1#!/usr/bin/env bash 2 3# credits: https://scriptingosx.com/2019/09/notarize-a-command-line-tool/ 4 5if [[ -z "$DEV_ACCOUNT" || -z "$DEV_ACCOUNT_PASSWORD" ]]; then 6 echo "skipping notarization" 7 exit 0 8fi 9 10notarizefile() { # $1: path to file to notarize, $2: identifier 11 filepath=${1:?"need a filepath"} 12 identifier=${2:?"need an identifier"} 13 14 # upload file 15 echo "uploading $filepath for notarization" 16 altoolOutput=$(xcrun altool \ 17 --notarize-app \ 18 --type osx \ 19 --file "$filepath" \ 20 --primary-bundle-id "$identifier" \ 21 --username "$DEV_ACCOUNT" \ 22 --password "$DEV_ACCOUNT_PASSWORD" \ 23 ${DEV_TEAM:+--asc-provider "$DEV_TEAM"} 2>&1) 24 25 requestUUID=$(echo "$altoolOutput" | awk '/RequestUUID/ { print $NF; }') 26 27 if [[ $requestUUID == "" ]]; then 28 echo "Failed to upload:" 29 echo "$altoolOutput" 30 return 1 31 fi 32 echo "requestUUID: $requestUUID, waiting..." 33 34 # wait for status to be not "in progress" any more 35 request_status="in progress" 36 while [[ "$request_status" == "in progress" ]]; do 37 sleep 60 38 altoolOutput=$(xcrun altool \ 39 --notarization-info "$requestUUID" \ 40 --username "$DEV_ACCOUNT" \ 41 --password "$DEV_ACCOUNT_PASSWORD" 2>&1) 42 request_status=$(echo "$altoolOutput" | awk -F ': ' '/Status:/ { print $2; }' ) 43 done 44 45 # print status information 46 echo "$altoolOutput" 47 48 if [[ $request_status != "success" ]]; then 49 echo "warning: could not notarize $filepath" 50 notarizationFailed=1 51 fi 52 53 LogFileURL=$(echo "$altoolOutput" | awk -F ': ' '/LogFileURL:/ { print $2; }') 54 if [[ "$LogFileURL" ]]; then 55 echo -e "\nnotarization details:" 56 curl "$LogFileURL" 57 echo 58 fi 59 if [[ $notarizationFailed == 1 ]]; then 60 return 1 61 fi 62 return 0 63} 64 65dmg="$1" 66notarizefile "$dmg" $(/usr/libexec/PlistBuddy -c 'Print :CFBundleIdentifier' "$2") \ 67 && xcrun stapler staple "$dmg" 68