diff options
| author | Kenneth Skovhede <kenneth@hexad.dk> | 2019-09-18 14:27:45 +0300 |
|---|---|---|
| committer | Kenneth Skovhede <kenneth@hexad.dk> | 2019-09-18 14:27:45 +0300 |
| commit | 5503ad7f2c001a868fb3fd7c260cca8ec5e9fb31 (patch) | |
| tree | 0962eb4570bf28ee8009c488157209c1479a32d1 /Installer | |
| parent | 2e5574f3703a1850c61bbb7b5273be5240e46233 (diff) | |
Added notarizing support for MacOS packages
Diffstat (limited to 'Installer')
| -rw-r--r-- | Installer/OSX/make-dmg.sh | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/Installer/OSX/make-dmg.sh b/Installer/OSX/make-dmg.sh index 1c8119810..c4db98449 100644 --- a/Installer/OSX/make-dmg.sh +++ b/Installer/OSX/make-dmg.sh @@ -11,9 +11,15 @@ OUTPUT_DMG=Duplicati.dmg OUTPUT_PKG=Duplicati.pkg UNWANTED_FILES="AlphaVSS.Common.dll AlphaFS.dll AlphaFS.dll.config AlphaVSS.Common.dll.config appindicator-sharp.dll SQLite win-tools alphavss control_dir Duplicati.sqlite Duplicati-server.sqlite run-script-example.bat lvm-scripts Duplicati.debug.log SVGIcons" -CODESIGN_IDENTITY=2S6R28R577 - -SHOW_USAGE_ERROR= +# These are set via the macos-gatekeeper file +CODESIGN_IDENTITY= +NOTARIZE_USERNAME= +NOTARIZE_PASSWORD= +GATEKEEPER_SETTINGS_FILE="${HOME}/.config/signkeys/Duplicati/macos-gatekeeper" + +if [ -f "${GATEKEEPER_SETTINGS_FILE}" ]; then + source "${GATEKEEPER_SETTINGS_FILE}" +fi TEMPLATE_DMG_BZ2=$(echo "$TEMPLATE_DMG.bz2") @@ -225,5 +231,23 @@ else echo "No codesign identity supplied, skipping DMG signing" fi +if [ "x${NOTARIZE_USERNAME}" != "x" ]; then + echo "Notarizing pkg package for MacOS Gatekeeper" + xcrun altool --notarize-app --primary-bundle-id "com.duplicati.app" --username "{NOTARIZE_USERNAME}" --password "{NOTARIZE_PASSWORD}" --file "${OUTPUT_PKG}" + echo "Notarizing dmg package for MacOS Gatekeeper" + xcrun altool --notarize-app --primary-bundle-id "com.duplicati.app" --username "{NOTARIZE_USERNAME}" --password "{NOTARIZE_PASSWORD}" --file "${OUTPUT_DMG}" + + # We want to notarize the builds, but the delay is more than one hour, + # so we would need to wait for the signing to complete before we + # can staple and compute the hash/signature of the archive + + #echo "Stapling the notarized document to the pkg package" + #xcrun stapler staple "{OUTPUT_PKG}" + #echo "Stapling the notarized document to the dmg package" + #xcrun stapler staple "{OUTPUT_DMG}" + +else + echo "No notarizer credentials supplied, skipping MacOS notarizing" +fi echo "Done, created ${OUTPUT_DMG}"
\ No newline at end of file |