fix(bundler): enhance DMG creation script (#11287)

.changes/enhance-dmg-bundle.md

@@ -0,0 +1,5 @@
+---
+"tauri-bundler": patch:enhance
+---
+
+Pull upstream changes for the DMG creation script.

crates/tauri-bundler/src/bundle/macos/dmg/bundle_dmg

@@ -4,70 +4,22 @@
 # SPDX-License-Identifier: MIT
 
 # Create a read-only disk image of the contents of a folder
-# forked from https://github.com/andreyvit/create-dmg
+# forked from https://github.com/create-dmg/create-dmg
 
 # Bail out on any unhandled errors
-set -ex;
+set -e;
+# Any command that exits with non-zero code will cause the pipeline to fail
+set -o pipefail;
 
-function pure_version() {
-	echo '1.0.0.6'
-}
-
-function version() {
-	echo "create-dmg $(pure_version)"
-}
+CDMG_VERSION='1.2.1'
 
-function usage() {
-	version
-	echo "Creates a fancy DMG file."
-	echo "Usage:  $(basename "$0") [options] <output_name.dmg> <source_folder>"
-	echo "All contents of <source_folder> will be copied into the disk image."
-	echo "Options:"
-	echo "  --volname name"
-	echo "      set volume name (displayed in the Finder sidebar and window title)"
-	echo "  --volicon icon.icns"
-	echo "      set volume icon"
-	echo "  --background pic.png"
-	echo "      set folder background image (provide png, gif, jpg)"
-	echo "  --window-pos x y"
-	echo "      set position the folder window"
-	echo "  --window-size width height"
-	echo "      set size of the folder window"
-	echo "  --text-size text_size"
-	echo "      set window text size (10-16)"
-	echo "  --icon-size icon_size"
-	echo "      set window icons size (up to 128)"
-	echo "  --icon file_name x y"
-	echo "      set position of the file's icon"
-	echo "  --hide-extension file_name"
-	echo "      hide the extension of file"
-	echo "  --app-drop-link x y"
-	echo "      make a drop link to Applications, at location x,y"
-	echo "  --ql-drop-link x y"
-	echo "      make a drop link to user QuickLook install dir, at location x,y"
-	echo "  --eula eula_file"
-	echo "      attach a license file to the dmg"
-	echo "  --no-internet-enable"
-	echo "      disable automatic mount&copy"
-	echo "  --format"
-	echo "      specify the final image format (default is UDZO)"
-	echo "  --add-file target_name file|folder x y"
-	echo "      add additional file or folder (can be used multiple times)"
-	echo "  --disk-image-size x"
-	echo "      set the disk image size manually to x MB"
-	echo "  --hdiutil-verbose"
-	echo "      execute hdiutil in verbose mode"
-	echo "  --hdiutil-quiet"
-	echo "      execute hdiutil in quiet mode"
-	echo "  --bless"
-  echo "      bless the mount folder (deprecated, needs macOS 12.2.1 or older)"
-	echo "  --sandbox-safe"
-	echo "      execute hdiutil with sandbox compatibility, do not bless and do not execute the cosmetic AppleScript"
-	echo "  --version         show tool version number"
-	echo "  -h, --help        display this help"
-	exit 0
-}
+# The full path to the "support/" directory this script is using
+# (This will be set up by code later in the script.)
+CDMG_SUPPORT_DIR=""
 
+OS_FULL_VERSION="$(sw_vers | sed -n 2p | cut -d : -f 2 | tr -d '[:space:]' | cut -c1-)"
+OS_MAJOR_VERSION="$(echo $OS_FULL_VERSION | cut -d . -f 1)"
+OS_MINOR_VERSION="$(echo $OS_FULL_VERSION | cut -d . -f 2)"
 WINX=10
 WINY=60
 WINW=500
@@ -75,6 +27,7 @@ WINH=350
 ICON_SIZE=128
 TEXT_SIZE=16
 FORMAT="UDZO"
+FILESYSTEM="HFS+"
 ADD_FILE_SOURCES=()
 ADD_FILE_TARGETS=()
 IMAGEKEY=""
@@ -83,116 +36,259 @@ SANDBOX_SAFE=0
 BLESS=0
 SKIP_JENKINS=0
 MAXIMUM_UNMOUNTING_ATTEMPTS=3
-POSITION_CLAUSE=""
-HIDING_CLAUSE=""
+SIGNATURE=""
+NOTARIZE=""
+
+function pure_version() {
+	echo "$CDMG_VERSION"
+}
+
+function hdiutil_detach_retry() {
+	# Unmount
+	unmounting_attempts=0
+	until
+		echo "Unmounting disk image..."
+		(( unmounting_attempts++ ))
+		hdiutil detach "$1"
+		exit_code=$?
+		(( exit_code ==  0 )) && break            # nothing goes wrong
+		(( exit_code != 16 )) && exit $exit_code  # exit with the original exit code
+		# The above statement returns 1 if test failed (exit_code == 16).
+		#   It can make the code in the {do... done} block to be executed
+	do
+		(( unmounting_attempts == MAXIMUM_UNMOUNTING_ATTEMPTS )) && exit 16  # patience exhausted, exit with code EBUSY
+		echo "Wait a moment..."
+		sleep $(( 1 * (2 ** unmounting_attempts) ))
+	done
+	unset unmounting_attempts
+}
+
+function version() {
+	echo "create-dmg $(pure_version)"
+}
+
+function usage() {
+	version
+	cat <<EOHELP
+
+Creates a fancy DMG file.
+
+Usage:  $(basename $0) [options] <output_name.dmg> <source_folder>
+
+All contents of <source_folder> will be copied into the disk image.
+
+Options:
+  --volname <name>
+      set volume name (displayed in the Finder sidebar and window title)
+  --volicon <icon.icns>
+      set volume icon
+  --background <pic.png>
+      set folder background image (provide png, gif, or jpg)
+  --window-pos <x> <y>
+      set position the folder window
+  --window-size <width> <height>
+      set size of the folder window
+  --text-size <text_size>
+      set window text size (10-16)
+  --icon-size <icon_size>
+      set window icons size (up to 128)
+  --icon file_name <x> <y>
+      set position of the file's icon
+  --hide-extension <file_name>
+      hide the extension of file
+  --app-drop-link <x> <y>
+      make a drop link to Applications, at location x,y
+  --ql-drop-link <x> <y>
+      make a drop link to user QuickLook install dir, at location x,y
+  --eula <eula_file>
+      attach a license file to the dmg (plain text or RTF)
+  --no-internet-enable
+      disable automatic mount & copy
+  --format <format>
+      specify the final disk image format (UDZO|UDBZ|ULFO|ULMO) (default is UDZO)
+  --filesystem <filesystem>
+      specify the disk image filesystem (HFS+|APFS) (default is HFS+, APFS supports macOS 10.13 or newer)
+  --encrypt
+      enable encryption for the resulting disk image (AES-256 - you will be prompted for password)
+  --encrypt-aes128
+      enable encryption for the resulting disk image (AES-128 - you will be prompted for password)
+  --add-file <target_name> <file>|<folder> <x> <y>
+      add additional file or folder (can be used multiple times)
+  --disk-image-size <x>
+      set the disk image size manually to x MB
+  --hdiutil-verbose
+      execute hdiutil in verbose mode
+  --hdiutil-quiet
+      execute hdiutil in quiet mode
+  --bless
+      bless the mount folder (deprecated, needs macOS 12.2.1 or older)
+  --codesign <signature>
+      codesign the disk image with the specified signature
+  --notarize <credentials>
+      notarize the disk image (waits and staples) with the keychain stored credentials
+  --sandbox-safe
+      execute hdiutil with sandbox compatibility and do not bless (not supported for APFS disk images)
+  --skip-jenkins
+      skip Finder-prettifying AppleScript, useful in Sandbox and non-GUI environments
+  --version
+	    show create-dmg version number
+  -h, --help
+	    display this help screen
+
+EOHELP
+	exit 0
+}
+
+# factors can cause interstitial disk images to contain more than a single
+# partition - expand the hunt for the temporary disk image by checking for
+# the path of the volume, versus assuming its the first result (as in pr/152).
+function find_mount_dir() {
+	local dev_name="${1}"
+
+	>&2 echo "Searching for mounted interstitial disk image using ${dev_name}... "
+	# enumerate up to 9 partitions
+	for i in {1..9}; do
+		# attempt to find the partition
+		local found_dir
+		found_dir=$(hdiutil info | grep -E --color=never "${dev_name}" | head -${i} | awk '{print $3}' | xargs)
+		if [[ -n "${found_dir}" ]]; then
+				echo "${found_dir}"
+				return 0
+		fi
+	done
+}
+
+# Argument parsing
 
 while [[ "${1:0:1}" = "-" ]]; do
 	case $1 in
-	--volname)
-		VOLUME_NAME="$2"
-		shift; shift;;
-	--volicon)
-		VOLUME_ICON_FILE="$2"
-		shift; shift;;
-	--background)
-		BACKGROUND_FILE="$2"
-		BACKGROUND_FILE_NAME="$(basename "$BACKGROUND_FILE")"
-		BACKGROUND_CLAUSE="set background picture of opts to file \".background:$BACKGROUND_FILE_NAME\""
-		REPOSITION_HIDDEN_FILES_CLAUSE="set position of every item to {theBottomRightX + 100, 100}"
-		shift; shift;;
-	--icon-size)
-		ICON_SIZE="$2"
-		shift; shift;;
-	--text-size)
-		TEXT_SIZE="$2"
-		shift; shift;;
-	--window-pos)
-		WINX=$2; WINY=$3
-		shift; shift; shift;;
-	--window-size)
-		WINW=$2; WINH=$3
-		shift; shift; shift;;
-	--icon)
-		POSITION_CLAUSE="${POSITION_CLAUSE}set position of item \"$2\" to {$3, $4}
-		"
-		shift; shift; shift; shift;;
-	--hide-extension)
-		HIDING_CLAUSE="${HIDING_CLAUSE}set the extension hidden of item \"$2\" to true
-		"
-		shift; shift;;
-	-h | --help)
-		usage;;
-	--version)
-		version; exit 0;;
-	--pure-version)
-		pure_version; exit 0;;
-	--ql-drop-link)
-		QL_LINK=$2
-		QL_CLAUSE="set position of item \"QuickLook\" to {$2, $3}
-		"
-		shift; shift; shift;;
-	--app-drop-link)
-		APPLICATION_LINK=$2
-		APPLICATION_CLAUSE="set position of item \"Applications\" to {$2, $3}
-		"
-		shift; shift; shift;;
-	--eula)
-		EULA_RSRC=$2
-		shift; shift;;
-	--no-internet-enable)
-		NOINTERNET=1
-		shift;;
-	--format)
-		FORMAT="$2"
-		shift; shift;;
-	--add-file | --add-folder)
-		ADD_FILE_TARGETS+=("$2")
-		ADD_FILE_SOURCES+=("$3")
-		POSITION_CLAUSE="${POSITION_CLAUSE}
-		set position of item \"$2\" to {$4, $5}
-		"
-		shift; shift; shift; shift; shift;;
-	--disk-image-size)
-		DISK_IMAGE_SIZE="$2"
-		shift; shift;;
-	--hdiutil-verbose)
-		HDIUTIL_VERBOSITY='-verbose'
-		shift;;
-	--hdiutil-quiet)
-		HDIUTIL_VERBOSITY='-quiet'
-		shift;;
-	--sandbox-safe)
-		SANDBOX_SAFE=1
-		shift;;
-	--bless)
-		BLESS=1
-		shift;;
-	--skip-jenkins)
-		SKIP_JENKINS=1
-		shift;;
-	-*)
-		echo "Unknown option: $1. Run with --help for help."
-		exit 1;;
+		--volname)
+			VOLUME_NAME="$2"
+			shift; shift;;
+		--volicon)
+			VOLUME_ICON_FILE="$2"
+			shift; shift;;
+		--background)
+			BACKGROUND_FILE="$2"
+			BACKGROUND_FILE_NAME="$(basename "$BACKGROUND_FILE")"
+			BACKGROUND_CLAUSE="set background picture of opts to file \".background:$BACKGROUND_FILE_NAME\""
+			REPOSITION_HIDDEN_FILES_CLAUSE="set position of every item to {theBottomRightX + 100, 100}"
+			shift; shift;;
+		--icon-size)
+			ICON_SIZE="$2"
+			shift; shift;;
+		--text-size)
+			TEXT_SIZE="$2"
+			shift; shift;;
+		--window-pos)
+			WINX=$2; WINY=$3
+			shift; shift; shift;;
+		--window-size)
+			WINW=$2; WINH=$3
+			shift; shift; shift;;
+		--icon)
+			POSITION_CLAUSE="${POSITION_CLAUSE}set position of item \"$2\" to {$3, $4}
+			"
+			shift; shift; shift; shift;;
+		--hide-extension)
+			HIDING_CLAUSE="${HIDING_CLAUSE}set the extension hidden of item \"$2\" to true
+			"
+			shift; shift;;
+		-h | --help)
+			usage;;
+		--version)
+			version; exit 0;;
+		--pure-version)
+			pure_version; exit 0;;
+		--ql-drop-link)
+			QL_LINK=$2
+			QL_CLAUSE="set position of item \"QuickLook\" to {$2, $3}
+			"
+			shift; shift; shift;;
+		--app-drop-link)
+			APPLICATION_LINK=$2
+			APPLICATION_CLAUSE="set position of item \"Applications\" to {$2, $3}
+			"
+			shift; shift; shift;;
+		--eula)
+			EULA_RSRC=$2
+			shift; shift;;
+		--no-internet-enable)
+			NOINTERNET=1
+			shift;;
+		--format)
+			FORMAT="$2"
+			shift; shift;;
+		--filesystem)
+			FILESYSTEM="$2"
+			shift; shift;;
+		--encrypt)
+			ENABLE_ENCRYPTION=1
+			AESBITS=256
+			shift;;
+		--encrypt-aes128)
+			ENABLE_ENCRYPTION=1
+			AESBITS=128
+			shift;;
+		--add-file | --add-folder)
+			ADD_FILE_TARGETS+=("$2")
+			ADD_FILE_SOURCES+=("$3")
+			POSITION_CLAUSE="${POSITION_CLAUSE}
+			set position of item \"$2\" to {$4, $5}
+			"
+			shift; shift; shift; shift; shift;;
+		--disk-image-size)
+			DISK_IMAGE_SIZE="$2"
+			shift; shift;;
+		--hdiutil-verbose)
+			HDIUTIL_VERBOSITY='-verbose'
+			shift;;
+		--hdiutil-quiet)
+			HDIUTIL_VERBOSITY='-quiet'
+			shift;;
+		--codesign)
+			SIGNATURE="$2"
+			shift; shift;;
+		--notarize)
+			NOTARIZE="$2"
+			shift; shift;;
+		--sandbox-safe)
+			SANDBOX_SAFE=1
+			shift;;
+		--bless)
+			BLESS=1
+			shift;;
+		--rez)
+			echo "REZ is no more directly used. You can remove the --rez argument."
+			shift; shift;;
+		--skip-jenkins)
+			SKIP_JENKINS=1
+			shift;;
+		-*)
+			echo "Unknown option: $1. Run 'create-dmg --help' for help."
+			exit 1;;
 	esac
 	case $FORMAT in
-	UDZO)
-		IMAGEKEY="-imagekey zlib-level=9";;
-	UDBZ)
-		IMAGEKEY="-imagekey bzip2-level=9";;
+		UDZO)
+			IMAGEKEY="-imagekey zlib-level=9";;
+		UDBZ)
+			IMAGEKEY="-imagekey bzip2-level=9";;
+		ULFO)
+			;;
+		ULMO)
+			;;
+		*)
+			echo >&2 "Unknown disk image format: $FORMAT"
+			exit 1;;
 	esac
 done
 
 if [[ -z "$2" ]]; then
-	echo "Not enough arguments. Invoke with --help for help."
+	echo "Not enough arguments. Run 'create-dmg --help' for help."
 	exit 1
 fi
 
-SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 DMG_PATH="$1"
-DMG_DIRNAME="$(dirname "$DMG_PATH")"
-DMG_DIR="$(cd "$DMG_DIRNAME" > /dev/null; pwd)"
-DMG_NAME="$(basename "$DMG_PATH")"
-DMG_TEMP_NAME="$DMG_DIR/rw.${DMG_NAME}"
 SRC_FOLDER="$(cd "$2" > /dev/null; pwd)"
 
 # Argument validation checks
@@ -202,24 +298,48 @@ if [[ "${DMG_PATH: -4}" != ".dmg" ]]; then
 	exit 1
 fi
 
-if [[ -z "$VOLUME_NAME" ]]; then
-	VOLUME_NAME="$(basename "$DMG_PATH" .dmg)"
+if [[ "${FILESYSTEM}" != "HFS+" ]] && [[ "${FILESYSTEM}" != "APFS" ]]; then
+	echo "Unknown disk image filesystem: ${FILESYSTEM}. Run 'create-dmg --help' for help."
+	exit 1
 fi
 
-# brew formula will set this as 1 and embed the support scripts
-BREW_INSTALL=0
+if [[ "${FILESYSTEM}" == "APFS" ]] && [[ ${SANDBOX_SAFE} -eq 1 ]]; then
+	echo "Creating an APFS disk image that is sandbox safe is not supported."
+	exit 1
+fi
 
-AUX_PATH="$SCRIPT_DIR/support"
+# Main script logic
 
-if [ $BREW_INSTALL -eq 0 ]; then
-	test -d "$AUX_PATH" || {
-		echo "Cannot find support directory: $AUX_PATH"
-		exit 1
-	}
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+DMG_DIRNAME="$(dirname "$DMG_PATH")"
+DMG_DIR="$(cd "$DMG_DIRNAME" > /dev/null; pwd)"
+DMG_NAME="$(basename "$DMG_PATH")"
+DMG_TEMP_NAME="$DMG_DIR/rw.$$.${DMG_NAME}"
+
+# Detect where we're running from
+
+sentinel_file="$SCRIPT_DIR/.this-is-the-create-dmg-repo"
+if [[ -f "$sentinel_file" ]]; then
+	# We're running from inside a repo
+	CDMG_SUPPORT_DIR="$SCRIPT_DIR/support"
+else
+	# We're running inside an installed location
+	bin_dir="$SCRIPT_DIR"
+	prefix_dir=$(dirname "$bin_dir")
+	CDMG_SUPPORT_DIR="$prefix_dir/share/create-dmg/support"
+fi
+
+if [[ -z "$VOLUME_NAME" ]]; then
+	VOLUME_NAME="$(basename "$DMG_PATH" .dmg)"
+fi
+
+if [[ ! -d "$CDMG_SUPPORT_DIR" ]]; then
+	echo >&2 "Cannot find support/ directory: expected at: $CDMG_SUPPORT_DIR"
+	exit 1
 fi
 
 if [[ -f "$SRC_FOLDER/.DS_Store" ]]; then
-	echo "Deleting any .DS_Store in source folder"
+	echo "Deleting .DS_Store found in source folder"
 	rm "$SRC_FOLDER/.DS_Store"
 fi
 
@@ -229,7 +349,7 @@ if [[ -f "${DMG_TEMP_NAME}" ]]; then
 	rm -f "${DMG_TEMP_NAME}"
 fi
 
-# Using Megabytes since hdiutil fails with very large Byte numbers
+# Use Megabytes since hdiutil fails with very large byte numbers
 function blocks_to_megabytes() {
 	# Add 1 extra MB, since there's no decimal retention here
 	MB_SIZE=$((($1 * 512 / 1000 / 1000) + 1))
@@ -238,8 +358,13 @@ function blocks_to_megabytes() {
 
 function get_size() {
 	# Get block size in disk
-	bytes_size=$(du -s "$1" | sed -e 's/	.*//g')
-	echo $(blocks_to_megabytes "$bytes_size")
+	if [[ $OS_MAJOR_VERSION -ge 12 ]]; then
+		bytes_size=$(du -B 512 -s "$1")
+	else
+		bytes_size=$(du -s "$1")
+	fi
+	bytes_size=$(echo $bytes_size | sed -e 's/	.*//g')
+	echo $(blocks_to_megabytes $bytes_size)
 }
 
 # Create the DMG with the specified size or the hdiutil estimation
@@ -248,8 +373,14 @@ if [[ -n "$DISK_IMAGE_SIZE" ]]; then
 	CUSTOM_SIZE="-size ${DISK_IMAGE_SIZE}m"
 fi
 
-if [ $SANDBOX_SAFE -eq 0 ]; then
-	hdiutil create ${HDIUTIL_VERBOSITY} -srcfolder "$SRC_FOLDER" -volname "${VOLUME_NAME}" -fs HFS+ -fsargs "-c c=64,a=16,e=16" -format UDRW ${CUSTOM_SIZE} "${DMG_TEMP_NAME}"
+if [[ $SANDBOX_SAFE -eq 0 ]]; then
+	if [[ "$FILESYSTEM" == "APFS" ]]; then
+		FILESYSTEM_ARGUMENTS=""
+	else
+		FILESYSTEM_ARGUMENTS="-c c=64,a=16,e=16"
+	fi
+	hdiutil create ${HDIUTIL_VERBOSITY} -srcfolder "$SRC_FOLDER" -volname "${VOLUME_NAME}" \
+		-fs "${FILESYSTEM}" -fsargs "${FILESYSTEM_ARGUMENTS}" -format UDRW ${CUSTOM_SIZE} "${DMG_TEMP_NAME}"
 else
 	hdiutil makehybrid ${HDIUTIL_VERBOSITY} -default-volume-name "${VOLUME_NAME}" -hfs -o "${DMG_TEMP_NAME}" "$SRC_FOLDER"
 	hdiutil convert -format UDRW -ov -o "${DMG_TEMP_NAME}" "${DMG_TEMP_NAME}"
@@ -260,7 +391,7 @@ fi
 DISK_IMAGE_SIZE=$(get_size "${DMG_TEMP_NAME}")
 
 # Use the custom size if bigger
-if [[ $SANDBOX_SAFE -eq 1 ]] && [[ -n "$DISK_IMAGE_SIZE_CUSTOM" ]] && [[ $DISK_IMAGE_SIZE_CUSTOM -gt $DISK_IMAGE_SIZE ]]; then
+if [[ $SANDBOX_SAFE -eq 1 ]] && [[ ! -z "$DISK_IMAGE_SIZE_CUSTOM" ]] && [[ $DISK_IMAGE_SIZE_CUSTOM -gt $DISK_IMAGE_SIZE ]]; then
 	DISK_IMAGE_SIZE=$DISK_IMAGE_SIZE_CUSTOM
 fi
 
@@ -278,28 +409,39 @@ DISK_IMAGE_SIZE=$(expr $DISK_IMAGE_SIZE + 20)
 # Make sure target image size is within limits
 MIN_DISK_IMAGE_SIZE=$(hdiutil resize -limits "${DMG_TEMP_NAME}" | awk 'NR=1{print int($1/2048+1)}')
 if [ $MIN_DISK_IMAGE_SIZE -gt $DISK_IMAGE_SIZE ]; then
-  DISK_IMAGE_SIZE=$MIN_DISK_IMAGE_SIZE
+       DISK_IMAGE_SIZE=$MIN_DISK_IMAGE_SIZE
 fi
 
 # Resize the image for the extra stuff
 hdiutil resize ${HDIUTIL_VERBOSITY} -size ${DISK_IMAGE_SIZE}m "${DMG_TEMP_NAME}"
 
-# mount the new DMG
-echo "Mounting disk image..."
-MOUNT_DIR="/Volumes/${VOLUME_NAME}"
-
-# Unmount leftover dmg if it was mounted previously (e.g. developer mounted dmg, installed app and forgot to unmount it)
-if [[ -d "${MOUNT_DIR}" ]]; then
-  echo "Unmounting previously mounted disk image..."
-	DEV_NAME=$(hdiutil info | grep -E --color=never '^/dev/' | sed 1q | awk '{print $1}')
-  hdiutil detach "${DEV_NAME}"
-fi
+# Mount the new DMG
 
 echo "Mounting disk image..."
 
-echo "Mount directory: $MOUNT_DIR"
-DEV_NAME=$(hdiutil attach -readwrite -noverify -noautoopen "${DMG_TEMP_NAME}" | grep -E --color=never '^/dev/' | sed 1q | awk '{print $1}')
+MOUNT_RANDOM_PATH="/Volumes"
+if [[ $SANDBOX_SAFE -eq 1 ]]; then
+	MOUNT_RANDOM_PATH="/tmp"
+fi
+if [[ "$FILESYSTEM" == "APFS" ]]; then
+  HDIUTIL_FILTER="tail -n 1"
+else
+  HDIUTIL_FILTER="sed 1q"
+fi
+DEV_NAME=$(hdiutil attach -mountrandom ${MOUNT_RANDOM_PATH} -readwrite -noverify -noautoopen -nobrowse "${DMG_TEMP_NAME}" | grep -E --color=never '^/dev/' | ${HDIUTIL_FILTER} | awk '{print $1}')
 echo "Device name:     $DEV_NAME"
+if [[ "$FILESYSTEM" == "APFS" ]]; then
+  MOUNT_DIR=$(find_mount_dir "${DEV_NAME}")
+else
+	MOUNT_DIR=$(find_mount_dir "${DEV_NAME}s")
+fi
+if [[ -z "${MOUNT_DIR}" ]]; then
+  >&2 echo "ERROR: unable to proceed with final disk image creation because the interstitial disk image was not found."
+  >&2 echo "The interstitial disk image will likely be mounted and will need to be cleaned up manually."
+  exit 1
+fi
+
+echo "Mount dir:       $MOUNT_DIR"
 
 if [[ -n "$BACKGROUND_FILE" ]]; then
 	echo "Copying background file '$BACKGROUND_FILE'..."
@@ -308,12 +450,14 @@ if [[ -n "$BACKGROUND_FILE" ]]; then
 fi
 
 if [[ -n "$APPLICATION_LINK" ]]; then
-	echo "making link to Applications dir"
-	test -d "$MOUNT_DIR/Applications" || ln -s /Applications "$MOUNT_DIR/Applications"
+	echo "Making link to Applications dir..."
+	echo $MOUNT_DIR
+	ln -s /Applications "$MOUNT_DIR/Applications"
 fi
 
 if [[ -n "$QL_LINK" ]]; then
-	echo "making link to QuickLook install dir"
+	echo "Making link to QuickLook install dir..."
+	echo $MOUNT_DIR
 	ln -s "/Library/QuickLook" "$MOUNT_DIR/QuickLook"
 fi
 
@@ -331,24 +475,15 @@ if [[ -n "$ADD_FILE_SOURCES" ]]; then
 	done
 fi
 
-# run AppleScript to do all the Finder cosmetic stuff
-APPLESCRIPT_FILE=$(mktemp -t createdmg.tmp.XXXXXXXXXX)
-
-function applescript_source() {
-	if [ $BREW_INSTALL -eq 0 ]; then
-		cat "$AUX_PATH/template.applescript"
-	else
-		cat << 'EOS'
-		# BREW_INLINE_APPLESCRIPT_PLACEHOLDER
-EOS
-	fi
-}
+VOLUME_NAME=$(basename $MOUNT_DIR)
 
+# Run AppleScript to do all the Finder cosmetic stuff
+APPLESCRIPT_FILE=$(mktemp -t createdmg.tmp.XXXXXXXXXX)
 if [[ $SANDBOX_SAFE -eq 1 ]]; then
 	echo "Skipping Finder-prettifying AppleScript because we are in Sandbox..."
 else
 	if [[ $SKIP_JENKINS -eq 0 ]]; then
-		applescript_source \
+		cat "$CDMG_SUPPORT_DIR/template.applescript" \
 			| sed -e "s/WINX/$WINX/g" -e "s/WINY/$WINY/g" -e "s/WINW/$WINW/g" \
 					-e "s/WINH/$WINH/g" -e "s/BACKGROUND_CLAUSE/$BACKGROUND_CLAUSE/g" \
 					-e "s/REPOSITION_HIDDEN_FILES_CLAUSE/$REPOSITION_HIDDEN_FILES_CLAUSE/g" \
@@ -358,71 +493,76 @@ else
 			| perl -pe "s/APPLICATION_CLAUSE/$APPLICATION_CLAUSE/g" \
 			| perl -pe "s/HIDING_CLAUSE/$HIDING_CLAUSE/" \
 			> "$APPLESCRIPT_FILE"
-		sleep 2 # pause to workaround occasional "Can't get disk" (-1728) issues
+
+		# pause to workaround occasional "Can’t get disk" (-1728) issues
+		ERROR_1728_WORKAROUND_SLEEP_INTERVAL=2
+		echo "Will sleep for $ERROR_1728_WORKAROUND_SLEEP_INTERVAL seconds to workaround occasions \"Can't get disk (-1728)\" issues..."
+		sleep $ERROR_1728_WORKAROUND_SLEEP_INTERVAL
+
 		echo "Running AppleScript to make Finder stuff pretty: /usr/bin/osascript \"${APPLESCRIPT_FILE}\" \"${VOLUME_NAME}\""
 		if /usr/bin/osascript "${APPLESCRIPT_FILE}" "${VOLUME_NAME}"; then
 			# Okay, we're cool
 			true
 		else
 			echo >&2 "Failed running AppleScript"
-			hdiutil detach "${DEV_NAME}"
+			hdiutil_detach_retry "${DEV_NAME}"
 			exit 64
 		fi
 		echo "Done running the AppleScript..."
 		sleep 4
 		rm "$APPLESCRIPT_FILE"
+	else
+		echo ''
+		echo "Will skip running AppleScript to configure DMG aesthetics because of --skip-jenkins option."
+		echo "This will result in a DMG without any custom background or icons positioning."
+		echo "More info at https://github.com/create-dmg/create-dmg/issues/72"
+		echo ''
 	fi
 fi
 
-# make sure it's not world writeable
+# Make sure it's not world writeable
 echo "Fixing permissions..."
 chmod -Rf go-w "${MOUNT_DIR}" &> /dev/null || true
-echo "Done fixing permissions."
+echo "Done fixing permissions"
 
-# make the top window open itself on mount:
+# Make the top window open itself on mount:
 if [[ $BLESS -eq 1 && $SANDBOX_SAFE -eq 0 ]]; then
 	echo "Blessing started"
-	bless --folder "${MOUNT_DIR}" --openfolder "${MOUNT_DIR}"
+	if [ $(uname -m) == "arm64" ]; then
+		bless --folder "${MOUNT_DIR}"
+	else
+		bless --folder "${MOUNT_DIR}" --openfolder "${MOUNT_DIR}"
+	fi
 	echo "Blessing finished"
 else
 	echo "Skipping blessing on sandbox"
 fi
 
 if [[ -n "$VOLUME_ICON_FILE" ]]; then
-	# tell the volume that it has a special file attribute
+	# Tell the volume that it has a special file attribute
 	SetFile -a C "$MOUNT_DIR"
 fi
 
-# Delete unnecessary file system events log
+# Delete unnecessary file system events log if possible
 echo "Deleting .fseventsd"
-rm -rf "${MOUNT_DIR}/.fseventsd"
-
-# unmount
-unmounting_attempts=0
-until
-  echo "Unmounting disk image..."
-  (( unmounting_attempts++ ))
-  hdiutil detach "${DEV_NAME}"
-	exit_code=$?
-	(( exit_code ==  0 )) && break            # nothing goes wrong
-	(( exit_code != 16 )) && exit $exit_code  # exit with the original exit code
-	# The above statement returns 1 if test failed (exit_code == 16).
-	#   It can make the code in the {do... done} block to be executed
-do
-  (( unmounting_attempts == MAXIMUM_UNMOUNTING_ATTEMPTS )) && exit 16  # patience exhausted, exit with code EBUSY
-	echo "Wait a moment..."
-  sleep $(( 1 * (2 ** unmounting_attempts) ))
-done
-unset unmounting_attempts
+rm -rf "${MOUNT_DIR}/.fseventsd" || true
+
+hdiutil_detach_retry "${DEV_NAME}"
 
-# compress image
-echo "Compressing disk image..."
-hdiutil convert ${HDIUTIL_VERBOSITY} "${DMG_TEMP_NAME}" -format "${FORMAT}" ${IMAGEKEY} -o "${DMG_DIR}/${DMG_NAME}"
+# Compress image and optionally encrypt
+if [[ $ENABLE_ENCRYPTION -eq 0 ]]; then
+	echo "Compressing disk image..."
+	hdiutil convert ${HDIUTIL_VERBOSITY} "${DMG_TEMP_NAME}" -format ${FORMAT} ${IMAGEKEY} -o "${DMG_DIR}/${DMG_NAME}"
+else
+	echo "Compressing and encrypting disk image..."
+	echo "NOTE: hdiutil will only prompt a single time for a password - ensure entry is correct."
+	hdiutil convert ${HDIUTIL_VERBOSITY} "${DMG_TEMP_NAME}" -format ${FORMAT} ${IMAGEKEY} -encryption AES-${AESBITS} -stdinpass -o "${DMG_DIR}/${DMG_NAME}"
+fi
 rm -f "${DMG_TEMP_NAME}"
 
-# adding EULA resources
+# Adding EULA resources
 if [[ -n "${EULA_RSRC}" && "${EULA_RSRC}" != "-null-" ]]; then
-	echo "adding EULA resources"
+	echo "Adding EULA resources..."
 	#
 	# Use udifrez instead flatten/rez/unflatten
 	# https://github.com/create-dmg/create-dmg/issues/109
@@ -431,20 +571,19 @@ if [[ -n "${EULA_RSRC}" && "${EULA_RSRC}" != "-null-" ]]; then
 	# https://developer.apple.com/forums/thread/668084
 	#
 	EULA_RESOURCES_FILE=$(mktemp -t createdmg.tmp.XXXXXXXXXX)
-	EULA_FORMAT=$(file -b "${EULA_RSRC}")
+	EULA_FORMAT=$(file -b ${EULA_RSRC})
 	if [[ ${EULA_FORMAT} == 'Rich Text Format data'* ]] ; then
 		EULA_FORMAT='RTF '
 	else
 		EULA_FORMAT='TEXT'
 	fi
-
 	# Encode the EULA to base64
 	# Replace 'openssl base64' with 'base64' if Mac OS X 10.6 support is no more needed
 	# EULA_DATA="$(base64 -b 52 "${EULA_RSRC}" | sed s$'/^\(.*\)$/\t\t\t\\1/')"
 	EULA_DATA="$(openssl base64 -in "${EULA_RSRC}" | tr -d '\n' | awk '{gsub(/.{52}/,"&\n")}1' | sed s$'/^\(.*\)$/\t\t\t\\1/')"
 	# Fill the template with the custom EULA contents
 	eval "cat > \"${EULA_RESOURCES_FILE}\" <<EOF
-	$(<${AUX_PATH}/eula-resources-template.xml)
+	$(<${CDMG_SUPPORT_DIR}/eula-resources-template.xml)
 	EOF
 	"
 	# Apply the resources
@@ -455,19 +594,45 @@ if [[ -n "${EULA_RSRC}" && "${EULA_RSRC}" != "-null-" ]]; then
 	echo "Successfully added the EULA license"
 fi
 
-if [[ -n "${NOINTERNET}" && "${NOINTERNET}" == 1 ]]; then
-	echo "not setting 'internet-enable' on the dmg"
+# Enable "internet", whatever that is
+if [[ ! -z "${NOINTERNET}" && "${NOINTERNET}" == 1 ]]; then
+	echo "Not setting 'internet-enable' on the dmg, per caller request"
 else
-	# check if hdiutil supports internet-enable
-	# support was removed in macOS 10.15
-	# https://github.com/andreyvit/create-dmg/issues/76
-	if hdiutil internet-enable -help >/dev/null 2>/dev/null
-	then
+	# Check if hdiutil supports internet-enable
+	# Support was removed in macOS 10.15. See https://github.com/andreyvit/create-dmg/issues/76
+	if hdiutil internet-enable -help >/dev/null 2>/dev/null; then
 		hdiutil internet-enable -yes "${DMG_DIR}/${DMG_NAME}"
 	else
 		echo "hdiutil does not support internet-enable. Note it was removed in macOS 10.15."
 	fi
 fi
 
+if [[ -n "${SIGNATURE}" && "${SIGNATURE}" != "-null-" ]]; then
+	echo "Codesign started"
+	codesign -s "${SIGNATURE}" "${DMG_DIR}/${DMG_NAME}"
+	dmgsignaturecheck="$(codesign --verify --deep --verbose=2 --strict "${DMG_DIR}/${DMG_NAME}" 2>&1 >/dev/null)"
+	if [ $? -eq 0 ]; then
+		echo "The disk image is now codesigned"
+	else
+		echo "The signature seems invalid${NC}"
+		exit 1
+	fi
+fi
+
+if [[ -n "${NOTARIZE}" && "${NOTARIZE}" != "-null-" ]]; then
+	echo "Notarization started"
+	xcrun notarytool submit "${DMG_DIR}/${DMG_NAME}" --keychain-profile "${NOTARIZE}" --wait
+	echo "Stapling the notarization ticket"
+	staple="$(xcrun stapler staple "${DMG_DIR}/${DMG_NAME}")"
+	if [ $? -eq 0 ]; then
+		echo "The disk image is now notarized"
+	else
+		echo "$staple"
+		echo "The notarization failed with error $?"
+		exit 1
+	fi
+fi
+
+# All done!
 echo "Disk image done"
 exit 0

crates/tauri-bundler/src/bundle/macos/dmg/mod.rs

@@ -61,17 +61,18 @@ pub fn bundle_project(settings: &Settings, bundles: &[Bundle]) -> crate::Result<
   let bundle_file_name = format!("{}.app", product_name);
   let bundle_dir = settings.project_out_directory().join("bundle/macos");
 
-  let support_directory_path = output_path.join("support");
-  if output_path.exists() {
-    fs::remove_dir_all(&output_path)
-      .with_context(|| format!("Failed to remove old {}", dmg_name))?;
+  let support_directory_path = output_path
+    .parent()
+    .unwrap()
+    .join("share/create-dmg/support");
+
+  for path in &[&support_directory_path, &output_path] {
+    if path.exists() {
+      fs::remove_dir_all(path).with_context(|| format!("Failed to remove old {}", dmg_name))?;
+    }
+    fs::create_dir_all(path)
+      .with_context(|| format!("Failed to create output directory at {:?}", path))?;
   }
-  fs::create_dir_all(&support_directory_path).with_context(|| {
-    format!(
-      "Failed to create output directory at {:?}",
-      support_directory_path
-    )
-  })?;
 
   // create paths for script
   let bundle_script_path = output_path.join("bundle_dmg.sh");