From c98830d091d42b8f063fe6f0fb01387897f3ce5e Mon Sep 17 00:00:00 2001 From: SomberNight Date: Tue, 12 Dec 2023 00:48:46 +0000 Subject: [PATCH] mac build: follow-up prev (altool -> notarytool migration) related https://github.com/metabrainz/picard/commit/7ee078852a6c35b1cb62b4424b530b5b4817c5f8 --- contrib/osx/README.md | 7 ++++++- contrib/osx/notarize_app.sh | 20 +++++++++++++++----- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/contrib/osx/README.md b/contrib/osx/README.md index 1df7a8d4d..69cf8e331 100644 --- a/contrib/osx/README.md +++ b/contrib/osx/README.md @@ -88,14 +88,19 @@ Let brew install the Xcode CLI tools. This creates both a folder named Electrum.app and the .dmg file. -If you want the binaries codesigned for MacOS and notarised by Apple's central server, +##### 2.1. For release binaries, here be dragons + +If you want the binaries codesigned for macOS and notarised by Apple's central server, provide these env vars to the `make_osx.sh` script: CODESIGN_CERT="Developer ID Application: Electrum Technologies GmbH (L6P37P7P56)" \ + APPLE_TEAM_ID="L6P37P7P56" \ APPLE_ID_USER="me@email.com" \ APPLE_ID_PASSWORD="1234" \ ./contrib/osx/make_osx.sh +(note: `APPLE_ID_PASSWORD` is an app-specific password, *not* the account password) + ## Verifying reproducibility and comparing against official binary diff --git a/contrib/osx/notarize_app.sh b/contrib/osx/notarize_app.sh index a195c066c..7a3f44b78 100755 --- a/contrib/osx/notarize_app.sh +++ b/contrib/osx/notarize_app.sh @@ -24,10 +24,12 @@ ditto -c -k --rsrc --keepParent "$APP_BUNDLE" "${APP_BUNDLE}.zip" # Submit for notarization echo "Submitting $APP_BUNDLE for notarization..." RESULT=$(xcrun notarytool submit \ - --team-id $APPLE_TEAM_ID \ - --apple-id $APPLE_ID_USER \ - --password $APPLE_ID_PASSWORD \ + --team-id "$APPLE_TEAM_ID" \ + --apple-id "$APPLE_ID_USER" \ + --password "$APPLE_ID_PASSWORD" \ + --output-format plist \ --wait \ + --timeout 10m \ "${APP_BUNDLE}.zip" ) @@ -37,8 +39,16 @@ if [ $? -ne 0 ]; then exit 1 fi -# success -echo $RESULT +STATUS=$(echo "$RESULT" | xpath -e \ + "//key[normalize-space(text()) = 'status']/following-sibling::string[1]/text()" 2> /dev/null) + +if [ "$STATUS" = "Accepted" ]; then + echo "Notarization of $APP_BUNDLE succeeded!" +else + echo "Notarization of $APP_BUNDLE failed:" + echo "$RESULT" + exit 1 +fi # Staple the notary ticket xcrun stapler staple "$APP_BUNDLE"