Mercurial > hg > sonic-visualiser
diff deploy/osx/notarize.sh @ 2374:9ca6872a5d0f
Rework deployment scripts with a separate package/notarize step
| author | Chris Cannam |
|---|---|
| date | Wed, 16 Oct 2019 13:50:06 +0100 |
| parents | ec88bcdc5a5b |
| children | ab2d0fe8f0b7 |
line wrap: on
line diff
--- a/deploy/osx/notarize.sh Wed Oct 16 13:05:51 2019 +0100 +++ b/deploy/osx/notarize.sh Wed Oct 16 13:50:06 2019 +0100 @@ -1,36 +1,77 @@ #!/bin/bash -# This is just a scrapbook for the mo - -## Before this, we need to open Application Loader and log in to the -## right iTunes Connect account - -## Looks like the workflow has changed to using app-specific -## passwords, for 2FA reasons. See -## https://developer.apple.com/documentation/xcode/notarizing_your_app_before_distribution/customizing_the_notarization_workflow?language=objc - ## The following assumes we have generated an app password at ## appleid.apple.com and then stored it to keychain id "altool" using ## e.g. ## security add-generic-password -a "cannam+apple@all-day-breakfast.com" \ ## -w "generated-app-password" -s "altool" -## todo: script this +## NB to verify: +# spctl -a -v "/Applications/Application.app" -# xcrun altool --notarize-app -f "Sonic Visualiser-4.0-pre2.dmg" --primary-bundle-id org.sonicvisualiser.SonicVisualiser -u "cannam+apple@all-day-breakfast.com" -p @keychain:altool +user="cannam+apple@all-day-breakfast.com" +bundleid="org.sonicvisualiser.SonicVisualiser" -## That churns for a while and then dumps out a UUID +set -e -# xcrun altool --notarization-info UUID -u "cannam+apple@all-day-breakfast.com" -p @keychain:altool +dmg="$1" -## Returns "in progress" at first, then eventually a failure report -## with a URL that can be retrieved as JSON payload using wget. An -## email is also sent to the iTunes Connect account holder when it -## completes +if [ ! -f "$dmg" ] || [ -n "$2" ]; then + echo "Usage: $0 <dmg>" + echo " e.g. $0 MyApplication-1.0.dmg" + exit 2 +fi -# xcrun stapler staple -v "Sonic Visualiser-3.2.dmg" +set -u -# spctl -a -v "/Applications/Sonic Visualiser.app" +echo +echo "Uploading for notarization..." +uuidfile=.notarization-uuid +rm -f "$uuidfile" +xcrun altool --notarize-app \ + -f "$dmg" \ + --primary-bundle-id "$bundleid" \ + -u "$user" \ + -p @keychain:altool 2>&1 | tee "$uuidfile" +uuid=$(cat "$uuidfile" | grep RequestUUID | awk '{ print $3; }') + +if [ -z "$uuid" ]; then + echo + echo "Failed (no UUID returned, check output)" + exit 1 +fi + +echo "Done, UUID is $uuid" + +echo +echo "Waiting and checking for completion..." + +while true ; do + sleep 30 + status=$(xcrun altool --notarization-info "$uuid" -u "$user" -p @keychain:altool 2>&1) + if echo "$status" | grep -q 'Package Approved' ; then + echo + echo "Approved! Status output is:" + echo "$status" + break + elif echo "$status" | grep -q 'in progress' ; then + echo + echo "Still in progress... Status output is:" + echo "$status" + echo "Waiting..." + else + echo + echo "Failure or unknown status in output:" + echo "$status" + exit 2 + fi +done + +echo +echo "Stapling to package..." + +xcrun stapler staple "$dmg" || exit 1 +