Mercurial > hg > sonic-visualiser
comparison deploy/osx/notarize.sh @ 2374:9ca6872a5d0f
Rework deployment scripts with a separate package/notarize step
| author | Chris Cannam |
|---|---|
| date | Wed, 16 Oct 2019 13:50:06 +0100 |
| parents | ec88bcdc5a5b |
| children | ab2d0fe8f0b7 |
comparison
equal
deleted
inserted
replaced
| 2373:8036dd41f3aa | 2374:9ca6872a5d0f |
|---|---|
| 1 #!/bin/bash | 1 #!/bin/bash |
| 2 | |
| 3 # This is just a scrapbook for the mo | |
| 4 | |
| 5 ## Before this, we need to open Application Loader and log in to the | |
| 6 ## right iTunes Connect account | |
| 7 | |
| 8 ## Looks like the workflow has changed to using app-specific | |
| 9 ## passwords, for 2FA reasons. See | |
| 10 ## https://developer.apple.com/documentation/xcode/notarizing_your_app_before_distribution/customizing_the_notarization_workflow?language=objc | |
| 11 | 2 |
| 12 ## The following assumes we have generated an app password at | 3 ## The following assumes we have generated an app password at |
| 13 ## appleid.apple.com and then stored it to keychain id "altool" using | 4 ## appleid.apple.com and then stored it to keychain id "altool" using |
| 14 ## e.g. | 5 ## e.g. |
| 15 ## security add-generic-password -a "cannam+apple@all-day-breakfast.com" \ | 6 ## security add-generic-password -a "cannam+apple@all-day-breakfast.com" \ |
| 16 ## -w "generated-app-password" -s "altool" | 7 ## -w "generated-app-password" -s "altool" |
| 17 | 8 |
| 18 ## todo: script this | 9 ## NB to verify: |
| 10 # spctl -a -v "/Applications/Application.app" | |
| 19 | 11 |
| 20 # xcrun altool --notarize-app -f "Sonic Visualiser-4.0-pre2.dmg" --primary-bundle-id org.sonicvisualiser.SonicVisualiser -u "cannam+apple@all-day-breakfast.com" -p @keychain:altool | 12 user="cannam+apple@all-day-breakfast.com" |
| 13 bundleid="org.sonicvisualiser.SonicVisualiser" | |
| 21 | 14 |
| 22 ## That churns for a while and then dumps out a UUID | 15 set -e |
| 23 | 16 |
| 24 # xcrun altool --notarization-info UUID -u "cannam+apple@all-day-breakfast.com" -p @keychain:altool | 17 dmg="$1" |
| 25 | 18 |
| 26 ## Returns "in progress" at first, then eventually a failure report | 19 if [ ! -f "$dmg" ] || [ -n "$2" ]; then |
| 27 ## with a URL that can be retrieved as JSON payload using wget. An | 20 echo "Usage: $0 <dmg>" |
| 28 ## email is also sent to the iTunes Connect account holder when it | 21 echo " e.g. $0 MyApplication-1.0.dmg" |
| 29 ## completes | 22 exit 2 |
| 23 fi | |
| 30 | 24 |
| 31 # xcrun stapler staple -v "Sonic Visualiser-3.2.dmg" | 25 set -u |
| 32 | 26 |
| 33 # spctl -a -v "/Applications/Sonic Visualiser.app" | 27 echo |
| 28 echo "Uploading for notarization..." | |
| 34 | 29 |
| 30 uuidfile=.notarization-uuid | |
| 31 rm -f "$uuidfile" | |
| 35 | 32 |
| 33 xcrun altool --notarize-app \ | |
| 34 -f "$dmg" \ | |
| 35 --primary-bundle-id "$bundleid" \ | |
| 36 -u "$user" \ | |
| 37 -p @keychain:altool 2>&1 | tee "$uuidfile" | |
| 36 | 38 |
| 39 uuid=$(cat "$uuidfile" | grep RequestUUID | awk '{ print $3; }') | |
| 40 | |
| 41 if [ -z "$uuid" ]; then | |
| 42 echo | |
| 43 echo "Failed (no UUID returned, check output)" | |
| 44 exit 1 | |
| 45 fi | |
| 46 | |
| 47 echo "Done, UUID is $uuid" | |
| 48 | |
| 49 echo | |
| 50 echo "Waiting and checking for completion..." | |
| 51 | |
| 52 while true ; do | |
| 53 sleep 30 | |
| 54 status=$(xcrun altool --notarization-info "$uuid" -u "$user" -p @keychain:altool 2>&1) | |
| 55 if echo "$status" | grep -q 'Package Approved' ; then | |
| 56 echo | |
| 57 echo "Approved! Status output is:" | |
| 58 echo "$status" | |
| 59 break | |
| 60 elif echo "$status" | grep -q 'in progress' ; then | |
| 61 echo | |
| 62 echo "Still in progress... Status output is:" | |
| 63 echo "$status" | |
| 64 echo "Waiting..." | |
| 65 else | |
| 66 echo | |
| 67 echo "Failure or unknown status in output:" | |
| 68 echo "$status" | |
| 69 exit 2 | |
| 70 fi | |
| 71 done | |
| 72 | |
| 73 echo | |
| 74 echo "Stapling to package..." | |
| 75 | |
| 76 xcrun stapler staple "$dmg" || exit 1 | |
| 77 |