Implement Mac App Store build support by introducing the BUILD_FOR_MAC_APP_STORE option. This change disables Sparkle and localhost OAuth redirect server for MAS builds, updates CMake configuration, and modifies build scripts accordingly. Additionally, the macOS bundle identifier is now configurable via CMake.

build_tools/macos/build_app.sh

@@ -91,7 +91,7 @@ run_with_heartbeat() {
 usage() {
   cat <<'EOF'
 Usage:
-  ./build_tools/macos/build_app.sh [--debug|--release] [--deploy] [--dmg] [--clean] [--build-dir <path>]
+  ./build_tools/macos/build_app.sh [--debug|--release] [--mas] [--deploy] [--dmg] [--clean] [--build-dir <path>]
 
 What it does:
   - Configures and builds Strawberry with CMake + Ninja
@@ -100,6 +100,7 @@ What it does:
 Options:
   --release       Release build (default)
   --debug         Debug build
+  --mas           Build for Mac App Store (BUILD_FOR_MAC_APP_STORE=ON). Disables Sparkle/QtSparkle and any localhost OAuth redirect listener.
   --deploy        Run: cmake --build <builddir> --target deploy
   --dmg           Run: cmake --build <builddir> --target dmg   (implies --deploy)
   --clean         Delete the build dir before configuring
@@ -109,6 +110,7 @@ EOF
 }
 
 config="Release"
+do_mas=0
 do_deploy=0
 do_dmg=0
 do_clean=0
@@ -118,6 +120,7 @@ while [[ $# -gt 0 ]]; do
   case "$1" in
     --release) config="Release"; shift ;;
     --debug) config="Debug"; shift ;;
+    --mas) do_mas=1; shift ;;
     --deploy) do_deploy=1; shift ;;
     --dmg) do_dmg=1; do_deploy=1; shift ;;
     --clean) do_clean=1; shift ;;
@@ -165,6 +168,9 @@ fi
 echo "==> [$(ts)] Repo:      ${repo_root}"
 echo "==> [$(ts)] Build dir: ${build_dir}"
 echo "==> [$(ts)] Config:    ${config}"
+if [[ "$do_mas" -eq 1 ]]; then
+  echo "==> [$(ts)] MAS:       enabled (BUILD_FOR_MAC_APP_STORE=ON)"
+fi
 
 if [[ "$do_clean" -eq 1 ]]; then
   echo "==> [$(ts)] Cleaning build dir"
@@ -213,6 +219,11 @@ cmake_prefix_path="${qt_prefix};${brew_prefix}"
 
 cmake_extra_args=()
 
+# Mac App Store build mode
+if [[ "$do_mas" -eq 1 ]]; then
+  cmake_extra_args+=("-DBUILD_FOR_MAC_APP_STORE=ON")
+fi
+
 # Optional: override Sparkle update feed / key for your own published builds.
 # Example:
 #   export SPARKLE_FEED_URL="https://example.com/appcast.xml"

build_tools/macos/export_compliance/EXPORT_COMPLIANCE.txt

@@ -0,0 +1,26 @@
+Encryption Export Compliance Statement (EAR)
+
+App Name: Strawberry
+Bundle ID: @BUNDLE_ID@
+Version: @VERSION@
+Developer: @DEVELOPER@
+Date: @DATE@
+Contact: @CONTACT@
+
+Statement
+---------
+This app uses encryption only for standard network communications security (for example, TLS/HTTPS connections to web services).
+
+The app does not implement proprietary or non-standard encryption algorithms, and it does not ship its own cryptographic library in place of Apple’s operating system encryption.
+
+The app uses only encryption provided by Apple’s operating system (e.g., Apple-provided TLS stacks accessed through system frameworks used by the app and its dependencies).
+
+The app is not a VPN client/server, does not provide end-to-end encrypted messaging, and does not provide user-controlled key management or custom cryptographic functionality beyond standard transport security.
+
+Accordingly, the app’s use of encryption is believed to qualify as exempt under U.S. export regulations for mass-market software using standard OS-provided encryption.
+
+Reference
+---------
+Apple: Complying with Encryption Export Regulations
+https://developer.apple.com/documentation/security/complying-with-encryption-export-regulations
+

build_tools/macos/export_compliance/make_pdf.sh

@@ -0,0 +1,103 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+usage() {
+  cat <<'EOF'
+Usage:
+  ./build_tools/macos/export_compliance/make_pdf.sh \
+    --bundle-id com.dryark.strawberry \
+    --version 1.2.3 \
+    --developer "Dry Ark LLC" \
+    --contact "support@example.com"
+
+Outputs (in the same folder as this script):
+  - EXPORT_COMPLIANCE.filled.txt
+  - EXPORT_COMPLIANCE.pdf
+
+Notes:
+  - Uses macOS built-in /usr/bin/textutil + /usr/sbin/cupsfilter to generate the PDF.
+EOF
+}
+
+script_dir="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
+template="${script_dir}/EXPORT_COMPLIANCE.txt"
+filled="${script_dir}/EXPORT_COMPLIANCE.filled.txt"
+pdf="${script_dir}/EXPORT_COMPLIANCE.pdf"
+
+bundle_id=""
+version=""
+developer=""
+contact=""
+date_str="$(date +%Y-%m-%d)"
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --bundle-id) bundle_id="${2:-}"; shift 2 ;;
+    --version) version="${2:-}"; shift 2 ;;
+    --developer) developer="${2:-}"; shift 2 ;;
+    --contact) contact="${2:-}"; shift 2 ;;
+    -h|--help) usage; exit 0 ;;
+    *) echo "Unknown arg: $1" >&2; usage; exit 2 ;;
+  esac
+done
+
+if [[ -z "$bundle_id" || -z "$version" || -z "$developer" || -z "$contact" ]]; then
+  echo "Error: missing required args." >&2
+  usage
+  exit 2
+fi
+
+if [[ "$(uname -s)" != "Darwin" ]]; then
+  echo "Error: This script is for macOS only (uses textutil)." >&2
+  exit 1
+fi
+
+if [[ ! -f "$template" ]]; then
+  echo "Error: missing template file: $template" >&2
+  exit 1
+fi
+
+if [[ ! -x /usr/bin/textutil ]]; then
+  echo "Error: /usr/bin/textutil not found. This should exist on macOS." >&2
+  exit 1
+fi
+if [[ ! -x /usr/sbin/cupsfilter ]]; then
+  echo "Error: /usr/sbin/cupsfilter not found. This should exist on macOS." >&2
+  exit 1
+fi
+
+escape_sed_repl() {
+  # Escape characters that are special in sed replacement strings: \ & and delimiter |
+  # bash 3.2 compatible
+  echo "$1" | sed -e 's/[\\&|]/\\&/g'
+}
+
+bundle_id_esc="$(escape_sed_repl "$bundle_id")"
+version_esc="$(escape_sed_repl "$version")"
+developer_esc="$(escape_sed_repl "$developer")"
+contact_esc="$(escape_sed_repl "$contact")"
+date_esc="$(escape_sed_repl "$date_str")"
+
+sed \
+  -e "s|@BUNDLE_ID@|${bundle_id_esc}|g" \
+  -e "s|@VERSION@|${version_esc}|g" \
+  -e "s|@DEVELOPER@|${developer_esc}|g" \
+  -e "s|@CONTACT@|${contact_esc}|g" \
+  -e "s|@DATE@|${date_esc}|g" \
+  "$template" > "$filled"
+
+rm -f "$pdf" >/dev/null 2>&1 || true
+
+# textutil does not support direct PDF output on modern macOS; convert to HTML first, then print-to-PDF via cupsfilter.
+tmp_html="${script_dir}/EXPORT_COMPLIANCE.tmp.html"
+rm -f "$tmp_html" >/dev/null 2>&1 || true
+/usr/bin/textutil -convert html "$filled" -output "$tmp_html" >/dev/null
+
+# Convert HTML to PDF. cupsfilter writes to stdout by default.
+/usr/sbin/cupsfilter -i text/html -m application/pdf "$tmp_html" > "$pdf"
+rm -f "$tmp_html" >/dev/null 2>&1 || true
+
+echo "Wrote:"
+echo "  $filled"
+echo "  $pdf"
+