Mercurial > hg > sonic-visualiser
view deploy/osx/notarize.sh @ 2265:d33dff02b39b sandbox-notarize
Work on sandboxing (possibly) and using the hardened runtime for notarization. Supply appropriate bundle ID for helpers as well as main application, and request inherited sandbox entitlements. Currently works with sandboxing (apparently) but not yet with the hardened runtime, where we can't load plugins signed by third parties even with the com.apple.security.cs.disable-library-validation entitlement because their team IDs don't match the host. Possibly that exception is supposed to be requested some other way?
| author | Chris Cannam |
|---|---|
| date | Thu, 25 Apr 2019 16:46:02 +0100 |
| parents | 6e9a125ac5f3 |
| children | ec88bcdc5a5b |
line wrap: on
line source
#!/bin/bash # This is just a scrapbook for the mo ## Before this, we need to open Application Loader and log in to the ## right iTunes Connect account # xcrun altool --notarize-app -f "Sonic Visualiser-3.2.dmg" --primary-bundle-id org.sonicvisualiser.SonicVisualiser -u "cannam+apple@all-day-breakfast.com" -p @keychain:"Application Loader: cannam+apple@all-day-breakfast.com" ## That churns for a while and then dumps out a UUID # xcrun altool --notarization-info UUID -u "cannam+apple@all-day-breakfast.com" -p @keychain:"Application Loader: cannam+apple@all-day-breakfast.com" ## Returns "in progress" at first, then eventually a failure report ## with a URL that can be retrieved as JSON payload using wget. An ## email is also sent to the iTunes Connect account holder when it ## completes # xcrun stapler staple -v "Sonic Visualiser-3.2.dmg" # spctl -a -v "/Applications/Sonic Visualiser.app"