From 620e52da3413688cb87842f2c723a8d7cb077d2a Mon Sep 17 00:00:00 2001
From: Oz <oz@certora.com>
Date: Sun, 17 Nov 2024 16:40:08 +0200
Subject: [PATCH] restore sign.sh

---
 scripts/sign.sh | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100755 scripts/sign.sh

diff --git a/scripts/sign.sh b/scripts/sign.sh
new file mode 100755
index 0000000..47267fa
--- /dev/null
+++ b/scripts/sign.sh
@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+set -ex
+
+FILES_TO_SIGN=$@
+
+for FILE_PATH in "$FILES_TO_SIGN"; do
+    FILE_NAME=$(basename $FILE_PATH)
+    APPLE_TEMPKEYCHAIN_NAME=$(echo $FILE_NAME | tr -cd 'a-zA-Z')$(($RANDOM)) # use a random name
+    
+    echo "File path: $FILE_PATH"
+    echo "File name: $FILE_NAME"
+    echo "Apple temp keychain name: $APPLE_TEMPKEYCHAIN_NAME"
+
+    # create keychain
+    printf "$APPLE_P12_BASE64" | base64 -d > dev.p12
+    security create-keychain -p "$APPLE_TEMPKEYCHAIN_PASSWORD" "$APPLE_TEMPKEYCHAIN_NAME"
+    security list-keychains -d user -s "$APPLE_TEMPKEYCHAIN_NAME" $(security list-keychains -d user | tr -d '"')
+    security set-keychain-settings "$APPLE_TEMPKEYCHAIN_NAME"
+    security import dev.p12 -k "$APPLE_TEMPKEYCHAIN_NAME" -P "$APPLE_P12_PASSWORD" -T "/usr/bin/codesign"
+    security set-key-partition-list -S apple-tool:,apple: -s -k "$APPLE_TEMPKEYCHAIN_PASSWORD" -D "$APPLE_CODESIGN_IDENTITY" -t private "$APPLE_TEMPKEYCHAIN_NAME"
+    security default-keychain -d user -s "$APPLE_TEMPKEYCHAIN_NAME"
+    security unlock-keychain -p "$APPLE_TEMPKEYCHAIN_PASSWORD" "$APPLE_TEMPKEYCHAIN_NAME"
+
+    # sign the binary
+    codesign -o runtime --force --timestamp -s "$APPLE_CODESIGN_IDENTITY" -v $FILE_PATH
+
+    # notarize binary
+    ditto -c -k $FILE_PATH $FILE_NAME.zip # notarization require zip files
+    xcrun notarytool store-credentials --apple-id shelly@certora.com --password "$APPLE_CRED" --team-id "$APPLE_TEAMID" altool
+    xcrun notarytool submit $FILE_NAME.zip --keychain-profile altool --wait
+done