mac-notarization/notarize.sh at master · renpy/mac-notarization · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
#!/bin/bash

set -e

ROOT=$(dirname "$0")

. "$ROOT/config.txt"

if [ -e "$ROOT/config.local.txt" ]; then
    . "$ROOT/config.local.txt"
fi

if [ -z "$APPLEID" ]; then
    echo "Please edit config.txt to add information about your own accounts."
    exit 1
fi

project="$1"
command="$2"
app=$(find $project -name \*.app || true)

case "$command" in
    unpack_app)
        if [ -e "$project" ]; then
            echo "$project already exists, please remove it."
            exit 1
        fi

        if [ ! -e "$project.zip" ]; then
            echo "$project.zip doesn't exist."
            exit 1
        fi

        mkdir "$project"
        unzip -d "$project" "$project.zip"

        echo "Next, run $0 $project sign_app"
        ;;

    sign_app)
        cat >entitlements.plist <<EOT
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
    <true/>
</dict>
</plist>
EOT

        codesign --entitlements=entitlements.plist --options=runtime --timestamp --verbose -s "$IDENTITY" -f --deep --no-strict "$app"

        echo "Next, run $0 $project notarize_app"

        ;;

    notarize_app)

        zip -r "$project-app.zip" "$app"

        xcrun notarytool submit --apple-id "$APPLEID" --password "$PASSWORD" --team-id "$TEAM_ID" --wait "$project-app.zip"

        echo "Next, run $0 $project staple_app"

        ;;

    staple_app)       xcrun stapler staple "$app"

        echo "Next, run $0 $project pack_dmg"

        ;;


    pack_dmg)

        hdiutil create -fs 'HFS+' -format UDBZ -ov -volname "$project" -srcfolder "$project" "$project.dmg"

        echo "Next, run $0 $project sign_dmg"

        ;;

    sign_dmg)

        codesign --timestamp --verbose -s "$IDENTITY" -f  "$project.dmg"

        echo "Next, run $0 $project notarize_dmg"

        ;;

    notarize_dmg)

        xcrun notarytool submit --apple-id "$APPLEID" --password "$PASSWORD" --team-id "$TEAM_ID" --wait "$project.dmg"

        echo "Done. Now run $0 $project staple_dmg"

        ;;

    staple_dmg)

        xcrun stapler staple "$project.dmg"

        echo "All done. You can give $project.dmg to anyone who wants it."

        ;;

    status)

        echo "Status is no longer required."

        ;;

    auto|step1)


        "$0" "$project" unpack_app
        "$0" "$project" sign_app
        "$0" "$project" notarize_app
        "$0" "$project" staple_app
        "$0" "$project" pack_dmg
        "$0" "$project" sign_dmg
        "$0" "$project" notarize_dmg
        "$0" "$project" staple_dmg

        ;;

    shiro)

        echo "There are no easter eggs in this project."

        ;;

    *)
        cat <<EOT
usage: $0 <project> <command>

Possible commands are:

    auto
        unpack_app
        sign_app
        notarize_app
        staple_app
        pack_dmg
        sign_dmg
        notarize_dmg
        staple_dmg

EOT
        ;;
esac