Skip to content

Commit

Permalink
Notarizing macOS software before distribution
Browse files Browse the repository at this point in the history
  • Loading branch information
ailinykh committed Apr 27, 2024
1 parent 99914aa commit 6b61669
Show file tree
Hide file tree
Showing 3 changed files with 81 additions and 0 deletions.
52 changes: 52 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@

xcodebuild?=/usr/bin/xcodebuild
xcrun?=/usr/bin/xcrun

PRODUCT_NAME:=ImgurBar
TMP:=$(shell mktemp -dt com.ailinykh.${PRODUCT_NAME})

ARCHIVE_PATH?=$(TMP)/$(PRODUCT_NAME).xcarchive
DERIVED_DATA_PATH?=$(TMP)/DerivedData
RESULT_BUNDLE_PATH?=$(TMP)/$(PRODUCT_NAME).xcresult

EXPORT_PATH?=$(TMP)/$(PRODUCT_NAME).exported
APP_PATH?=$(EXPORT_PATH)/$(PRODUCT_NAME).app
ZIP_PATH?=$(TMP)/$(PRODUCT_NAME).zip

.PHONY: archive
archive:
$(xcodebuild) clean archive \
-project $(PRODUCT_NAME).xcodeproj \
-configuration Release \
-scheme $(PRODUCT_NAME) \
-sdk macosx -destination "platform=macOS" \
-archivePath $(ARCHIVE_PATH) \
-derivedDataPath $(DERIVED_DATA_PATH) \
-resultBundlePath $(RESULT_BUNDLE_PATH) \
ONLY_ACTIVE_ARCH=NO

ifdef TEAM_ID
$(shell plutil -replace teamID -string ${TEAM_ID} exportOptions.plist)
endif
ifdef CODE_SIGN_IDENTITY
$(shell plutil -replace signingCertificate -string "${CODE_SIGN_IDENTITY}" exportOptions.plist)
endif

.PHONY: export
export: archive
$(xcodebuild) -exportArchive \
-archivePath $(ARCHIVE_PATH) \
-exportPath $(EXPORT_PATH) \
-exportOptionsPlist exportOptions.plist

# xcrun notarytool store-credentials --key <KEY.p8> --key-id <KEY_ID> --issuer <KEY_ISSUER> notarization-profile
# xcrun notarytool log <SUBMISSION_ID> --keychain-profile notarization-profile
.PHONY: notarize
notarize: export
/usr/bin/ditto -c -k --keepParent $(APP_PATH) $(ZIP_PATH); \
$(xcrun) notarytool submit $(ZIP_PATH) --verbose --wait --keychain-profile notarization-profile; \
$(xcrun) stapler staple $(APP_PATH)

.PHONY: validate
validate:
spctl -av $(APP_PATH)
15 changes: 15 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,21 @@ Automatic screenshots uploading is also supported
- insert in [Info.plist](https://github.com/ailinykh/ImgurBar/blob/master/ImgurBar/Info.plist#L40) file
- build an app

# Notarization
In case you are member of [Apple Developer Program](https://developer.apple.com/programs/) it's possible to [notarize](https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution) app for distribution.

To perform notarization you should follow this steps:
- Create new [App Store Connect API Key](https://appstoreconnect.apple.com/access/integrations/api)
- Save credentials in the keychain:
- `xcrun notarytool store-credentials --key <KEY.p8> --key-id <KEY_ID> --issuer <KEY_ISSUER> notarization-profile`
- Place [Developer ID certificate](https://developer.apple.com/help/account/create-certificates/create-developer-id-certificates/) to you current Keychain
- Find __Team ID__ at [Membership Details](https://developer.apple.com/account) section
- Run notarization:
- `make notarize TEAM_ID=<YOUR_TEAM_ID> CODE_SIGN_IDENTITY="Developer ID Application"`
- Wait for message:
- _The staple and validate action worked!_
- You're amazing!

# Thanks

Thanks to [zbuc](https://github.com/zbuc/imgurBar) for idea
Expand Down
14 changes: 14 additions & 0 deletions exportOptions.plist
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>compileBitcode</key>
<true/>
<key>signingCertificate</key>
<string></string>
<key>signingStyle</key>
<string>manual</string>
<key>teamID</key>
<string></string>
</dict>
</plist>

0 comments on commit 6b61669

Please sign in to comment.