From d125dd3ae9fc06d427551877f935528ba714f6ec Mon Sep 17 00:00:00 2001 From: "louis.pontoise" Date: Fri, 14 Feb 2020 12:52:22 +0900 Subject: [PATCH] fix: notarization issues --- Podfile.lock | 2 +- alt-tab-macos.xcodeproj/project.pbxproj | 22 +++++++++++++++++++ config/base.xcconfig | 4 ++-- config/debug.xcconfig | 2 +- config/release.xcconfig | 7 +++--- scripts/codesign_sparkle_embedded_apps.sh | 10 +++++++++ ...port_codesign_certificate_into_keychain.sh | 0 scripts/package_and_notarize_release.sh | 16 +++++++++----- 8 files changed, 50 insertions(+), 13 deletions(-) create mode 100755 scripts/codesign_sparkle_embedded_apps.sh mode change 100644 => 100755 scripts/import_codesign_certificate_into_keychain.sh diff --git a/Podfile.lock b/Podfile.lock index 8ee8bfa77..1e903bb53 100644 --- a/Podfile.lock +++ b/Podfile.lock @@ -15,6 +15,6 @@ SPEC CHECKSUMS: LetsMove: fefe56bc7bc7fb7d37049e28a14f297961229fc5 Sparkle: 55b1a87ba69d56913375a281546b7c82dec95bb0 -PODFILE CHECKSUM: 435b7bc84413df100dee2cabc99746bf7c670f1b +PODFILE CHECKSUM: 465451026269525f0f1d2dc7053cf0b789a35421 COCOAPODS: 1.8.4 diff --git a/alt-tab-macos.xcodeproj/project.pbxproj b/alt-tab-macos.xcodeproj/project.pbxproj index 2608cf197..6ceffd2a2 100644 --- a/alt-tab-macos.xcodeproj/project.pbxproj +++ b/alt-tab-macos.xcodeproj/project.pbxproj @@ -33,6 +33,7 @@ D04BA76A74267B1346D23687 /* GridView.swift in Sources */ = {isa = PBXBuildFile; fileRef = D04BA6D57A1456C07318B8EA /* GridView.swift */; }; D04BA76DDB00FC50D203D62C /* CollectionViewFlowLayout.swift in Sources */ = {isa = PBXBuildFile; fileRef = D04BAC2FEF7248B7BF9579E2 /* CollectionViewFlowLayout.swift */; }; D04BA775CF3F8D9394A1E256 /* Screen.swift in Sources */ = {isa = PBXBuildFile; fileRef = D04BA68C2561D9EE4FD851B8 /* Screen.swift */; }; + D04BA7B1C67F18623E6110D8 /* codesign_sparkle_embedded_apps.sh in Resources */ = {isa = PBXBuildFile; fileRef = D04BA123744B0C27E9F54B05 /* codesign_sparkle_embedded_apps.sh */; }; D04BA7BE7F3DD24D58ACE942 /* AppearanceTab.swift in Sources */ = {isa = PBXBuildFile; fileRef = D04BA64F1F344007EA13BA05 /* AppearanceTab.swift */; }; D04BA7C348A3CF9862394E23 /* MainMenu.xib in Resources */ = {isa = PBXBuildFile; fileRef = D04BA6A1082C0521CD994B42 /* MainMenu.xib */; }; D04BA7F86F1926FBE31F44BF /* BaseLabel.swift in Sources */ = {isa = PBXBuildFile; fileRef = D04BA53992F116E5E704CAB3 /* BaseLabel.swift */; }; @@ -78,6 +79,7 @@ D04BA10777505D8A67ABD186 /* Application.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Application.swift; sourceTree = ""; }; D04BA107C8B8FE7FF8536606 /* too many windows - 4 lines - paginated.jpg */ = {isa = PBXFileReference; lastKnownFileType = image.jpeg; path = "too many windows - 4 lines - paginated.jpg"; sourceTree = ""; }; D04BA1232AFEEFE90D5CC827 /* debug.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; + D04BA123744B0C27E9F54B05 /* codesign_sparkle_embedded_apps.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = codesign_sparkle_embedded_apps.sh; sourceTree = ""; }; D04BA15346AF8E0EF471694A /* en */ = {isa = PBXFileReference; fileEncoding = 2483028224; lastKnownFileType = text.plist.strings; name = en; path = Localizable.strings; sourceTree = ""; }; D04BA1D80F4EEF2A91BAD29C /* release.config.js */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.javascript; path = release.config.js; sourceTree = ""; }; D04BA1DF8CAB2FAB7FE9244B /* CollectionViewItemFontIcon.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = CollectionViewItemFontIcon.swift; sourceTree = ""; }; @@ -399,6 +401,7 @@ D04BA5E819181CB83C5602C7 /* generate_selfsigned_codesign_certificate.sh */, D04BA0AAAE82C72855DBBA26 /* update_appcast.sh */, D04BABFEC8F9DF41BB7A449E /* import_codesign_certificate_into_keychain.sh */, + D04BA123744B0C27E9F54B05 /* codesign_sparkle_embedded_apps.sh */, ); path = scripts; sourceTree = ""; @@ -502,6 +505,7 @@ D04BA82F32FB183F65DC3E42 /* Frameworks */, D04BA96F3DC99263120BCD21 /* Resources */, 7641B7923B36478FBF4D7CCD /* [CP] Embed Pods Frameworks */, + 48B68D6C23F6412C009BF4AD /* ShellScript */, ); buildRules = ( ); @@ -556,12 +560,30 @@ D04BAA98549C75DF585D2628 /* Localizable.strings in Resources */, D04BAC0AE7C80F8A37BBC7A5 /* InfoPlist.strings in Resources */, D04BAE6B5382CA561A219A54 /* Localizable.strings in Resources */, + D04BA7B1C67F18623E6110D8 /* codesign_sparkle_embedded_apps.sh in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXResourcesBuildPhase section */ /* Begin PBXShellScriptBuildPhase section */ + 48B68D6C23F6412C009BF4AD /* ShellScript */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputFileListPaths = ( + ); + inputPaths = ( + ); + outputFileListPaths = ( + ); + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "scripts/codesign_sparkle_embedded_apps.sh\n"; + }; 5968B81A43F20B6ECD92C7F7 /* [CP] Check Pods Manifest.lock */ = { isa = PBXShellScriptBuildPhase; buildActionMask = 2147483647; diff --git a/config/base.xcconfig b/config/base.xcconfig index 5a8206b3d..8f4fe14fe 100644 --- a/config/base.xcconfig +++ b/config/base.xcconfig @@ -1,4 +1,4 @@ -// docs: https://help.apple.com/xcode/#/dev745c5c974 +// docs: https://help.apple.com/xcode/mac/11.4/#/itcaec37c2a6 PRODUCT_NAME = AltTab PRODUCT_BUNDLE_IDENTIFIER = com.lwouis.alt-tab-macos @@ -6,7 +6,7 @@ MACOSX_DEPLOYMENT_TARGET = 10.12 SWIFT_VERSION = 4.2 INFOPLIST_FILE = Info.plist CODE_SIGN_ENTITLEMENTS = alt_tab_macos.entitlements -ENABLE_HARDENED_RUNTIME = YES // for notorization +ENABLE_HARDENED_RUNTIME = YES // for notarization IDEDerivedDataPathOverride = DerivedData FRAMEWORK_SEARCH_PATHS = $(inherited) /System/Library/PrivateFrameworks // for SkyLight.framework LD_RUNPATH_SEARCH_PATHS = $(inherited) @executable_path/../Frameworks // for accessing swift dylibs at runtime diff --git a/config/debug.xcconfig b/config/debug.xcconfig index 62b087cc4..430229688 100644 --- a/config/debug.xcconfig +++ b/config/debug.xcconfig @@ -1,4 +1,4 @@ -// docs: https://help.apple.com/xcode/#/dev745c5c974 +// docs: https://help.apple.com/xcode/mac/11.4/#/itcaec37c2a6 #include "Pods/Target Support Files/Pods-alt-tab-macos/Pods-alt-tab-macos.debug.xcconfig" #include "base.xcconfig" diff --git a/config/release.xcconfig b/config/release.xcconfig index 164683c5a..791e508be 100644 --- a/config/release.xcconfig +++ b/config/release.xcconfig @@ -1,8 +1,9 @@ -// docs: https://help.apple.com/xcode/#/dev745c5c974 +// docs: https://help.apple.com/xcode/mac/11.4/#/itcaec37c2a6 #include "Pods/Target Support Files/Pods-alt-tab-macos/Pods-alt-tab-macos.release.xcconfig" #include "base.xcconfig" CODE_SIGN_IDENTITY = Developer ID Application: Louis Pontoise (QXD7GW8FHY) -OTHER_CODE_SIGN_FLAGS = --timestamp // for notorization -CODE_SIGN_INJECT_BASE_ENTITLEMENTS = NO // for notorization +OTHER_CODE_SIGN_FLAGS = --timestamp --deep --options runtime // for notarization +CODE_SIGN_INJECT_BASE_ENTITLEMENTS = NO // for notarization +COCOAPODS_PARALLEL_CODE_SIGN = YES // codesign pods faster diff --git a/scripts/codesign_sparkle_embedded_apps.sh b/scripts/codesign_sparkle_embedded_apps.sh new file mode 100755 index 000000000..fde944514 --- /dev/null +++ b/scripts/codesign_sparkle_embedded_apps.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash + +set -exu + +# codesign --deep is only 1 level deep. It misses Sparkle embedded app AutoUpdate +# this build phase script works around the issue + +if [[ "$CONFIGURATION" == "Release" ]]; then + codesign --verbose --force --sign "$CODE_SIGN_IDENTITY" $OTHER_CODE_SIGN_FLAGS "${PODS_ROOT}/Sparkle/Sparkle.framework/Resources/Autoupdate.app" +fi diff --git a/scripts/import_codesign_certificate_into_keychain.sh b/scripts/import_codesign_certificate_into_keychain.sh old mode 100644 new mode 100755 diff --git a/scripts/package_and_notarize_release.sh b/scripts/package_and_notarize_release.sh index 94d28d934..0699ff951 100755 --- a/scripts/package_and_notarize_release.sh +++ b/scripts/package_and_notarize_release.sh @@ -11,7 +11,7 @@ cd "$XCODE_BUILD_PATH" ditto -c -k --keepParent "$appFile" "$zipName" # request notarization -requestUUID=$(xcrun altool \ +requestUuid=$(xcrun altool \ --notarize-app \ --verbose \ -ITunesTransport DAV \ @@ -20,17 +20,21 @@ requestUUID=$(xcrun altool \ --password "$APPLE_PASSWORD" \ --file "$zipName" 2>&1 | tee /dev/tty | - awk '/RequestUUID/ { print $NF; }') -if [[ $requestUUID == "" ]]; then exit 1; fi + awk '/RequestUUID/ { print $NF;exit; }') +if [[ $requestUuid == "" ]]; then exit 1; fi -# poll notarization status until done +# poll notarization status until success/invalid, or 15min have passed requestStatus="in progress" -while [[ "$requestStatus" == "in progress" ]]; do +timeoutCounter=0 +until [[ "$requestStatus" == "success" ]] || [[ "$requestStatus" == "invalid" ]] || [[ $timeoutCounter -eq 1500 ]]; do sleep 10 + timeoutCounter=$((timeoutCounter+10)) + set +e requestLogs=$(xcrun altool \ - --notarization-info "$requestUUID" \ + --notarization-info "$requestUuid" \ --username "$APPLE_ID" \ --password "$APPLE_PASSWORD" 2>&1) + set -e requestStatus=$(echo "$requestLogs" | awk -F ': ' '/Status:/ { print $2; }') done if [[ $requestStatus != "success" ]]; then