aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrey Filipenkov <decapitator@ukr.net>2020-01-11 23:57:25 +0300
committerAndrey Filipenkov <decapitator@ukr.net>2020-07-14 19:53:04 +0300
commit6dcb492110b84657f6875889df7527f46c3cd8ae (patch)
tree44a8fd6a20a5da0ad2d49f1cde6cba261116bf21
parentfb4551fc4725a7d0c879a7e8506d8d0829da40bb (diff)
[macos] add ability to notarize dmg
-rw-r--r--cmake/scripts/osx/Install.cmake3
-rwxr-xr-xtools/darwin/packaging/osx/mkdmg-osx.sh.in3
-rwxr-xr-xtools/darwin/packaging/osx/notarize.sh67
3 files changed, 72 insertions, 1 deletions
diff --git a/cmake/scripts/osx/Install.cmake b/cmake/scripts/osx/Install.cmake
index 75c95f5de6..629bc09cd3 100644
--- a/cmake/scripts/osx/Install.cmake
+++ b/cmake/scripts/osx/Install.cmake
@@ -47,6 +47,9 @@ add_custom_target(dmg
COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_SOURCE_DIR}/tools/darwin/Support/Codesign.command
${CMAKE_BINARY_DIR}/tools/darwin/packaging/osx/Codesign.command
COMMAND "CODESIGNING_FOLDER_PATH=${PACKAGE_OUTPUT_DIR}/${APP_NAME}.app"
+ "DEV_ACCOUNT=${DEV_ACCOUNT}"
+ "DEV_ACCOUNT_PASSWORD=${DEV_ACCOUNT_PASSWORD}"
+ "DEV_TEAM=${DEV_TEAM}"
"EXPANDED_CODE_SIGN_IDENTITY_NAME=${CODE_SIGN_IDENTITY}"
"PLATFORM_NAME=${PLATFORM}"
./mkdmg-osx.sh ${CORE_BUILD_CONFIG_LOWERCASED}
diff --git a/tools/darwin/packaging/osx/mkdmg-osx.sh.in b/tools/darwin/packaging/osx/mkdmg-osx.sh.in
index 4d7a3e88f0..1cf3447b66 100755
--- a/tools/darwin/packaging/osx/mkdmg-osx.sh.in
+++ b/tools/darwin/packaging/osx/mkdmg-osx.sh.in
@@ -62,7 +62,8 @@ $DIRNAME/dmgmaker.pl $APP $ARCHIVE
echo "done"
-# codesign dmg
+# codesign and notarize dmg
if [ "$EXPANDED_CODE_SIGN_IDENTITY_NAME" ]; then
codesign --verbose=4 --sign "$EXPANDED_CODE_SIGN_IDENTITY_NAME" "$dmgPath"
+ ./notarize.sh "$dmgPath" "$APP/Contents/Info.plist"
fi
diff --git a/tools/darwin/packaging/osx/notarize.sh b/tools/darwin/packaging/osx/notarize.sh
new file mode 100755
index 0000000000..1c8f132258
--- /dev/null
+++ b/tools/darwin/packaging/osx/notarize.sh
@@ -0,0 +1,67 @@
+#!/usr/bin/env bash
+
+# credits: https://scriptingosx.com/2019/09/notarize-a-command-line-tool/
+
+if [[ -z "$DEV_ACCOUNT" || -z "$DEV_ACCOUNT_PASSWORD" ]]; then
+ echo "skipping notarization"
+ exit 0
+fi
+
+notarizefile() { # $1: path to file to notarize, $2: identifier
+ filepath=${1:?"need a filepath"}
+ identifier=${2:?"need an identifier"}
+
+ # upload file
+ echo "uploading $filepath for notarization"
+ altoolOutput=$(xcrun altool \
+ --notarize-app \
+ --type osx \
+ --file "$filepath" \
+ --primary-bundle-id "$identifier" \
+ --username "$DEV_ACCOUNT" \
+ --password "$DEV_ACCOUNT_PASSWORD" \
+ ${DEV_TEAM:+--asc-provider "$DEV_TEAM"} 2>&1)
+
+ requestUUID=$(echo "$altoolOutput" | awk '/RequestUUID/ { print $NF; }')
+
+ if [[ $requestUUID == "" ]]; then
+ echo "Failed to upload:"
+ echo "$altoolOutput"
+ return 1
+ fi
+ echo "requestUUID: $requestUUID, waiting..."
+
+ # wait for status to be not "in progress" any more
+ request_status="in progress"
+ while [[ "$request_status" == "in progress" ]]; do
+ sleep 60
+ altoolOutput=$(xcrun altool \
+ --notarization-info "$requestUUID" \
+ --username "$DEV_ACCOUNT" \
+ --password "$DEV_ACCOUNT_PASSWORD" 2>&1)
+ request_status=$(echo "$altoolOutput" | awk -F ': ' '/Status:/ { print $2; }' )
+ done
+
+ # print status information
+ echo "$altoolOutput"
+
+ if [[ $request_status != "success" ]]; then
+ echo "warning: could not notarize $filepath"
+ notarizationFailed=1
+ fi
+
+ LogFileURL=$(echo "$altoolOutput" | awk -F ': ' '/LogFileURL:/ { print $2; }')
+ if [[ "$LogFileURL" ]]; then
+ echo -e "\nnotarization details:"
+ curl "$LogFileURL"
+ echo
+ fi
+ if [[ $notarizationFailed == 1 ]]; then
+ return 1
+ fi
+ return 0
+}
+
+dmg="$1"
+notarizefile "$dmg" $(/usr/libexec/PlistBuddy -c 'Print :CFBundleIdentifier' "$2") \
+ && xcrun stapler staple "$dmg"