#510 - Part 5/5 - Fix up signing / notarization scripts (#547)

* Fix up signing / notarization scripts * Update codesign.sh * Package tar as well * Distribute tar and dmg * publish -> package
onivim · Aug 2, 2019 · 13ac494 · 13ac494
1 parent eb265ef
commit 13ac494
Show file tree

Hide file tree

Showing 5 changed files with 77 additions and 84 deletions.
diff --git a/.ci/publish-osx.yml b/.ci/publish-osx.yml
@@ -1,7 +1,5 @@
-# Cross-platform set of build steps for building esy projects
-
 steps:
-  - script: scripts/osx/publish.sh
+  - script: scripts/osx/package.sh
   - task: PublishBuildArtifacts@1
     displayName: "Release Artifact: Darwin"
     inputs:

diff --git a/scripts/osx/codesign.sh b/scripts/osx/codesign.sh
@@ -0,0 +1,36 @@
+SHORT_COMMIT_ID=$(git rev-parse --short HEAD)
+
+SHORT_COMMIT_ID=$(git rev-parse --short HEAD)	
+
+ if [ -z "$OSX_P12_CERTIFICATE" ]	
+then	
+	echo "No code signing certificate specified."	
+else	
+	echo "Code signing certificate specified"	
+
+ 	# Load cert	
+	echo $OSX_P12_CERTIFICATE | base64 --decode > certificate.p12	
+
+ 	# Create keychain	
+	security create-keychain -p p@ssword1 build.keychain	
+	security default-keychain -s build.keychain	
+	security unlock-keychain -p p@ssword1 build.keychain	
+
+ 	security import certificate.p12 -k build.keychain -P $CODESIGN_PASSWORD -T /usr/bin/codesign	
+
+ 	security set-key-partition-list -S apple-tool:,apple: -s -k p@ssword1 build.keychain	
+
+ 	echo "Checking identities..."	
+
+ 	security find-identity -v
+	echo "Starting codesign..."
+	codesign --deep --force --verbose --sign "Outrun Labs, LLC" _release/Onivim2.App --options runtime --entitlements _release/entitlements.plist
+	echo "Onivim2.App codesign complete!"
+
+	# Validate
+	echo "Validate codesigning..."
+	codesign --verify --deep --strict --verbose=2 _release/Onivim2.App
+	echo "Validation complete!"
+
+        ditto -c -k --rsrc --keepParent _release/Onivim2.App _release/Onivim2.App.zip
+fi
diff --git a/scripts/osx/notarize.sh b/scripts/osx/notarize.sh
@@ -1,39 +1,38 @@
 SHORT_COMMIT_ID=$(git rev-parse --short HEAD)
 
-	# Script from: https://twocanoes.com/adding-notarization-to-xcode-builds
-	echo "Code signing certificate specified - notarizing DMG"
+# Script from: https://twocanoes.com/adding-notarization-to-xcode-builds
+echo "Code signing certificate specified - notarizing zip"
 
-	uuid=$(uuidgen)
-	echo "Uploading to apple to notarize: $uuid"
-notarize_uuid=$(xcrun altool --notarize-app --primary-bundle-id "${uuid}" --username $APPLE_DEVELOPER_ID --password $APPLE_NOTARIZE_PASSWORD --file "_publish/Onivim2-$SHORT_COMMIT_ID.dmg" 2>&1 | grep RequestUUID | awk '{print $3'})
-        echo "Notarize uuid: $notarize_uuid"
-	# Load cert
+echo "Uploading to apple to notarize..."
+notarize_uuid=$(xcrun altool --notarize-app --primary-bundle-id "com.outrunlabs.onvim2" --username $APPLE_DEVELOPER_ID --password $APPLE_NOTARIZE_PASSWORD --file "_release/Onivim2.App.zip" 2>&1 | grep RequestUUID | awk '{print $3'})
+echo "Notarize uuid: $notarize_uuid"
+# Load cert
 
-	success=0
-	for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do
-		echo "Checking progress..."
-		progress=$(xcrun altool --notarization-info "${notarize_uuid}" -u $APPLE_DEVELOPER_ID -p $APPLE_NOTARIZE_PASSWORD 2>&1)
-		echo "Progress: ${progress}"
+success=0
+for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do
+	echo "Checking progress..."
+	progress=$(xcrun altool --notarization-info "${notarize_uuid}" -u $APPLE_DEVELOPER_ID -p $APPLE_NOTARIZE_PASSWORD 2>&1)
+	echo "Progress: ${progress}"
 
-		if [ $? -ne 0 ] || [[ "${progress}" =~ "Invalid" ]]; then
-			echo "Error with notarization. Exiting"
-		fi
+	if [ $? -ne 0 ] || [[ "${progress}" =~ "Invalid" ]]; then
+		echo "Error with notarization. Exiting"
+	fi
 
-		if [[ "${progress}" =~ "success" ]]; then
-			success=1
-			break
-		else
-			echo "Not completed yet. Sleeping for 30 seconds."
-		fi
-		sleep 30
-	done
+	if [[ "${progress}" =~ "success" ]]; then
+		success=1
+		break
+	else
+		echo "Not completed yet. Sleeping for 30 seconds."
+	fi
+	sleep 30
+done
 
-	if [ $success -eq 1 ] ; then
-		echo "Stapling and running packaging up"
-		xcrun stapler staple "_publish/Onivim2-$SHORT_COMMIT_ID.dmg"
-		echo "Staple success!"
+if [ $success -eq 1 ] ; then
+	echo "Stapling and running packaging up"
+	xcrun stapler staple "_release/Onivim2.app"
+	echo "Staple success!"
 
-		echo "Checking gatekeeper conformance"
-		spctl -a -t install -vv "_publish/Onivim2-$SHORT_COMMIT_ID.dmg"
-		echo "Complete!"
-	fi
+	echo "Checking gatekeeper conformance"
+	spctl --assess --verbose "_release/Onivim2.app"
+	echo "Complete!"
+fi
diff --git a/scripts/osx/package.sh b/scripts/osx/package.sh
@@ -0,0 +1,10 @@
+SHORT_COMMIT_ID=$(git rev-parse --short HEAD)
+
+
+npm install -g appdmg
+
+mkdir -p _publish
+
+appdmg _release/appdmg.json _publish/Onivim2-$SHORT_COMMIT_ID.dmg
+
+tar -C _release -cvzf _publish/Onivim2-$SHORT_COMMIT_ID-darwin.tar.gz Onivim2.App
diff --git a/scripts/osx/publish.sh b/scripts/osx/publish.sh