Last active
May 7, 2024 16:50
-
-
Save darjeelingsteve/fb0bd695d3b957f2d5ccd0b7c2e4c645 to your computer and use it in GitHub Desktop.
Swift Package Binary Code-signing and Notarisation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# See https://darjeelingsteve.com/articles/Notarising-Swift-Package-Development-Tools-for-Distribution.html for a full description | |
printHelp() { | |
read -r -d '' HELP << EOM | |
Usage: | |
build-and-sign.sh <tool-name> <version-number> | |
EOM | |
>&2 echo "$HELP" | |
} | |
if [ $# -ne 2 ]; then | |
printHelp | |
exit 1 | |
fi | |
tool_name=$1 | |
version_number=$2 | |
# Build the package | |
xcrun swift build -c release --arch arm64 --arch x86_64 | |
# Remove existing build artefact (if any) | |
rm $tool_name | |
# Copy the built binary to the current directory | |
ditto .build/apple/Products/Release/$tool_name . | |
# Codesign the binary. `-o runtime` specifies the hardened runtime | |
codesign -o runtime -s "<developer-id-identity>" $tool_name | |
# Zip the signed binary | |
ditto -c -k $tool_name $tool_name-$version_number.zip | |
# Upload the signed zip file to the notary service | |
xcrun notarytool submit $tool_name-$version_number.zip --keychain-profile "NOTARY_PASSWORD" --wait |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment