Add manifest support

.github/workflows/patch.yml

@@ -6,6 +6,8 @@ on:
   push:
     branches:
       - main
+    branches-ignore:
+      - gh-pages
 
 concurrency:
   cancel-in-progress: true
@@ -16,6 +18,15 @@ jobs:
     name: CI - Patch latest Sequoia metallib's
     runs-on: macos-latest
 
+    env:
+      # PKG Signing
+      ORG_MAC_DEVELOPER_ID_INSTALLER_IDENTITY: ${{ secrets.ORG_MAC_DEVELOPER_ID_INSTALLER_IDENTITY }}
+
+      # Notarization
+      ORG_MAC_NOTARIZATION_TEAM_ID: ${{ secrets.ORG_MAC_NOTARIZATION_TEAM_ID }}
+      ORG_MAC_NOTARIZATION_APPLE_ID: ${{ secrets.ORG_MAC_NOTARIZATION_APPLE_ID }}
+      ORG_MAC_NOTARIZATION_PASSWORD: ${{ secrets.ORG_MAC_NOTARIZATION_PASSWORD }}
+
     steps:
       - uses: actions/checkout@v4
 
@@ -51,7 +62,11 @@ jobs:
 
       - name: Build Package
         if: steps.fetch.outputs.BACKUP_FOLDER != ''
-        run: python3 metallib.py --build-pkg ${{ steps.fetch.outputs.BACKUP_FOLDER }}
+        run: python3 metallib.py --build-pkg ${{ steps.fetch.outputs.BACKUP_FOLDER }} --pkg-signing-identity $ORG_MAC_DEVELOPER_ID_INSTALLER_IDENTITY --notarization-team-id $ORG_MAC_NOTARIZATION_TEAM_ID --notarization-apple-id $ORG_MAC_NOTARIZATION_APPLE_ID --notarization-password $ORG_MAC_NOTARIZATION_PASSWORD
+
+      - name: Sync manifest.json
+        if: steps.fetch.outputs.BACKUP_FOLDER != ''
+        run: python3 metallib.py --sync-manifest ${{ steps.fetch.outputs.BACKUP_FOLDER }}
 
       - name: Upload metal libraries to Artifactions
         if: steps.fetch.outputs.BACKUP_FOLDER != ''
@@ -67,6 +82,15 @@ jobs:
           name: sys_patch_dict.py
           path: sys_patch_dict.py
 
+      - name: Sync GitHub Pages
+        if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && steps.fetch.outputs.BACKUP_FOLDER != '' }}
+        uses: JamesIves/github-pages-deploy-action@3.7.1
+        with:
+          ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+          BRANCH: gh-pages
+          FOLDER: deploy/
+          CLEAN: true
+
       - name: Create GitHub release
         if: steps.fetch.outputs.BACKUP_FOLDER != ''
         uses: softprops/action-gh-release@v1

.gitignore

@@ -4,4 +4,5 @@
 /sys_patch_dict.py
 *.dmg
 *.pkg
-/15*
+/15*
+/deploy

metal_libraries/cli.py

@@ -4,6 +4,7 @@
 
 import argparse
 import macos_pkg_builder
+import mac_signing_buddy
 
 from pathlib import Path
 
@@ -82,7 +83,7 @@ def patch(input: str = "/", multiprocessing: bool = False) -> None:
         MetallibPatch().patch(input, input)
 
 
-def build_pkg(input: str) -> None:
+def build_pkg(input: str, pkg_signing_identity: str = None, notarization_team_id: str = None, notarization_apple_id: str = None, notarization_password: str = None) -> None:
     """
     Builds a macOS package from a given directory
     """
@@ -96,8 +97,24 @@ def build_pkg(input: str) -> None:
         },
         pkg_welcome=f"# MetallibSupportPkg\n\nThis package installs patched Metal Libraries for usage with OpenCore Legacy Patcher specifically targeting Macs with Metal 3802-based Graphics cards on macOS 15, Sequoia and newer.\n\nAffected graphics card models:\n\n* Intel Ivy Bridge and Haswell iGPUs\n* Nvidia Kepler dGPUs\n\n----------\nInstall destination:\n\n* `/Library/Application Support/Dortania/MetallibSupportPkg/{Path(input).name}`\n\n----------\n\nFor more information, see the [MetallibSupportPkg repository]({__url__}).",
         pkg_title=f"MetallibSupportPkg for {name}",
-        pkg_as_distribution=True
+        pkg_as_distribution=True,
+        **({"pkg_signing_identity": pkg_signing_identity} if pkg_signing_identity else {}),
     ).build() is True
+
+    if all([notarization_team_id, notarization_apple_id, notarization_password]):
+        mac_signing_buddy.Sign(
+            f"MetallibSupportPkg-{name}.pkg",
+            notarization_team_id,
+            notarization_apple_id,
+            notarization_password
+        ).sign()
+        mac_signing_buddy.Notarize(
+            f"MetallibSupportPkg-{name}.pkg",
+            notarization_team_id,
+            notarization_apple_id,
+            notarization_password
+        ).sign()
+
     print(f"MetallibSupportPkg-{name}.pkg")
 
 
@@ -122,6 +139,10 @@ def main() -> None:
     parser.add_argument("-m", "--multiprocessing",        action="store_true", help="Enable multiprocessing for patching.")
     parser.add_argument("-b", "--build-sys-patch",        type=str,            help="Build a system patch dictionary.")
     parser.add_argument("-z", "--build-pkg",              type=str,            help="Build a macOS package.")
+    parser.add_argument("--pkg-signing-identity",         type=str,            help="macOS package signing identity.")
+    parser.add_argument("--notarization-team-id",         type=str,            help="Apple Notarization Team ID.")
+    parser.add_argument("--notarization-apple-id",        type=str,            help="Apple Notarization Apple ID.")
+    parser.add_argument("--notarization-password",        type=str,            help="Apple Notarization Password.")
     parser.add_argument("-c", "--continuous-integration", action="store_true", help="Run in continuous integration mode.")
 
     args = parser.parse_args()
@@ -137,6 +158,6 @@ def main() -> None:
     elif args.build_sys_patch:
         build_sys_patch(args.build_sys_patch, args.continuous_integration)
     elif args.build_pkg:
-        build_pkg(args.build_pkg)
+        build_pkg(args.build_pkg, args.pkg_signing_identity, args.notarization_team_id, args.notarization_apple_id, args.notarization_password)
     else:
         parser.print_help()

metal_libraries/ipsw/fetch.py

@@ -4,6 +4,8 @@
 
 import packaging.version
 
+from .manifest import MetallibSupportPkgManifest
+
 from ..network import NetworkUtilities
 
 
@@ -109,4 +111,5 @@ def fetch(self) -> dict:
         result = self._fetch_apple_db_items()
         if len(result) == 0:
             return {}
+        MetallibSupportPkgManifest(result[0]).update_manifest()
         return result[0]["URL"]

metal_libraries/ipsw/manifest.py

@@ -0,0 +1,84 @@
+"""
+manifest.py: Generate manifest.json for MetallibSupportPkg API
+"""
+
+import json
+
+from pathlib  import Path
+from datetime import datetime
+
+from ..network import NetworkUtilities
+
+
+METALLIB_API_LINK = "https://dortania.github.io/MetallibSupportPkg/manifest.json"
+
+
+class MetallibSupportPkgManifest:
+
+    def __init__(self, latest_ipsw: dict) -> None:
+        """
+        latest_ipsw: dict
+
+        {
+            "Name": "macOS Sequoia",
+            "Version": "15.0 beta 7",
+            "Build": "24A5327a",
+            "URL": "https://updates.cdn-apple.com/2024SummerSeed/fullrestores/062-64520/F98C92F6-656A-46BB-A1DB-F447698DBB72/UniversalMac_15.0_24A5327a_Restore.ipsw",
+            "Variant": "Beta",
+            "Date": "2024-08-20",
+            "Hash": "6402881ec02bee6a7340237517c0872739b42820"
+        }
+        """
+        self._latest_ipsw = latest_ipsw
+
+
+    def _generate_item_manifest(self) -> dict:
+        """
+        Generate manifest.json for MetallibSupportPkg API
+        """
+        version = self._latest_ipsw["Version"]
+        if " " in version:
+            version = version.split(" ")[0]
+        manifest = {
+            "build":     self._latest_ipsw["Build"],
+            "date":      self._latest_ipsw['Date'],
+            "sha1sum":   self._latest_ipsw["Hash"],
+            "name":      f"MetallibSupportPkg {self._latest_ipsw['Version']} build {self._latest_ipsw['Build']}",
+            "seen":      datetime.now().strftime("%Y-%m-%d"),
+            "url":       f"https://github.com/dortania/MetallibSupportPkg/releases/download/{version}-{self._latest_ipsw['Build']}/MetallibSupportPkg-{version}-{self._latest_ipsw['Build']}.pkg",
+        }
+
+        return manifest
+
+
+    def update_manifest(self) -> None:
+        """
+        Update manifest.json for MetallibSupportPkg API
+        """
+        data = self._generate_item_manifest()
+
+        # Fetch current manifest
+        try:
+            current_manifest = NetworkUtilities().get(METALLIB_API_LINK).json()
+        except:
+            current_manifest = []
+
+        # Check if empty
+        if not current_manifest:
+            current_manifest = []
+
+        # Check if item already exists
+        for item in current_manifest:
+            if item["build"] == data["build"]:
+                return
+
+        # Add new item
+        current_manifest.append(data)
+
+        # Create deploy directory
+        Path("deploy").mkdir(exist_ok=True)
+
+        # Write manifest
+        with open("deploy/manifest.json", "w") as f:
+            json.dump(current_manifest, f, indent=4)
+