From 03ce9b25aa562148a2eebd7572015337d4811aa8 Mon Sep 17 00:00:00 2001
From: Kateryna Kostiuk <kateryna.kostiuk@savoirfairelinux.com>
Date: Mon, 15 Jul 2019 08:58:09 -0400
Subject: [PATCH] packaging: prepare for notarization
Change-Id: I992b65eb95d872762f4800338e516c11c3ac98f7
---
CMakeLists.txt | 2 ++
.../Jami.entitlements | 12 +++++++
notarize.sh | 34 +++++++++++++++++++
3 files changed, 48 insertions(+)
create mode 100644 data/HardenedRuntimeEntitlements/Jami.entitlements
create mode 100755 notarize.sh
diff --git a/CMakeLists.txt b/CMakeLists.txt
index a77b3c14..d3775d52 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -494,6 +494,7 @@ ELSE()
SET_TARGET_PROPERTIES(${PROJ_NAME} PROPERTIES
MACOSX_BUNDLE_INFO_PLIST ${CMAKE_CURRENT_SOURCE_DIR}/cmake/MacOSXBundleInfo.plist.in
MACOSX_BUNDLE_GUI_IDENTIFIER "cx.ring"
+ XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS "${CMAKE_CURRENT_LIST_DIR}/data/HardenedRuntimeEntitlements/Jami.entitlements"
MACOSX_BUNDLE_SHORT_VERSION_STRING "${RING_VERSION_NAME}"
MACOSX_BUNDLE_LONG_VERSION_STRING "${PROJ_NAME} ${RING_VERSION_NAME}"
MACOSX_BUNDLE_BUNDLE_VERSION ${RING_VERSION}
@@ -501,6 +502,7 @@ ELSE()
MACOSX_BUNDLE_INFO_STRING "Build of ${PROJ_NAME}, version ${RING_VERSION}"
MACOSX_BUNDLE_BUNDLE_NAME ${PROJ_NAME}
MACOSX_BUNDLE_ICON_FILE "appicon.icns"
+ XCODE_ATTRIBUTE_ENABLE_HARDENED_RUNTIME TRUE
)
ENDIF()
# Make sure we can find the 'ibtool' program. If we can NOT find it we
diff --git a/data/HardenedRuntimeEntitlements/Jami.entitlements b/data/HardenedRuntimeEntitlements/Jami.entitlements
new file mode 100644
index 00000000..d6495b4e
--- /dev/null
+++ b/data/HardenedRuntimeEntitlements/Jami.entitlements
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>com.apple.security.device.audio-input</key>
+ <true/>
+ <key>com.apple.security.device.camera</key>
+ <true/>
+ <key>com.apple.security.personal-information.photos-library</key>
+ <true/>
+</dict>
+</plist>
diff --git a/notarize.sh b/notarize.sh
new file mode 100755
index 00000000..1e8b46a8
--- /dev/null
+++ b/notarize.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+echo ""
+cd build-local
+/Applications/Xcode.app/Contents/Applications/Application\ Loader.app/Contents/Frameworks/ITunesSoftwareService.framework/Support/altool --notarize-app -t osx -f Jami.app.zip --primary-bundle-id ${BUNDLE_ID} -u ${APPLE_ACCOUNT} -p ${APPLE_PASSWORD} --output-format xml -itc_provider ${TEAM_ID} > UploadInfo.plist
+REQUESTID=$(xmllint --xpath "/plist/dict[key='notarization-upload']/dict/key[.='RequestUUID']/following-sibling::string[1]/node()" UploadInfo.plist)
+echo "file uploaded for notarization"
+echo ${REQUESTID}
+x=1
+while [ $x -le 15 ];
+do
+/Applications/Xcode.app/Contents/Applications/Application\ Loader.app/Contents/Frameworks/ITunesSoftwareService.framework/Support/altool --notarization-info ${REQUESTID} -u ${APPLE_ACCOUNT} -p ${APPLE_PASSWORD} --output-format xml > RequestedInfo.plist
+ANSWER=$(xmllint --xpath "/plist/dict[key='notarization-info']/dict/key[.='Status']/following-sibling::string[1]/node()" RequestedInfo.plist)
+if [ "$ANSWER" == "in progress" ];
+then
+echo "notarization in progress"
+sleep 60
+x=$(( $x + 1 ))
+elif [ "$ANSWER" == "success" ]
+then
+echo "notarization success"
+break
+else
+echo "notarization failed"
+break
+exit 1
+fi
+done
+ANSWER=$(xmllint --xpath "/plist/dict[key='notarization-info']/dict/key[.='Status']/following-sibling::string[1]/node()" RequestedInfo.plist)
+if [ "$ANSWER" != "success" ];
+then
+echo "notarization failed"
+exit 1
+fi
--
GitLab