gogio: [macOS] add notarizing

Now, it's possible to notarize the app, using -notaryid,
-notarypass and -notaryteamid flags. Those flags are
similar to -signkey and -signpass.

Signed-off-by: inkeliz <inkeliz@inkeliz.com>
This commit is contained in:
inkeliz
2023-07-11 20:11:57 +01:00
parent 42b1cd0f6c
commit 4128f253e8
4 changed files with 71 additions and 28 deletions
+6
View File
@@ -25,6 +25,9 @@ type buildInfo struct {
version int
key string
password string
notaryAppleID string
notaryPassword string
notaryTeamID string
}
func newBuildInfo(pkgPath string) (*buildInfo, error) {
@@ -55,6 +58,9 @@ func newBuildInfo(pkgPath string) (*buildInfo, error) {
version: *version,
key: *signKey,
password: *signPass,
notaryAppleID: *notaryID,
notaryPassword: *notaryPass,
notaryTeamID: *notaryTeamID,
}
return bi, nil
}
+9
View File
@@ -68,4 +68,13 @@ The -signkey flag specifies the path of the keystore, used for signing Android a
or specifies the name of key on Keychain to sign MacOS app.
The -signpass flag specifies the password of the keystore, ignored if -signkey is not provided.
The -notaryid flag specifies the Apple ID to use for notarization of MacOS app.
The -notarypass flag specifies the password of the Apple ID, ignored if -notaryid is not
provided. That must be an app-specific password, see https://support.apple.com/en-us/HT204397
for details. If not provided, the password will be prompted.
The -notaryteamid flag specifies the team ID to use for notarization of MacOS app, ignored if
-notaryid is not provided.
`
+27 -2
View File
@@ -56,11 +56,17 @@ func buildMac(tmpDir string, bi *buildInfo) error {
}
}
if err := dittozip(tmpDest, finalDest+".zip"); err != nil {
if err := dittozip(tmpDest, tmpDest+".zip"); err != nil {
return err
}
if err := dittounzip(finalDest+".zip", finalDest); err != nil {
if bi.notaryAppleID != "" {
if err := builder.notarize(bi, tmpDest+".zip"); err != nil {
return err
}
}
if err := dittounzip(tmpDest+".zip", finalDest); err != nil {
return err
}
}
@@ -222,6 +228,25 @@ func (b *macBuilder) signProgram(buildInfo *buildInfo, binDest string, name stri
return err
}
func (b *macBuilder) notarize(buildInfo *buildInfo, binDest string) error {
cmd := exec.Command(
"xcrun",
"notarytool",
"submit",
binDest,
"--apple-id", buildInfo.notaryAppleID,
"--team-id", buildInfo.notaryTeamID,
"--wait",
)
if buildInfo.notaryPassword != "" {
cmd.Args = append(cmd.Args, "--password", buildInfo.notaryPassword)
}
_, err := runCmd(cmd)
return err
}
func dittozip(input, output string) error {
cmd := exec.Command("ditto", "-c", "-k", "-X", "--rsrc", input, output)
+3
View File
@@ -38,6 +38,9 @@ var (
iconPath = flag.String("icon", "", "specify an icon for iOS and Android")
signKey = flag.String("signkey", "", "specify the path of the keystore to be used to sign Android apk files.")
signPass = flag.String("signpass", "", "specify the password to decrypt the signkey.")
notaryID = flag.String("notaryid", "", "specify the apple id to use for notarization.")
notaryPass = flag.String("notarypass", "", "specify app-specific password of the Apple ID to be used for notarization.")
notaryTeamID = flag.String("notaryteamid", "", "specify the team id to use for notarization.")
)
func main() {