Changeset 25875

Timestamp:

12/16/20 15:41:15 (4 years ago)

Author:

jdquinn

Message:

CHG: Refinement of macOS Binaries packaging and signing scripts (again)

Location:

issm/trunk-jpl/packagers/mac

Files:

• package-issm-mac-binaries-matlab.sh (modified) (13 diffs)
• package-issm-mac-binaries-python.sh (modified) (17 diffs)
• sign-issm-mac-binaries-matlab.sh (modified) (8 diffs)
• sign-issm-mac-binaries-python.sh (modified) (9 diffs)

issm/trunk-jpl/packagers/mac/package-issm-mac-binaries-matlab.sh

@@ -16 +16 @@
 #
 # Options:
-# -c/--cleanup                  Remove lock file from signed package repository (use if 
-#                                               build is aborted to allow for subsequent fresh build)
 # -n/--notarizeonly             Sign/notarize only (use if signing/notarization fails 
 #                                               to skip tests/packaging)
@@ -25 +23 @@
 #                                               transfer fails for some reason to skip testing and
 #                                               signing)
+# -u/--unlock                   Remove lock file from signed package repository (use if 
+#                                               build is aborted to allow for subsequent fresh build)
 #
 # Debugging:
@@ -92 +92 @@
 ## Functions
 #
-validate_signed_repo_copy(){
-        # Check out copy of repository for signed binaries if it does not exist 
-        # (e.g. 'Check-out Strategy' was set to 'Use 'svn update' as much as 
-        # possible'; initial checkout failed)
-        if [ ! -d ${SIGNED_REPO_COPY} && ! -d ${SIGNED_REPO_COPY}/.svn ]; then
-                # Check out copy of SVN repository for signed packages
-                #
-                # NOTE: Get empty copy because we do not want to have to check out package from 
-                #               previous signing.
-                #
-                echo "Checking out copy of repository for signed packages"
-                svn checkout \
-                        --trust-server-cert \
-                        --non-interactive \
-                        --depth empty \
-                        --username ${USERNAME} \
-                        --password ${PASSWORD} \
-                        ${SIGNED_REPO_URL} \
-                        ${SIGNED_REPO_COPY} > /dev/null 2>&1
-        fi
+checkout_signed_repo_copy(){
+        echo "Checking out copy of repository for signed packages"
+
+        # NOTE: Get empty copy because we do not want to have to check out package 
+        #               from previous signing.
+        #
+        svn checkout \
+                --trust-server-cert \
+                --non-interactive \
+                --depth empty \
+                --username ${USERNAME} \
+                --password ${PASSWORD} \
+                ${SIGNED_REPO_URL} \
+                ${SIGNED_REPO_COPY}
 }
-
-## Parse options
-#
-if [ $# -gt 1 ]; then
-        echo "Can use only one option at a time"
-        exit 1
-fi
-
-cleanup=0
-notarize_only=0
-skip_tests=0
-transfer_only=0
-while [ $# -gt 0 ]; do
-    case $1 in
-        -c|--cleanup) cleanup=1; shift ;;
-        -n|--notarizeonly) notarize_only=1; shift ;;
-        -s|--skiptests) skip_tests=1; shift ;;
-        -t|--transferonly) transfer_only=1; shift ;;
-        *) echo "Unknown parameter passed: $1"; exit 1 ;;
-    esac
-    shift
-done
-
-if [ ${cleanup} -eq 1 ]; then
-        # Remove signing lock file from signed package repository so that a new 
-        # build can run
-        echo "Removing lock file from repository for signed packages"
+checkout_unsigned_repo_copy(){
+        echo "Checking out copy of repository for unsigned packages"
         svn checkout \
                 --trust-server-cert \
@@ -145 +114 @@
                 --username ${USERNAME} \
                 --password ${PASSWORD} \
-                --depth empty \
-                ${SIGNED_REPO_URL} \
-                ${SIGNED_REPO_COPY} > /dev/null 2>&1
-        svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
+                ${UNSIGNED_REPO_URL} \
+                ${UNSIGNED_REPO_COPY}
+}
+validate_signed_repo_copy(){
+        # Validate copy of repository for signed binaries (e.g. 
+        # 'Check-out Strategy' was set to 'Use 'svn update' as much as possible'; 
+        # initial checkout failed)
+        if [[ ! -d ${SIGNED_REPO_COPY} || ! -d ${SIGNED_REPO_COPY}/.svn ]]; then
+                rm -rf ${SIGNED_REPO_COPY}
+                checkout_signed_repo_copy
+        fi
+}
+
+## Parse options
+#
+if [ $# -gt 1 ]; then
+        echo "Can use only one option at a time"
+        exit 1
+fi
+
+notarize_only=0
+skip_tests=0
+transfer_only=0
+unlock=0
+while [ $# -gt 0 ]; do
+    case $1 in
+        -n|--notarizeonly) notarize_only=1; shift ;;
+        -s|--skiptests) skip_tests=1; shift ;;
+        -t|--transferonly) transfer_only=1; shift ;;
+        -u|--unlock) unlock=1; shift ;;
+        *) echo "Unknown parameter passed: $1"; exit 1 ;;
+    esac
+    shift
+done
+
+if [ ${unlock} -eq 1 ]; then
+        # Remove signing lock file from signed package repository so that a new 
+        # build can run
+        echo "Removing lock file from repository for signed packages"
+        checkout_signed_repo_copy
+        svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
         svn delete ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
         svn commit \
@@ -155 +161 @@
                 --username ${USERNAME} \
                 --password ${PASSWORD} \
-                --message "DEL: Removing lock file after failed build" ${SIGNED_REPO_COPY} > /dev/null 2>&1
-        svn cleanup ${SIGNED_REPO_COPY} > /dev/null 2>&1
+                --message "DEL: Removing lock file after failed build" ${SIGNED_REPO_COPY}
+        svn cleanup ${SIGNED_REPO_COPY}
         exit 1
 fi
 
 if [ ${transfer_only} -eq 0 ]; then
+        rm -rf ${SIGNED_REPO_COPY}
+
+        checkout_signed_repo_copy
+
+        # If lock file exists, a signing build is still in process by JPL Cybersecurity
+        svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
+        if [ -f ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} ]; then
+                echo "Previous signing job still in process by JPL Cybersecurity. Please try again later."
+                exit 1
+        fi
+
         if [ ${notarize_only} -eq 0 ]; then
                 # Check if MATLAB exists
@@ -171 +188 @@
                 echo "Cleaning up existing assets"
                 cd ${ISSM_DIR}
-                rm -rf ${PKG} ${COMPRESSED_PKG} ${SIGNED_REPO_COPY} ${UNSIGNED_REPO_COPY}
+                rm -rf ${PKG} ${COMPRESSED_PKG} ${UNSIGNED_REPO_COPY}
                 mkdir ${PKG}
-
-                # Check out copy of SVN repository for signed packages
-                #
-                # NOTE: Get empty copy because we do not want to have to check out package from 
-                #               previous signing.
-                #
-                echo "Checking out copy of repository for signed packages"
-                svn checkout \
-                        --trust-server-cert \
-                        --non-interactive \
-                        --username ${USERNAME} \
-                        --password ${PASSWORD} \
-                        --depth empty \
-                        ${SIGNED_REPO_URL} \
-                        ${SIGNED_REPO_COPY} > /dev/null 2>&1
-
-                # If lock file exists, a signing build is still in process by JPL Cybersecurity
-                svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
-                if [ -f ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} ]; then
-                        echo "Previous signing job still in process by JPL Cybersecurity. Please try again later."
-                        exit 1
-                fi
 
                 # Add required binaries and libraries to package and modify them where needed
@@ -297 +292 @@
                 # failed.
                 #
-
-                # Make sure copy of repository for signed packages exists
-                validate_signed_repo_copy
+                echo "Notarizing only"
         fi
 
@@ -311 +304 @@
                 --username ${USERNAME} \
                 --password ${PASSWORD} \
-                --message "ADD: New lock file" ${SIGNED_REPO_COPY} > /dev/null 2>&1
+                --message "ADD: New lock file" ${SIGNED_REPO_COPY}
 
         # Save current working copy revision number
-        svn up ${SIGNED_REPO_COPY} > /dev/null 2>&1
+        svn up ${SIGNED_REPO_COPY}
         CURRENT_REV=$(svn info --show-item last-changed-revision ${SIGNED_REPO_COPY})
 
         # Check out copy of SVN repository for unsigned packages
-        echo "Checking out copy of repository for unsigned packages"
-        svn checkout \
-                --trust-server-cert \
-                --non-interactive \
-                --username ${USERNAME} \
-                --password ${PASSWORD} \
-                ${UNSIGNED_REPO_URL} \
-                ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
+        checkout_unsigned_repo_copy
 
         if [ ${notarize_only} -eq 0 ]; then
@@ -341 +327 @@
                         --username ${USERNAME} \
                         --password ${PASSWORD} \
-                        --message "CHG: New unsigned package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
+                        --message "CHG: New unsigned package" ${UNSIGNED_REPO_COPY}
         else
                 # NOTE: If notarize_only == 1, we commit a dummy file as the signing 
@@ -348 +334 @@
                 #
                 echo "Attempting to sign existing package again"
-                touch ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE}
+                echo $(date +'%Y-%m-%d-%H-%M-%S') > ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} # Write datetime stamp to file to ensure modification is made
                 svn add ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} > /dev/null 2>&1
                 svn commit \
@@ -355 +341 @@
                         --username ${USERNAME} \
                         --password ${PASSWORD} \
-                        --message "ADD: Retriggering signing with same package (previous attempt failed)" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
+                        --message "ADD: Retriggering signing with same package (previous attempt failed)" ${UNSIGNED_REPO_COPY}
         fi
 
@@ -366 +352 @@
                 echo "...in progress still; checking again in ${SIGNING_CHECK_PERIOD} seconds"
                 sleep ${SIGNING_CHECK_PERIOD}
-                svn up ${SIGNED_REPO_COPY} > /dev/null 2>&1
+                svn up ${SIGNED_REPO_COPY}
                 NEW_REV=$(svn info --show-item last-changed-revision ${SIGNED_REPO_COPY})
 
@@ -372 +358 @@
                         IN_PROCESS=0
 
-                        svn up ${SIGNED_REPO_COPY}/${NOTARIZATION_LOGFILE} > /dev/null 2>&1
-                        svn up ${SIGNED_REPO_COPY}/${COMPRESSED_PKG} > /dev/null 2>&1
+                        svn up ${SIGNED_REPO_COPY}/${NOTARIZATION_LOGFILE}
+                        svn up ${SIGNED_REPO_COPY}/${COMPRESSED_PKG}
 
                         # No error, so check status

issm/trunk-jpl/packagers/mac/package-issm-mac-binaries-python.sh

@@ -4 +4 @@
 # To be used after running,
 #
-#       ${ISSM_DIR}/jenkins/jenkins.sh ${ISSM_DIR}/jenkins/pine_island-mac-binaries-python
+#       ${ISSM_DIR}/jenkins/jenkins.sh ${ISSM_DIR}/jenkins/pine_island-mac-binaries-matlab
 #
 # in the context of a Jenkins project.
@@ -16 +16 @@
 #
 # Options:
-# -c/--cleanup                  Remove lock file from signed package repository (use if 
-#                                               build is aborted to allow for subsequent fresh build)
 # -n/--notarizeonly             Sign/notarize only (use if signing/notarization fails 
 #                                               to skip tests/packaging)
@@ -25 +23 @@
 #                                               transfer fails for some reason to skip testing and
 #                                               signing)
+# -u/--unlock                   Remove lock file from signed package repository (use if 
+#                                               build is aborted to allow for subsequent fresh build)
 #
 # Debugging:
@@ -30 +30 @@
 #       Jenkins server. Debugging may be perfomed locally by running,
 #
-#               packagers/mac/sign-issm-mac-binaries-python.sh
+#               packagers/mac/sign-issm-mac-binaries-matlab.sh
 #
 #       with Apple Developer credentials.
@@ -91 +91 @@
 ## Functions
 #
-validate_signed_repo_copy(){
-        # Check out copy of repository for signed binaries if it does not exist 
-        # (e.g. 'Check-out Strategy' was set to 'Use 'svn update' as much as 
-        # possible'; initial checkout failed)
-        if [ ! -d ${SIGNED_REPO_COPY} && ! -d ${SIGNED_REPO_COPY}/.svn ]; then
-                # Check out copy of SVN repository for signed packages
-                #
-                # NOTE: Get empty copy because we do not want to have to check out package from 
-                #               previous signing.
-                #
-                echo "Checking out copy of repository for signed packages"
-                svn checkout \
-                        --trust-server-cert \
-                        --non-interactive \
-                        --depth empty \
-                        --username ${USERNAME} \
-                        --password ${PASSWORD} \
-                        ${SIGNED_REPO_URL} \
-                        ${SIGNED_REPO_COPY} > /dev/null 2>&1
-        fi
+checkout_signed_repo_copy(){
+        echo "Checking out copy of repository for signed packages"
+
+        # NOTE: Get empty copy because we do not want to have to check out package 
+        #               from previous signing.
+        #
+        svn checkout \
+                --trust-server-cert \
+                --non-interactive \
+                --depth empty \
+                --username ${USERNAME} \
+                --password ${PASSWORD} \
+                ${SIGNED_REPO_URL} \
+                ${SIGNED_REPO_COPY}
 }
-
-## Parse options
-#
-if [ $# -gt 1 ]; then
-        echo "Can use only one option at a time"
-        exit 1
-fi
-
-cleanup=0
-notarize_only=0
-skip_tests=0
-transfer_only=0
-while [ $# -gt 0 ]; do
-    case $1 in
-        -c|--cleanup) cleanup=1; shift ;;
-        -n|--notarizeonly) notarize_only=1; shift ;;
-        -s|--skiptests) skip_tests=1; shift ;;
-        -t|--transferonly) transfer_only=1; shift ;;
-        *) echo "Unknown parameter passed: $1"; exit 1 ;;
-    esac
-    shift
-done
-
-if [ ${cleanup} -eq 1 ]; then
-        # Remove signing lock file from signed package repository so that a new 
-        # build can run
-        echo "Removing lock file from repository for signed packages"
+checkout_unsigned_repo_copy(){
+        echo "Checking out copy of repository for unsigned packages"
         svn checkout \
                 --trust-server-cert \
@@ -144 +113 @@
                 --username ${USERNAME} \
                 --password ${PASSWORD} \
-                --depth empty \
-                ${SIGNED_REPO_URL} \
-                ${SIGNED_REPO_COPY} > /dev/null 2>&1
-        svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
-        svn delete ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
+                ${UNSIGNED_REPO_URL} \
+                ${UNSIGNED_REPO_COPY}
+}
+validate_signed_repo_copy(){
+        # Validate copy of repository for signed binaries (e.g. 
+        # 'Check-out Strategy' was set to 'Use 'svn update' as much as possible'; 
+        # initial checkout failed)
+        if [[ ! -d ${SIGNED_REPO_COPY} || ! -d ${SIGNED_REPO_COPY}/.svn ]]; then
+                rm -rf ${SIGNED_REPO_COPY}
+                checkout_signed_repo_copy
+        fi
+}
+
+## Parse options
+#
+if [ $# -gt 1 ]; then
+        echo "Can use only one option at a time"
+        exit 1
+fi
+
+notarize_only=0
+skip_tests=0
+transfer_only=0
+unlock=0
+while [ $# -gt 0 ]; do
+    case $1 in
+        -n|--notarizeonly) notarize_only=1; shift ;;
+        -s|--skiptests) skip_tests=1; shift ;;
+        -t|--transferonly) transfer_only=1; shift ;;
+        -u|--unlock) unlock=1; shift ;;
+        *) echo "Unknown parameter passed: $1"; exit 1 ;;
+    esac
+    shift
+done
+
+if [ ${unlock} -eq 1 ]; then
+        # Remove signing lock file from signed package repository so that a new 
+        # build can run
+        echo "Removing lock file from repository for signed packages"
+        checkout_signed_repo_copy
+        svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
+        svn delete ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
         svn commit \
                 --trust-server-cert \
@@ -154 +160 @@
                 --username ${USERNAME} \
                 --password ${PASSWORD} \
-                --message "DEL: Removing lock file after failed build" ${SIGNED_REPO_COPY} > /dev/null 2>&1
-        svn cleanup ${SIGNED_REPO_COPY} > /dev/null 2>&1
+                --message "DEL: Removing lock file after failed build" ${SIGNED_REPO_COPY}
+        svn cleanup ${SIGNED_REPO_COPY}
         exit 1
 fi
 
 if [ ${transfer_only} -eq 0 ]; then
+        rm -rf ${SIGNED_REPO_COPY}
+
+        checkout_signed_repo_copy
+
+        # If lock file exists, a signing build is still in process by JPL Cybersecurity
+        svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
+        if [ -f ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} ]; then
+                echo "Previous signing job still in process by JPL Cybersecurity. Please try again later."
+                exit 1
+        fi
+
         if [ ${notarize_only} -eq 0 ]; then
                 # Clean up from previous packaging
                 echo "Cleaning up existing assets"
                 cd ${ISSM_DIR}
-                rm -rf ${PKG} ${COMPRESSED_PKG} ${SIGNED_REPO_COPY} ${UNSIGNED_REPO_COPY}
+                rm -rf ${PKG} ${COMPRESSED_PKG} ${UNSIGNED_REPO_COPY}
                 mkdir ${PKG}
 
@@ -180 +197 @@
                         --depth empty \
                         ${SIGNED_REPO_URL} \
-                        ${SIGNED_REPO_COPY} > /dev/null 2>&1
+                        ${SIGNED_REPO_COPY}
 
                 # If lock file exists, a signing build is still in process by JPL Cybersecurity
-                svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
+                svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
                 if [ -f ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} ]; then
                         echo "Previous signing job still in process by JPL Cybersecurity. Please try again later."
@@ -298 +315 @@
                 # failed.
                 #
-
-                # Make sure copy of repository for signed packages exists
-                validate_signed_repo_copy
+                echo "Notarizing only"
         fi
 
@@ -306 +321 @@
         echo "Committing lock file to repository for signed packages"
         touch ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
-        svn add ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
+        svn add ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
         svn commit \
                 --trust-server-cert \
@@ -312 +327 @@
                 --username ${USERNAME} \
                 --password ${PASSWORD} \
-                --message "ADD: New lock file" ${SIGNED_REPO_COPY} > /dev/null 2>&1
+                --message "ADD: New lock file" ${SIGNED_REPO_COPY}
 
         # Save current working copy revision number
-        svn up ${SIGNED_REPO_COPY} > /dev/null 2>&1
+        svn up ${SIGNED_REPO_COPY}
         CURRENT_REV=$(svn info --show-item last-changed-revision ${SIGNED_REPO_COPY})
 
         # Check out copy of SVN repository for unsigned packages
-        echo "Checking out copy of repository for unsigned packages"
-        svn checkout \
-                --trust-server-cert \
-                --non-interactive \
-                --username ${USERNAME} \
-                --password ${PASSWORD} \
-                ${UNSIGNED_REPO_URL} \
-                ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
+        checkout_unsigned_repo_copy
 
         if [ ${notarize_only} -eq 0 ]; then
@@ -336 +344 @@
                 echo "Committing package to repository for unsigned packages"
                 cp ${COMPRESSED_PKG} ${UNSIGNED_REPO_COPY}
-                svn add ${UNSIGNED_REPO_COPY}/${COMPRESSED_PKG} > /dev/null 2>&1
+                svn add ${UNSIGNED_REPO_COPY}/${COMPRESSED_PKG}
                 svn commit \
                         --trust-server-cert \
@@ -342 +350 @@
                         --username ${USERNAME} \
                         --password ${PASSWORD} \
-                        --message "CHG: New unsigned package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
+                        --message "CHG: New unsigned package" ${UNSIGNED_REPO_COPY}
         else
                 # NOTE: If notarize_only == 1, we commit a dummy file as the signing 
@@ -349 +357 @@
                 #
                 echo "Attempting to sign existing package again"
-                touch ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE}
-                svn add ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} > /dev/null 2>&1
+                echo $(date +'%Y-%m-%d-%H-%M-%S') > ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} # Write datetime stamp to file to ensure modification is made
+                svn add ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE}
                 svn commit \
                         --trust-server-cert \
@@ -356 +364 @@
                         --username ${USERNAME} \
                         --password ${PASSWORD} \
-                        --message "ADD: Retriggering signing with same package (previous attempt failed)" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
+                        --message "ADD: Retriggering signing with same package (previous attempt failed)" ${UNSIGNED_REPO_COPY}
         fi
 
@@ -367 +375 @@
                 echo "...in progress still; checking again in ${SIGNING_CHECK_PERIOD} seconds"
                 sleep ${SIGNING_CHECK_PERIOD}
-                svn up ${SIGNED_REPO_COPY} > /dev/null 2>&1
+                svn up ${SIGNED_REPO_COPY}
                 NEW_REV=$(svn info --show-item last-changed-revision ${SIGNED_REPO_COPY})
 
@@ -373 +381 @@
                         IN_PROCESS=0
 
-                        svn up ${SIGNED_REPO_COPY}/${NOTARIZATION_LOGFILE} > /dev/null 2>&1
-                        svn up ${SIGNED_REPO_COPY}/${COMPRESSED_PKG} > /dev/null 2>&1
+                        svn up ${SIGNED_REPO_COPY}/${NOTARIZATION_LOGFILE}
+                        svn up ${SIGNED_REPO_COPY}/${COMPRESSED_PKG}
 
                         # No error, so check status

issm/trunk-jpl/packagers/mac/sign-issm-mac-binaries-matlab.sh

@@ -42 +42 @@
 #
 # NOTE:
-# - Assumes that 'issm-binaries-user' and 'issm-binaries-pass' are set up in 
+# - Assumes that "ISSM_BINARIES_USER" and "ISSM_BINARIES_PASS" are set up in 
 #       the 'Bindings' section under a 'Username and password (separated)' binding 
 #       (requires 'Credentials Binding Plugin').
@@ -86 +86 @@
 PASSWORD=${ISSM_BINARIES_PASS}
 PKG="ISSM-macOS-MATLAB"
-PRIMARY_BUNDLE_ID="**********.issm.matlab" # Should be "gov.nasa.jpl.issm.matlab"
-RETRIGGER_SIGNING_FILE="retrigger.txt"
+PRIMARY_BUNDLE_ID="gov.nasa.jpl.issm.matlab"
 SIGNED_REPO_COPY="./signed"
 SIGNED_REPO_URL="https://issm.ess.uci.edu/svn/issm-binaries/mac/matlab/signed"
@@ -99 +98 @@
 EXE_ENTITLEMENTS_PLIST="${PKG}/bin/entitlements.plist"
 
-# Clean up from previous packaging (not necessary for single builds on Jenkins, 
-# but useful when testing packaging locally)
-echo "Cleaning up existing assets"
-rm -rf ${PKG} ${COMPRESSED_PKG} ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} ${SIGNED_REPO_COPY} ${UNSIGNED_REPO_COPY}
-mkdir ${PKG}
-
 # NOTE: Uncomment the following for local testing (Jenkins checks out copy of 
 #               repository for unsigned packages to working directory)
 #
-# Check out copy of repository for unsigned packages
+
+# # Clean up from previous packaging (not necessary for single builds on Jenkins, 
+# # but useful when testing packaging locally)
+# echo "Cleaning up existing assets"
+# rm -rf ${COMPRESSED_PKG} ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} ${UNSIGNED_REPO_COPY}
+
+# # Check out copy of repository for unsigned packages
 # echo "Checking out copy of respository for unsigned packages"
 # svn checkout \
@@ -116 +115 @@
 #       --password ${PASSWORD} \
 #       ${UNSIGNED_REPO_URL} \
-#       ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
+#       ${UNSIGNED_REPO_COPY}
+
+rm -rf ${PKG} ${SIGNED_REPO_COPY}
 
 # Extract package contents
@@ -246 +247 @@
 fi
 
-# Remove dummy file for retriggering signing/notarization (if it exists)
-svn delete ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} > /dev/null 2>&1
-svn commit \
-        --trust-server-cert \
-        --non-interactive \
-        --username ${USERNAME} \
-        --password ${PASSWORD} \
-        --message "DEL: Removing dummy file for retriggering signing of same package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
-
 # Check out copy of repository for signed packages
 echo "Checking out copy of respository for signed packages"
@@ -263 +255 @@
         --password ${PASSWORD} \
         ${SIGNED_REPO_URL} \
-        ${SIGNED_REPO_COPY} > /dev/null 2>&1
+        ${SIGNED_REPO_COPY}
 
 # Copy notarization file to repository for signed packages
@@ -284 +276 @@
                 --username ${USERNAME} \
                 --password ${PASSWORD} \
-                --message "CHG: New signed package (success)" ${SIGNED_REPO_COPY} > /dev/null 2>&1
+                --message "CHG: New signed package (success)" ${SIGNED_REPO_COPY}
 else
         # Commit changes
@@ -293 +285 @@
                 --username ${USERNAME} \
                 --password ${PASSWORD} \
-                --message "CHG: New signed package (failure)" ${SIGNED_REPO_COPY} > /dev/null 2>&1
+                --message "CHG: New signed package (failure)" ${SIGNED_REPO_COPY}
 
         exit 1

issm/trunk-jpl/packagers/mac/sign-issm-mac-binaries-python.sh

@@ -42 +42 @@
 #
 # NOTE:
-# - Assumes that 'issm-binaries-user' and 'issm-binaries-pass' are set up in 
+# - Assumes that "ISSM_BINARIES_USER" and "ISSM_BINARIES_PASS" are set up in 
 #       the 'Bindings' section under a 'Username and password (separated)' binding 
 #       (requires 'Credentials Binding Plugin').
@@ -86 +86 @@
 PASSWORD=${ISSM_BINARIES_PASS}
 PKG="ISSM-macOS-Python"
-PRIMARY_BUNDLE_ID="**********.issm.python" # Should be "gov.nasa.jpl.issm.python"
-RETRIGGER_SIGNING_FILE="retrigger.txt"
+PRIMARY_BUNDLE_ID="gov.nasa.jpl.issm.python"
 SIGNED_REPO_COPY="./signed"
 SIGNED_REPO_URL="https://issm.ess.uci.edu/svn/issm-binaries/mac/python/signed"
@@ -99 +98 @@
 EXE_ENTITLEMENTS_PLIST="${PKG}/bin/entitlements.plist"
 
-# Clean up from previous packaging (not necessary for single builds on Jenkins, 
-# but useful when testing packaging locally)
-echo "Cleaning up existing assets"
-rm -rf ${PKG} ${COMPRESSED_PKG} ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} ${SIGNED_REPO_COPY} ${UNSIGNED_REPO_COPY}
-mkdir ${PKG}
-
 # NOTE: Uncomment the following for local testing (Jenkins checks out copy of 
 #               repository for unsigned packages to working directory)
 #
-# Check out copy of repository for unsigned packages
+
+# # Clean up from previous packaging (not necessary for single builds on Jenkins, 
+# # but useful when testing packaging locally)
+# echo "Cleaning up existing assets"
+# rm -rf ${COMPRESSED_PKG} ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} ${UNSIGNED_REPO_COPY}
+
+# # Check out copy of repository for unsigned packages
 # echo "Checking out copy of respository for unsigned packages"
 # svn checkout \
@@ -116 +115 @@
 #       --password ${PASSWORD} \
 #       ${UNSIGNED_REPO_URL} \
-#       ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
+#       ${UNSIGNED_REPO_COPY}
+
+rm -rf ${PKG} ${SIGNED_REPO_COPY}
+
 
 # Extract package contents
@@ -255 +257 @@
 fi
 
-# Remove dummy file for retriggering signing/notarization (if it exists)
-svn delete ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} > /dev/null 2>&1
-svn commit \
-        --trust-server-cert \
-        --non-interactive \
-        --username ${USERNAME} \
-        --password ${PASSWORD} \
-        --message "DEL: Removing dummy file for retriggering signing of same package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
-
 # Check out copy of repository for signed packages
 echo "Checking out copy of respository for signed packages"
@@ -272 +265 @@
         --password ${PASSWORD} \
         ${SIGNED_REPO_URL} \
-        ${SIGNED_REPO_COPY} > /dev/null 2>&1
+        ${SIGNED_REPO_COPY}
 
 # Copy notarization file to repository for signed packages
@@ -279 +272 @@
 
 # Remove lock file from repository for signed packages
-svn delete ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
+svn delete ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
 
 if [ ${SUCCESS} -eq 1 ]; then
@@ -293 +286 @@
                 --username ${USERNAME} \
                 --password ${PASSWORD} \
-                --message "CHG: New signed package (success)" ${SIGNED_REPO_COPY} > /dev/null 2>&1
+                --message "CHG: New signed package (success)" ${SIGNED_REPO_COPY}
 else
         # Commit changes
@@ -302 +295 @@
                 --username ${USERNAME} \
                 --password ${PASSWORD} \
-                --message "CHG: New signed package (failure)" ${SIGNED_REPO_COPY} > /dev/null 2>&1
+                --message "CHG: New signed package (failure)" ${SIGNED_REPO_COPY}
 
         exit 1