Mac app notarization from the command line
.PHONY: notarize | |
SIGNING_CERTIFICATE := $(shell security find-certificate -Z -c "Developer ID Application:" | grep "SHA-1" | awk 'NF { print $$NF }') | |
TEAM_ID := $(shell security find-certificate -c "Developer ID Application:" | grep "alis" | awk 'NF { print $$NF }' | tr -d \(\)\") | |
EXPORT_PATH := $(XCS_ARCHIVE)/Submissions | |
BUNDLE_APP := $(EXPORT_PATH)/NewMacApp.app | |
BUNDLE_ZIP := $(EXPORT_PATH)/NewMacApp.zip | |
UPLOAD_INFO_PLIST := $(EXPORT_PATH)/UploadInfo.plist | |
REQUEST_INFO_PLIST := $(EXPORT_PATH)/RequestInfo.plist | |
AUDIT_INFO_JSON := $(EXPORT_PATH)/AuditInfo.json | |
PRODUCT_DIR := $(XCS_ARCHIVE)/Products/Applications | |
PRODUCT_APP := $(PRODUCT_DIR)/NewMacApp.app | |
define notify | |
@ /usr/bin/osascript -e 'display notification $2 with title $1' | |
endef | |
define wait_while_in_progress | |
while true; do \ | |
/usr/bin/xcrun altool --notarization-info `/usr/libexec/PlistBuddy -c "Print :notarization-upload:RequestUUID" $(UPLOAD_INFO_PLIST)` -u $(DEVELOPER_USERNAME) -p $(DEVELOPER_PASSWORD) --output-format xml > $(REQUEST_INFO_PLIST) ;\ | |
if [ `/usr/libexec/PlistBuddy -c "Print :notarization-info:Status" $(REQUEST_INFO_PLIST)` != "in progress" ]; then \ | |
break ;\ | |
fi ;\ | |
/usr/bin/osascript -e 'display notification "Zzz…" with title "Notarization"' ;\ | |
sleep 60 ;\ | |
done | |
endef | |
notarize: | |
$(call notify, "Notarization", "Replacing export options…") | |
/usr/bin/plutil -replace signingCertificate -string $(SIGNING_CERTIFICATE) ExportOptions.plist | |
/usr/bin/plutil -replace teamID -string $(TEAM_ID) ExportOptions.plist | |
$(call notify, "Notarization", "Exporting an archive…") | |
/usr/bin/xcrun xcodebuild -exportArchive -archivePath $(XCS_ARCHIVE) -exportPath $(EXPORT_PATH) -exportOptionsPlist ./ExportOptions.plist -IDEPostProgressNotifications=YES -DVTAllowServerCertificates=YES -DVTProvisioningUseServerAccounts=YES -configuration Release | |
$(call notify, "Notarization", "Building a ZIP archive…") | |
/usr/bin/ditto -c -k --keepParent $(BUNDLE_APP) $(BUNDLE_ZIP) | |
$(call notify, "Notarization", "Uploading for notarization…") | |
/usr/bin/xcrun altool --notarize-app --primary-bundle-id "app.nativeconnect.NewMacApp.zip" -u $(DEVELOPER_USERNAME) -p $(DEVELOPER_PASSWORD) -f $(BUNDLE_ZIP) --output-format xml > $(UPLOAD_INFO_PLIST) | |
$(call notify, "Notarization", "Waiting while notarized…") | |
/usr/bin/xcrun altool --notarization-info `/usr/libexec/PlistBuddy -c "Print :notarization-upload:RequestUUID" $(UPLOAD_INFO_PLIST)` -u $(DEVELOPER_USERNAME) -p $(DEVELOPER_PASSWORD) --output-format xml > $(REQUEST_INFO_PLIST) | |
$(call wait_while_in_progress) | |
$(call notify, "Notarization", "Downloading log file…") | |
/usr/bin/curl -o $(AUDIT_INFO_JSON) `/usr/libexec/PlistBuddy -c "Print :notarization-info:LogFileURL" $(REQUEST_INFO_PLIST)` | |
if [ `/usr/libexec/PlistBuddy -c "Print :notarization-info:Status" $(REQUEST_INFO_PLIST)` != "success" ]; then \ | |
false; \ | |
fi | |
$(call notify, "Notarization", "Stapling…") | |
/usr/bin/xcrun stapler staple $(BUNDLE_APP) | |
$(call notify, "Notarization", "Replacing original for Hockey…") | |
rm -rf $(PRODUCT_APP) | |
mv $(BUNDLE_APP) $(PRODUCT_DIR)/ | |
$(call notify, "Notarization", "✅ Done!") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment