From 03ce9b25aa562148a2eebd7572015337d4811aa8 Mon Sep 17 00:00:00 2001
From: Kateryna Kostiuk <kateryna.kostiuk@savoirfairelinux.com>
Date: Mon, 15 Jul 2019 08:58:09 -0400
Subject: [PATCH] packaging: prepare for notarization

Change-Id: I992b65eb95d872762f4800338e516c11c3ac98f7
---
 CMakeLists.txt                                |  2 ++
 .../Jami.entitlements                         | 12 +++++++
 notarize.sh                                   | 34 +++++++++++++++++++
 3 files changed, 48 insertions(+)
 create mode 100644 data/HardenedRuntimeEntitlements/Jami.entitlements
 create mode 100755 notarize.sh

diff --git a/CMakeLists.txt b/CMakeLists.txt
index a77b3c14..d3775d52 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -494,6 +494,7 @@ ELSE()
     SET_TARGET_PROPERTIES(${PROJ_NAME} PROPERTIES
         MACOSX_BUNDLE_INFO_PLIST ${CMAKE_CURRENT_SOURCE_DIR}/cmake/MacOSXBundleInfo.plist.in
         MACOSX_BUNDLE_GUI_IDENTIFIER "cx.ring"
+        XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS "${CMAKE_CURRENT_LIST_DIR}/data/HardenedRuntimeEntitlements/Jami.entitlements"
         MACOSX_BUNDLE_SHORT_VERSION_STRING "${RING_VERSION_NAME}"
         MACOSX_BUNDLE_LONG_VERSION_STRING "${PROJ_NAME} ${RING_VERSION_NAME}"
         MACOSX_BUNDLE_BUNDLE_VERSION ${RING_VERSION}
@@ -501,6 +502,7 @@ ELSE()
         MACOSX_BUNDLE_INFO_STRING "Build of ${PROJ_NAME}, version ${RING_VERSION}"
         MACOSX_BUNDLE_BUNDLE_NAME ${PROJ_NAME}
         MACOSX_BUNDLE_ICON_FILE "appicon.icns"
+        XCODE_ATTRIBUTE_ENABLE_HARDENED_RUNTIME TRUE
     )
 ENDIF()
 # Make sure we can find the 'ibtool' program. If we can NOT find it we
diff --git a/data/HardenedRuntimeEntitlements/Jami.entitlements b/data/HardenedRuntimeEntitlements/Jami.entitlements
new file mode 100644
index 00000000..d6495b4e
--- /dev/null
+++ b/data/HardenedRuntimeEntitlements/Jami.entitlements
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.security.device.audio-input</key>
+	<true/>
+	<key>com.apple.security.device.camera</key>
+	<true/>
+	<key>com.apple.security.personal-information.photos-library</key>
+	<true/>
+</dict>
+</plist>
diff --git a/notarize.sh b/notarize.sh
new file mode 100755
index 00000000..1e8b46a8
--- /dev/null
+++ b/notarize.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+echo ""
+cd build-local
+/Applications/Xcode.app/Contents/Applications/Application\ Loader.app/Contents/Frameworks/ITunesSoftwareService.framework/Support/altool --notarize-app -t osx -f Jami.app.zip --primary-bundle-id ${BUNDLE_ID} -u ${APPLE_ACCOUNT} -p ${APPLE_PASSWORD} --output-format xml -itc_provider ${TEAM_ID} > UploadInfo.plist
+REQUESTID=$(xmllint --xpath "/plist/dict[key='notarization-upload']/dict/key[.='RequestUUID']/following-sibling::string[1]/node()" UploadInfo.plist)
+echo "file uploaded for notarization"
+echo ${REQUESTID}
+x=1
+while [ $x -le 15 ];
+do
+/Applications/Xcode.app/Contents/Applications/Application\ Loader.app/Contents/Frameworks/ITunesSoftwareService.framework/Support/altool --notarization-info ${REQUESTID} -u ${APPLE_ACCOUNT}  -p ${APPLE_PASSWORD}  --output-format xml > RequestedInfo.plist
+ANSWER=$(xmllint --xpath "/plist/dict[key='notarization-info']/dict/key[.='Status']/following-sibling::string[1]/node()" RequestedInfo.plist)
+if [ "$ANSWER" == "in progress" ];
+then
+echo  "notarization in progress"
+sleep 60
+x=$(( $x + 1 ))
+elif [ "$ANSWER" == "success" ]
+then
+echo  "notarization success"
+break
+else
+echo "notarization failed"
+break
+exit 1
+fi
+done
+ANSWER=$(xmllint --xpath "/plist/dict[key='notarization-info']/dict/key[.='Status']/following-sibling::string[1]/node()" RequestedInfo.plist)
+if [ "$ANSWER" != "success" ];
+then
+echo "notarization failed"
+exit 1
+fi
-- 
GitLab