Chris@2066: #!/bin/bash
Chris@2066: 
Chris@2354: ## The following assumes we have generated an app password at
Chris@2354: ## appleid.apple.com and then stored it to keychain id "altool" using
Chris@2354: ## e.g.
Chris@2354: ## security add-generic-password -a "cannam+apple@all-day-breakfast.com" \
Chris@2354: ##   -w "generated-app-password" -s "altool"
Chris@2354: 
Chris@2374: ## NB to verify:
Chris@2374: # spctl -a -v "/Applications/Application.app"
Chris@2354: 
Chris@2374: user="cannam+apple@all-day-breakfast.com"
Chris@2374: bundleid="org.sonicvisualiser.SonicVisualiser"
Chris@2066: 
Chris@2374: set -e
Chris@2066: 
Chris@2374: dmg="$1"
Chris@2066: 
Chris@2374: if [ ! -f "$dmg" ] || [ -n "$2" ]; then
Chris@2374:     echo "Usage: $0 <dmg>"
Chris@2374:     echo "  e.g. $0 MyApplication-1.0.dmg"
Chris@2374:     exit 2
Chris@2374: fi
Chris@2066: 
Chris@2374: set -u
Chris@2066: 
Chris@2374: echo
Chris@2374: echo "Uploading for notarization..."
Chris@2066: 
Chris@2374: uuidfile=.notarization-uuid
Chris@2392: statfile=.notarization-status
Chris@2392: rm -f "$uuidfile" "$statfile"
Chris@2066: 
Chris@2374: xcrun altool --notarize-app \
Chris@2374:     -f "$dmg" \
Chris@2374:     --primary-bundle-id "$bundleid" \
Chris@2374:     -u "$user" \
Chris@2374:     -p @keychain:altool 2>&1 | tee "$uuidfile"
Chris@2066: 
Chris@2374: uuid=$(cat "$uuidfile" | grep RequestUUID | awk '{ print $3; }')
Chris@2374: 
Chris@2374: if [ -z "$uuid" ]; then
Chris@2374:     echo
Chris@2374:     echo "Failed (no UUID returned, check output)"
Chris@2374:     exit 1
Chris@2374: fi
Chris@2374: 
Chris@2374: echo "Done, UUID is $uuid"
Chris@2374: 
Chris@2374: echo
Chris@2374: echo "Waiting and checking for completion..."
Chris@2374: 
Chris@2374: while true ; do
Chris@2374:     sleep 30
Chris@2392: 
Chris@2392:     xcrun altool --notarization-info \
Chris@2392: 	"$uuid" \
Chris@2392: 	-u "$user" \
Chris@2392: 	-p @keychain:altool 2>&1 | tee "$statfile"
Chris@2392: 
Chris@2392:     if grep -q 'Package Approved' "$statfile"; then
Chris@2374: 	echo
Chris@2374: 	echo "Approved! Status output is:"
Chris@2392: 	cat "$statfile"
Chris@2374: 	break
Chris@2392:     elif grep -q 'in progress' "$statfile" ; then
Chris@2374: 	echo
Chris@2374: 	echo "Still in progress... Status output is:"
Chris@2392: 	cat "$statfile"
Chris@2374: 	echo "Waiting..."
Chris@2374:     else 
Chris@2374: 	echo
Chris@2374: 	echo "Failure or unknown status in output:"
Chris@2392: 	cat "$statfile"
Chris@2374: 	exit 2
Chris@2374:     fi
Chris@2374: done
Chris@2374: 
Chris@2374: echo
Chris@2374: echo "Stapling to package..."
Chris@2374: 
Chris@2374: xcrun stapler staple "$dmg" || exit 1
Chris@2374: