diff --git a/applepy.spec b/applepy.spec index 8f433cd..bac55a8 100644 --- a/applepy.spec +++ b/applepy.spec @@ -1,5 +1,5 @@ # PyInstaller spec: `pip install -e ".[bundle]"` then `pyinstaller applepy.spec` -# Produces dist/applepy (one-folder) with bundled applepy data (JSON, optional compliance trees). +# Produces dist/applepy (single self-contained binary) with bundled applepy data (JSON, optional compliance trees). # Run scripts/vendor_compliance_assets.sh before building to embed mSCP + Lynis (not in git). from pathlib import Path @@ -11,12 +11,7 @@ _SPEC_DIR = Path(SPECPATH) def _mscp_data_files_excluding_generated(mscp: Path) -> list[tuple[str, str]]: - """ - Per-file datas for mSCP: omit ``build/`` (output from generate_guidance on the host) and ``.git``. - - Shipping ``build/`` bloats the bundle and, after ``sudo dist/.../applepy``, can leave root-owned - trees that break the next PyInstaller clean of ``dist/applepy``. - """ + """Per-file datas for mSCP: omit ``build/`` (generate_guidance output) and ``.git``.""" prefix = Path("applepy/data/macos_security") out: list[tuple[str, str]] = [] for p in mscp.rglob("*"): @@ -97,8 +92,10 @@ pyz = PYZ(a.pure) exe = EXE( pyz, a.scripts, + a.binaries, + a.datas, [], - exclude_binaries=True, + exclude_binaries=False, name="applepy", debug=False, bootloader_ignore_signals=False, @@ -111,11 +108,3 @@ exe = EXE( codesign_identity=None, entitlements_file=None, ) -coll = COLLECT( - exe, - a.binaries, - a.datas, - strip=False, - upx=False, - name="applepy", -) diff --git a/scripts/build_bundle.sh b/scripts/build_bundle.sh index ea7a9b8..61327d4 100755 --- a/scripts/build_bundle.sh +++ b/scripts/build_bundle.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -# Build one-folder PyInstaller distribution (see applepy.spec). Requires: pip install -e ".[bundle]" +# Build single-file PyInstaller binary (see applepy.spec). Requires: pip install -e ".[bundle]" # By default fetches NIST macos_security + Lynis into applepy/data/ (git + network). Offline: # SKIP_VENDOR_COMPLIANCE=1 ./scripts/build_bundle.sh set -euo pipefail @@ -17,15 +17,8 @@ fi python -m pip install -q -e ".[bundle]" DIST_OUT="${ROOT}/dist/applepy" if [[ -e "${DIST_OUT}" ]]; then - echo "Removing previous bundle: ${DIST_OUT}" - if ! rm -rf "${DIST_OUT}"; then - echo "ERROR: Could not remove ${DIST_OUT}." >&2 - echo "This usually means root-owned files under .../macos_security/build from a prior sudo run of the bundle." >&2 - echo "Fix: sudo rm -rf \"${DIST_OUT}\"" >&2 - echo "Then re-run this script. The spec omits mSCP build/ from the bundle to avoid shipping host output." >&2 - exit 1 - fi + echo "Removing previous binary: ${DIST_OUT}" + rm -rf "${DIST_OUT}" fi -python -m PyInstaller --noconfirm "${ROOT}/applepy.spec" -echo "Output: ${ROOT}/dist/applepy/ → run: dist/applepy/applepy --help" -echo "Note: build/applepy/ is PyInstaller’s work dir only (no _internal/). Do not run that copy." +python -m PyInstaller --noconfirm --clean "${ROOT}/applepy.spec" +echo "Output: ${ROOT}/dist/applepy → run: dist/applepy --help"