Mac app notarization from the command line
| .PHONY: notarize | |
| SIGNING_CERTIFICATE := $(shell security find-certificate -Z -c "Developer ID Application:" | grep "SHA-1" | awk 'NF { print $$NF }') | |
| TEAM_ID := $(shell security find-certificate -c "Developer ID Application:" | grep "alis" | awk 'NF { print $$NF }' | tr -d \(\)\") | |
| EXPORT_PATH := $(XCS_ARCHIVE)/Submissions | |
| BUNDLE_APP := $(EXPORT_PATH)/NewMacApp.app | |
| BUNDLE_ZIP := $(EXPORT_PATH)/NewMacApp.zip | |
| UPLOAD_INFO_PLIST := $(EXPORT_PATH)/UploadInfo.plist | |
| REQUEST_INFO_PLIST := $(EXPORT_PATH)/RequestInfo.plist | |
| AUDIT_INFO_JSON := $(EXPORT_PATH)/AuditInfo.json | |
| PRODUCT_DIR := $(XCS_ARCHIVE)/Products/Applications | |
| PRODUCT_APP := $(PRODUCT_DIR)/NewMacApp.app | |
| define notify | |
| @ /usr/bin/osascript -e 'display notification $2 with title $1' | |
| endef | |
| define wait_while_in_progress | |
| while true; do \ | |
| /usr/bin/xcrun altool --notarization-info `/usr/libexec/PlistBuddy -c "Print :notarization-upload:RequestUUID" $(UPLOAD_INFO_PLIST)` -u $(DEVELOPER_USERNAME) -p $(DEVELOPER_PASSWORD) --output-format xml > $(REQUEST_INFO_PLIST) ;\ | |
| if [ `/usr/libexec/PlistBuddy -c "Print :notarization-info:Status" $(REQUEST_INFO_PLIST)` != "in progress" ]; then \ | |
| break ;\ | |
| fi ;\ | |
| /usr/bin/osascript -e 'display notification "Zzz…" with title "Notarization"' ;\ | |
| sleep 60 ;\ | |
| done | |
| endef | |
| notarize: | |
| $(call notify, "Notarization", "Replacing export options…") | |
| /usr/bin/plutil -replace signingCertificate -string $(SIGNING_CERTIFICATE) ExportOptions.plist | |
| /usr/bin/plutil -replace teamID -string $(TEAM_ID) ExportOptions.plist | |
| $(call notify, "Notarization", "Exporting an archive…") | |
| /usr/bin/xcrun xcodebuild -exportArchive -archivePath $(XCS_ARCHIVE) -exportPath $(EXPORT_PATH) -exportOptionsPlist ./ExportOptions.plist -IDEPostProgressNotifications=YES -DVTAllowServerCertificates=YES -DVTProvisioningUseServerAccounts=YES -configuration Release | |
| $(call notify, "Notarization", "Building a ZIP archive…") | |
| /usr/bin/ditto -c -k --keepParent $(BUNDLE_APP) $(BUNDLE_ZIP) | |
| $(call notify, "Notarization", "Uploading for notarization…") | |
| /usr/bin/xcrun altool --notarize-app --primary-bundle-id "app.nativeconnect.NewMacApp.zip" -u $(DEVELOPER_USERNAME) -p $(DEVELOPER_PASSWORD) -f $(BUNDLE_ZIP) --output-format xml > $(UPLOAD_INFO_PLIST) | |
| $(call notify, "Notarization", "Waiting while notarized…") | |
| /usr/bin/xcrun altool --notarization-info `/usr/libexec/PlistBuddy -c "Print :notarization-upload:RequestUUID" $(UPLOAD_INFO_PLIST)` -u $(DEVELOPER_USERNAME) -p $(DEVELOPER_PASSWORD) --output-format xml > $(REQUEST_INFO_PLIST) | |
| $(call wait_while_in_progress) | |
| $(call notify, "Notarization", "Downloading log file…") | |
| /usr/bin/curl -o $(AUDIT_INFO_JSON) `/usr/libexec/PlistBuddy -c "Print :notarization-info:LogFileURL" $(REQUEST_INFO_PLIST)` | |
| if [ `/usr/libexec/PlistBuddy -c "Print :notarization-info:Status" $(REQUEST_INFO_PLIST)` != "success" ]; then \ | |
| false; \ | |
| fi | |
| $(call notify, "Notarization", "Stapling…") | |
| /usr/bin/xcrun stapler staple $(BUNDLE_APP) | |
| $(call notify, "Notarization", "Replacing original for Hockey…") | |
| rm -rf $(PRODUCT_APP) | |
| mv $(BUNDLE_APP) $(PRODUCT_DIR)/ | |
| $(call notify, "Notarization", "✅ Done!") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment