From 6f8245a5b794e4527bd640432be0f7574c6d8a6c Mon Sep 17 00:00:00 2001 From: losh11 Date: Tue, 1 Feb 2022 06:12:10 +0000 Subject: [PATCH] build: macOS notarisation process --- contrib/macdeploy/detached-sig-create.sh | 2 +- doc/release-process.md | 32 ++++++++++++++++++++++-- 2 files changed, 31 insertions(+), 3 deletions(-) diff --git a/contrib/macdeploy/detached-sig-create.sh b/contrib/macdeploy/detached-sig-create.sh index fe11235bdf..26f85fda19 100755 --- a/contrib/macdeploy/detached-sig-create.sh +++ b/contrib/macdeploy/detached-sig-create.sh @@ -23,7 +23,7 @@ fi rm -rf ${TEMPDIR} ${TEMPLIST} mkdir -p ${TEMPDIR} -${CODESIGN} -f --file-list ${TEMPLIST} "$@" "${BUNDLE}" +${CODESIGN} -f --options runtime --timestamp --deep --file-list ${TEMPLIST} "$@" "${BUNDLE}" grep -v CodeResources < "${TEMPLIST}" | while read i; do TARGETFILE="${BUNDLE}/$(echo "${i}" | sed "s|.*${BUNDLE}/||")" diff --git a/doc/release-process.md b/doc/release-process.md index 7f06282e9b..ac068dd508 100644 --- a/doc/release-process.md +++ b/doc/release-process.md @@ -201,7 +201,33 @@ Codesigner only: Sign the macOS binary: tar xf litecoin-osx-unsigned.tar.gz ./detached-sig-create.sh -s "Key ID" Enter the keychain password and authorize the signature - Move signature-osx.tar.gz back to the gitian host + + Now a manual deterministic disk image (dmg) creation is required. + + First time setup for codesigner, requires creation of app-specific-password via Apple ID website. + Once password is obtained, save it to the macOS Keychain for future reference: + + $ xcrun altool -u "" -p "" --store-password-in-keychain-item "" + + If is unknown for team accounts with multiple organisations, query: + + $ xcrun altool --list-providers -u "" -p "@keychain:" + + Notarize the disk image: + + $ xcrun altool --notarize-app --primary-bundle-id "org.litecoin.Litecoin-Qt" -u "" -p "@keychain:" --asc-provider -t osx -f litecoin-${VERSION}-osx.dmg + + The notarization takes a few minutes. Check the status: + + $ xcrun altool --notarization-info -u "" -p "@keychain:" --asc-provider + + If notarization fails, query log with uuid: + + $ xcrun altool --notarization-info -u "" -p "@keychain:" --asc-provider + + Staple the notarization ticket onto the application + + $ xcrun stapler staple dist/Litecoin-Qt.app Codesigner only: Sign the windows binaries: @@ -213,10 +239,12 @@ Codesigner only: Sign the windows binaries: Codesigner only: Commit the detached codesign payloads: cd ~/litecoin-detached-sigs - checkout the appropriate branch for this release series + #checkout the appropriate branch for this release series rm -rf * tar xf signature-osx.tar.gz tar xf signature-win.tar.gz + #copy the notarization ticket to detached-sigs repo + cp dist/Litecoin-Qt.app/Contents/CodeResources osx/dist/Litecoin-Qt.app/Contents/ git add -A git commit -m "point to ${VERSION}" git tag -s v${VERSION} HEAD