ioquake/ioq3
0
0
Fork 0
mirror of https://github.com/ioquake/ioq3.git synced 2024-11-10 07:11:46 +00:00
Code Issues Projects Releases Packages Wiki Activity

Use notarytool for macOS notarization

Browse source 
- Apple has deprecated altool. It will stop working next year (the end of 2023 I think).
- The parameters to notarytool are much simpler. All you need to do is provide credentials via the notarytool store-credentials mechanism.
- Using notarytool is significantly faster than altool.
This commit is contained in:
Allen Cronce 2022-12-03 19:51:21 -08:00
parent 70d07d91d6
commit 76bd8a02d3
1 changed files with 12 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
make-macosx-ub2.sh
View file

@ -64,14 +64,9 @@ if [ "$1" == "notarize" ]; then
# identity as specified in Keychain # identity as specified in Keychain
SIGNING_IDENTITY="Developer ID Application: Your Name (XXXXXXXXX)" SIGNING_IDENTITY="Developer ID Application: Your Name (XXXXXXXXX)"
ASC_USERNAME="your@apple.id" # The keychain profile to use, previously created using the notarytool store-credentials
# command.
# signing password is app-specific (https://appleid.apple.com/account/manage) and stored in Keychain (as "notarize-app" in this case) KEYCHAIN_PROFILE="XXXXXXXXX"
ASC_PASSWORD="@keychain:notarize-app"
# ProviderShortname can be found with
# xcrun altool --list-providers -u your@apple.id -p "@keychain:notarize-app"
ASC_PROVIDER="XXXXXXXXX"
# **************************************************************************************** # ****************************************************************************************
source make-macosx-values.local source make-macosx-values.local
@ -88,8 +83,6 @@ if [ "$1" == "notarize" ]; then
# Post-notarized zip file (shipped) # Post-notarized zip file (shipped)
POST_NOTARIZED_ZIP="ioquake3_notarized.zip" POST_NOTARIZED_ZIP="ioquake3_notarized.zip"
BUNDLE_ID="org.ioquake3.ioquake3"
# allows for unsigned executable memory in hardened runtime # allows for unsigned executable memory in hardened runtime
# see: https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_allow-unsigned-executable-memory # see: https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_allow-unsigned-executable-memory
ENTITLEMENTS_FILE="misc/xcode/ioquake3/ioquake3.entitlements" ENTITLEMENTS_FILE="misc/xcode/ioquake3/ioquake3.entitlements"
@ -119,29 +112,17 @@ if [ "$1" == "notarize" ]; then
echo "submitting..." echo "submitting..."
# submit app for notarization # submit app for notarization
if xcrun altool --notarize-app --primary-bundle-id "$BUNDLE_ID" --asc-provider "$ASC_PROVIDER" --username "$ASC_USERNAME" --password "$ASC_PASSWORD" -f "$PRE_NOTARIZED_ZIP" > "$NOTARIZE_APP_LOG" 2>&1; then xcrun notarytool submit "$PRE_NOTARIZED_ZIP" --keychain-profile "$KEYCHAIN_PROFILE" --wait > "$NOTARIZE_APP_LOG" 2>&1
cat "$NOTARIZE_APP_LOG" result=$?
RequestUUID=$(awk -F ' = ' '/RequestUUID/ {print $2}' "$NOTARIZE_APP_LOG") if [[ $result -ne 0 ]]; then
# check status periodically
while sleep 60 && date; do
# check notarization status
if xcrun altool --notarization-info "$RequestUUID" --asc-provider "$ASC_PROVIDER" --username "$ASC_USERNAME" --password "$ASC_PASSWORD" > "$NOTARIZE_INFO_LOG" 2>&1; then
cat "$NOTARIZE_INFO_LOG"
# once notarization is complete, run stapler and exit
if ! grep -q "Status: in progress" "$NOTARIZE_INFO_LOG"; then
xcrun stapler staple "$RELEASE_BUILD"
break
fi
else
cat "$NOTARIZE_INFO_LOG" 1>&2
exit 1
fi
done
else
cat "$NOTARIZE_APP_LOG" 1>&2 cat "$NOTARIZE_APP_LOG" 1>&2
exit 1 exit 1
else
cat "$NOTARIZE_INFO_LOG"
# once notarization is complete, staple the result
echo "stapling..."
xcrun stapler staple "$RELEASE_BUILD"
fi fi
echo "notarized" echo "notarized"