Skip to content

Instantly share code, notes, and snippets.

@YesThatAllen
Created July 12, 2019 20:02
Show Gist options
  • Save YesThatAllen/d9660303ba65acdb40e8e441064f18eb to your computer and use it in GitHub Desktop.
Save YesThatAllen/d9660303ba65acdb40e8e441064f18eb to your computer and use it in GitHub Desktop.
Mac app notarization from the command line
.PHONY: notarize
SIGNING_CERTIFICATE := $(shell security find-certificate -Z -c "Developer ID Application:" | grep "SHA-1" | awk 'NF { print $$NF }')
TEAM_ID := $(shell security find-certificate -c "Developer ID Application:" | grep "alis" | awk 'NF { print $$NF }' | tr -d \(\)\")
EXPORT_PATH := $(XCS_ARCHIVE)/Submissions
BUNDLE_APP := $(EXPORT_PATH)/NewMacApp.app
BUNDLE_ZIP := $(EXPORT_PATH)/NewMacApp.zip
UPLOAD_INFO_PLIST := $(EXPORT_PATH)/UploadInfo.plist
REQUEST_INFO_PLIST := $(EXPORT_PATH)/RequestInfo.plist
AUDIT_INFO_JSON := $(EXPORT_PATH)/AuditInfo.json
PRODUCT_DIR := $(XCS_ARCHIVE)/Products/Applications
PRODUCT_APP := $(PRODUCT_DIR)/NewMacApp.app
define notify
@ /usr/bin/osascript -e 'display notification $2 with title $1'
endef
define wait_while_in_progress
while true; do \
/usr/bin/xcrun altool --notarization-info `/usr/libexec/PlistBuddy -c "Print :notarization-upload:RequestUUID" $(UPLOAD_INFO_PLIST)` -u $(DEVELOPER_USERNAME) -p $(DEVELOPER_PASSWORD) --output-format xml > $(REQUEST_INFO_PLIST) ;\
if [ `/usr/libexec/PlistBuddy -c "Print :notarization-info:Status" $(REQUEST_INFO_PLIST)` != "in progress" ]; then \
break ;\
fi ;\
/usr/bin/osascript -e 'display notification "Zzz…" with title "Notarization"' ;\
sleep 60 ;\
done
endef
notarize:
$(call notify, "Notarization", "Replacing export options…")
/usr/bin/plutil -replace signingCertificate -string $(SIGNING_CERTIFICATE) ExportOptions.plist
/usr/bin/plutil -replace teamID -string $(TEAM_ID) ExportOptions.plist
$(call notify, "Notarization", "Exporting an archive…")
/usr/bin/xcrun xcodebuild -exportArchive -archivePath $(XCS_ARCHIVE) -exportPath $(EXPORT_PATH) -exportOptionsPlist ./ExportOptions.plist -IDEPostProgressNotifications=YES -DVTAllowServerCertificates=YES -DVTProvisioningUseServerAccounts=YES -configuration Release
$(call notify, "Notarization", "Building a ZIP archive…")
/usr/bin/ditto -c -k --keepParent $(BUNDLE_APP) $(BUNDLE_ZIP)
$(call notify, "Notarization", "Uploading for notarization…")
/usr/bin/xcrun altool --notarize-app --primary-bundle-id "app.nativeconnect.NewMacApp.zip" -u $(DEVELOPER_USERNAME) -p $(DEVELOPER_PASSWORD) -f $(BUNDLE_ZIP) --output-format xml > $(UPLOAD_INFO_PLIST)
$(call notify, "Notarization", "Waiting while notarized…")
/usr/bin/xcrun altool --notarization-info `/usr/libexec/PlistBuddy -c "Print :notarization-upload:RequestUUID" $(UPLOAD_INFO_PLIST)` -u $(DEVELOPER_USERNAME) -p $(DEVELOPER_PASSWORD) --output-format xml > $(REQUEST_INFO_PLIST)
$(call wait_while_in_progress)
$(call notify, "Notarization", "Downloading log file…")
/usr/bin/curl -o $(AUDIT_INFO_JSON) `/usr/libexec/PlistBuddy -c "Print :notarization-info:LogFileURL" $(REQUEST_INFO_PLIST)`
if [ `/usr/libexec/PlistBuddy -c "Print :notarization-info:Status" $(REQUEST_INFO_PLIST)` != "success" ]; then \
false; \
fi
$(call notify, "Notarization", "Stapling…")
/usr/bin/xcrun stapler staple $(BUNDLE_APP)
$(call notify, "Notarization", "Replacing original for Hockey…")
rm -rf $(PRODUCT_APP)
mv $(BUNDLE_APP) $(PRODUCT_DIR)/
$(call notify, "Notarization", "✅ Done!")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment