diff options
| author | Andrey Filipenkov <decapitator@ukr.net> | 2023-10-31 12:33:37 +0300 |
|---|---|---|
| committer | Andrey Filipenkov <decapitator@ukr.net> | 2023-11-14 12:47:28 +0300 |
| commit | a17bb2e13920ab8120f47da0030c3186c9015fde (patch) | |
| tree | 3544446f90e213afa3f50e3da86225d687a3c585 /tools | |
| parent | 894b2e058389913536365aef20c851c0449a9c8c (diff) | |
migrate from altool to notarytool
(cherry picked from commit 56ac4dfd74127f7d998e66ffaf572b25459f0f8c)
Diffstat (limited to 'tools')
| -rwxr-xr-x | tools/darwin/packaging/osx/mkdmg-osx.sh.in | 2 | ||||
| -rwxr-xr-x | tools/darwin/packaging/osx/notarize.sh | 72 |
2 files changed, 15 insertions, 59 deletions
diff --git a/tools/darwin/packaging/osx/mkdmg-osx.sh.in b/tools/darwin/packaging/osx/mkdmg-osx.sh.in index c66c5642f9..9da20f25a7 100755 --- a/tools/darwin/packaging/osx/mkdmg-osx.sh.in +++ b/tools/darwin/packaging/osx/mkdmg-osx.sh.in @@ -78,7 +78,7 @@ echo "done" # codesign and notarize dmg if [ "$EXPANDED_CODE_SIGN_IDENTITY_NAME" ]; then codesign --verbose=4 --sign "$EXPANDED_CODE_SIGN_IDENTITY_NAME" "$dmgPath" - if ! ./notarize.sh "$dmgPath" "$APP/Contents/Info.plist" && [ "$isReleaseBuild" = 1 ]; then + if ! ./notarize.sh "$dmgPath" && [ "$isReleaseBuild" = 1 ]; then exit 1 fi fi diff --git a/tools/darwin/packaging/osx/notarize.sh b/tools/darwin/packaging/osx/notarize.sh index 1c8f132258..fd078be210 100755 --- a/tools/darwin/packaging/osx/notarize.sh +++ b/tools/darwin/packaging/osx/notarize.sh @@ -1,67 +1,23 @@ #!/usr/bin/env bash -# credits: https://scriptingosx.com/2019/09/notarize-a-command-line-tool/ +# credits: +# https://scriptingosx.com/2019/09/notarize-a-command-line-tool/ +# https://developer.apple.com/documentation/technotes/tn3147-migrating-to-the-latest-notarization-tool + +set -e if [[ -z "$DEV_ACCOUNT" || -z "$DEV_ACCOUNT_PASSWORD" ]]; then echo "skipping notarization" exit 0 fi -notarizefile() { # $1: path to file to notarize, $2: identifier - filepath=${1:?"need a filepath"} - identifier=${2:?"need an identifier"} - - # upload file - echo "uploading $filepath for notarization" - altoolOutput=$(xcrun altool \ - --notarize-app \ - --type osx \ - --file "$filepath" \ - --primary-bundle-id "$identifier" \ - --username "$DEV_ACCOUNT" \ - --password "$DEV_ACCOUNT_PASSWORD" \ - ${DEV_TEAM:+--asc-provider "$DEV_TEAM"} 2>&1) - - requestUUID=$(echo "$altoolOutput" | awk '/RequestUUID/ { print $NF; }') - - if [[ $requestUUID == "" ]]; then - echo "Failed to upload:" - echo "$altoolOutput" - return 1 - fi - echo "requestUUID: $requestUUID, waiting..." - - # wait for status to be not "in progress" any more - request_status="in progress" - while [[ "$request_status" == "in progress" ]]; do - sleep 60 - altoolOutput=$(xcrun altool \ - --notarization-info "$requestUUID" \ - --username "$DEV_ACCOUNT" \ - --password "$DEV_ACCOUNT_PASSWORD" 2>&1) - request_status=$(echo "$altoolOutput" | awk -F ': ' '/Status:/ { print $2; }' ) - done - - # print status information - echo "$altoolOutput" - - if [[ $request_status != "success" ]]; then - echo "warning: could not notarize $filepath" - notarizationFailed=1 - fi - - LogFileURL=$(echo "$altoolOutput" | awk -F ': ' '/LogFileURL:/ { print $2; }') - if [[ "$LogFileURL" ]]; then - echo -e "\nnotarization details:" - curl "$LogFileURL" - echo - fi - if [[ $notarizationFailed == 1 ]]; then - return 1 - fi - return 0 -} - dmg="$1" -notarizefile "$dmg" $(/usr/libexec/PlistBuddy -c 'Print :CFBundleIdentifier' "$2") \ - && xcrun stapler staple "$dmg" +xcrun notarytool \ + submit \ + --wait \ + --timeout '1h' \ + --apple-id "$DEV_ACCOUNT" \ + --password "$DEV_ACCOUNT_PASSWORD" \ + ${DEV_TEAM:+--team-id "$DEV_TEAM"} \ + "$dmg" 2>&1 +xcrun stapler staple "$dmg" |