-
Notifications
You must be signed in to change notification settings - Fork 398
Expand file tree
/
Copy pathnotarize.sh
More file actions
executable file
·143 lines (121 loc) · 4.64 KB
/
notarize.sh
File metadata and controls
executable file
·143 lines (121 loc) · 4.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
#!/bin/bash
# Before calling this script, make sure you have stored App Store Connect API credentials in the keychain
# xcrun notarytool store-credentials postgresapp
# Then you can call this script like this:
# POSTGRESAPP_SHORT_VERSION=2.x.x POSTGRESAPP_BUILD_VERSION=xx PG_BINARIES_VERSIONS=10_11_12 PG_BINARIES_DIR=~/Documents/postgresapp/binaries LATEST_STABLE_PG_VERSION=12 SPARKLE_SIGNING_KEY=example.pem ./notarize.sh
set -e
set -o pipefail
export NSUnbufferedIO=YES
export PYTHONUNBUFFERED=1
trap 'if [[ $? -ne 0 ]]; then echo "Error"; echo "Check Log For Details"; fi' EXIT
if [ "x$POSTGRESAPP_SHORT_VERSION" = x ]
then
echo "Please set the environment variable POSTGRESAPP_SHORT_VERSION"
exit 1
fi
if [ "x$POSTGRESAPP_BUILD_VERSION" = x ]
then
echo "Please set the environment variable POSTGRESAPP_BUILD_VERSION"
exit 1
fi
if [ "x$PG_BINARIES_VERSIONS" = x ]
then
echo "Please set the environment variable PG_BINARIES_VERSIONS"
exit 1
fi
if [ "x$PG_BINARIES_DIR" = x ]
then
echo "Please set the environment variable PG_BINARIES_DIR"
exit 1
fi
if [ "x$LATEST_STABLE_PG_VERSION" = x ]
then
echo "Please set the environment variable LATEST_STABLE_PG_VERSION"
exit 1
fi
if [ "x$SPARKLE_SIGNING_KEY" = x ]
then
echo "Please set SPARKLE_SIGNING_KEY to the path of the DSA key used for signing sparkle updates."
exit 1
fi
if [ "x$BUILD_DIR" = x ]
then
echo "Please set BUILD_DIR"
exit 1
fi
PROJECT_ROOT=$(dirname $(pwd))
PROJECT_FILE="$PROJECT_ROOT"/Postgres.xcodeproj
LOG_DIR="$BUILD_DIR/notarize-log"
ARCHIVE_PATH="$BUILD_DIR"/Postgres.xcarchive
BGIMG_PATH=background-image/folder_bg.png
DMG_DST_PATH="$BUILD_DIR"/Postgres-$POSTGRESAPP_SHORT_VERSION-${PG_BINARIES_VERSIONS//_/-}.dmg
SIGNATURE_PATH="$BUILD_DIR"/Postgres-$POSTGRESAPP_SHORT_VERSION-${PG_BINARIES_VERSIONS//_/-}-signature.txt
APPCAST_PATH="$BUILD_DIR"/updates_$PG_BINARIES_VERSIONS.xml
mkdir -p "$LOG_DIR"
echo "Log Directory: $LOG_DIR"
env >"$LOG_DIR/env"
# Read the minumum macOS version from the xcarchive
echo -n "Reading LSMinimumSystemVersion from Archive... "
MACOSX_DEPLOYMENT_TARGET=$(plutil -extract LSMinimumSystemVersion raw "$ARCHIVE_PATH"/Products/Applications/Postgres.app/Contents/Info.plist)
echo "Done"
# notarize
echo -n "Notarizing Build... "
xcrun notarytool submit "$DMG_DST_PATH" --wait --keychain-profile postgresapp >"$LOG_DIR/notarize.out" 2>"$LOG_DIR/notarize.err"
echo "Done"
echo -n "Stapling... "
xcrun stapler staple "$DMG_DST_PATH" >"$LOG_DIR/staple.out" 2>"$LOG_DIR/staple.err"
echo "Done"
# sign update
echo -n "Signing... "
./sign_update "$DMG_DST_PATH" "$SPARKLE_SIGNING_KEY" >"$SIGNATURE_PATH" 2>"$LOG_DIR/sign_update.err"
echo "Done"
echo -n "Generating Appcast... "
cat >"$APPCAST_PATH" <<EOF
<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0" xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" xmlns:dc="http://purl.org/dc/elements/1.1/">
<channel>
<title>Postgres Changelog</title>
<link>https://postgresapp.com/sparkle/updates_$PG_BINARIES_VERSIONS.xml</link>
<description>Most recent changes with links to updates.</description>
<language>en</language>
<item>
<title>Postgres.app $POSTGRESAPP_SHORT_VERSION</title>
<description>
<![CDATA[
<ul>
$(
for v in ${PG_BINARIES_VERSIONS//_/ }
do
pg_version=$(grep 'PACKAGE_VERSION "[^"]*' --only-matching "$PG_BINARIES_DIR"/$v/include/postgresql/server/pg_config.h | cut -c 18-)
postgis_version=$(grep "default_version = '[^']*" --only-matching "$PG_BINARIES_DIR"/$v/share/postgresql/extension/postgis.control 2> >(test $IGNORE_MISSING_BINARIES || cat >&2) | cut -c 20-)
[ -z $postgis_version ] || echo " <li>PostgreSQL $pg_version with PostGIS $postgis_version</li>"
! [ -z $postgis_version ] || echo " <li>PostgreSQL $pg_version without PostGIS</li>"
done
)
</ul>
<p>You can find more info on the <a href="https://github.com/PostgresApp/PostgresApp/releases">Github Releases Page</a>.</p>
]]>
</description>
<pubDate>$(date -R)</pubDate>
<enclosure
url="https://github.com/PostgresApp/PostgresApp/releases/download/v$POSTGRESAPP_SHORT_VERSION/Postgres-$POSTGRESAPP_SHORT_VERSION-${PG_BINARIES_VERSIONS//_/-}.dmg"
sparkle:version="$POSTGRESAPP_BUILD_VERSION"
sparkle:shortVersionString="$POSTGRESAPP_SHORT_VERSION"
length="$(stat -f %z "$DMG_DST_PATH")"
type="application/octet-stream"
sparkle:dsaSignature="$(cat "$SIGNATURE_PATH")"
/>
<sparkle:minimumSystemVersion>$MACOSX_DEPLOYMENT_TARGET</sparkle:minimumSystemVersion>
</item>
</channel>
</rss>
EOF
echo "Done"
echo
echo " Path: $DMG_DST_PATH"
echo " Size:" $(stat -f %z "$DMG_DST_PATH")
echo " Signature:" $(cat "$SIGNATURE_PATH")
echo " Appcast:" "$APPCAST_PATH"
echo
echo
echo