Upgrade notarization.

.gitlab-ci-files/macosx-desktop.yml

@@ -148,7 +148,7 @@ macosx-makefile-deploy:
       - $NIGHTLY_MASTER
       - $DEPLOY_MACOSX
  script:
-   - rsync -rlv --ignore-existing build/OUTPUT/linphone-app/macos/Packages/Linphone*.dmg $DEPLOY_SERVER:$UPLOAD_ROOT_INTERNAL_PATH/$MACOSX_PLATFORM/$APP_FOLDER
+   - rsync -rlv --ignore-existing build/OUTPUT/Linphone/macos/Packages/Linphone*.dmg $DEPLOY_SERVER:$UPLOAD_ROOT_INTERNAL_PATH/$MACOSX_PLATFORM/$APP_FOLDER
    - |-
      if [[ $MAKE_RELEASE_FILE_URL != "" ]]; then
        rsync -rlv build/OUTPUT/RELEASE $DEPLOY_SERVER:$UPLOAD_ROOT_INTERNAL_PATH/$MACOSX_PLATFORM

cmake/install/macos/app_notarization.sh

@@ -6,81 +6,25 @@
 FILES=OUTPUT/Linphone/macos/Packages/*.dmg
 for f in $FILES
 do
-    linphone_file=$f
+	linphone_file=$f
 done
 
-echo "Uploading $linphone_file file with xcrun altool"
+echo "Uploading $linphone_file file with xcrun notarytool"
-xcrun altool --notarize-app --primary-bundle-id $MACOSX_SIGNING_IDENTIFIER -u "$MACOSX_SIGNING_MAIL" -p "$MACOSX_SIGNING_PASS" --asc-provider "$MACOSX_SIGNING_PROVIDER" --file $linphone_file --output-format xml > "notarize_result.plist"
+xcrun notarytool submit -f json --team-id "$MACOSX_SIGNING_PROVIDER" --password "$MACOSX_SIGNING_PASS" --apple-id "$MACOSX_SIGNING_MAIL" --wait $linphone_file 2>&1 | tee /tmp/notarization_info.json
-echo "dmg processed. Checking UUID"
-request_uuid="$("/usr/libexec/PlistBuddy" -c "Print notarization-upload:RequestUUID"  notarize_result.plist)"
-echo "Notarization UUID: ${request_uuid}"
-#Get status from upload
-declare -i tryCount=0
-declare -i maxCount=4
-for (( ; ; ))
-do
-    echo "Getting notarization status"
-	xcrun altool --notarization-info "${request_uuid}" -u "$MACOSX_SIGNING_MAIL" -p "$MACOSX_SIGNING_PASS" --asc-provider "$MACOSX_SIGNING_PROVIDER" --output-format xml > "notarize_result2.plist"
-	xcrun_result=$?
-	if [ "${xcrun_result}" != "0" ]
-	then
-		if [ "$tryCount" -lt "$maxCount" ]
-		then
-			tryCount=$((tryCount + 1))
-			sleep 60
-			continue
-		else
-			echo "Notarization failed: ${xcrun_result}"
-			cat "notarize_result2.plist"
-			exit 1
-		fi
-	fi
-	notarize_status="$("/usr/libexec/PlistBuddy" -c "Print notarization-info:Status"  notarize_result2.plist)"
-	if [[ "${notarize_status}" == *"in progress"* ]]; then
-		echo "Waiting for notarization to complete: ${notarize_status}"
-		sleep 20
-	else
-		echo "Notarization status: ${notarize_status}"
-		break
-	fi
-done
-log_url="$("/usr/libexec/PlistBuddy" -c "Print notarization-info:LogFileURL"  notarize_result2.plist)"
-echo "Notarization log URL: ${log_url}"
 
-if [ "${notarize_status}" != "success" ]
+status=$(jq -r .status </tmp/notarization_info.json)
-then
+id=$(jq -r .id </tmp/notarization_info.json)
-	echo "Notarization failed."
+
-	if [ ! -z "${log_url}" ]
+echo "status=${status} id=${id}"
-	then
+
-		curl "${log_url}"
+xcrun notarytool log --team-id "$MACOSX_SIGNING_PROVIDER" --password "$MACOSX_SIGNING_PASS" --apple-id "$MACOSX_SIGNING_MAIL" ${id} -f json >/tmp/notarization_log.json
-	fi
+
+issues=$(jq -r .issues </tmp/notarization_log.json)
+if [ "$issues" != "null" ]; then
+	printf "There are issues with the notarization (${issues})\n"
+	printf "=== Log output === \n$(cat /tmp/notarization_log.json)\n"
 	exit 1
 fi
 
-echo "Stapling notarization result..."
-for (( ; ; ))
-do
-    xcrun stapler staple -q $linphone_file
-    stapler_result=$?
-    if [ "${stapler_result}" = "65" ]
-    then
-        echo "Waiting for stapling to find record"
-        sleep 10
-    else
-        echo "Stapler status: ${stapler_result}"
-        break
-    fi
-done
-
-
-spctl --assess --type open --context context:primary-signature -v $linphone_file
-#validation_result=$?
-
-echo "Validating image : $?"
-#if [ "${validation_result}" != 0 ]
-#then
-#	echo "Failed to validate image: ${validation_result}"
-#	curl "${log_url}"
-#	exit 1
-#fi
 exit 0
+