Last active
March 5, 2023 02:04
-
-
Save MagerValp/5c1e022e820e82bace5487ceba4b1bda to your computer and use it in GitHub Desktop.
Notarize a signed macOS installer package
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -o errexit | |
| set -o pipefail | |
| if ! source notarization_config.sh; then | |
| # Configure here and add the password for your Apple ID to the keychain: | |
| # security add-generic-password -a "_NOTARIZATION_APPLE_ID_" -w "_APP_SPECIFIC_PASSWORD_" -s "NOTARIZATION_PASSWORD" | |
| USERNAME="_NOTARIZATION_APPLE_ID_" | |
| PASSWORD="@keychain:NOTARIZATION_PASSWORD" | |
| ASC_PROVIDER="_DEVELOPER_TEAM_PROVIDER_ID_" | |
| fi | |
| declare -ri EX_OK=0 ; declare -ri EX_USAGE=64 ; declare -ri EX_DATAERR=65 ; declare -ri EX_NOINPUT=66 | |
| declare -ri EX_NOUSER=67 ; declare -ri EX_NOHOST=68 ; declare -ri EX_UNAVAILABLE=69 ; declare -ri EX_SOFTWARE=70 | |
| declare -ri EX_OSERR=71 ; declare -ri EX_OSFILE=72 ; declare -ri EX_CANTCREAT=73 ; declare -ri EX_IOERR=74 | |
| declare -ri EX_TEMPFAIL=75 ; declare -ri EX_PROTOCOL=76 ; declare -ri EX_NOPERM=77 ; declare -ri EX_CONFIG=78 | |
| die() { | |
| echo "$2" 1>&2 | |
| exit $1 | |
| } | |
| if [[ $# -ne 1 ]]; then | |
| die $EX_USAGE "Usage: $0 package_to_notarize.pkg" | |
| fi | |
| pkg="$1" | |
| echo "πΈ Submitting $pkg for notarization" | |
| altool_output=$( \ | |
| xcrun altool --notarize-app \ | |
| --username "$USERNAME" --password "$PASSWORD" --asc-provider "$ASC_PROVIDER" \ | |
| --primary-bundle-id "se.gu.it.pkg.$(uuidgen)" \ | |
| --file "$pkg" \ | |
| ) | |
| notarize_uuid=$( echo "$altool_output" | grep RequestUUID | awk '{print $3'} ) | |
| if [[ "$notarize_uuid" != ????????-????-????-????-???????????? ]]; then | |
| die $EX_UNAVAILABLE "βοΈ Notarization submission failed" | |
| fi | |
| echo "πΈ Waiting for notarization with id $notarize_uuid" | |
| PROGRESS=( π΄ π π΄ π π΄ π π΄ π π΄ π π΄ π π΄ π π΄ π π€¨ π€ π‘ π€¬ ) | |
| timeout="true" | |
| for i in {1..20}; do | |
| sleep 30 | |
| progress=$( xcrun altool --username "$USERNAME" --password "$PASSWORD" --notarization-info "$notarize_uuid" || echo "Progress check failed" ) | |
| if [[ "$progress" =~ "Progress check failed" ]] ; then | |
| die $EX_UNAVAILABLE "βοΈ Notarization progress check for $notarize_uuid failed, exiting" | |
| fi | |
| if [[ "$progress" =~ "Invalid" ]] ; then | |
| die $EX_UNAVAILABLE "βοΈ Notarization failed:"$'\n'"$progress" | |
| fi | |
| if [[ "$progress" =~ "success" ]]; then | |
| timeout="false" | |
| break | |
| else | |
| echo -n ${PROGRESS[$i]}$'\r' 1>&2 | |
| fi | |
| done | |
| if [[ "$timeout" == "true" ]]; then | |
| die $EX_UNAVAILABLE "β² Timed out, wait for email instead" | |
| fi | |
| echo "πΈ Stapling package" | |
| xcrun stapler staple "$pkg" | |
| exit $EX_OK |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment