CI: Use xcrun notarytool instead of xcnotary
xcnotary was discontinued since Apple now provides `xcrun notarytool`. This commit used `xcrun notarytool` to notarize the package.master
Norihiro Kamae
Patrick Heyer
parent
c9859e5afc
commit
8af6b79044
|
|
@ -157,7 +157,7 @@ read_codesign_ident() {
|
||||||
# + Your Apple developer ID is needed for notarization
|
# + Your Apple developer ID is needed for notarization
|
||||||
# + An app-specific password is necessary for notarization from CLI
|
# + An app-specific password is necessary for notarization from CLI
|
||||||
# + This password will be stored in your macOS keychain under the identifier
|
# + This password will be stored in your macOS keychain under the identifier
|
||||||
# 'OBS-Codesign-Password' with access Apple's 'altool' only.
|
# 'OBS-Codesign-Password' with access Apple's 'notarytool' only.
|
||||||
##############################################################################
|
##############################################################################
|
||||||
|
|
||||||
read_codesign_pass() {
|
read_codesign_pass() {
|
||||||
|
|
@ -174,8 +174,8 @@ read_codesign_pass() {
|
||||||
|
|
||||||
step "Update notarization keychain..."
|
step "Update notarization keychain..."
|
||||||
|
|
||||||
echo -n "${COLOR_ORANGE}"
|
|
||||||
/usr/bin/xcrun altool --store-password-in-keychain-item "OBS-Codesign-Password" -u "${CODESIGN_IDENT_USER}" -p "${CODESIGN_IDENT_PASS}"
|
|
||||||
echo -n "${COLOR_RESET}"
|
|
||||||
CODESIGN_IDENT_SHORT=$(echo "${CODESIGN_IDENT}" | /usr/bin/sed -En "s/.+\((.+)\)/\1/p")
|
CODESIGN_IDENT_SHORT=$(echo "${CODESIGN_IDENT}" | /usr/bin/sed -En "s/.+\((.+)\)/\1/p")
|
||||||
|
echo -n "${COLOR_ORANGE}"
|
||||||
|
/usr/bin/xcrun notarytool store-credentials "OBS-Codesign-Password" --apple-id "${CODESIGN_IDENT_USER}" --team-id "${CODESIGN_IDENT_SHORT}" --password "${CODESIGN_IDENT_PASS}"
|
||||||
|
echo -n "${COLOR_RESET}"
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -47,31 +47,21 @@ notarize_obs() {
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! exists xcnotary; then
|
|
||||||
step "Install notarization dependency 'xcnotary'"
|
|
||||||
brew install akeru-inc/tap/xcnotary
|
|
||||||
fi
|
|
||||||
|
|
||||||
ensure_dir "${CHECKOUT_DIR}"
|
ensure_dir "${CHECKOUT_DIR}"
|
||||||
|
|
||||||
if [ "${NOTARIZE_IMAGE}" ]; then
|
if [ "${NOTARIZE_IMAGE}" ]; then
|
||||||
trap "_caught_error_xcnotary '${NOTARIZE_IMAGE}'" ERR
|
trap "_caught_error_hdiutil_verify '${NOTARIZE_IMAGE}'" ERR
|
||||||
|
|
||||||
step "Attach OBS disk image ${NOTARIZE_IMAGE}..."
|
step "Verify OBS disk image ${NOTARIZE_IMAGE}..."
|
||||||
hdiutil attach -readonly -noverify -noautoopen -quiet "${NOTARIZE_IMAGE}"
|
hdiutil verify "${NOTARIZE_IMAGE}"
|
||||||
|
|
||||||
VOLUME_NAME=$(hdiutil info -plist | grep "/Volumes/OBS-" | sed 's/<string>\/Volumes\/\([^<]*\)<\/string>/\1/' | sed -e 's/^[[:space:]]*//')
|
|
||||||
PRECHECK="/Volumes/${VOLUME_NAME}/OBS.app"
|
|
||||||
NOTARIZE_TARGET="${NOTARIZE_IMAGE}"
|
NOTARIZE_TARGET="${NOTARIZE_IMAGE}"
|
||||||
elif [ "${NOTARIZE_BUNDLE}" ]; then
|
elif [ "${NOTARIZE_BUNDLE}" ]; then
|
||||||
PRECHECK="${NOTARIZE_BUNDLE}"
|
|
||||||
NOTARIZE_TARGET="${NOTARIZE_BUNDLE}"
|
NOTARIZE_TARGET="${NOTARIZE_BUNDLE}"
|
||||||
else
|
else
|
||||||
OBS_IMAGE="${BUILD_DIR}/${FILE_NAME}"
|
OBS_IMAGE="${BUILD_DIR}/${FILE_NAME}"
|
||||||
|
|
||||||
if [ -f "${OBS_IMAGE}" ]; then
|
if [ -f "${OBS_IMAGE}" ]; then
|
||||||
OBS_BUNDLE=$(/usr/bin/find "${BUILD_DIR}/_CPack_Packages" -type d -name "OBS.app")
|
|
||||||
PRECHECK="${OBS_BUNDLE}"
|
|
||||||
NOTARIZE_TARGET="${OBS_IMAGE}"
|
NOTARIZE_TARGET="${OBS_IMAGE}"
|
||||||
else
|
else
|
||||||
error "No notarization application bundle ('OBS.app') or disk image ('${NOTARIZE_IMAGE:-${FILE_NAME}}') found"
|
error "No notarization application bundle ('OBS.app') or disk image ('${NOTARIZE_IMAGE:-${FILE_NAME}}') found"
|
||||||
|
|
@ -79,30 +69,20 @@ notarize_obs() {
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
step "Run notarization pre-checks on OBS.app..."
|
|
||||||
xcnotary precheck "${PRECHECK}"
|
|
||||||
|
|
||||||
if [ "$?" -eq 0 ]; then
|
if [ "$?" -eq 0 ]; then
|
||||||
read_codesign_ident
|
read_codesign_ident
|
||||||
read_codesign_pass
|
read_codesign_pass
|
||||||
|
|
||||||
step "Run xcnotary with ${NOTARIZE_TARGET}..."
|
step "Notarize ${NOTARIZE_TARGET}..."
|
||||||
xcnotary notarize "${NOTARIZE_TARGET}" --developer-account "${CODESIGN_IDENT_USER}" --developer-password-keychain-item "OBS-Codesign-Password" --provider "${CODESIGN_IDENT_SHORT}"
|
/usr/bin/xcrun notarytool submit "${NOTARIZE_TARGET}" --keychain-profile "OBS-Codesign-Password" --wait
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "${NOTARIZE_IMAGE}" -a -d "/Volumes/${VOLUME_NAME}" ]; then
|
step "Staple the ticket to ${NOTARIZE_TARGET}..."
|
||||||
step "Detach OBS disk image ${NOTARIZE_IMAGE}..."
|
/usr/bin/xcrun stapler staple "${NOTARIZE_TARGET}"
|
||||||
hdiutil detach "/Volumes/${VOLUME_NAME}" -quiet
|
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
_caught_error_xcnotary() {
|
_caught_error_hdiutil_verify() {
|
||||||
error "ERROR during notarization of image '${1}'"
|
error "ERROR during verifying image '${1}'"
|
||||||
|
|
||||||
if [ -d "/Volumes/${1}" ]; then
|
|
||||||
step "Detach OBS disk image ${1}..."
|
|
||||||
hdiutil detach "/Volumes/${1}" -quiet
|
|
||||||
fi
|
|
||||||
|
|
||||||
cleanup
|
cleanup
|
||||||
exit 1
|
exit 1
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue