun altool -t osx -f app.zip --primary-bundle-id com.example.flutterRpcTest --notarize-app -u $APPLE_ID -p $PASSWORD
|
||||
|
||||
This will return a $APP_GUID.
|
||||
|
||||
To check if notarization is complete:
|
||||
|
||||
xcrun altool --notarization-info $APP_GUID -u $APPLE_ID -p $PASSWORD
|
||||
|
||||
When the notarization is complete, and successful, the original .app bundle (not the .zip archive) needs to be stapled.
|
||||
|
||||
xcrun stapler staple -v build/macos/Build/Products/Release/flutter_rpc_test.app
|
||||
|
||||
Create the installer with productbuild.
|
||||
|
||||
productbuild --sign 'Installer' --component build/macos/Build/Products/Release/flutter_rpc_test.app /Applications/ output-file-xyz.pkg
|
||||
|
||||
Then notarize and staple (when ready) the .pkg as well:
|
||||
|
||||
xcrun altool -t osx -f <pkg file>.pkg --primary-bundle-id com.example.flutterRpcTest --notarize-app -u $APPLE_ID -p $PASSWORD
|
||||
xcrun altool --notarization-info $APP_GUID -u $APPLE_ID -p $PASSWORD
|
||||
xcrun stapler staple -v <pkg file>
|
||||
|
||||
Finally, we're done! The .pkg is ready for distribution.
|
||||
|
||||
|
||||
=== Signing for the App Store
|
||||
All binaries must have sandbox enabled for the Apple App Store, but the ykman
|
||||
binary doesn't work when sandboxed AND hardened. Luckily, App Store binaries do
|
||||
not need to be hardened. Thus, we need to sign the ykman executable with
|
||||
sandbox enabled, but NOT as a hardened build. The App Store build also uses a
|
||||
different code signing key than the standalone distribution.
|
||||
|
||||
==== Signing the ykman CLI
|
||||
Follow the same steps as for "standalone", with the exception of signing the `ykman` binary:
|
||||
|
||||
# Sign the main binary, with sandbox enabled, without hardened runtime:
|
||||
codesign -f --timestamp --entitlements macos/ykman-sandbox.entitlements --sign 'Application' build/macos/ykman/ykman
|
||||
|
||||
NOTE: This sandboxed ykman will not run on its own, it has to be run as a
|
||||
subprocess to the main application.
|
||||
|
||||
Once you have the signed .app, (no Notarization required) build the package for AppStore submission:
|
||||
|
||||
productbuild --sign 'Installer' --component build/macos/Build/Products/Release/flutter_rpc_test.app /Applications/ output-appstore.pkg
|
||||
|
||||
Use the Transporter app to upload the package to Apple.
|
||||
Loading…
Reference in New Issue
Block a user