From 4128f253e857270fdc59a4e9a9d4b10f454c2935 Mon Sep 17 00:00:00 2001 From: inkeliz Date: Tue, 11 Jul 2023 20:11:57 +0100 Subject: [PATCH] gogio: [macOS] add notarizing Now, it's possible to notarize the app, using -notaryid, -notarypass and -notaryteamid flags. Those flags are similar to -signkey and -signpass. Signed-off-by: inkeliz --- gogio/build_info.go | 58 +++++++++++++++++++++++++-------------------- gogio/help.go | 9 +++++++ gogio/macosbuild.go | 29 +++++++++++++++++++++-- gogio/main.go | 3 +++ 4 files changed, 71 insertions(+), 28 deletions(-) diff --git a/gogio/build_info.go b/gogio/build_info.go index e2a7706..19b867f 100644 --- a/gogio/build_info.go +++ b/gogio/build_info.go @@ -12,19 +12,22 @@ import ( ) type buildInfo struct { - appID string - archs []string - ldflags string - minsdk int - name string - pkgDir string - pkgPath string - iconPath string - tags string - target string - version int - key string - password string + appID string + archs []string + ldflags string + minsdk int + name string + pkgDir string + pkgPath string + iconPath string + tags string + target string + version int + key string + password string + notaryAppleID string + notaryPassword string + notaryTeamID string } func newBuildInfo(pkgPath string) (*buildInfo, error) { @@ -42,19 +45,22 @@ func newBuildInfo(pkgPath string) (*buildInfo, error) { appName = *name } bi := &buildInfo{ - appID: appID, - archs: getArchs(), - ldflags: getLdFlags(appID), - minsdk: *minsdk, - name: appName, - pkgDir: pkgMetadata.Dir, - pkgPath: pkgPath, - iconPath: appIcon, - tags: *extraTags, - target: *target, - version: *version, - key: *signKey, - password: *signPass, + appID: appID, + archs: getArchs(), + ldflags: getLdFlags(appID), + minsdk: *minsdk, + name: appName, + pkgDir: pkgMetadata.Dir, + pkgPath: pkgPath, + iconPath: appIcon, + tags: *extraTags, + target: *target, + version: *version, + key: *signKey, + password: *signPass, + notaryAppleID: *notaryID, + notaryPassword: *notaryPass, + notaryTeamID: *notaryTeamID, } return bi, nil } diff --git a/gogio/help.go b/gogio/help.go index 625c13d..2561c2b 100644 --- a/gogio/help.go +++ b/gogio/help.go @@ -68,4 +68,13 @@ The -signkey flag specifies the path of the keystore, used for signing Android a or specifies the name of key on Keychain to sign MacOS app. The -signpass flag specifies the password of the keystore, ignored if -signkey is not provided. + +The -notaryid flag specifies the Apple ID to use for notarization of MacOS app. + +The -notarypass flag specifies the password of the Apple ID, ignored if -notaryid is not +provided. That must be an app-specific password, see https://support.apple.com/en-us/HT204397 +for details. If not provided, the password will be prompted. + +The -notaryteamid flag specifies the team ID to use for notarization of MacOS app, ignored if +-notaryid is not provided. ` diff --git a/gogio/macosbuild.go b/gogio/macosbuild.go index a5f3e88..88e9463 100644 --- a/gogio/macosbuild.go +++ b/gogio/macosbuild.go @@ -56,11 +56,17 @@ func buildMac(tmpDir string, bi *buildInfo) error { } } - if err := dittozip(tmpDest, finalDest+".zip"); err != nil { + if err := dittozip(tmpDest, tmpDest+".zip"); err != nil { return err } - if err := dittounzip(finalDest+".zip", finalDest); err != nil { + if bi.notaryAppleID != "" { + if err := builder.notarize(bi, tmpDest+".zip"); err != nil { + return err + } + } + + if err := dittounzip(tmpDest+".zip", finalDest); err != nil { return err } } @@ -222,6 +228,25 @@ func (b *macBuilder) signProgram(buildInfo *buildInfo, binDest string, name stri return err } +func (b *macBuilder) notarize(buildInfo *buildInfo, binDest string) error { + cmd := exec.Command( + "xcrun", + "notarytool", + "submit", + binDest, + "--apple-id", buildInfo.notaryAppleID, + "--team-id", buildInfo.notaryTeamID, + "--wait", + ) + + if buildInfo.notaryPassword != "" { + cmd.Args = append(cmd.Args, "--password", buildInfo.notaryPassword) + } + + _, err := runCmd(cmd) + return err +} + func dittozip(input, output string) error { cmd := exec.Command("ditto", "-c", "-k", "-X", "--rsrc", input, output) diff --git a/gogio/main.go b/gogio/main.go index d3e31f7..a0c382f 100644 --- a/gogio/main.go +++ b/gogio/main.go @@ -38,6 +38,9 @@ var ( iconPath = flag.String("icon", "", "specify an icon for iOS and Android") signKey = flag.String("signkey", "", "specify the path of the keystore to be used to sign Android apk files.") signPass = flag.String("signpass", "", "specify the password to decrypt the signkey.") + notaryID = flag.String("notaryid", "", "specify the apple id to use for notarization.") + notaryPass = flag.String("notarypass", "", "specify app-specific password of the Apple ID to be used for notarization.") + notaryTeamID = flag.String("notaryteamid", "", "specify the team id to use for notarization.") ) func main() {