diff options
| author | Andrey Filipenkov <decapitator@ukr.net> | 2020-01-11 23:57:25 +0300 |
|---|---|---|
| committer | Andrey Filipenkov <decapitator@ukr.net> | 2020-07-14 19:53:04 +0300 |
| commit | 6dcb492110b84657f6875889df7527f46c3cd8ae (patch) | |
| tree | 44a8fd6a20a5da0ad2d49f1cde6cba261116bf21 | |
| parent | fb4551fc4725a7d0c879a7e8506d8d0829da40bb (diff) | |
[macos] add ability to notarize dmg
| -rw-r--r-- | cmake/scripts/osx/Install.cmake | 3 | ||||
| -rwxr-xr-x | tools/darwin/packaging/osx/mkdmg-osx.sh.in | 3 | ||||
| -rwxr-xr-x | tools/darwin/packaging/osx/notarize.sh | 67 |
3 files changed, 72 insertions, 1 deletions
diff --git a/cmake/scripts/osx/Install.cmake b/cmake/scripts/osx/Install.cmake index 75c95f5de6..629bc09cd3 100644 --- a/cmake/scripts/osx/Install.cmake +++ b/cmake/scripts/osx/Install.cmake @@ -47,6 +47,9 @@ add_custom_target(dmg COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_SOURCE_DIR}/tools/darwin/Support/Codesign.command ${CMAKE_BINARY_DIR}/tools/darwin/packaging/osx/Codesign.command COMMAND "CODESIGNING_FOLDER_PATH=${PACKAGE_OUTPUT_DIR}/${APP_NAME}.app" + "DEV_ACCOUNT=${DEV_ACCOUNT}" + "DEV_ACCOUNT_PASSWORD=${DEV_ACCOUNT_PASSWORD}" + "DEV_TEAM=${DEV_TEAM}" "EXPANDED_CODE_SIGN_IDENTITY_NAME=${CODE_SIGN_IDENTITY}" "PLATFORM_NAME=${PLATFORM}" ./mkdmg-osx.sh ${CORE_BUILD_CONFIG_LOWERCASED} diff --git a/tools/darwin/packaging/osx/mkdmg-osx.sh.in b/tools/darwin/packaging/osx/mkdmg-osx.sh.in index 4d7a3e88f0..1cf3447b66 100755 --- a/tools/darwin/packaging/osx/mkdmg-osx.sh.in +++ b/tools/darwin/packaging/osx/mkdmg-osx.sh.in @@ -62,7 +62,8 @@ $DIRNAME/dmgmaker.pl $APP $ARCHIVE echo "done" -# codesign dmg +# codesign and notarize dmg if [ "$EXPANDED_CODE_SIGN_IDENTITY_NAME" ]; then codesign --verbose=4 --sign "$EXPANDED_CODE_SIGN_IDENTITY_NAME" "$dmgPath" + ./notarize.sh "$dmgPath" "$APP/Contents/Info.plist" fi diff --git a/tools/darwin/packaging/osx/notarize.sh b/tools/darwin/packaging/osx/notarize.sh new file mode 100755 index 0000000000..1c8f132258 --- /dev/null +++ b/tools/darwin/packaging/osx/notarize.sh @@ -0,0 +1,67 @@ +#!/usr/bin/env bash + +# credits: https://scriptingosx.com/2019/09/notarize-a-command-line-tool/ + +if [[ -z "$DEV_ACCOUNT" || -z "$DEV_ACCOUNT_PASSWORD" ]]; then + echo "skipping notarization" + exit 0 +fi + +notarizefile() { # $1: path to file to notarize, $2: identifier + filepath=${1:?"need a filepath"} + identifier=${2:?"need an identifier"} + + # upload file + echo "uploading $filepath for notarization" + altoolOutput=$(xcrun altool \ + --notarize-app \ + --type osx \ + --file "$filepath" \ + --primary-bundle-id "$identifier" \ + --username "$DEV_ACCOUNT" \ + --password "$DEV_ACCOUNT_PASSWORD" \ + ${DEV_TEAM:+--asc-provider "$DEV_TEAM"} 2>&1) + + requestUUID=$(echo "$altoolOutput" | awk '/RequestUUID/ { print $NF; }') + + if [[ $requestUUID == "" ]]; then + echo "Failed to upload:" + echo "$altoolOutput" + return 1 + fi + echo "requestUUID: $requestUUID, waiting..." + + # wait for status to be not "in progress" any more + request_status="in progress" + while [[ "$request_status" == "in progress" ]]; do + sleep 60 + altoolOutput=$(xcrun altool \ + --notarization-info "$requestUUID" \ + --username "$DEV_ACCOUNT" \ + --password "$DEV_ACCOUNT_PASSWORD" 2>&1) + request_status=$(echo "$altoolOutput" | awk -F ': ' '/Status:/ { print $2; }' ) + done + + # print status information + echo "$altoolOutput" + + if [[ $request_status != "success" ]]; then + echo "warning: could not notarize $filepath" + notarizationFailed=1 + fi + + LogFileURL=$(echo "$altoolOutput" | awk -F ': ' '/LogFileURL:/ { print $2; }') + if [[ "$LogFileURL" ]]; then + echo -e "\nnotarization details:" + curl "$LogFileURL" + echo + fi + if [[ $notarizationFailed == 1 ]]; then + return 1 + fi + return 0 +} + +dmg="$1" +notarizefile "$dmg" $(/usr/libexec/PlistBuddy -c 'Print :CFBundleIdentifier' "$2") \ + && xcrun stapler staple "$dmg" |