scottk/UltraGrid
1
0
Fork 0
mirror of https://github.com/outbackdingo/UltraGrid.git synced 2026-03-21 19:40:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ef0cd7130df5ed088f05edf4c3bfdbbfd752bc7d
UltraGrid/.github/scripts/macOS/sign.sh
Martin Pulec 8d1a36916d .github/scripts/macOS/sign.sh: added usage notice
2024-03-25 09:16:43 +01:00

70 lines
2.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh -eu
##
## Signs given application bundle
##
## Usage:
## sign.sh <app_bundle_directory>
##
## Environment variables:
## - **KEY_CHAIN** - keychain containing the CESNET signing key
## - **KEY_CHAIN_PASS** - password to the above keychain
## - **notarytool_credentials** - developer credentials to be used with notarytool (in format user:password:team_id)
##
## KEY_CHAIN and KEY_CHAIN_PASS are set by .github/scripts/environment.sh
## if apple_key_p12_b64 GH environment workflow is defined.
# The command-line parameters are not used by the CI but are intended
# to be used interactively for debugging.
if [ $# -eq 1 ] && { [ "$1" = -h ] || [ "$1" = --help ] ||
[ "$1" = help ]; }; then
printf "Usage:\n"
printf "\t%s [--sign-only] <bundle_path>\n" "$0"
printf "\nSigns and notarizes the application bundle.\n"
printf "\nUse \"--sign-only\" to skip application notarization.\n"
exit 0
fi
sign_only=
if [ "${1-}" = --sign-only ]; then
sign_only=1
shift
fi
set -x
APP=${1?Appname must be passed as a first argument}
if [ -z "${KEY_CHAIN-}" ] || [ -z "${KEY_CHAIN_PASS-}" ]; then
echo "Could not find key to sign the application" 2>&1
exit 1
fi
if [ -z "${notarytool_credentials-}" ] && [ ! $sign_only ]; then
echo "Could not find notarytool credentials" 2>&1
exit 1
fi
security unlock-keychain -p "$KEY_CHAIN_PASS" "$KEY_CHAIN"
# Sign the application
# Libs need to be signed explicitly for some reason
for f in $(find "$APP/Contents/libs" -type f) $APP; do
codesign --force --deep -s CESNET --options runtime --entitlements data/entitlements.mac.plist -v "$f"
done
#codesign --force --deep -s CESNET --options runtime -v $APP/Contents/MacOS/uv-qt
if [ $sign_only ]; then
exit 0
fi
# Zip and send for notarization
ZIP_FILE=uv-qt.zip
ditto -c -k --keepParent "$APP" $ZIP_FILE
set +x
DEVELOPER_USERNAME=$(echo "$notarytool_credentials" | cut -d: -f1)
DEVELOPER_PASSWORD=$(echo "$notarytool_credentials" | cut -d: -f2)
DEVELOPER_TEAMID=$(echo "$notarytool_credentials" | cut -d: -f3)
xcrun notarytool submit $ZIP_FILE --apple-id "$DEVELOPER_USERNAME" --team-id "$DEVELOPER_TEAMID" --password "$DEVELOPER_PASSWORD" --wait
set -x
# If everything is ok, staple the app
xcrun stapler staple "$APP"
Reference in New Issue View Git Blame Copy Permalink