From 5503ad7f2c001a868fb3fd7c260cca8ec5e9fb31 Mon Sep 17 00:00:00 2001 From: Kenneth Skovhede Date: Wed, 18 Sep 2019 13:27:45 +0200 Subject: Added notarizing support for MacOS packages --- Installer/OSX/make-dmg.sh | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) (limited to 'Installer') diff --git a/Installer/OSX/make-dmg.sh b/Installer/OSX/make-dmg.sh index 1c8119810..c4db98449 100644 --- a/Installer/OSX/make-dmg.sh +++ b/Installer/OSX/make-dmg.sh @@ -11,9 +11,15 @@ OUTPUT_DMG=Duplicati.dmg OUTPUT_PKG=Duplicati.pkg UNWANTED_FILES="AlphaVSS.Common.dll AlphaFS.dll AlphaFS.dll.config AlphaVSS.Common.dll.config appindicator-sharp.dll SQLite win-tools alphavss control_dir Duplicati.sqlite Duplicati-server.sqlite run-script-example.bat lvm-scripts Duplicati.debug.log SVGIcons" -CODESIGN_IDENTITY=2S6R28R577 - -SHOW_USAGE_ERROR= +# These are set via the macos-gatekeeper file +CODESIGN_IDENTITY= +NOTARIZE_USERNAME= +NOTARIZE_PASSWORD= +GATEKEEPER_SETTINGS_FILE="${HOME}/.config/signkeys/Duplicati/macos-gatekeeper" + +if [ -f "${GATEKEEPER_SETTINGS_FILE}" ]; then + source "${GATEKEEPER_SETTINGS_FILE}" +fi TEMPLATE_DMG_BZ2=$(echo "$TEMPLATE_DMG.bz2") @@ -225,5 +231,23 @@ else echo "No codesign identity supplied, skipping DMG signing" fi +if [ "x${NOTARIZE_USERNAME}" != "x" ]; then + echo "Notarizing pkg package for MacOS Gatekeeper" + xcrun altool --notarize-app --primary-bundle-id "com.duplicati.app" --username "{NOTARIZE_USERNAME}" --password "{NOTARIZE_PASSWORD}" --file "${OUTPUT_PKG}" + echo "Notarizing dmg package for MacOS Gatekeeper" + xcrun altool --notarize-app --primary-bundle-id "com.duplicati.app" --username "{NOTARIZE_USERNAME}" --password "{NOTARIZE_PASSWORD}" --file "${OUTPUT_DMG}" + + # We want to notarize the builds, but the delay is more than one hour, + # so we would need to wait for the signing to complete before we + # can staple and compute the hash/signature of the archive + + #echo "Stapling the notarized document to the pkg package" + #xcrun stapler staple "{OUTPUT_PKG}" + #echo "Stapling the notarized document to the dmg package" + #xcrun stapler staple "{OUTPUT_DMG}" + +else + echo "No notarizer credentials supplied, skipping MacOS notarizing" +fi echo "Done, created ${OUTPUT_DMG}" \ No newline at end of file -- cgit v1.2.3