From 6e0daa53250c14d2a7bf0500627116a9994f20aa Mon Sep 17 00:00:00 2001 From: Brandon Evans Date: Mon, 18 Jan 2021 19:38:37 -0700 Subject: [PATCH] Add notarization script --- README.md | 2 +- Scripts/notarize.sh | 69 ++++++++++++++++++++++++++++++++++++++ Scripts/package_release.sh | 12 +++---- 3 files changed, 76 insertions(+), 7 deletions(-) create mode 100755 Scripts/notarize.sh diff --git a/README.md b/README.md index 66e528e..581e8da 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,7 @@ git push --follow-tags scripts/package_release.sh # Notarize the app -... +scripts/notarize.sh "test@example.com" "@keychain:altool" MyOrg Product/Xcodes.zip # Go to https://github.com/RobotsAndPencils/XcodesApp/releases # Edit the latest draft release diff --git a/Scripts/notarize.sh b/Scripts/notarize.sh new file mode 100755 index 0000000..89de6d4 --- /dev/null +++ b/Scripts/notarize.sh @@ -0,0 +1,69 @@ +#!/bin/sh +# +# Notarize +# +# Uploads to Apple's notarization service, polls until it completes, staples the ticket to the built app, then creates a new zip. +# +# Requires four arguments: +# - Apple ID username +# - Apple ID app-specific password (store this in your Keychain and use the @keychain:$NAME syntax to prevent your password from being added to your shell history) +# - App Store Connect provider name +# - Path to .app to upload +# +# Assumes that there's a .app beside the .zip with the same name so it can be stapled and re-zipped. +# +# E.g. notarize.sh "test@example.com" "@keychain:altool" MyOrg Xcodes.zip +# +# https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution/customizing_the_notarization_workflow +# Adapted from https://github.com/keybase/client/blob/46f5df0aa64ff19198ba7b044bbb7cd907c0be9f/packaging/desktop/package_darwin.sh + +username="$1" +password="$2" +asc_provider="$3" +file="$4" + +echo "Uploading to notarization service" + +uuid=$(xcrun altool \ + --notarize-app \ + --primary-bundle-id "com.robotsandpencils.XcodesApp.zip" \ + --username "$username" \ + --password "$password" \ + --asc-provider "$asc_provider" \ + --file "$file" 2>&1 | \ + grep 'RequestUUID' | \ + awk '{ print $3 }') + +echo "Successfully uploaded to notarization service, polling for result: $uuid" + +sleep 15 + while : + do + fullstatus=$(xcrun altool \ + --notarization-info "$uuid" \ + --username "$username" \ + --password "$password" \ + --asc-provider "$asc_provider" 2>&1) + status=$(echo "$fullstatus" | grep 'Status\:' | awk '{ print $2 }') + if [ "$status" = "success" ]; then + echo "Notarization success" + exit 0 + elif [ "$status" = "in" ]; then + echo "Notarization still in progress, sleeping for 15 seconds and trying again" + sleep 15 + else + echo "Notarization failed, full status below" + echo "$fullstatus" + exit 1 + fi + done + +# Remove .zip +rm $file + +# Staple ticket to .app +app_path="$(basename -s ".zip" "$file").app" +xcrun stapler staple "$app_path" + +# Zip the stapled app for distribution +zip -r "$file" "$app_path" diff --git a/Scripts/package_release.sh b/Scripts/package_release.sh index 32b6432..d4fbb7d 100755 --- a/Scripts/package_release.sh +++ b/Scripts/package_release.sh @@ -2,7 +2,7 @@ # # Package release # -# This will build and archive the app and then compress it in a .zip file +# This will build and archive the app and then compress it in a .zip file at Product/Xcodes.zip # You must already have all required code signing assets installed on your computer PROJECT_NAME=Xcodes @@ -10,9 +10,6 @@ PROJECT_DIR=$(pwd)/$PROJECT_NAME/Resources SCRIPTS_DIR=$(pwd)/Scripts INFOPLIST_FILE="Info.plist" -CFBundleVersion=$(/usr/libexec/PlistBuddy -c "Print CFBundleVersion" "${PROJECT_DIR}/${INFOPLIST_FILE}") -CFBundleShortVersionString=$(/usr/libexec/PlistBuddy -c "Print CFBundleShortVersionString" "${PROJECT_DIR}/${INFOPLIST_FILE}") - # Ensure a clean build rm -rf Archive/* rm -rf Product/* @@ -20,5 +17,8 @@ xcodebuild clean -project $PROJECT_NAME.xcodeproj -configuration Release -alltar # Archive the app and export for release distribution xcodebuild archive -project $PROJECT_NAME.xcodeproj -scheme $PROJECT_NAME -archivePath Archive/$PROJECT_NAME.xcarchive -xcodebuild -archivePath Archive/$PROJECT_NAME.xcarchive -exportArchive -exportPath Product/$PROJECT_NAME.app -exportOptionsPlist "${SCRIPTS_DIR}/export_options.plist" -zip -r "Product/$PROJECT_NAME.v${CFBundleShortVersionString}.b${CFBundleVersion}.zip" Product/$PROJECT_NAME.app +xcodebuild -archivePath Archive/$PROJECT_NAME.xcarchive -exportArchive -exportPath Product/$PROJECT_NAME -exportOptionsPlist "${SCRIPTS_DIR}/export_options.plist" +cp -r "Product/$PROJECT_NAME/$PROJECT_NAME.app" "Product/$PROJECT_NAME.app" + +# Create a ZIP archive suitable for altool. +/usr/bin/ditto -c -k --keepParent "Product/$PROJECT_NAME.app" "Product/$PROJECT_NAME.zip"