Skip to content

Commit a76e54b

Browse files
pjkundertpjkundert
committed
Upgrade .pkg notarization to notarytool
1 parent 02efda8 commit a76e54b

File tree

1 file changed

+21
-12
lines changed

1 file changed

+21
-12
lines changed

GNUmakefile

Lines changed: 21 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,8 @@ PKGID ?= Developer ID Installer: Perry Kundert ($(TEAMID))
2626
BUNDLEID ?= ca.kundert.perry.SLIP39
2727
APIISSUER ?= 5f3b4519-83ae-4e01-8d31-f7db26f68290
2828
APIKEY ?= 5H98J7LKPC
29+
APICREDENTIALS ?= ~/.private_keys/AuthKey_$(APIKEY).p8
30+
2931
#PROVISION ?= ~/Documents/Apple/Certificates/SLIP39_Mac_App_Store_Provisioning.provisionprofile
3032
PROVISION ?= ~/Documents/Apple/Certificates/SLIP39_Mac_General_Provisioning.provisionprofile
3133

@@ -428,27 +430,34 @@ dist/SLIP-39-$(VERSION).pkg-verify: dist/SLIP-39-$(VERSION).pkg
428430
#
429431
# macOS Package Notarization
430432
# See: https://oozou.com/blog/scripting-notarization-for-macos-app-distribution-38
433+
# https://developer.apple.com/documentation/technotes/tn3147-migrating-to-the-latest-notarization-tool
431434
# o The .pkg version doesn't work due to incorrect signing keys for the .pkg (unknown reason)
435+
#
436+
# Submits the version's .pkg for notariation, and waits for completion (success or failure).
437+
# - The output contains the Submission ID, required to obtain the JSON notary log
432438
dist/SLIP-39-$(VERSION).pkg.notarization: dist/SLIP-39-$(VERSION).pkg dist/SLIP-39-$(VERSION).pkg-verify
433-
jq -r '.["notarization-upload"]["RequestUUID"]' $@ 2>/dev/null \
434-
|| xcrun altool --notarize-app -f $< \
435-
--primary-bundle-id $(BUNDLEID) \
436-
--team-id $(TEAMID) \
437-
--apiKey $(APIKEY) --apiIssuer $(APIISSUER) \
438-
--output-format json \
439+
grep "Submission ID" $@ 2>/dev/null \
440+
|| xcrun notarytool submit \
441+
--issuer $(APIISSUER) \
442+
--key-id $(APIKEY) \
443+
--key $(APICREDENTIALS) \
444+
--wait \
445+
$< \
439446
> $@
440447

441448
dist/SLIP-39-$(VERSION).pkg.notarization-status: dist/SLIP-39-$(VERSION).pkg.notarization FORCE
442449
[ -s $@ ] && grep "Status: success" $@ \
443-
|| xcrun altool \
444-
--apiKey $(APIKEY) --apiIssuer $(APIISSUER) \
445-
--notarization-info $$( jq -r '.["notarization-upload"]["RequestUUID"]' $< ) \
446-
| tee -a $@
450+
|| xcrun notarytool log \
451+
--issuer $(APIISSUER) \
452+
--key-id $(APIKEY) \
453+
--key $(APICREDENTIALS) \
454+
$$( grep -A1 "Submission ID" < $< | grep "id:" | awk '{print $$2}' ) \
455+
> $@
447456

448457
# Check notarization status 'til Status: success, then staple it to ...pkg, and create ...pkg.valid marker file
449458
dist/SLIP-39-$(VERSION).pkg.valid: dist/SLIP-39-$(VERSION).pkg.notarization-status FORCE
450-
@grep "Status: success" $< || \
451-
( tail -10 $<; echo -e "\n\n!!! App not yet notarized; try again in a few seconds..."; false )
459+
@grep "Ready for distribution" $< || \
460+
( tail -10 $<; echo -e "\n\n!!! App not yet notarized..."; false )
452461
( [ -r $@ ] ) \
453462
&& ( echo -e "\n\n*** Notarization complete; refreshing $@" && touch $@ ) \
454463
|| ( \

0 commit comments

Comments
 (0)