strawberry/build_tools

Build helper scripts

This build_tools/ directory contains helper scripts and notes for building Strawberry.

• It is not intended to be your CMake build output directory.
• Recommended CMake build output directories: cmake-build/, build-release/, etc.

macOS

• Install dependencies via Homebrew:

./build_tools/macos/install_brew_deps.sh

• Build Strawberry:

./build_tools/macos/build_app.sh --release
open ./cmake-build-macos-release/strawberry.app

macOS signing + notarization (Developer ID distribution)

This repo includes build_tools/macos/build_sign_notarize.sh to automate:

• build → (optional deploy) → codesign → notarize → staple → verify

One-time setup (Apple Developer)

• Install certificates:

  • In the Apple Developer portal, create (or download) a Developer ID Application certificate.
  • Install it into your login keychain (Xcode can manage this via Xcode → Settings → Accounts).

• Provisioning profiles:

  • For Developer ID distribution (outside the Mac App Store), you typically do not need a provisioning profile.
  • You do need profiles if you are building a Mac App Store-signed app (not what this repo’s scripts target).

• Notarization credentials:

  • Create a notarytool keychain profile (recommended) so you don’t have to pass secrets on the command line:

# NOTE: <profile-name> is a positional argument (not a flag).
# Pick any name you want, e.g. "strawberry-notary".
xcrun notarytool store-credentials "<profile-name>" \
  --apple-id "<your-apple-id>" \
  --team-id "<TEAMID>" \
  --password "<app-specific-password>"

Listing what’s installed locally

Run with no args to list local signing identities + notarytool profiles:

./build_tools/macos/build_sign_notarize.sh

Build + sign + notarize

./build_tools/macos/build_sign_notarize.sh --run --release --clean --deploy \
  --identity "Developer ID Application: Your Name (TEAMID)" \
  --notary-profile "<profile-name>"

Build + sign + notarize + DMG (recommended for public distribution)

This produces:

• a notarized strawberry.app (stapled)
• a notarized strawberry-notarize.zip (useful for Sparkle / downloads)
• a notarized strawberry-*.dmg (stapled)

./build_tools/macos/build_sign_notarize.sh --run --release --clean --deploy --dmg \
  --identity "Developer ID Application: Your Name (TEAMID)" \
  --notary-profile "<profile-name>"

macOS Mac App Store (MAS) build + signed PKG

This repo includes build_tools/macos/build_mas_pkg.sh to automate:

• build (MAS mode) → deploy (bundle deps) → embed provisioning profile → codesign → productbuild a signed .pkg

Requirements (Apple Developer)

• An App Store Connect app record with bundle id com.dryark.strawberry (or your own).
• A Mac App Store provisioning profile for that App ID.
• Signing identities installed in your Keychain:
  • Apple Distribution (for the .app)
  • 3rd Party Mac Developer Installer (for the .pkg)

Tip: list what you have installed:

security find-identity -p codesigning -v
security find-identity -p basic -v
ls -la "$HOME/Library/MobileDevice/Provisioning Profiles" | head -n 50

Manual setup guide (certificates, Keychain Access, profiles)

See: build_tools/macos/README_MAS.md

Build the signed upload PKG

./build_tools/macos/build_mas_pkg.sh --run --release --clean \
  --codesign-identity "Apple Distribution: Your Name (TEAMID)" \
  --installer-identity "3rd Party Mac Developer Installer: Your Name (TEAMID)" \
  --provisionprofile "$HOME/Library/MobileDevice/Provisioning Profiles/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.provisionprofile"

Output:

• cmake-build-macos-release-mas/strawberry.app
• cmake-build-macos-release-mas/strawberry-mas.pkg

Upload + submit for review

• Upload the .pkg using Apple’s Transporter app (App Store Connect), or with iTMSTransporter.
• In App Store Connect, wait for processing, select the build, then Submit for Review.