gogio: [macOS] add notarizing

Now, it's possible to notarize the app, using -notaryid,
-notarypass and -notaryteamid flags. Those flags are
similar to -signkey and -signpass.

Signed-off-by: inkeliz <inkeliz@inkeliz.com>
This commit is contained in:
inkeliz
2023-07-11 20:11:57 +01:00
parent 42b1cd0f6c
commit 4128f253e8
4 changed files with 71 additions and 28 deletions
+32 -26
View File
@@ -12,19 +12,22 @@ import (
) )
type buildInfo struct { type buildInfo struct {
appID string appID string
archs []string archs []string
ldflags string ldflags string
minsdk int minsdk int
name string name string
pkgDir string pkgDir string
pkgPath string pkgPath string
iconPath string iconPath string
tags string tags string
target string target string
version int version int
key string key string
password string password string
notaryAppleID string
notaryPassword string
notaryTeamID string
} }
func newBuildInfo(pkgPath string) (*buildInfo, error) { func newBuildInfo(pkgPath string) (*buildInfo, error) {
@@ -42,19 +45,22 @@ func newBuildInfo(pkgPath string) (*buildInfo, error) {
appName = *name appName = *name
} }
bi := &buildInfo{ bi := &buildInfo{
appID: appID, appID: appID,
archs: getArchs(), archs: getArchs(),
ldflags: getLdFlags(appID), ldflags: getLdFlags(appID),
minsdk: *minsdk, minsdk: *minsdk,
name: appName, name: appName,
pkgDir: pkgMetadata.Dir, pkgDir: pkgMetadata.Dir,
pkgPath: pkgPath, pkgPath: pkgPath,
iconPath: appIcon, iconPath: appIcon,
tags: *extraTags, tags: *extraTags,
target: *target, target: *target,
version: *version, version: *version,
key: *signKey, key: *signKey,
password: *signPass, password: *signPass,
notaryAppleID: *notaryID,
notaryPassword: *notaryPass,
notaryTeamID: *notaryTeamID,
} }
return bi, nil return bi, nil
} }
+9
View File
@@ -68,4 +68,13 @@ The -signkey flag specifies the path of the keystore, used for signing Android a
or specifies the name of key on Keychain to sign MacOS app. or specifies the name of key on Keychain to sign MacOS app.
The -signpass flag specifies the password of the keystore, ignored if -signkey is not provided. The -signpass flag specifies the password of the keystore, ignored if -signkey is not provided.
The -notaryid flag specifies the Apple ID to use for notarization of MacOS app.
The -notarypass flag specifies the password of the Apple ID, ignored if -notaryid is not
provided. That must be an app-specific password, see https://support.apple.com/en-us/HT204397
for details. If not provided, the password will be prompted.
The -notaryteamid flag specifies the team ID to use for notarization of MacOS app, ignored if
-notaryid is not provided.
` `
+27 -2
View File
@@ -56,11 +56,17 @@ func buildMac(tmpDir string, bi *buildInfo) error {
} }
} }
if err := dittozip(tmpDest, finalDest+".zip"); err != nil { if err := dittozip(tmpDest, tmpDest+".zip"); err != nil {
return err return err
} }
if err := dittounzip(finalDest+".zip", finalDest); err != nil { if bi.notaryAppleID != "" {
if err := builder.notarize(bi, tmpDest+".zip"); err != nil {
return err
}
}
if err := dittounzip(tmpDest+".zip", finalDest); err != nil {
return err return err
} }
} }
@@ -222,6 +228,25 @@ func (b *macBuilder) signProgram(buildInfo *buildInfo, binDest string, name stri
return err return err
} }
func (b *macBuilder) notarize(buildInfo *buildInfo, binDest string) error {
cmd := exec.Command(
"xcrun",
"notarytool",
"submit",
binDest,
"--apple-id", buildInfo.notaryAppleID,
"--team-id", buildInfo.notaryTeamID,
"--wait",
)
if buildInfo.notaryPassword != "" {
cmd.Args = append(cmd.Args, "--password", buildInfo.notaryPassword)
}
_, err := runCmd(cmd)
return err
}
func dittozip(input, output string) error { func dittozip(input, output string) error {
cmd := exec.Command("ditto", "-c", "-k", "-X", "--rsrc", input, output) cmd := exec.Command("ditto", "-c", "-k", "-X", "--rsrc", input, output)
+3
View File
@@ -38,6 +38,9 @@ var (
iconPath = flag.String("icon", "", "specify an icon for iOS and Android") iconPath = flag.String("icon", "", "specify an icon for iOS and Android")
signKey = flag.String("signkey", "", "specify the path of the keystore to be used to sign Android apk files.") signKey = flag.String("signkey", "", "specify the path of the keystore to be used to sign Android apk files.")
signPass = flag.String("signpass", "", "specify the password to decrypt the signkey.") signPass = flag.String("signpass", "", "specify the password to decrypt the signkey.")
notaryID = flag.String("notaryid", "", "specify the apple id to use for notarization.")
notaryPass = flag.String("notarypass", "", "specify app-specific password of the Apple ID to be used for notarization.")
notaryTeamID = flag.String("notaryteamid", "", "specify the team id to use for notarization.")
) )
func main() { func main() {