AUTH-2653 add notarization to mac build

This commit is contained in:
Dalton 2020-09-09 14:19:45 -05:00 committed by Dalton Cherry
parent 741cd66c9e
commit 4a8597c245
1 changed files with 13 additions and 2 deletions

View File

@ -22,6 +22,7 @@ CODE_SIGN_PRIV="code_sign.p12"
CODE_SIGN_CERT="code_sign.cer" CODE_SIGN_CERT="code_sign.cer"
INSTALLER_PRIV="installer.p12" INSTALLER_PRIV="installer.p12"
INSTALLER_CERT="installer.cer" INSTALLER_CERT="installer.cer"
BUNDLE_ID="com.cloudflare.cloudflared"
SEC_DUP_MSG="security: SecKeychainItemImport: The specified item already exists in the keychain." SEC_DUP_MSG="security: SecKeychainItemImport: The specified item already exists in the keychain."
export PATH="$PATH:/usr/local/bin" export PATH="$PATH:/usr/local/bin"
mkdir -p ../src/github.com/cloudflare/ mkdir -p ../src/github.com/cloudflare/
@ -65,7 +66,6 @@ if [[ -n "${CFD_CODE_SIGN_CERT:-}" ]]; then
exit $exitcode1 exit $exitcode1
else else
echo "already imported code signing certificate" echo "already imported code signing certificate"
echo "code sign import output: $out1"
fi fi
fi fi
fi fi
@ -108,7 +108,6 @@ if [[ -n "${CFD_INSTALLER_CERT:-}" ]]; then
exit $exitcode3 exit $exitcode3
else else
echo "already imported installer certificate" echo "already imported installer certificate"
echo "installer import output: $out3"
fi fi
fi fi
fi fi
@ -140,6 +139,12 @@ fi
# sign the cloudflared binary # sign the cloudflared binary
if [[ -n "${CODE_SIGN_NAME:-}" ]]; then if [[ -n "${CODE_SIGN_NAME:-}" ]]; then
codesign -s "${CODE_SIGN_NAME}" -f -v --timestamp --options runtime ${BINARY_NAME} codesign -s "${CODE_SIGN_NAME}" -f -v --timestamp --options runtime ${BINARY_NAME}
# notarize the binary
if [[ -n "${CFD_NOTE_PASSWORD:-}" ]]; then
zip "${BINARY_NAME}.zip" ${BINARY_NAME}
xcrun altool --notarize-app -f "${BINARY_NAME}.zip" -t osx -u ${CFD_NOTE_USERNAME} -p ${CFD_NOTE_PASSWORD} --primary-bundle-id ${BUNDLE_ID}
fi
fi fi
@ -164,6 +169,12 @@ if [[ -n "${PKG_SIGN_NAME:-}" ]]; then
--install-location /usr/local/bin \ --install-location /usr/local/bin \
--sign "${PKG_SIGN_NAME}" \ --sign "${PKG_SIGN_NAME}" \
${PKGNAME} ${PKGNAME}
# notarize the package
if [[ -n "${CFD_NOTE_PASSWORD:-}" ]]; then
xcrun altool --notarize-app -f ${PKGNAME} -t osx -u ${CFD_NOTE_USERNAME} -p ${CFD_NOTE_PASSWORD} --primary-bundle-id ${BUNDLE_ID}
xcrun stapler staple ${PKGNAME}
fi
else else
pkgbuild --identifier com.cloudflare.${PRODUCT} \ pkgbuild --identifier com.cloudflare.${PRODUCT} \
--version ${VERSION} \ --version ${VERSION} \