util/mac-codesign.sh at issue-784 · stream.place/streamplace

stream.place / streamplace
Live video on the AT Protocol
streamplace / util / mac-codesign.sh
at issue-784 66 lines 2.3 kB view raw
 1#!/bin/bash
 2
 3set -euo pipefail
 4
 5CODESIGN="$(command -v codesign || echo -n "/usr/bin/codesign")"
 6NOTARIZATION_FILE="/tmp/LP_NOTARIZATION_${RANDOM}.zip"
 7CERTIFICATE_FILE="certificate.csr"
 8KEYCHAIN_NAME="streamplace.keychain"
 9KEYCHAIN_FILE=""
10
11function livepeer-keychain() {
12  # Create and unlock a custom temporary keychain for codesigning and
13  # notarization purpose
14  local password="$(uuidgen)"
15  if [[ "${KEYCHAIN_PASSWORD}" == "" ]]; then
16    KEYCHAIN_PASSWORD="$password"
17  fi
18  security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_NAME" || echo 'already exists'
19  security default-keychain -s "$KEYCHAIN_NAME"
20  security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_NAME"
21  if [[ "${KEYCHAIN_FILE:-}" == "" ]]; then
22    KEYCHAIN_FILE="$(security default-keychain | sed -e 's:^["\t ]*::;s:["\t ]*$::')"
23  fi
24  echo "${DEVELOPER_CERTIFICATE_BASE64}" | base64 -d >"$CERTIFICATE_FILE"
25  security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_NAME"
26  security import "${CERTIFICATE_FILE}" -f pkcs12 -k "$KEYCHAIN_NAME" -T "$CODESIGN" -P "${DEVELOPER_CERTIFICATE_PASSWORD}"
27  security set-key-partition-list -S "apple-tool:,apple:,codesign:" -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_NAME"
28  rm -f "${CERTIFICATE_FILE}"
29}
30
31function livepeer-codesign() {
32  $CODESIGN --force --sign "${DEVELOPER_CERTIFICATE_ID}" -o runtime "${BINARY_PATH}"
33  zip -9r "${NOTARIZATION_FILE}" "${BINARY_PATH}"
34}
35
36function livepeer-notarize() {
37  local keychain_profile="lp-notarize_${RANDOM}"
38  security default-keychain -s "$KEYCHAIN_NAME"
39  security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_NAME"
40  if [[ "$KEYCHAIN_FILE" == "" ]]; then
41    KEYCHAIN_FILE="$(security default-keychain | sed -e 's:^["\t ]*::;s:["\t ]*$::')"
42  fi
43  xcrun notarytool store-credentials \
44    --verbose \
45    --validate \
46    --apple-id "$NOTARIZATION_EMAIL" \
47    --password "$NOTARIZATION_PASSWORD" \
48    --team-id "$NOTARIZATION_TEAM_ID" \
49    --keychain "$KEYCHAIN_FILE" \
50    "$keychain_profile"
51
52  xcrun notarytool submit \
53    --keychain-profile "$keychain_profile" \
54    --keychain "$KEYCHAIN_FILE" \
55    --verbose \
56    "${NOTARIZATION_FILE}"
57  rm -f "${NOTARIZATION_FILE}"
58}
59
60export BINARY_PATH="${1:-}"
61livepeer-keychain
62if [[ "${BINARY_PATH:-}" != "" ]]; then
63  livepeer-codesign
64  livepeer-notarize
65  codesign -dvv "$BINARY_PATH"
66fi