Improve and simplify macOS builds #1276
Conversation
We need packages for the last build step on macOS, update docs to reflect the requirement.
On macOS, we can use a package manager to easily install dependencies. This simplifies onboarding and building Veracrypt.
When building, we can use prebuilt wxwidgets from homebrew to simplify and speed up local building. We also put the package behind a flag as it's optional during development.
When building with homebrew, skip signing. This can be put behind a flag to enable, if needed.
The binary in the repo is not universal (x86_64) and therefore building fails on arm architecture if Rosetta is not installed. Use local yasm if available.
When building via homebrew and locally, build only the local arch which skips ASM for arm(Mx) for MacOS. This removes the need to have rosetta installed for building.
| @@ -350,8 +352,8 @@ ifeq "$(shell uname -s)" "Darwin" | |||
| S := $(C_CXX_FLAGS) | |||
| C_CXX_FLAGS = $(subst -MMD,,$(S)) | |||
|
|
|||
| C_CXX_FLAGS += -gfull -arch x86_64 | |||
There was a problem hiding this comment.
At the beginning of Makefile CPU_ARCH is set to x64 based on my uname -m of x86_64, later CPU_ARCH is set to x86 based on CPU_ARCH being x64. This means that here it'll attempt to build with arch x86 which my Monterey doesn't have. This will error out with clang: error: invalid arch name '-arch x86'
There was a problem hiding this comment.
Thank you so much for this @Jertzukka! I hadn't tested it on x86 and thought it could fail. I have now tried it on x86 and fixed all the problems with local builds using brew packages. I would appreciate it if you could confirm it on your end 😃
| @@ -295,7 +295,7 @@ ifeq "$(shell uname -s)" "Darwin" | |||
| PLATFORM := MacOSX | |||
| APPNAME := VeraCrypt | |||
|
|
|||
| export VC_OSX_TARGET ?= 10.7 | |||
| export VC_OSX_TARGET ?= 10.9 | |||
| export VC_OSX_SDK ?= $(VC_OSX_TARGET) | |||
There was a problem hiding this comment.
The VC_OSX_TARGET could probably be bumped upto 12 in both places, as VC version 1.25.9 was the last one that officially supported anything below that. The xcrun --show-sdk-version trick could be used here to guess the correct SDK, instead of assuming it is the same as target.
There was a problem hiding this comment.
I fixed this one in a follow-up commit and bumped it to 12, to be on the side of err, as that was the target in the main script.
src/Volume/Volume.make
Outdated
| @@ -37,6 +37,7 @@ endif | |||
|
|
|||
| ifeq "$(ENABLE_WOLFCRYPT)" "0" | |||
| ifeq "$(PLATFORM)" "MacOSX" | |||
| ifeq "$(COMPILE_ASM)" "true" | |||
There was a problem hiding this comment.
COMPILE_ASM variable needs to be also set somewhere else than only in build_veracrypt_macosx.sh, like in Makefile, or else normal make will not work properly as it is not defined without this build script.
There was a problem hiding this comment.
Thanks for the review @Jertzukka!
Good call and find. I addressed this in 3e5168f, moving the check toifneq instead ifeq so the undefined variable doesn't fail the build. I'll try to follow up on the other issues you mentioned tomorrow.
Use a conditional check for COMPILE_ASM not being false instead of true. This avoids passing the variable to other parts of the build script.
Align the requirement to SDK 12 in both the makefile and script, and update the comment to remove confusion. I chose to leave this on 12 to be on the side of err and support as many building platforms as possible, when we can support. The local script now also sets the target using the local sdk version. This should improve the local development experience.
We now build only the current arch for local development builds in macOS. This change also fixes the x86 builds failing.
Flags to build a local build using homebrew packages are not default and require parameter -b to build. We also don't build packages directly, which requires -p.
|
@idrassi Can you please share/upload the packages build that is used during the build of Veracypt, I believe the one on the webpage and homebrew is outdated and hosted on free.fr (HTTP). I would also appreciate it if you could review the PR and have comments so I can wrap this up this weekend 😃 Thanks! |
| @@ -210,7 +210,9 @@ else | |||
| sed -e 's/_VERSION_/$(patsubst %a,%.1,$(patsubst %b,%.2,$(TC_VERSION)))/' ../Build/Resources/MacOSX/Info.plist.xml >$(APPNAME).app/Contents/Info.plist | |||
| endif | |||
| chmod -R go-w $(APPNAME).app | |||
| ifneq ($(LOCAL_DEVELOPMENT_BUILD),"true") | |||
There was a problem hiding this comment.
| ifneq ($(LOCAL_DEVELOPMENT_BUILD),"true") | |
| ifneq ("$(LOCAL_DEVELOPMENT_BUILD)","true") |
This needs to be quoted to work. Also I might've chosen something shorter like NOSIGN which makes it also clear what the flag does, just skips the package sign parts.
Also doesn't the productsign right under this also need to be turned off for dev build as it will also fail with missing certificates?
There was a problem hiding this comment.
If we do not sign, the installer name in the later part will have wrong name that does not exist:
So, for no signing path, the copied installer name should be "$(BASE_DIR)/Setup/MacOSX/VeraCrypt $(TC_VERSION).pkg" instead of "$(BASE_DIR)/Setup/MacOSX/VeraCrypt_$(TC_VERSION).pkg"
There was a problem hiding this comment.
Thanks! I'll have a look at this (and possibly others) once the maintainer reviews
This series of commits aims to simplify the building of Veracrypt on macOS. This PR is currently draft and some commits require a rewrite as they are not atomic and require some fixes to the logic and the text.