From d387ca19915fc4d4494d6be0268005ec3d4689d5 Mon Sep 17 00:00:00 2001 From: Antoine Poinsot Date: Thu, 11 May 2023 10:54:25 +0200 Subject: [PATCH] contrib: codesigning for MacOS in the release script --- contrib/release/release.sh | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/contrib/release/release.sh b/contrib/release/release.sh index 2c0c9ba2..179492aa 100755 --- a/contrib/release/release.sh +++ b/contrib/release/release.sh @@ -15,6 +15,11 @@ WINDOWS_DIR_NAME="$LIANA_PREFIX-x86_64-windows-gnu" WINDOWS_ARCHIVE="$WINDOWS_DIR_NAME.zip" MAC_DIR_NAME="$LIANA_PREFIX-x86_64-apple-darwin" MAC_ARCHIVE="$MAC_DIR_NAME.tar.gz" +MAC_CODESIGN="${MAC_CODESIGN:-"0"}" +RCODESIGN_BIN="${RCODESIGN_BIN:-"$PWD/../../macos_codesigning/apple-codesign-0.22.0-x86_64-unknown-linux-musl/rcodesign"}" +CODESIGN_KEY="${CODESIGN_KEY:-"$PWD/../../macos_codesigning/wizardsardine_liana.key"}" +CODESIGN_CERT="${CODESIGN_CERT:-"$PWD/../../macos_codesigning/antoine_devid_liana_codesigning.cer"}" +NOTARY_API_CREDS_FILE="${NOTARY_API_CREDS_FILE:-"$PWD/../../macos_codesigning/encoded_appstore_api_key.json"}" create_dir() { test -d "$1" || mkdir "$1" @@ -59,8 +64,15 @@ TARGET_DIR="$BUILD_DIR" ./contrib/reproducible/docker/docker-build.sh cp -r ../contrib/release/macos/Liana.app ./ sed -i "s/VERSION_PLACEHOLDER/$VERSION/g" ./Liana.app/Contents/Info.plist cp "$BUILD_DIR/gui/x86_64-apple-darwin/release/liana-gui" ./Liana.app/Contents/MacOS/Liana - zip -ry Liana.zip Liana.app - cp ./Liana.zip "$RELEASE_DIR/" + zip -ry Liana-noncodesigned.zip Liana.app + cp ./Liana-noncodesigned.zip "$RELEASE_DIR/" + + if [ "$MAC_CODESIGN" = "1" ]; then + $RCODESIGN_BIN sign --digest sha256 --code-signature-flags runtime --pem-source "$CODESIGN_KEY" --der-source "$CODESIGN_CERT" Liana.app/ + $RCODESIGN_BIN notary-submit --max-wait-seconds 600 --api-key-path "$NOTARY_API_CREDS_FILE" --staple Liana.app + zip -ry Liana.zip Liana.app + cp ./Liana.zip "$RELEASE_DIR/" + fi ) # Finally, sign all the assets