projects / dcpomatic.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Improve ratings dialog to allow only valid values (#2199).
[dcpomatic.git] / platform / osx / make_dmg.sh
diff --git a/platform/osx/make_dmg.sh b/platform/osx/make_dmg.sh
index 972a71c5ff01e4b8de3bcf46ce16da1e977d073f..6f36839f77a10683000e3fcdbba754f63e532eb7 100644 (file)
--- a/platform/osx/make_dmg.sh
+++ b/platform/osx/make_dmg.sh
@@ -1,107 +1,115 @@
 #!/bin/bash
 #
-SYNTAX="make_dmg.sh <environment> <builddir> <type> <apple-id> <apple-password>"
-# where <type> is universal or thin
+SYNTAX="make_dmg.sh <environment> <builddir> <apple-id> <apple-password> <arch1> [<arch2>]"
 #
-# e.g. make_dmg.sh /Users/carl/osx-environment /Users/carl/cdist universal foo@bar.net opensesame
+# e.g. make_dmg.sh /Users/carl/osx-environment /Users/carl/cdist foo@bar.net opensesame x86_64/10.10 arm64/11.0
 
 # Don't set -e here as egrep (used a few times) returns 1 if no matches
 # were found.
 
-version=`git describe --tags --abbrev=0 | sed -e "s/v//"`
+# Use a tag if what we've built is exactly on one
+version=$(git describe --tags --abbrev=0 --match=v2.*.* --exact-match 2> /dev/null)
+if [ "$?" == "0" ]; then
+       version=$(echo $version | sed -e "s/^v//")
+else
+       # Otherwise use <branch>-<commit>
+       version="$(basename $(git name-rev --name-only HEAD))-$(git rev-parse --short HEAD)"
+fi
 
 # DMG size in megabytes
 DMG_SIZE=256
 ENV=$1
 ROOT=$2
-TYPE=$3
-APPLE_ID=$4
-APPLE_PASSWORD=$5
-
-if [ "$TYPE" != "universal" -a "$TYPE" != "thin" ]; then
-    echo $SYNTAX
-    echo "where <type> is universal or thin"
-    exit 1
-fi
+APPLE_ID=$3
+APPLE_PASSWORD=$4
+ARCH1=$5
+ARCH2=$6
+
+APPLICATION_IDENTITY="Developer ID Application: Carl Hetherington (R82DXSR997)"
+INSTALLER_IDENTITY="Developer ID Installer: Carl Hetherington (R82DXSR997)"
 
 # This is our work area for making up the .dmgs
 mkdir -p build/platform/osx
 cd build/platform/osx
 
+cat <<EOF > entitlements.plist
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>com.apple.security.cs.disable-library-validation</key>
+  <true/>
+  <key>com.apple.security.cs.allow-dyld-environment-variables</key>
+  <true/>
+</dict>
+</plist>
+EOF
+
 function copy {
-    case $TYPE in
-       universal)
-           for f in $1/32/$2; do
-               if [ -h $f ]; then
-                   ln -s $(readlink $f) "$3/`basename $f`"
-               else
-                   g=`echo $f | sed -e "s/\/32\//\/64\//g"`
-                   mkdir -p "$3"
-                   lipo -create $f $g -output "$3/`basename $f`"
-               fi
-           done
-           ;;
-       thin)
-           if [ -h $1/$2 ]; then
-               ln -s $(readlink $1/$2) "$3/`basename $f`"
-            else
-               cp $1/$2 "$3"
-           fi
-           ;;
-    esac
+       if [ "$ARCH2" == "" ]; then
+               for f in $1/$2; do
+                       if [ -h $f ]; then
+                               ln -s $(readlink $f) "$3/`basename $f`"
+                       else
+                               cp $f "$3/`basename $f`"
+                       fi
+               done
+       else
+               for f in $1/$ARCH2/$2; do
+                       if [ -h $f ]; then
+                               ln -s $(readlink $f) "$3/`basename $f`"
+                       else
+                               g=`echo $f | sed -e "s@/$ARCH2/@/$ARCH1/@g"`
+                               mkdir -p "$3"
+                               lipo -create $f $g -output "$3/$(basename $f)"
+                       fi
+               done
+       fi
 }
 
 function copy_lib_root {
-    case $TYPE in
-       universal)
-           for f in $ROOT/32/lib/$1*.dylib; do
-               if [ -h $f ]; then
-                   ln -s $(readlink $f) "$2/`basename $f`"
-               else
-                   g=`echo $f | sed -e "s/\/32\//\/64\//g"`
-                   mkdir -p "$2"
-                   lipo -create $f $g -output "$2/`basename $f`"
-               fi
-           done
-           ;;
-       thin)
-           for f in $ROOT/lib/$1*.dylib; do
-               if [ -h $f ]; then
-                   ln -s $(readlink $f) "$2/`basename $f`"
-               else
-                   mkdir -p "$2"
-                   cp $f "$2"
-               fi
-           done
-           ;;
-    esac
+       if [ "$ARCH2" == "" ]; then
+               for f in $ROOT/lib/$1*.dylib; do
+                       if [ -h $f ]; then
+                               ln -s $(readlink $f) "$2/`basename $f`"
+                       else
+                               cp $f "$2/`basename $f`"
+                       fi
+               done
+       else
+               for f in $ROOT/$ARCH2/lib/$1*.dylib; do
+                       if [ -h $f ]; then
+                               ln -s $(readlink $f) "$2/`basename $f`"
+                       else
+                               g=`echo $f | sed -e "s@/$ARCH2/@/$ARCH1/@g"`
+                               mkdir -p "$2"
+                               lipo -create $f $g -output "$2/$(basename $f)"
+                       fi
+               done
+       fi
     to_relink="$to_relink|$1"
 }
 
 function copy_lib_env {
-    case $TYPE in
-       universal)
-           for f in $ENV/32/lib/$1*.dylib; do
-               if [ -h $f ]; then
-                   ln -s $(readlink $f) "$2/`basename $f`"
-               else
-                   g=`echo $f | sed -e "s/\/32\//\/64\//g"`
-                   mkdir -p "$2"
-                   lipo -create $f $g -output "$2/`basename $f`"
-               fi
-           done
-           ;;
-       thin)
-           for f in $ENV/64/lib/$1*.dylib; do
-               if [ -h $f ]; then
-                   ln -s $(readlink $f) "$2/`basename $f`"
-               else
-                   mkdir -p "$2"
-                   cp $f "$2"
-               fi
-           done
-           ;;
-    esac
+       if [ "$ARCH2" == "" ]; then
+               for f in $ENV/$ARCH1/lib/$1*.dylib; do
+                       if [ -h $f ]; then
+                               ln -s $(readlink $f) "$2/`basename $f`"
+                       else
+                               cp $f "$2/`basename $f`"
+                       fi
+               done
+       else
+               for f in $ENV/$ARCH2/lib/$1*.dylib; do
+                       if [ -h $f ]; then
+                               ln -s $(readlink $f) "$2/`basename $f`"
+                       else
+                               g=`echo $f | sed -e "s@/$ARCH2/@/$ARCH1/@g"`
+                               mkdir -p "$2"
+                               lipo -create $f $g -output "$2/$(basename $f)"
+                       fi
+               done
+       fi
     to_relink="$to_relink|$1"
 }
 
@@ -161,8 +169,6 @@ function copy_libs {
     copy_lib_env libicui18n "$dest"
     copy_lib_env libicudata "$dest"
     copy_lib_env libicuio "$dest"
-    copy_lib_env libicule "$dest"
-    copy_lib_env libiculx "$dest"
     copy_lib_env libicutest "$dest"
     copy_lib_env libicutu "$dest"
     copy_lib_env libicuuc "$dest"
@@ -170,20 +176,24 @@ function copy_libs {
     copy_lib_env libvorbis "$dest"
     copy_lib_env libogg "$dest"
     copy_lib_env libxerces-c "$dest"
+    copy_lib_env libcrypto "$dest"
+    copy_lib_env libssl "$dest"
+    copy_lib_env libfribidi "$dest"
+    copy_lib_env libgio "$dest"
+    copy_lib_env libz "$dest"
+       copy_lib_env libdav1d "$dest"
 }
 
 # @param #1 directory to copy to
 function copy_resources {
     local dest="$1"
-    case $TYPE in
-       universal)
-           local prefix=$ROOT/32
-           ;;
-       thin)
-           local prefix=$ROOT
-           ;;
-    esac
-    cp $prefix/src/dcpomatic/graphics/osx/dcpomatic_small.png "$dest"
+       if [ "$ARCH2" == "" ]; then
+               local prefix=$ROOT
+       else
+               local prefix=$ROOT/$ARCH1
+       fi
+    cp $prefix/src/dcpomatic/graphics/osx/dcpomatic_small_white.png "$dest"
+    cp $prefix/src/dcpomatic/graphics/osx/dcpomatic_small_black.png "$dest"
     cp $prefix/src/dcpomatic/graphics/osx/dcpomatic2.icns "$dest"
     cp $prefix/src/dcpomatic/graphics/osx/dcpomatic2_kdm.icns "$dest"
     cp $prefix/src/dcpomatic/graphics/osx/dcpomatic2_server.icns "$dest"
@@ -230,8 +240,11 @@ function copy_resources {
     cp $prefix/src/dcpomatic/graphics/sequence.png "$dest"
     cp $prefix/src/dcpomatic/graphics/me.jpg "$dest"
     cp $prefix/src/dcpomatic/graphics/link.png "$dest"
+    cp $prefix/src/dcpomatic/graphics/tick.png "$dest"
+    cp $prefix/src/dcpomatic/graphics/no_tick.png "$dest"
     cp -r $prefix/share/libdcp/xsd "$dest"
     cp -r $prefix/share/libdcp/tags "$dest"
+    cp -r $prefix/share/libdcp/ratings "$dest"
 
     # i18n: DCP-o-matic .mo files
     for lang in de_DE es_ES fr_FR it_IT sv_SE nl_NL ru_RU pl_PL da_DK pt_PT pt_BR sk_SK cs_CZ uk_UA zh_CN tr_TR; do
@@ -244,7 +257,7 @@ function copy_resources {
     # i18n: wxWidgets .mo files
     for lang in de es fr it sv nl ru pl da cs; do
        mkdir "$dest/$lang"
-       cp $ENV/64/share/locale/$lang/LC_MESSAGES/wxstd.mo "$dest/$lang"
+       cp $ENV/$ARCH1/share/locale/$lang/LC_MESSAGES/wxstd.mo "$dest/$lang"
     done
 }
 
@@ -253,23 +266,22 @@ function relink_relative {
     to_relink=`echo $to_relink | sed -e "s/\+//g"`
     local linkers=("$@")
 
-    for obj in "${linkers[@]}"; do
-       deps=`otool -L "$obj" | awk '{print $1}' | egrep "($to_relink)" | egrep "($ENV|$ROOT|boost|libicu)"`
-       changes=""
-       for dep in $deps; do
-           base=`basename $dep`
-           if [ "$TYPE" == "universal" ]; then
-               # $dep will be a path within 64/; make a 32/ path too
-               dep32=`echo $dep | sed -e "s/\/64\//\/32\//g"`
-               changes="$changes -change $dep @executable_path/../Frameworks/$base -change $dep32 @executable_path/../Frameworks/$base"
-           else
-               changes="$changes -change $dep @executable_path/../Frameworks/$base"
-           fi
+       arch1_name=$(echo $ARCH1 | sed -e s@/.*@@)
+       arch2_name=$(echo $ARCH2 | sed -e s@/.*@@)
+
+       for arch in $arch1_name $arch2_name; do
+               for obj in "${linkers[@]}"; do
+                       deps=`otool -arch $arch -L "$obj" | awk '{print $1}' | egrep "($to_relink)" | egrep "($ENV|$ROOT|@rpath|boost|libicu|libssh)"`
+                       changes=""
+                       for dep in $deps; do
+                               base=`basename $dep`
+                               changes="$changes -change $dep @executable_path/../Frameworks/$base"
+                       done
+                       if test "x$changes" != "x"; then
+                               install_name_tool $changes -id `basename "$obj"` "$obj"
+                       fi
+               done
        done
-       if test "x$changes" != "x"; then
-           install_name_tool $changes -id `basename "$obj"` "$obj"
-       fi
-    done
 }
 
 # param $1 directory things should be relinked into
@@ -280,41 +292,54 @@ function relink_absolute {
     shift
     local linkers=("$@")
 
-    for obj in "${linkers[@]}"; do
-       deps=`otool -L "$obj" | awk '{print $1}' | egrep "($to_relink)" | egrep "($ENV|$ROOT|boost|libicu)"`
-       for dep in $deps; do
-           base=`basename $dep`
-            install_name_tool -change "$dep" "$target"/$base -id `basename "$obj"` "$obj"
+       arch1_name=$(echo $ARCH1 | sed -e s@/.*@@)
+       arch2_name=$(echo $ARCH2 | sed -e s@/.*@@)
+
+       for arch in $arch1_name $arch2_name; do
+               for obj in "${linkers[@]}"; do
+                       deps=`otool -arch $arch -L "$obj" | awk '{print $1}' | egrep "($to_relink)" | egrep "($ENV|$ROOT|boost|libicu|libssh)"`
+                       for dep in $deps; do
+                               base=`basename $dep`
+                               install_name_tool -change "$dep" "$target"/$base -id `basename "$obj"` "$obj"
+                       done
+               done
        done
-    done
 }
 
 function sign {
-    codesign --deep --force --verify --verbose --options runtime --sign "Developer ID Application: Carl Hetherington (R82DXSR997)" "$1"
-    if [ "$?" != "0" ]; then
-       echo "Failed to sign $1"
-       exit 1
-    fi
+       codesign --verify --verbose=4 --options runtime --entitlements entitlements.plist --sign "$APPLICATION_IDENTITY" "$1"
+       if [ "$?" != "0" ]; then
+               echo "Failed to sign $1"
+               exit 1
+       fi
 }
 
-
 # @param #1 .app directory
 # @param #2 .pkg or ""
 # @param #3 full name e.g. DCP-o-matic Batch Converter
-# @param #4 bundle id e.g. com.dcpomatic.batch
+# @param #4 list of executables
 function make_dmg {
     local appdir="$1"
     local pkg="$2"
     local full_name="$3"
-    local bundle_id="$4"
-    tmp_dmg=dcpomatic_tmp.dmg
-    dmg="$full_name $version.dmg"
+    local exes="$4"
+       tmp_dmg=dcpomatic_tmp.dmg
+       if [ "$ARCH2" == "" ]; then
+               dmg="$full_name $version macOS10.8+.dmg"
+       else
+               dmg="$full_name $version macOS10.10+.dmg"
+       fi
     vol_name=DCP-o-matic-$version
 
-    sign "$appdir"
+       find "$appdir/Contents/Frameworks" -iname "*.dylib" -type f -print0 | while IFS= read -r -d '' f; do
+               sign "$f"
+       done
+       for f in $exes; do
+               sign "$appdir/Contents/MacOS/$f"
+       done
 
     if [ "$pkg" != "" ]; then
-       productsign --sign "Developer ID Installer: Carl Hetherington (R82DXSR997)" "$pkg" "signed_temp.pkg"
+       productsign --sign "$INSTALLER_IDENTITY" "$pkg" "signed_temp.pkg"
        if [ "$?" != "0" ]; then
            echo "Failed to sign .pkg"
            exit 1
@@ -330,12 +355,12 @@ function make_dmg {
     ln -s /Applications "$vol_name/Applications"
     cat<<EOF > "$vol_name/READ ME.txt"
 Welcome to DCP-o-matic!  The first time you run the program there may be
-a long (several-minute) delay while OS X checks the code for viruses and
+a long (several-minute) delay while macOS checks the code for viruses and
 other malware.  Please be patient!
 EOF
     cat<<EOF > "$vol_name/READ ME.de_DE.txt"
 Beim erstmaligen Start der DCP-o-matic Anwendungen kann ein längerer
-Verifikationsvorgang auftreten.  Dies ist von der OS X Sicherheitsumgebung
+Verifikationsvorgang auftreten.  Dies ist von der macOS Sicherheitsumgebung
 'Gatekeeper' verursacht.  Dieser je nach Rechner teils minutenlange
 Verifikationsvorgang ist gegenwärtig normal und nicht zu umgehen,
 es ist kein Programmfehler.  Warten sie die Verifikation für jede der
@@ -403,39 +428,7 @@ EOF
     xattr -c "$dmg"
 
     set -e
-    codesign --verify --verbose --options runtime --sign "Developer ID Application: Carl Hetherington (R82DXSR997)" "$dmg"
-
-    # We only notarize thin builds, as if we're building universal binaries we must be on an OS
-    # sufficiently old that it can't notarize anyway
-    if [ "$TYPE" == "thin" ]; then
-
-       id=$(xcrun altool --notarize-app -t osx -f "$dmg" --primary-bundle-id $bundle_id -u $APPLE_ID -p $APPLE_PASSWORD --output-format xml | grep -C1 RequestUUID | tail -n 1 | sed -e "s/<string>//g" | sed -e "s/<\/string>//g")
-       N=0
-       while [ 1 ]; do
-           echo "Checking up on $id"
-           set +e
-            status=$(xcrun altool --notarization-info $id -u $APPLE_ID -p $APPLE_PASSWORD --output-format xml)
-           set -e
-            summary=$(echo "$status" | grep -C1 "<key>Status</key>" | tail -n 1 | sed -e "s/   .//g")
-            echo "Got $summary"
-            if [ "$summary" == "<string>invalid</string>" ]; then
-                echo "Notarization failed."
-                echo $status
-                exit 1
-            fi
-           if [ "$summary" == "<string>success</string>" ]; then
-               break
-           fi
-           sleep 30
-           N=$((N+1))
-           if [ "$N" == "30" ]; then
-               echo "Timed out waiting for notarization"
-               exit 1
-           fi
-       done
-
-       xcrun stapler staple "$dmg"
-    fi
+    codesign --timestamp --verify --verbose --options runtime --entitlements entitlements.plist --sign "$APPLICATION_IDENTITY" "$dmg"
     set +e
 
     rm $tmp_dmg
@@ -456,14 +449,18 @@ function setup {
     copy_resources "$approot/Resources"
 }
 
-case $TYPE in
-    universal)
-       prefix=$ROOT/32
-       ;;
-    thin)
+function copy_verify {
+       copy $ROOT src/libdcp/build/tools/dcpverify "$approot/MacOS"
+       mv "$approot/MacOS/dcpverify" "$approot/MacOS/dcpomatic2_verify"
+       rl=("$approot/MacOS/dcpomatic2_verify" "$approot/Frameworks/"*.dylib)
+       relink_relative "${rl[@]}"
+}
+
+if [ "$ARCH2" == "" ]; then
        prefix=$ROOT
-       ;;
-esac
+else
+       prefix=$ROOT/$ARCH2
+fi
 
 # DCP-o-matic main
 setup "DCP-o-matic 2.app"
@@ -472,71 +469,80 @@ copy $ROOT src/dcpomatic/build/src/tools/dcpomatic2_cli "$approot/MacOS"
 copy $ROOT src/dcpomatic/build/src/tools/dcpomatic2_create "$approot/MacOS"
 copy $ROOT bin/ffprobe "$approot/MacOS"
 copy $ROOT src/openssl/apps/openssl "$approot/MacOS"
+copy_verify
 cp $prefix/src/dcpomatic/build/platform/osx/dcpomatic2.Info.plist "$approot/Info.plist"
 rl=("$approot/MacOS/dcpomatic2" "$approot/MacOS/dcpomatic2_cli" "$approot/MacOS/dcpomatic2_create" "$approot/MacOS/ffprobe" "$approot/Frameworks/"*.dylib)
 relink_relative "${rl[@]}"
-make_dmg "$appdir" "" "DCP-o-matic" com.dcpomatic
+make_dmg "$appdir" "" "DCP-o-matic" "dcpomatic2_verify openssl ffprobe dcpomatic2_cli dcpomatic2_create dcpomatic2"
 
 # DCP-o-matic KDM Creator
 setup "DCP-o-matic 2 KDM Creator.app"
 copy $ROOT src/dcpomatic/build/src/tools/dcpomatic2_kdm "$approot/MacOS"
 copy $ROOT src/dcpomatic/build/src/tools/dcpomatic2_kdm_cli "$approot/MacOS"
 copy $ROOT src/openssl/apps/openssl "$approot/MacOS"
+copy_verify
 cp $prefix/src/dcpomatic/build/platform/osx/dcpomatic2_kdm.Info.plist "$approot/Info.plist"
 rl=("$approot/MacOS/dcpomatic2_kdm" "$approot/MacOS/dcpomatic2_kdm_cli" "$approot/Frameworks/"*.dylib)
 relink_relative "${rl[@]}"
-make_dmg "$appdir" "" "DCP-o-matic KDM Creator" com.dcpomatic.kdm
+make_dmg "$appdir" "" "DCP-o-matic KDM Creator" "dcpomatic2_verify openssl dcpomatic2_kdm_cli dcpomatic2_kdm"
 
 # DCP-o-matic Encode Server
 setup "DCP-o-matic 2 Encode Server.app"
 copy $ROOT src/dcpomatic/build/src/tools/dcpomatic2_server "$approot/MacOS"
 copy $ROOT src/dcpomatic/build/src/tools/dcpomatic2_server_cli "$approot/MacOS"
 copy $ROOT src/openssl/apps/openssl "$approot/MacOS"
+copy_verify
 cp $prefix/src/dcpomatic/build/platform/osx/dcpomatic2_server.Info.plist "$approot/Info.plist"
 rl=("$approot/MacOS/dcpomatic2_server" "$approot/MacOS/dcpomatic2_server_cli" "$approot/Frameworks/"*.dylib)
 relink_relative "${rl[@]}"
-make_dmg "$appdir" "" "DCP-o-matic Encode Server" com.dcpomatic.server
+make_dmg "$appdir" "" "DCP-o-matic Encode Server" "dcpomatic2_verify openssl dcpomatic2_server_cli dcpomatic2_server"
 
 # DCP-o-matic Batch Converter
 setup "DCP-o-matic 2 Batch converter.app"
 copy $ROOT src/dcpomatic/build/src/tools/dcpomatic2_batch "$approot/MacOS"
 copy $ROOT src/openssl/apps/openssl "$approot/MacOS"
+copy_verify
 cp $prefix/src/dcpomatic/build/platform/osx/dcpomatic2_batch.Info.plist "$approot/Info.plist"
 rl=("$approot/MacOS/dcpomatic2_batch" "$approot/Frameworks/"*.dylib)
 relink_relative "${rl[@]}"
-make_dmg "$appdir" "" "DCP-o-matic Batch Converter" com.dcpomatic.batch
+make_dmg "$appdir" "" "DCP-o-matic Batch Converter" "dcpomatic2_verify openssl dcpomatic2_batch"
 
 # DCP-o-matic Player
 setup "DCP-o-matic 2 Player.app"
 copy $ROOT src/dcpomatic/build/src/tools/dcpomatic2_player "$approot/MacOS"
 copy $ROOT src/openssl/apps/openssl "$approot/MacOS"
+copy_verify
 cp $prefix/src/dcpomatic/build/platform/osx/dcpomatic2_player.Info.plist "$approot/Info.plist"
 rl=("$approot/MacOS/dcpomatic2_player" "$approot/Frameworks/"*.dylib)
 relink_relative "${rl[@]}"
-make_dmg "$appdir" "" "DCP-o-matic Player" com.dcpomatic.player
+make_dmg "$appdir" "" "DCP-o-matic Player" "dcpomatic2_verify openssl dcpomatic2_player"
 
 # DCP-o-matic Playlist Editor
 setup "DCP-o-matic 2 Playlist Editor.app"
 copy $ROOT src/dcpomatic/build/src/tools/dcpomatic2_playlist "$approot/MacOS"
 copy $ROOT src/openssl/apps/openssl "$approot/MacOS"
+copy_verify
 cp $prefix/src/dcpomatic/build/platform/osx/dcpomatic2_playlist.Info.plist "$approot/Info.plist"
 rl=("$approot/MacOS/dcpomatic2_playlist" "$approot/Frameworks/"*.dylib)
 relink_relative "${rl[@]}"
-make_dmg "$appdir" "" "DCP-o-matic Playlist Editor" com.dcpomatic.playlist
+make_dmg "$appdir" "" "DCP-o-matic Playlist Editor" "dcpomatic2_verify openssl dcpomatic2_playlist"
 
 # DCP-o-matic Combiner
 setup "DCP-o-matic 2 Combiner.app"
 copy $ROOT src/dcpomatic/build/src/tools/dcpomatic2_combiner "$approot/MacOS"
 copy $ROOT src/openssl/apps/openssl "$approot/MacOS"
+copy_verify
 cp $prefix/src/dcpomatic/build/platform/osx/dcpomatic2_combiner.Info.plist "$approot/Info.plist"
 rl=("$approot/MacOS/dcpomatic2_combiner" "$approot/Frameworks/"*.dylib)
 relink_relative "${rl[@]}"
-make_dmg "$appdir" "" "DCP-o-matic Combiner" com.dcpomatic.combiner
+make_dmg "$appdir" "" "DCP-o-matic Combiner" "dcpomatic2_verify openssl dcpomatic2_combiner"
 
 # DCP-o-matic Disk Writer .app
 setup "DCP-o-matic 2 Disk Writer.app"
 copy $ROOT src/dcpomatic/build/src/tools/dcpomatic2_disk "$approot/MacOS"
 copy $ROOT src/openssl/apps/openssl "$approot/MacOS"
+copy_verify
+cp $prefix/src/dcpomatic/platform/osx/uninstall_disk.applescript "$approot/Resources"
 cp $prefix/src/dcpomatic/build/platform/osx/dcpomatic2_disk.Info.plist "$approot/Info.plist"
 rl=("$approot/MacOS/dcpomatic2_disk" "$approot/Frameworks/"*.dylib)
 relink_relative "${rl[@]}"
@@ -604,7 +610,7 @@ exit 0
 EOF
 chmod gou+x $pkgbase/scripts/postinstall
 
-find "$pkgbin" -iname "*.dylib" -print0 | while IFS= read -r -d '' f; do
+find "$pkgbin" -iname "*.dylib" -type f -print0 | while IFS= read -r -d '' f; do
     sign "$f"
 done
 sign "$pkgbin/dcpomatic2_disk_writer"
@@ -613,5 +619,5 @@ mkdir -p "$pkgroot/Library/Application Support/com.dcpomatic"
 mv $pkgbin/* "$pkgroot/Library/Application Support/com.dcpomatic/"
 pkgbuild --root $pkgroot --identifier com.dcpomatic.disk.writer --scripts $pkgbase/scripts "DCP-o-matic Disk Writer.pkg"
 
-make_dmg "$appdir" "DCP-o-matic Disk Writer.pkg" "DCP-o-matic Disk Writer" com.dcpomatic.disk
+make_dmg "$appdir" "DCP-o-matic Disk Writer.pkg" "DCP-o-matic Disk Writer" "dcpomatic2_verify openssl dcpomatic2_disk"
 
2.0 development branch of dcpomatic