Build system for macOS CRAN binaries
====================================

The scripts in this directory are used to build, test and package R
for macOS and its dependencies for release on CRAN from R 4.0.0
onwards.

Almost all scripts require the environment variable BASE to be set to
the root of this distributon, i.e. the directory containing this
README file. It defaults to /Volumes/Builds/R4 if not set which is the
CRAN build setup: use a dedicated volume "Builds" and then

svn co https://svn.r-project.org/R-dev-web/trunk/QA/Simon/R4 \
  /Volumes/Builds/R4


Individual steps:

build <dir>
 - builds R from sources in <dir>:
   configure + make + make check
 - make install (framework)
 - copy dependned libraries into $R_HOME/libs
   (as of 2020/03 GNU Fortran run-time)
 - patch up paths to dependent libraries
 - create resulting tar ball in
     $BASE/deploy/<osname>/<dir>/<arch>/<dir>.tar.gz


packaging/build.sh
 - takes tar balls of R GUI and R framework
 - calls codesign on all binary objects
 - generates (signed) installer packages for R (R-fw.pkg) and
   the GUI (R-app.pkg)
 - combines auxiliary packages (tcktk.pkg and texinfo.pkg) with the
   above packages into one, signed R release package (<dir>.pkg)
   which is also copied into
     $BASE/deploy/<osname>/<dir>/<dir>.pkg

  It requires valid developer identities:
  'Developer ID Installer' and 'Developer ID Application'
  for signing, so any necessary keychains must be unlocked prior to
  calling this script, or, alternatively, a script $BASE/unlock-sign
  must exist which will perfrom the unlocking. We do not supply such
  script but it can be something like `security unlock-keychain ...`.

  Auxiliary packages (tcktk.pkg and texinfo.pkg) are expected to exist
  already. If not, they can be created via packaging/pkgaux.sh - see
  that script for details.


nightly [cron]
 This is the script called by cron to perfrom all necessary steps. It
 expects an environment variable RDIRS to list the directories to
 process, or (if not set) reads $BASE/builds file to list those. For
 each such directory it perfroms the following:

 - if rebuild=yes (default):
   - if .svn exists in the directory and svn_update=yes (default)
     runs `svn up` in the directory and `tools/rsync-recommended`
   - calls `build <dir>`
 - verifies that $BASE/deploy/<oscode>/<dir>/<arch>/<dir>.tar.gz
   matches the installed framework /Library/Frameworks/R.framework
 - if svn_update=yes runs `svn up` in $BASE/Mac-GUI
 - builds R.app GUI for configurations Release and Debug
 - calls `$BASE/packaging/build.sh <dir>` (see above)
 - if called as "nightly cron" uses rsync to synchronized with
   the master macOS CRAN server


Notarization

Apple now requires notarization of binaries. Currently, we do not
include this in the build process, but the package built by the above
process has been tested to be compatible with the notarization
process. In particular the packaging step makes sure all binaries use
hardened run-time and are signed. Just for reference, we perform the
notarizaton as follows:

xcrun altool --notarize-app --primary-bundle-id org.R-project.R.pkg \
 --username <apple-id> --password <altool-app-pwd>  \
 --asc-provider <asc> -f <dir>.pkg

If you wish to perform notarization yourself, please change the
primary bundle ID to something unique to you, it is not related to the
IDs used in the package.


===
R for macOS build system
(C)2020 The R Core Team; License: GPL-2 or GPL-3
https://svn.r-project.org/R-dev-web/trunk/QA/Simon/R4

Author: Simon Urbanek <simon.urbanek@R-project.org>
last update: 2020/03/30