Yehowshua/ZIm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Attempt to not notarize so much (#25515)

Browse source 
https://developer.apple.com/forums/thread/718583 suggests that if you
staple a dmg, then the ticket is copied along with the app when you copy
it out of the dmg.

Closes #ISSUE

Release Notes:

- N/A
This commit is contained in:
Conrad Irwin 2025-02-24 18:48:47 -07:00 committed by GitHub
parent 2d63f7628f
commit 20440f83e9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

21
script/bundle-mac
View file

@ -313,24 +313,6 @@ function sign_app_binaries() {
mv "${app_path}" "${dmg_source_directory}" mv "${app_path}" "${dmg_source_directory}"
notarization_key_file=$(mktemp) notarization_key_file=$(mktemp)
if [[ $can_code_sign = true ]]; then
echo "Creating temporary DMG at ${dmg_file_path} using ${dmg_source_directory} to notarize app bundle"
hdiutil create -volname Zed -srcfolder "${dmg_source_directory}" -ov -format UDZO "${dmg_file_path}"
echo "Code-signing DMG"
/usr/bin/codesign --deep --force --timestamp --options runtime --sign "$IDENTITY" "$(pwd)/${dmg_file_path}" -v
echo "Notarizing DMG with Apple"
echo "$APPLE_NOTARIZATION_KEY" > "$notarization_key_file"
"${xcode_bin_dir_path}/notarytool" submit --wait --key "$notarization_key_file" --key-id "$APPLE_NOTARIZATION_KEY_ID" --issuer "$APPLE_NOTARIZATION_ISSUER_ID" "${dmg_file_path}"
echo "Removing temporary DMG (used only for notarization)"
rm "${dmg_file_path}"
echo "Stapling notarization ticket to ${dmg_source_directory}/${bundle_name}"
"${xcode_bin_dir_path}/stapler" staple "${dmg_source_directory}/${bundle_name}"
fi
echo "Adding symlink to /Applications to ${dmg_source_directory}" echo "Adding symlink to /Applications to ${dmg_source_directory}"
ln -s /Applications ${dmg_source_directory} ln -s /Applications ${dmg_source_directory}
@ -349,9 +331,10 @@ function sign_app_binaries() {
if [[ $can_code_sign = true ]]; then if [[ $can_code_sign = true ]]; then
echo "Notarizing DMG with Apple" echo "Notarizing DMG with Apple"
/usr/bin/codesign --deep --force --timestamp --options runtime --sign "$IDENTITY" "$(pwd)/${dmg_file_path}" -v /usr/bin/codesign --deep --force --timestamp --options runtime --sign "$IDENTITY" "$(pwd)/${dmg_file_path}" -v
echo "$APPLE_NOTARIZATION_KEY" > "$notarization_key_file"
"${xcode_bin_dir_path}/notarytool" submit --wait --key "$notarization_key_file" --key-id "$APPLE_NOTARIZATION_KEY_ID" --issuer "$APPLE_NOTARIZATION_ISSUER_ID" "${dmg_file_path}" "${xcode_bin_dir_path}/notarytool" submit --wait --key "$notarization_key_file" --key-id "$APPLE_NOTARIZATION_KEY_ID" --issuer "$APPLE_NOTARIZATION_ISSUER_ID" "${dmg_file_path}"
"${xcode_bin_dir_path}/stapler" staple "${dmg_file_path}"
rm "$notarization_key_file" rm "$notarization_key_file"
"${xcode_bin_dir_path}/stapler" staple "${dmg_file_path}"
fi fi
if [ "$open_result" = true ]; then if [ "$open_result" = true ]; then