Switch macos builds from altool to notarytool

2025-11-12 20:23:47 +08:00 · 2022-11-01 04:25:27 +01:00
parent fb1f044958
commit 0cae73fa86
6 changed files with 28 additions and 61 deletions
--- a/macosx_notarize.sh
+++ b/macosx_notarize.sh
@@ -3,15 +3,16 @@
 #Contents partly stolen from https://scriptingosx.com/2019/09/notarize-a-command-line-tool/
 #Will need updating for XCode 13+

-if [ $# -lt 6 ]
+if [ $# -lt 7 ]
  then
-    echo "Usage: ./macosx_notarize.sh <path> <certname> <teamname> <bundleid> <applekeyid> <applekeyissuer>"
+    echo "Usage: ./macosx_notarize.sh <path> <certname> <teamname> <bundleid> <applekeyid> <applekeypath> <applekeyissuer>"
    echo ""
    echo "path: the absolute(!) target path"
    echo "certname: the apple signing certificate name. Something like \"Developer ID Application: xxx (yyy)\""
    echo "teamname: the apple team name. 10-digit id yyy from the cert name."
    echo "bundleid: the bundle id of the artifact"
-    echo "applekeyid: your apple api key id"
+    echo "applekeyid: id of your apple api key"
+    echo "applekeypath: path to your apple api key"
    echo "applekeyissuer: uuid of your apple api key issuer"
    exit 1
 fi
@@ -27,48 +28,12 @@ cd $APP_DIR
 echo "Creating zip"
 zip -r "$APP_NAME.zip" "$APP_NAME"

-echo "Uploading $ZIP_PATH for notarization"
-xcRunOutput=$(xcrun altool --notarize-app \
-                           --type macos \
-                           --primary-bundle-id "$4" \
-                           --apiKey "$5" \
-                           --apiIssuer "$6" \
-                           --file "$1.zip" 2>&1 )
-echo "xcrun> $xcRunOutput"
-requestUUID=$(echo "$xcRunOutput" | awk '/RequestUUID/ { print $NF; }')
-
-echo "Notarization RequestUUID: $requestUUID"
-
-# clean up zip
-rm -f "$APP_NAME.zip"
-
-if [[ $requestUUID == "" ]]; then 
-        echo "Could not upload for notarization"
-        exit 1
-fi
-
-# wait for status to be not "in progress" any more
-request_status="in progress"
-while [[ "$request_status" == "in progress" ]]; do
-    echo -n "waiting... "
-    sleep 60
-    request_status=$(xcrun altool --notarization-info "$requestUUID" \
-                              --apiKey "$5" \
-                              --apiIssuer "$6" 2>&1 \
-                 | awk -F ': ' '/Status:/ { print $2; }' )
-    echo "$request_status"
-done
-
-# print status information
-xcrun altool --notarization-info "$requestUUID" \
-             --apiKey "$5" \
-             --apiIssuer "$6"
-echo
-
-if [[ $request_status != "success" ]]; then
-    echo "Could not notarize! ($request_status)"
-    exit 1
-fi
+echo "Uploading $ZIP_PATH for notarization and waiting for result"
+xcrun notarytool submit "$1.zip" \
+                 --key $6 \
+                 --key-id $5 \
+                 --key-issuer $7 \
+                 --wait

 # staple
 xcrun stapler staple "$1"