annotate deploy/osx/notarize.sh @ 2374:9ca6872a5d0f

Rework deployment scripts with a separate package/notarize step
author Chris Cannam
date Wed, 16 Oct 2019 13:50:06 +0100
parents ec88bcdc5a5b
children ab2d0fe8f0b7
rev   line source
Chris@2066 1 #!/bin/bash
Chris@2066 2
Chris@2354 3 ## The following assumes we have generated an app password at
Chris@2354 4 ## appleid.apple.com and then stored it to keychain id "altool" using
Chris@2354 5 ## e.g.
Chris@2354 6 ## security add-generic-password -a "cannam+apple@all-day-breakfast.com" \
Chris@2354 7 ## -w "generated-app-password" -s "altool"
Chris@2354 8
Chris@2374 9 ## NB to verify:
Chris@2374 10 # spctl -a -v "/Applications/Application.app"
Chris@2354 11
Chris@2374 12 user="cannam+apple@all-day-breakfast.com"
Chris@2374 13 bundleid="org.sonicvisualiser.SonicVisualiser"
Chris@2066 14
Chris@2374 15 set -e
Chris@2066 16
Chris@2374 17 dmg="$1"
Chris@2066 18
Chris@2374 19 if [ ! -f "$dmg" ] || [ -n "$2" ]; then
Chris@2374 20 echo "Usage: $0 <dmg>"
Chris@2374 21 echo " e.g. $0 MyApplication-1.0.dmg"
Chris@2374 22 exit 2
Chris@2374 23 fi
Chris@2066 24
Chris@2374 25 set -u
Chris@2066 26
Chris@2374 27 echo
Chris@2374 28 echo "Uploading for notarization..."
Chris@2066 29
Chris@2374 30 uuidfile=.notarization-uuid
Chris@2374 31 rm -f "$uuidfile"
Chris@2066 32
Chris@2374 33 xcrun altool --notarize-app \
Chris@2374 34 -f "$dmg" \
Chris@2374 35 --primary-bundle-id "$bundleid" \
Chris@2374 36 -u "$user" \
Chris@2374 37 -p @keychain:altool 2>&1 | tee "$uuidfile"
Chris@2066 38
Chris@2374 39 uuid=$(cat "$uuidfile" | grep RequestUUID | awk '{ print $3; }')
Chris@2374 40
Chris@2374 41 if [ -z "$uuid" ]; then
Chris@2374 42 echo
Chris@2374 43 echo "Failed (no UUID returned, check output)"
Chris@2374 44 exit 1
Chris@2374 45 fi
Chris@2374 46
Chris@2374 47 echo "Done, UUID is $uuid"
Chris@2374 48
Chris@2374 49 echo
Chris@2374 50 echo "Waiting and checking for completion..."
Chris@2374 51
Chris@2374 52 while true ; do
Chris@2374 53 sleep 30
Chris@2374 54 status=$(xcrun altool --notarization-info "$uuid" -u "$user" -p @keychain:altool 2>&1)
Chris@2374 55 if echo "$status" | grep -q 'Package Approved' ; then
Chris@2374 56 echo
Chris@2374 57 echo "Approved! Status output is:"
Chris@2374 58 echo "$status"
Chris@2374 59 break
Chris@2374 60 elif echo "$status" | grep -q 'in progress' ; then
Chris@2374 61 echo
Chris@2374 62 echo "Still in progress... Status output is:"
Chris@2374 63 echo "$status"
Chris@2374 64 echo "Waiting..."
Chris@2374 65 else
Chris@2374 66 echo
Chris@2374 67 echo "Failure or unknown status in output:"
Chris@2374 68 echo "$status"
Chris@2374 69 exit 2
Chris@2374 70 fi
Chris@2374 71 done
Chris@2374 72
Chris@2374 73 echo
Chris@2374 74 echo "Stapling to package..."
Chris@2374 75
Chris@2374 76 xcrun stapler staple "$dmg" || exit 1
Chris@2374 77