From 03ce9b25aa562148a2eebd7572015337d4811aa8 Mon Sep 17 00:00:00 2001 From: Kateryna Kostiuk <kateryna.kostiuk@savoirfairelinux.com> Date: Mon, 15 Jul 2019 08:58:09 -0400 Subject: [PATCH] packaging: prepare for notarization Change-Id: I992b65eb95d872762f4800338e516c11c3ac98f7 --- CMakeLists.txt | 2 ++ .../Jami.entitlements | 12 +++++++ notarize.sh | 34 +++++++++++++++++++ 3 files changed, 48 insertions(+) create mode 100644 data/HardenedRuntimeEntitlements/Jami.entitlements create mode 100755 notarize.sh diff --git a/CMakeLists.txt b/CMakeLists.txt index a77b3c14..d3775d52 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -494,6 +494,7 @@ ELSE() SET_TARGET_PROPERTIES(${PROJ_NAME} PROPERTIES MACOSX_BUNDLE_INFO_PLIST ${CMAKE_CURRENT_SOURCE_DIR}/cmake/MacOSXBundleInfo.plist.in MACOSX_BUNDLE_GUI_IDENTIFIER "cx.ring" + XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS "${CMAKE_CURRENT_LIST_DIR}/data/HardenedRuntimeEntitlements/Jami.entitlements" MACOSX_BUNDLE_SHORT_VERSION_STRING "${RING_VERSION_NAME}" MACOSX_BUNDLE_LONG_VERSION_STRING "${PROJ_NAME} ${RING_VERSION_NAME}" MACOSX_BUNDLE_BUNDLE_VERSION ${RING_VERSION} @@ -501,6 +502,7 @@ ELSE() MACOSX_BUNDLE_INFO_STRING "Build of ${PROJ_NAME}, version ${RING_VERSION}" MACOSX_BUNDLE_BUNDLE_NAME ${PROJ_NAME} MACOSX_BUNDLE_ICON_FILE "appicon.icns" + XCODE_ATTRIBUTE_ENABLE_HARDENED_RUNTIME TRUE ) ENDIF() # Make sure we can find the 'ibtool' program. If we can NOT find it we diff --git a/data/HardenedRuntimeEntitlements/Jami.entitlements b/data/HardenedRuntimeEntitlements/Jami.entitlements new file mode 100644 index 00000000..d6495b4e --- /dev/null +++ b/data/HardenedRuntimeEntitlements/Jami.entitlements @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <key>com.apple.security.device.audio-input</key> + <true/> + <key>com.apple.security.device.camera</key> + <true/> + <key>com.apple.security.personal-information.photos-library</key> + <true/> +</dict> +</plist> diff --git a/notarize.sh b/notarize.sh new file mode 100755 index 00000000..1e8b46a8 --- /dev/null +++ b/notarize.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +echo "" +cd build-local +/Applications/Xcode.app/Contents/Applications/Application\ Loader.app/Contents/Frameworks/ITunesSoftwareService.framework/Support/altool --notarize-app -t osx -f Jami.app.zip --primary-bundle-id ${BUNDLE_ID} -u ${APPLE_ACCOUNT} -p ${APPLE_PASSWORD} --output-format xml -itc_provider ${TEAM_ID} > UploadInfo.plist +REQUESTID=$(xmllint --xpath "/plist/dict[key='notarization-upload']/dict/key[.='RequestUUID']/following-sibling::string[1]/node()" UploadInfo.plist) +echo "file uploaded for notarization" +echo ${REQUESTID} +x=1 +while [ $x -le 15 ]; +do +/Applications/Xcode.app/Contents/Applications/Application\ Loader.app/Contents/Frameworks/ITunesSoftwareService.framework/Support/altool --notarization-info ${REQUESTID} -u ${APPLE_ACCOUNT} -p ${APPLE_PASSWORD} --output-format xml > RequestedInfo.plist +ANSWER=$(xmllint --xpath "/plist/dict[key='notarization-info']/dict/key[.='Status']/following-sibling::string[1]/node()" RequestedInfo.plist) +if [ "$ANSWER" == "in progress" ]; +then +echo "notarization in progress" +sleep 60 +x=$(( $x + 1 )) +elif [ "$ANSWER" == "success" ] +then +echo "notarization success" +break +else +echo "notarization failed" +break +exit 1 +fi +done +ANSWER=$(xmllint --xpath "/plist/dict[key='notarization-info']/dict/key[.='Status']/following-sibling::string[1]/node()" RequestedInfo.plist) +if [ "$ANSWER" != "success" ]; +then +echo "notarization failed" +exit 1 +fi -- GitLab