mirror of
https://github.com/fish-shell/fish-shell.git
synced 2024-11-22 07:02:05 +08:00
macOS notarization: migrate from altool to notarytool
altool is deprecated and notarytool is much nicer. Switch to using it. This only affects the notarization process for macOS binaries.
This commit is contained in:
parent
d1741c42f3
commit
b42c00b706
|
@ -1,80 +1,22 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
# Helper to notarize an .app.zip or .pkg file.
|
# Helper to notarize an .app.zip or .pkg file.
|
||||||
# Based on https://www.logcg.com/en/archives/3222.html
|
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
die() { echo "$*" 1>&2 ; exit 1; }
|
die() { echo "$*" 1>&2 ; exit 1; }
|
||||||
|
|
||||||
check_status() {
|
|
||||||
echo "STATUS" $1
|
|
||||||
}
|
|
||||||
|
|
||||||
get_req_uuid() {
|
test "$#" -ge 1 || die "No paths specified."
|
||||||
RESPONSE=$(</dev/stdin)
|
|
||||||
if echo "$RESPONSE" | egrep -q "RequestUUID"; then
|
|
||||||
echo "$RESPONSE" | egrep RequestUUID | awk '{print $3'}
|
|
||||||
elif echo "$RESPONSE" | egrep -q "The upload ID is "; then
|
|
||||||
echo "$RESPONSE" | egrep -p "The upload ID is [-a-z0-9]+" | awk '{print $5}'
|
|
||||||
else
|
|
||||||
die "Could not get Request UUID"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
INPUT=$1
|
for INPUT in "$@"; do
|
||||||
AC_USER=$2
|
echo "Processing $INPUT"
|
||||||
|
test -f "$INPUT" || die "Not a file: $INPUT"
|
||||||
|
ext="${INPUT##*.}"
|
||||||
|
(test "$ext" = "zip" || test "$ext" = "pkg") || die "Unrecognized extension: $ext"
|
||||||
|
|
||||||
test -z "$AC_USER" && die "AC_USER not specified as second param"
|
xcrun notarytool submit "$INPUT" --keychain-profile AC_PASSWORD --wait
|
||||||
test -z "$INPUT" && die "No path specified"
|
|
||||||
test -f "$INPUT" || die "Not a file: $INPUT"
|
|
||||||
|
|
||||||
ext="${INPUT##*.}"
|
|
||||||
(test "$ext" = "zip" || test "$ext" = "pkg") || die "Unrecognized extension: $ext"
|
|
||||||
|
|
||||||
LOGFILE=$(mktemp -t mac_notarize_log)
|
|
||||||
AC_PASS="@keychain:AC_PASSWORD"
|
|
||||||
echo "Logs at $LOGFILE"
|
|
||||||
|
|
||||||
NOTARIZE_UUID=$(xcrun altool --notarize-app \
|
|
||||||
--primary-bundle-id "com.ridiculousfish.fish-shell" \
|
|
||||||
--username "$AC_USER" \
|
|
||||||
--password "$AC_PASS" \
|
|
||||||
--file "$INPUT" 2>&1 |
|
|
||||||
tee -a "$LOGFILE" |
|
|
||||||
get_req_uuid)
|
|
||||||
|
|
||||||
test -z "$NOTARIZE_UUID" && cat "$LOGFILE" && die "Could not get RequestUUID"
|
|
||||||
echo "RequestUUID: $NOTARIZE_UUID"
|
|
||||||
|
|
||||||
# notarization-info doesn't always know about our request immediately.
|
|
||||||
echo "Giving notarization-info a chance to catch up..."
|
|
||||||
sleep 15
|
|
||||||
|
|
||||||
success=0
|
|
||||||
for i in $(seq 20); do
|
|
||||||
echo "Checking progress..."
|
|
||||||
PROGRESS=$(xcrun altool --notarization-info "${NOTARIZE_UUID}" \
|
|
||||||
-u "$AC_USER" \
|
|
||||||
-p "$AC_PASS" 2>&1 |
|
|
||||||
tee -a "$LOGFILE")
|
|
||||||
echo "${PROGRESS}" | tail -n 1
|
|
||||||
|
|
||||||
if [ $? -ne 0 ] || [[ "${PROGRESS}" =~ "Invalid" ]] ; then
|
|
||||||
echo "Error with notarization. Exiting"
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! [[ "${PROGRESS}" =~ "in progress" ]]; then
|
|
||||||
success=1
|
|
||||||
break
|
|
||||||
else
|
|
||||||
echo "Not completed yet. Sleeping for 30 seconds."
|
|
||||||
fi
|
|
||||||
sleep 30
|
|
||||||
done
|
|
||||||
|
|
||||||
if [ $success -eq 1 ] ; then
|
|
||||||
if test "$ext" = "zip"; then
|
if test "$ext" = "zip"; then
|
||||||
TMPDIR=$(mktemp -d)
|
TMPDIR=$(mktemp -d)
|
||||||
echo "Extracting to $TMPDIR"
|
echo "Extracting to $TMPDIR"
|
||||||
|
@ -95,9 +37,9 @@ if [ $success -eq 1 ] ; then
|
||||||
cd "$(dirname "$STAPLE_TARGET")"
|
cd "$(dirname "$STAPLE_TARGET")"
|
||||||
zip -r -q "$INPUT_FULL" $(basename "$STAPLE_TARGET")
|
zip -r -q "$INPUT_FULL" $(basename "$STAPLE_TARGET")
|
||||||
fi
|
fi
|
||||||
fi
|
echo "Processed $INPUT"
|
||||||
echo "Processed $INPUT"
|
|
||||||
|
|
||||||
if test "$ext" = "zip"; then
|
if test "$ext" = "zip"; then
|
||||||
spctl -a -v "$STAPLE_TARGET"
|
spctl -a -v "$STAPLE_TARGET"
|
||||||
fi
|
fi
|
||||||
|
done
|
||||||
|
|
Loading…
Reference in New Issue
Block a user