![(please configure the [header_logo] section in trac.ini)](/trac/issm/chrome/common/trac_banner.png)
Changeset 27988
- Timestamp:
- 11/02/23 10:21:30 (18 months ago)
- Location:
- issm/trunk-jpl/packagers/mac
- Files:
-
- 2 edited
-
sign-issm-mac-binaries-matlab.sh (modified) (4 diffs)
-
sign-issm-mac-binaries-python-3.sh (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
issm/trunk-jpl/packagers/mac/sign-issm-mac-binaries-matlab.sh
r27607 r27988 8 8 # builds. 9 9 # 10 # In order to replicate the requ ried Jenkins project configuration:10 # In order to replicate the required Jenkins project configuration: 11 11 # - First, navigate to 'Manage Jenkins' -> 'Manage Plugins' and install the 12 12 # 'Credentials Bindings Plugin' if it is not already installed. … … 80 80 PASSWORD=${ISSM_BINARIES_PASS} 81 81 PKG="ISSM-macOS-MATLAB" 82 PRIMARY_BUNDLE_ID="gov.nasa.jpl.issm.matlab"83 82 SIGNED_REPO_COPY="./signed" 84 83 SIGNED_REPO_URL="https://issm.ess.uci.edu/svn/issm-binaries/mac/matlab/signed" … … 150 149 # Submit compressed package for notarization 151 150 echo "Submitting signed package to Apple for notarization" 152 xcrun altool --notarize-app --primary-bundle-id ${PRIMARY_BUNDLE_ID} --username ${AD_USERNAME} --password ${ALTOOL_PASSWORD} --asc-provider ${ASC_PROVIDER} --file ${COMPRESSED_PKG} &> ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} 153 154 # Sleep until notarization request response is received 155 echo "Waiting for notarization request response" 156 while [[ ! -f ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} || ! -z $(find ${NOTARIZATION_LOGFILE_PATH} -empty -name ${NOTARIZATION_LOGFILE}) ]]; do 157 sleep 30 158 done 151 xcrun notarytool submit ${COMPRESSED_PKG} --apple-id "$AD_USERNAME" --team-id "$TEAM_ID" --password "$NOTARY_PASSWORD" --wait &> ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} 159 152 160 153 echo "Notarization request response received" … … 186 179 # 187 180 echo "Checking notarization status" 188 SUCCESS=0 189 for ATTEMPT in $(seq 1 ${NOTARIZATION_CHECK_ATTEMPTS}); do 190 echo " Attempt #${ATTEMPT}..." 191 xcrun altool --notarization-info ${UUID} --username ${AD_USERNAME} --password ${ALTOOL_PASSWORD} &> ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} 192 if [[ -f ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} && -z $(find ${NOTARIZATION_LOGFILE_PATH} -empty -name ${NOTARIZATION_LOGFILE}) ]]; then 193 194 # First, check if there is an error 195 ERROR_CHECK=$(grep 'Error' ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE}) 196 if [ ! -z "${ERROR_CHECK}" ]; then 197 break 198 fi 199 200 # No error, so check status 201 STATUS=$(grep 'Status:' ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} | sed -e 's/[[:space:]]*Status: //') 202 if [[ "${STATUS}" == "success" ]]; then 203 # Staple notarization to all elements of package that were previously signed 204 #xcrun stapler staple ${EXECUTABLES} # NOTE: Fails with "Stapler is incapable of working with MATLAB Mex files." 205 206 # Validate stapling of notarization 207 #xcrun stapler validation ${EXECUTABLES} # NOTE: Skipping notarization stapling validation because this is not a true package nor app 208 209 # Compress signed and notarized package 210 ditto -ck --sequesterRsrc --keepParent ${PKG} ${COMPRESSED_PKG} 211 212 # Set flag indicating notarization was successful 213 SUCCESS=1 214 215 break 216 elif [[ "${STATUS}" == "in progress" ]]; then 217 echo " ...in progress still; checking again in ${NOTARIZATION_CHECK_PERIOD} seconds." 218 sleep ${NOTARIZATION_CHECK_PERIOD} 219 elif [[ "${STATUS}" == "invalid" ]]; then 220 break 221 fi 222 else 223 if [ ${ATTEMPT} -lt ${NOTARIZATION_CHECK_ATTEMPTS} ]; then 224 echo " ...not ready yet; checking again in ${NOTARIZATION_CHECK_PERIOD} seconds." 225 sleep ${NOTARIZATION_CHECK_PERIOD} 226 else 227 echo " ...maximum attempts reached, but no response, or something else went wrong." 228 echo " If contents of notarization status check logfile appear to be valid, increase NOTARIZATION_CHECK_ATTEMPTS and run again." 229 break 230 fi 231 fi 232 done 233 234 if [ ${SUCCESS} -eq 1 ]; then 181 xcrun notarytool log ${UUID} --apple-id "$AD_USERNAME" --team-id "$TEAM_ID" --password "$NOTARY_PASSWORD" &> ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} 182 STATUS=$(grep 'status: Accepted' ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} | wc -l) 183 184 if [[ ${STATUS} -gt 0 ]]; then 185 # Staple notarization to all elements of package that were previously signed 186 #xcrun stapler staple ${THIRD_PARTY_BINS} # NOTE: Fails with "Stapler is incapable of working with MATLAB Mex files." 187 188 # Validate stapling of notarization 189 #xcrun stapler validation ${THIRD_PARTY_BINS} # NOTE: Skipping notarization stapling validation because this is not a true package nor app 190 191 # Compress signed and notarized package 192 ditto -ck --sequesterRsrc --keepParent ${PKG} ${COMPRESSED_PKG} 193 235 194 echo "Notarization successful!" 236 195 else -
issm/trunk-jpl/packagers/mac/sign-issm-mac-binaries-python-3.sh
r27607 r27988 8 8 # new builds. 9 9 # 10 # In order to replicate the requ ried Jenkins project configuration:10 # In order to replicate the required Jenkins project configuration: 11 11 # - First, navigate to 'Manage Jenkins' -> 'Manage Plugins' and install the 12 12 # 'Credentials Bindings Plugin' if it is not already installed. … … 80 80 PASSWORD=${ISSM_BINARIES_PASS} 81 81 PKG="ISSM-macOS-Python-3" 82 PRIMARY_BUNDLE_ID="gov.nasa.jpl.issm.python"83 82 SIGNED_REPO_COPY="./signed" 84 83 SIGNED_REPO_URL="https://issm.ess.uci.edu/svn/issm-binaries/mac/python/3/signed" … … 112 111 113 112 rm -rf ${PKG} ${SIGNED_REPO_COPY} 114 115 113 116 114 # Extract package contents … … 160 158 # Submit compressed package for notarization 161 159 echo "Submitting signed package to Apple for notarization" 162 xcrun altool --notarize-app --primary-bundle-id ${PRIMARY_BUNDLE_ID} --username ${AD_USERNAME} --password ${ALTOOL_PASSWORD} --asc-provider ${ASC_PROVIDER} --file ${COMPRESSED_PKG} &> ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} 163 164 # Sleep until notarization request response is received 165 echo "Waiting for notarization request response" 166 while [[ ! -f ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} || ! -z $(find ${NOTARIZATION_LOGFILE_PATH} -empty -name ${NOTARIZATION_LOGFILE}) ]]; do 167 sleep 30 168 done 160 xcrun notarytool submit ${COMPRESSED_PKG} --apple-id "$AD_USERNAME" --team-id "$TEAM_ID" --password "$NOTARY_PASSWORD" --wait &> ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} 169 161 170 162 echo "Notarization request response received" … … 196 188 # 197 189 echo "Checking notarization status" 198 SUCCESS=0 199 for ATTEMPT in $(seq 1 ${NOTARIZATION_CHECK_ATTEMPTS}); do 200 echo " Attempt #${ATTEMPT}..." 201 xcrun altool --notarization-info ${UUID} --username ${AD_USERNAME} --password ${ALTOOL_PASSWORD} &> ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} 202 if [[ -f ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} && -z $(find ${NOTARIZATION_LOGFILE_PATH} -empty -name ${NOTARIZATION_LOGFILE}) ]]; then 203 204 # First, check if there is an error 205 ERROR_CHECK=$(grep 'Error' ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE}) 206 if [ ! -z "${ERROR_CHECK}" ]; then 207 break 208 fi 209 210 # No error, so check status 211 STATUS=$(grep 'Status:' ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} | sed -e 's/[[:space:]]*Status: //') 212 if [[ "${STATUS}" == "success" ]]; then 213 # Staple notarization to all elements of package that were previously signed 214 #xcrun stapler staple ${THIRD_PARTY_BINS} # NOTE: Fails with "Stapler is incapable of working with MATLAB Mex files." 215 216 # Validate stapling of notarization 217 #xcrun stapler validation ${THIRD_PARTY_BINS} # NOTE: Skipping notarization stapling validation because this is not a true package nor app 218 219 # Compress signed and notarized package 220 ditto -ck --sequesterRsrc --keepParent ${PKG} ${COMPRESSED_PKG} 221 222 # Set flag indicating notarization was successful 223 SUCCESS=1 224 225 break 226 elif [[ "${STATUS}" == "in progress" ]]; then 227 echo " ...in progress still; checking again in ${NOTARIZATION_CHECK_PERIOD} seconds." 228 sleep ${NOTARIZATION_CHECK_PERIOD} 229 elif [[ "${STATUS}" == "invalid" ]]; then 230 break 231 fi 232 else 233 if [ ${ATTEMPT} -lt ${NOTARIZATION_CHECK_ATTEMPTS} ]; then 234 echo " ...not ready yet; checking again in ${NOTARIZATION_CHECK_PERIOD} seconds" 235 sleep ${NOTARIZATION_CHECK_PERIOD} 236 else 237 echo " ...maximum attempts reached, but no response, or something else went wrong" 238 echo " If contents of notarization status check logfile appear to be valid, increase NOTARIZATION_CHECK_ATTEMPTS and run again" 239 break 240 fi 241 fi 242 done 243 244 if [ ${SUCCESS} -eq 1 ]; then 190 xcrun notarytool log ${UUID} --apple-id "$AD_USERNAME" --team-id "$TEAM_ID" --password "$NOTARY_PASSWORD" &> ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} 191 STATUS=$(grep 'status: Accepted' ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} | wc -l) 192 193 if [[ ${STATUS} -gt 0 ]]; then 194 # Staple notarization to all elements of package that were previously signed 195 #xcrun stapler staple ${THIRD_PARTY_BINS} # NOTE: Fails with "Stapler is incapable of working with MATLAB Mex files." 196 197 # Validate stapling of notarization 198 #xcrun stapler validation ${THIRD_PARTY_BINS} # NOTE: Skipping notarization stapling validation because this is not a true package nor app 199 200 # Compress signed and notarized package 201 ditto -ck --sequesterRsrc --keepParent ${PKG} ${COMPRESSED_PKG} 202 245 203 echo "Notarization successful!" 246 204 else
Note:
See TracChangeset
for help on using the changeset viewer.
