Mercurial > hg > sonic-visualiser
comparison deploy/osx/notarize.sh @ 2374:9ca6872a5d0f
Rework deployment scripts with a separate package/notarize step
author | Chris Cannam |
---|---|
date | Wed, 16 Oct 2019 13:50:06 +0100 |
parents | ec88bcdc5a5b |
children | ab2d0fe8f0b7 |
comparison
equal
deleted
inserted
replaced
2373:8036dd41f3aa | 2374:9ca6872a5d0f |
---|---|
1 #!/bin/bash | 1 #!/bin/bash |
2 | |
3 # This is just a scrapbook for the mo | |
4 | |
5 ## Before this, we need to open Application Loader and log in to the | |
6 ## right iTunes Connect account | |
7 | |
8 ## Looks like the workflow has changed to using app-specific | |
9 ## passwords, for 2FA reasons. See | |
10 ## https://developer.apple.com/documentation/xcode/notarizing_your_app_before_distribution/customizing_the_notarization_workflow?language=objc | |
11 | 2 |
12 ## The following assumes we have generated an app password at | 3 ## The following assumes we have generated an app password at |
13 ## appleid.apple.com and then stored it to keychain id "altool" using | 4 ## appleid.apple.com and then stored it to keychain id "altool" using |
14 ## e.g. | 5 ## e.g. |
15 ## security add-generic-password -a "cannam+apple@all-day-breakfast.com" \ | 6 ## security add-generic-password -a "cannam+apple@all-day-breakfast.com" \ |
16 ## -w "generated-app-password" -s "altool" | 7 ## -w "generated-app-password" -s "altool" |
17 | 8 |
18 ## todo: script this | 9 ## NB to verify: |
10 # spctl -a -v "/Applications/Application.app" | |
19 | 11 |
20 # xcrun altool --notarize-app -f "Sonic Visualiser-4.0-pre2.dmg" --primary-bundle-id org.sonicvisualiser.SonicVisualiser -u "cannam+apple@all-day-breakfast.com" -p @keychain:altool | 12 user="cannam+apple@all-day-breakfast.com" |
13 bundleid="org.sonicvisualiser.SonicVisualiser" | |
21 | 14 |
22 ## That churns for a while and then dumps out a UUID | 15 set -e |
23 | 16 |
24 # xcrun altool --notarization-info UUID -u "cannam+apple@all-day-breakfast.com" -p @keychain:altool | 17 dmg="$1" |
25 | 18 |
26 ## Returns "in progress" at first, then eventually a failure report | 19 if [ ! -f "$dmg" ] || [ -n "$2" ]; then |
27 ## with a URL that can be retrieved as JSON payload using wget. An | 20 echo "Usage: $0 <dmg>" |
28 ## email is also sent to the iTunes Connect account holder when it | 21 echo " e.g. $0 MyApplication-1.0.dmg" |
29 ## completes | 22 exit 2 |
23 fi | |
30 | 24 |
31 # xcrun stapler staple -v "Sonic Visualiser-3.2.dmg" | 25 set -u |
32 | 26 |
33 # spctl -a -v "/Applications/Sonic Visualiser.app" | 27 echo |
28 echo "Uploading for notarization..." | |
34 | 29 |
30 uuidfile=.notarization-uuid | |
31 rm -f "$uuidfile" | |
35 | 32 |
33 xcrun altool --notarize-app \ | |
34 -f "$dmg" \ | |
35 --primary-bundle-id "$bundleid" \ | |
36 -u "$user" \ | |
37 -p @keychain:altool 2>&1 | tee "$uuidfile" | |
36 | 38 |
39 uuid=$(cat "$uuidfile" | grep RequestUUID | awk '{ print $3; }') | |
40 | |
41 if [ -z "$uuid" ]; then | |
42 echo | |
43 echo "Failed (no UUID returned, check output)" | |
44 exit 1 | |
45 fi | |
46 | |
47 echo "Done, UUID is $uuid" | |
48 | |
49 echo | |
50 echo "Waiting and checking for completion..." | |
51 | |
52 while true ; do | |
53 sleep 30 | |
54 status=$(xcrun altool --notarization-info "$uuid" -u "$user" -p @keychain:altool 2>&1) | |
55 if echo "$status" | grep -q 'Package Approved' ; then | |
56 echo | |
57 echo "Approved! Status output is:" | |
58 echo "$status" | |
59 break | |
60 elif echo "$status" | grep -q 'in progress' ; then | |
61 echo | |
62 echo "Still in progress... Status output is:" | |
63 echo "$status" | |
64 echo "Waiting..." | |
65 else | |
66 echo | |
67 echo "Failure or unknown status in output:" | |
68 echo "$status" | |
69 exit 2 | |
70 fi | |
71 done | |
72 | |
73 echo | |
74 echo "Stapling to package..." | |
75 | |
76 xcrun stapler staple "$dmg" || exit 1 | |
77 |