Mercurial > hg > tony
comparison deploy/osx/notarize.sh @ 619:fe1a77d4aeaa
Update deployment scripts - make the copy-and-update-paths deployment a smaller unit that is run after any build, separate out signing, and add notarization script
| author | Chris Cannam |
|---|---|
| date | Thu, 10 Oct 2019 13:17:29 +0100 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 610:287b7b349a8a | 619:fe1a77d4aeaa |
|---|---|
| 1 #!/bin/bash | |
| 2 | |
| 3 ## The following assumes we have generated an app password at | |
| 4 ## appleid.apple.com and then stored it to keychain id "altool" using | |
| 5 ## e.g. | |
| 6 ## security add-generic-password -a "cannam+apple@all-day-breakfast.com" \ | |
| 7 ## -w "generated-app-password" -s "altool" | |
| 8 | |
| 9 ## NB to verify: | |
| 10 # spctl -a -v "/Applications/Application.app" | |
| 11 | |
| 12 user="cannam+apple@all-day-breakfast.com" | |
| 13 bundleid="uk.ac.qmul.eecs.c4dm.Tony" | |
| 14 | |
| 15 set -e | |
| 16 | |
| 17 dmg="$1" | |
| 18 | |
| 19 if [ ! -f "$dmg" ] || [ -n "$2" ]; then | |
| 20 echo "Usage: $0 <dmg>" | |
| 21 echo " e.g. $0 MyApplication-1.0.dmg" | |
| 22 exit 2 | |
| 23 fi | |
| 24 | |
| 25 set -u | |
| 26 | |
| 27 echo | |
| 28 echo "Uploading for notarization..." | |
| 29 | |
| 30 uuidfile=.notarization-uuid | |
| 31 rm -f "$uuidfile" | |
| 32 | |
| 33 xcrun altool --notarize-app \ | |
| 34 -f "$dmg" \ | |
| 35 --primary-bundle-id "$bundleid" \ | |
| 36 -u "$user" \ | |
| 37 -p @keychain:altool 2>&1 | tee "$uuidfile" | |
| 38 | |
| 39 uuid=$(cat "$uuidfile" | grep RequestUUID | awk '{ print $3; }') | |
| 40 | |
| 41 if [ -z "$uuid" ]; then | |
| 42 echo | |
| 43 echo "Failed (no UUID returned, check output)" | |
| 44 exit 1 | |
| 45 fi | |
| 46 | |
| 47 echo "Done, UUID is $uuid" | |
| 48 | |
| 49 echo | |
| 50 echo "Waiting and checking for completion..." | |
| 51 | |
| 52 while true ; do | |
| 53 sleep 30 | |
| 54 status=$(xcrun altool --notarization-info "$uuid" -u "$user" -p @keychain:altool 2>&1) | |
| 55 if echo "$status" | grep -q 'Package Approved' ; then | |
| 56 echo | |
| 57 echo "Approved! Status output is:" | |
| 58 echo "$status" | |
| 59 break | |
| 60 elif echo "$status" | grep -q 'in progress' ; then | |
| 61 echo | |
| 62 echo "Still in progress... Status output is:" | |
| 63 echo "$status" | |
| 64 echo "Waiting..." | |
| 65 else | |
| 66 echo | |
| 67 echo "Failure or unknown status in output:" | |
| 68 echo "$status" | |
| 69 exit 2 | |
| 70 fi | |
| 71 done | |
| 72 | |
| 73 echo | |
| 74 echo "Stapling to package..." | |
| 75 | |
| 76 xcrun stapler staple "$dmg" || exit 1 | |
| 77 |