@@ -10,15 +10,15 @@ cd $(dirname $0)/..
1010
1111BINARY=" $1 "
1212DIR=" releases/mac_darwin_all"
13- DMG =" releases/$2 .dmg "
13+ ZIP =" releases/$2 .zip "
1414CHECKSUMS=" releases/checksums.txt"
1515
1616if [[ -z " ${NOTARIZE} " && " ${GITHUB_REF} " =~ " refs/tags/v" ; then
1717 echo " Enabling notarize..."
1818 NOTARIZE=" 1"
1919fi
2020
21- echo " NOTARIZE=${NOTARIZE} BUNDLE=${AC_BUNDLE} BINARY=${BINARY} DMG =${DMG } "
21+ echo " NOTARIZE=${NOTARIZE} BUNDLE=${AC_BUNDLE} BINARY=${BINARY} ZIP =${ZIP } "
2222
2323sudo apt-get update -y
2424
@@ -43,22 +43,32 @@ rcodesign sign \
4343 " ${BINARY} "
4444echo " Signed ${BINARY} !"
4545
46+ # Currently, NOTARIZE is always set to 0. In effect, this means that the
47+ # binary is signed, but not zipped up, notarized or stapled. Since all of the
48+ # official installation processes are through brew or wget, the notarized DMG we were
49+ # creating was not necessary. Where this does become a problem is if a user
50+ # wants to install from a browser. In this situation, there will need to be
51+ # a notarization process otherwise MacOS will mark our binary as unsafe and
52+ # the user will need to go through hoops to install it. In this instance,
53+ # setting NOTARIZE to 1 will create a ZIP file (since it was difficult to create
54+ # a DMG while not on MacOS) and Notarize it.
55+ #
56+ # Note - If you want to staple that ZIP, you will need to staple each individual
57+ # item in the zip file.
58+ #
59+ # References:
60+ # https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/customizing_the_notarization_workflow
61+ # https://gregoryszorc.com/docs/apple-codesign/0.17.0/apple_codesign_rcodesign.html
4662if [[ " ${NOTARIZE} " == " 1" ; then
47- which mkfs.hfsplus || sudo apt-get install hfsprogs -y
63+ which zip || sudo apt-get install zip -y
4864
49- # Build the DMG
50- echo " Building ${DMG } ..."
65+ # Zip everything up
66+ echo " Building ${ZIP } ..."
5167 cp LICENSE README.md " ${DIR} /"
52- SIZE=" $( du -sm " ${DIR} " | awk ' {print $1 + 30}' ) " # The size of the directory + 30 megabytes for any overhead
53- dd if=/dev/zero of=" ${DMG} " " ${SIZE} "
54- mkfs.hfsplus -v " Acorn" " ${DMG} "
55- mkdir -p /tmp/acorn_mount
56- sudo mount -t hfsplus -o loop " ${DMG} "
57- sudo cp -R " ${DIR} " * /tmp/acorn_mount
58- sudo umount /tmp/acorn_mount
59- echo " Built ${DMG} !"
60-
61- # Notarize and staple the DMG
68+ zip -r " ${ZIP} " " ${DIR} "
69+ echo " Built ${ZIP} !"
70+
71+ # Notarize the ZIP
6272 echo " Building app-store-connect-api-key..."
6373 echo " ${AC_PRIVATE_KEY} " | base64 --decode > private.p8
6474 rcodesign encode-app-store-connect-api-key \
@@ -68,16 +78,16 @@ if [[ "${NOTARIZE}" == "1" ]]; then
6878 private.p8
6979 echo " Built app-store-connect-api-key!"
7080
71- echo " Notarizing and stapling ${DMG }"
72- rcodesign notary-submit --api-key-path ./key.json " ${DMG} " --staple
73- echo " ${DMG} has been notarized and stapled !"
81+ echo " Notarizing ${ZIP }"
82+ rcodesign notary-submit --api-key-path ./key.json " ${ZIP} "
83+ echo " Notarized ${ZIP} !"
7484
75- # Add the sha256sum of the DMG to the checksums file
76- echo " Adding ${DMG } 's checksum to the checksums file..."
77- sha256sum " ${DMG } " >> " ${CHECKSUMS} "
78- echo " Added ${DMG } 's checksums!"
85+ # Add the sha256sum of the ZIP to the checksums file
86+ echo " Adding ${ZIP } 's checksum to the checksums file..."
87+ sha256sum " ${ZIP } " >> " ${CHECKSUMS} "
88+ echo " Added ${ZIP } 's checksums!"
7989
8090else
81- echo " Skipping notarizing & disk image creation "
91+ echo " Skipping zip creation and notarization "
8292fi
8393
0 commit comments