#!/bin/zsh# pkgAndNotarize.sh# 2019 - Armin Briegel - Scripting OS X# plac

1. #!/bin/zsh
2.  
3. # pkgAndNotarize.sh
4.  
5. # 2019 - Armin Briegel - Scripting OS X
6.  
7. # place a copy of this script in in the project folder
8. # when run it will build for installation,
9. # create a pkg from the product,
10. # upload the pkg for notarization and monitor the notarization status
11.  
12. # before you can run this script:
13. # - set release signing of the tool to 'Developer ID Application'
14. # - enable the hardened run-time
15. # - change the 'Installation Build Products Location' to `$SRCROOT/build/pkgroot`
16. #
17. # you want to add the `build` subdirectory to gitignore
18.  
19.  
20. # put your dev account information into these variables
21.  
22. # the email address of your developer account
23. dev_account="user@example.com"
24.  
25. # the name of your Developer ID installer certificate
26. signature="Developer ID Installer: First Last (ABCD123456)"
27.  
28. # the 10-digit team id
29. dev_team="ABCD123456"
30.  
31. # the label of the keychain item which contains an app-specific password
32. dev_keychain_label="Developer-altool"
33.  
34.  
35. # put your project's information into these variables
36. version="1.0"
37. identifier="com.example.hello"
38. productname="Hello"
39.  
40.  
41. # code starts here
42.  
43. projectdir=$(dirname $0)
44.  
45. builddir="$projectdir/build"
46. pkgroot="$builddir/pkgroot"
47.  
48.  
49. # functions
50. requeststatus() { # $1: requestUUID
51. requestUUID=${1?:"need a request UUID"}
52. req_status=$(xcrun altool --notarization-info "$requestUUID" \
53. --username "$dev_account" \
54. --password "@keychain:$dev_keychain_label" 2>&1 \
55. | awk -F ': ' '/Status:/ { print $2; }' )
56. echo "$req_status"
57. }
58.  
59. notarizefile() { # $1: path to file to notarize, $2: identifier
60. filepath=${1:?"need a filepath"}
61. identifier=${2:?"need an identifier"}
62.  
63. # upload file
64. echo "## uploading $filepath for notarization"
65. requestUUID=$(xcrun altool --notarize-app \
66. --primary-bundle-id "$identifier" \
67. --username "$dev_account" \
68. --password "@keychain:$dev_keychain_label" \
69. --asc-provider "$dev_team" \
70. --file "$filepath" 2>&1 \
71. | awk '/RequestUUID/ { print $NF; }')
72.  
73. echo "Notarization RequestUUID: $requestUUID"
74.  
75. if [[ $requestUUID == "" ]]; then
76. echo "could not upload for notarization"
77. exit 1
78. fi
79.  
80. # wait for status to be not "in progress" any more
81. request_status="in progress"
82. while [[ "$request_status" == "in progress" ]]; do
83. echo -n "waiting... "
84. sleep 10
85. request_status=$(requeststatus "$requestUUID")
86. echo "$request_status"
87. done
88.  
89. # print status information
90. xcrun altool --notarization-info "$requestUUID" \
91. --username "$dev_account" \
92. --password "@keychain:$dev_keychain_label"
93. echo
94.  
95. if [[ $request_status != "success" ]]; then
96. echo "## could not notarize $filepath"
97. exit 1
98. fi
99.  
100. }
101.  
102.  
103. # build clean install
104.  
105. echo "## building with Xcode"
106. xcodebuild clean install -quiet
107.  
108.  
109. # check if pkgroot exists where we expect it
110. if [[ ! -d $pkgroot ]]; then
111. echo "couldn't find pkgroot $pkgroot"
112. exit 1
113. fi
114.  
115. ## build the pkg
116.  
117. pkgpath="$builddir/$productname-$version.pkg"
118.  
119. echo "## building pkg: $pkgpath"
120.  
121. pkgbuild --root "$pkgroot" \
122. --version "$version" \
123. --identifier "$identifier" \
124. --sign "$signature" \
125. "$pkgpath"
126.  
127. # upload for notarization
128. notarizefile "$pkgpath" "$identifier"
129.  
130. # staple result
131. echo "## Stapling $pkgpath"
132. xcrun stapler staple "$pkgpath"
133.  
134. echo '## Done!'
135.  
136. # show the pkg in Finder
137. open -R "$pkgpath"
138.  
139. exit 0