CI: Use xcrun notarytool instead of xcnotary
xcnotary was discontinued since Apple now provides `xcrun notarytool`. This commit used `xcrun notarytool` to notarize the package.master
parent
c9859e5afc
commit
8af6b79044
|
@ -157,7 +157,7 @@ read_codesign_ident() {
|
|||
# + Your Apple developer ID is needed for notarization
|
||||
# + An app-specific password is necessary for notarization from CLI
|
||||
# + This password will be stored in your macOS keychain under the identifier
|
||||
# 'OBS-Codesign-Password' with access Apple's 'altool' only.
|
||||
# 'OBS-Codesign-Password' with access Apple's 'notarytool' only.
|
||||
##############################################################################
|
||||
|
||||
read_codesign_pass() {
|
||||
|
@ -174,8 +174,8 @@ read_codesign_pass() {
|
|||
|
||||
step "Update notarization keychain..."
|
||||
|
||||
echo -n "${COLOR_ORANGE}"
|
||||
/usr/bin/xcrun altool --store-password-in-keychain-item "OBS-Codesign-Password" -u "${CODESIGN_IDENT_USER}" -p "${CODESIGN_IDENT_PASS}"
|
||||
echo -n "${COLOR_RESET}"
|
||||
CODESIGN_IDENT_SHORT=$(echo "${CODESIGN_IDENT}" | /usr/bin/sed -En "s/.+\((.+)\)/\1/p")
|
||||
echo -n "${COLOR_ORANGE}"
|
||||
/usr/bin/xcrun notarytool store-credentials "OBS-Codesign-Password" --apple-id "${CODESIGN_IDENT_USER}" --team-id "${CODESIGN_IDENT_SHORT}" --password "${CODESIGN_IDENT_PASS}"
|
||||
echo -n "${COLOR_RESET}"
|
||||
}
|
||||
|
|
|
@ -47,31 +47,21 @@ notarize_obs() {
|
|||
exit 1
|
||||
fi
|
||||
|
||||
if ! exists xcnotary; then
|
||||
step "Install notarization dependency 'xcnotary'"
|
||||
brew install akeru-inc/tap/xcnotary
|
||||
fi
|
||||
|
||||
ensure_dir "${CHECKOUT_DIR}"
|
||||
|
||||
if [ "${NOTARIZE_IMAGE}" ]; then
|
||||
trap "_caught_error_xcnotary '${NOTARIZE_IMAGE}'" ERR
|
||||
trap "_caught_error_hdiutil_verify '${NOTARIZE_IMAGE}'" ERR
|
||||
|
||||
step "Attach OBS disk image ${NOTARIZE_IMAGE}..."
|
||||
hdiutil attach -readonly -noverify -noautoopen -quiet "${NOTARIZE_IMAGE}"
|
||||
step "Verify OBS disk image ${NOTARIZE_IMAGE}..."
|
||||
hdiutil verify "${NOTARIZE_IMAGE}"
|
||||
|
||||
VOLUME_NAME=$(hdiutil info -plist | grep "/Volumes/OBS-" | sed 's/<string>\/Volumes\/\([^<]*\)<\/string>/\1/' | sed -e 's/^[[:space:]]*//')
|
||||
PRECHECK="/Volumes/${VOLUME_NAME}/OBS.app"
|
||||
NOTARIZE_TARGET="${NOTARIZE_IMAGE}"
|
||||
elif [ "${NOTARIZE_BUNDLE}" ]; then
|
||||
PRECHECK="${NOTARIZE_BUNDLE}"
|
||||
NOTARIZE_TARGET="${NOTARIZE_BUNDLE}"
|
||||
else
|
||||
OBS_IMAGE="${BUILD_DIR}/${FILE_NAME}"
|
||||
|
||||
if [ -f "${OBS_IMAGE}" ]; then
|
||||
OBS_BUNDLE=$(/usr/bin/find "${BUILD_DIR}/_CPack_Packages" -type d -name "OBS.app")
|
||||
PRECHECK="${OBS_BUNDLE}"
|
||||
NOTARIZE_TARGET="${OBS_IMAGE}"
|
||||
else
|
||||
error "No notarization application bundle ('OBS.app') or disk image ('${NOTARIZE_IMAGE:-${FILE_NAME}}') found"
|
||||
|
@ -79,30 +69,20 @@ notarize_obs() {
|
|||
fi
|
||||
fi
|
||||
|
||||
step "Run notarization pre-checks on OBS.app..."
|
||||
xcnotary precheck "${PRECHECK}"
|
||||
|
||||
if [ "$?" -eq 0 ]; then
|
||||
read_codesign_ident
|
||||
read_codesign_pass
|
||||
|
||||
step "Run xcnotary with ${NOTARIZE_TARGET}..."
|
||||
xcnotary notarize "${NOTARIZE_TARGET}" --developer-account "${CODESIGN_IDENT_USER}" --developer-password-keychain-item "OBS-Codesign-Password" --provider "${CODESIGN_IDENT_SHORT}"
|
||||
fi
|
||||
step "Notarize ${NOTARIZE_TARGET}..."
|
||||
/usr/bin/xcrun notarytool submit "${NOTARIZE_TARGET}" --keychain-profile "OBS-Codesign-Password" --wait
|
||||
|
||||
if [ "${NOTARIZE_IMAGE}" -a -d "/Volumes/${VOLUME_NAME}" ]; then
|
||||
step "Detach OBS disk image ${NOTARIZE_IMAGE}..."
|
||||
hdiutil detach "/Volumes/${VOLUME_NAME}" -quiet
|
||||
step "Staple the ticket to ${NOTARIZE_TARGET}..."
|
||||
/usr/bin/xcrun stapler staple "${NOTARIZE_TARGET}"
|
||||
fi
|
||||
}
|
||||
|
||||
_caught_error_xcnotary() {
|
||||
error "ERROR during notarization of image '${1}'"
|
||||
|
||||
if [ -d "/Volumes/${1}" ]; then
|
||||
step "Detach OBS disk image ${1}..."
|
||||
hdiutil detach "/Volumes/${1}" -quiet
|
||||
fi
|
||||
_caught_error_hdiutil_verify() {
|
||||
error "ERROR during verifying image '${1}'"
|
||||
|
||||
cleanup
|
||||
exit 1
|
||||
|
|
Loading…
Reference in New Issue