[package] notarise dmg instead of app

2024-09-22 11:27:35 +03:00 · 2020-05-20 11:57:49 +02:00 · 2020-05-20 11:57:49 +02:00 · 2a8cb0cd8c
commit 2a8cb0cd8c
parent 0765f19d74
2 changed files with 81 additions and 4 deletions
--- a/package/build-macos.sh
+++ b/package/build-macos.sh
@ -43,13 +43,15 @@ echo "**** COPY CLI ENTRY POINT ******************************"

 cp bin/maestral_cli dist/Maestral.app/Contents/MacOS/maestral_cli

-echo "**** SIGN AND NOTARIZE *********************************"
+echo "**** SIGNING APP ***************************************"

+echo "removing xattr"
+xattr -cr dist/Maestral.app
+
+echo "signing app"
 codesign -s "Developer ID Application: Sam Schott" \
  --entitlements entitlements.plist --deep -o runtime dist/Maestral.app

-./macos-notarize-app.sh dist/Maestral.app
-
 echo "**** CREATING DMG **************************************"

 test -f dist/Maestral.dmg && rm dist/Maestral.dmg
@ -64,7 +66,11 @@ create-dmg \
  "dist/Maestral.dmg" \
  "dist/Maestral.app"

+echo "signing dmg"
 codesign --verify --sign "Developer ID Application: Sam Schott" dist/Maestral.dmg
-md5 -r dist/Maestral.dmg
+
+echo "**** NOTARISING DMG ************************************"
+
+./macos-notarize-dmg.sh dist/Maestral.dmg

 echo "**** DONE **********************************************"
--- a/package/macos-notarize-dmg.sh
+++ b/package/macos-notarize-dmg.sh
@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+
+if [ -z "$1" ]; then
+    echo "Specify dmg as first parameter"
+    exit 1
+fi
+
+if [ -z "$APPLE_ID_USER" ] || [ -z "$APPLE_ID_PASSWORD" ]; then
+    echo "You need to set your Apple ID credentials with \$APPLE_ID_USER and \$APPLE_ID_PASSWORD."
+    exit 1
+fi
+
+APP_BUNDLE=$(basename "$1")
+APP_BUNDLE_DIR=$(dirname "$1")
+
+cd "$APP_BUNDLE_DIR" || exit 1
+
+# Submit for notarization
+echo "Submitting $APP_BUNDLE for notarization..."
+RESULT=$(xcrun altool --notarize-app --type osx \
+  --file "${APP_BUNDLE}" \
+  --primary-bundle-id com.samschott.maestral \
+  --username $APPLE_ID_USER \
+  --password @env:APPLE_ID_PASSWORD \
+  --output-format xml)
+
+if [ $? -ne 0 ]; then
+  echo "Submitting $APP_BUNDLE failed:"
+  echo "$RESULT"
+  exit 1
+fi
+
+REQUEST_UUID=$(echo "$RESULT" | xpath \
+  "//key[normalize-space(text()) = 'RequestUUID']/following-sibling::string[1]/text()" 2> /dev/null)
+
+if [ -z "$REQUEST_UUID" ]; then
+  echo "Submitting $APP_BUNDLE failed:"
+  echo "$RESULT"
+  exit 1
+fi
+
+echo "$(echo "$RESULT" | xpath \
+  "//key[normalize-space(text()) = 'success-message']/following-sibling::string[1]/text()" 2> /dev/null)"
+
+# Poll for notarization status
+echo "Submitted notarization request $REQUEST_UUID, waiting for response..."
+sleep 60
+while :
+do
+  RESULT=$(xcrun altool --notarization-info "$REQUEST_UUID" \
+    --username "$APPLE_ID_USER" \
+    --password @env:APPLE_ID_PASSWORD \
+    --output-format xml)
+  STATUS=$(echo "$RESULT" | xpath \
+    "//key[normalize-space(text()) = 'Status']/following-sibling::string[1]/text()" 2> /dev/null)
+
+  if [ "$STATUS" = "success" ]; then
+    echo "Notarization of $APP_BUNDLE succeeded!"
+    break
+  elif [ "$STATUS" = "in progress" ]; then
+    echo "Notarization in progress..."
+    sleep 20
+  else
+    echo "Notarization of $APP_BUNDLE failed:"
+    echo "$RESULT"
+    exit 1
+  fi
+done
+
+# Staple the notary ticket
+xcrun stapler staple "$APP_BUNDLE"