Index: /issm/trunk-jpl/packagers/mac/sign-issm-mac-binaries-matlab.sh =================================================================== --- /issm/trunk-jpl/packagers/mac/sign-issm-mac-binaries-matlab.sh (revision 27987) +++ /issm/trunk-jpl/packagers/mac/sign-issm-mac-binaries-matlab.sh (revision 27988) @@ -8,5 +8,5 @@ # builds. # -# In order to replicate the requried Jenkins project configuration: +# In order to replicate the required Jenkins project configuration: # - First, navigate to 'Manage Jenkins' -> 'Manage Plugins' and install the # 'Credentials Bindings Plugin' if it is not already installed. @@ -80,5 +80,4 @@ PASSWORD=${ISSM_BINARIES_PASS} PKG="ISSM-macOS-MATLAB" -PRIMARY_BUNDLE_ID="gov.nasa.jpl.issm.matlab" SIGNED_REPO_COPY="./signed" SIGNED_REPO_URL="https://issm.ess.uci.edu/svn/issm-binaries/mac/matlab/signed" @@ -150,11 +149,5 @@ # Submit compressed package for notarization echo "Submitting signed package to Apple for notarization" -xcrun altool --notarize-app --primary-bundle-id ${PRIMARY_BUNDLE_ID} --username ${AD_USERNAME} --password ${ALTOOL_PASSWORD} --asc-provider ${ASC_PROVIDER} --file ${COMPRESSED_PKG} &> ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} - -# Sleep until notarization request response is received -echo "Waiting for notarization request response" -while [[ ! -f ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} || ! -z $(find ${NOTARIZATION_LOGFILE_PATH} -empty -name ${NOTARIZATION_LOGFILE}) ]]; do - sleep 30 -done +xcrun notarytool submit ${COMPRESSED_PKG} --apple-id "$AD_USERNAME" --team-id "$TEAM_ID" --password "$NOTARY_PASSWORD" --wait &> ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} echo "Notarization request response received" @@ -186,51 +179,17 @@ # echo "Checking notarization status" -SUCCESS=0 -for ATTEMPT in $(seq 1 ${NOTARIZATION_CHECK_ATTEMPTS}); do - echo " Attempt #${ATTEMPT}..." - xcrun altool --notarization-info ${UUID} --username ${AD_USERNAME} --password ${ALTOOL_PASSWORD} &> ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} - if [[ -f ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} && -z $(find ${NOTARIZATION_LOGFILE_PATH} -empty -name ${NOTARIZATION_LOGFILE}) ]]; then - - # First, check if there is an error - ERROR_CHECK=$(grep 'Error' ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE}) - if [ ! -z "${ERROR_CHECK}" ]; then - break - fi - - # No error, so check status - STATUS=$(grep 'Status:' ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} | sed -e 's/[[:space:]]*Status: //') - if [[ "${STATUS}" == "success" ]]; then - # Staple notarization to all elements of package that were previously signed - #xcrun stapler staple ${EXECUTABLES} # NOTE: Fails with "Stapler is incapable of working with MATLAB Mex files." - - # Validate stapling of notarization - #xcrun stapler validation ${EXECUTABLES} # NOTE: Skipping notarization stapling validation because this is not a true package nor app - - # Compress signed and notarized package - ditto -ck --sequesterRsrc --keepParent ${PKG} ${COMPRESSED_PKG} - - # Set flag indicating notarization was successful - SUCCESS=1 - - break - elif [[ "${STATUS}" == "in progress" ]]; then - echo " ...in progress still; checking again in ${NOTARIZATION_CHECK_PERIOD} seconds." - sleep ${NOTARIZATION_CHECK_PERIOD} - elif [[ "${STATUS}" == "invalid" ]]; then - break - fi - else - if [ ${ATTEMPT} -lt ${NOTARIZATION_CHECK_ATTEMPTS} ]; then - echo " ...not ready yet; checking again in ${NOTARIZATION_CHECK_PERIOD} seconds." - sleep ${NOTARIZATION_CHECK_PERIOD} - else - echo " ...maximum attempts reached, but no response, or something else went wrong." - echo " If contents of notarization status check logfile appear to be valid, increase NOTARIZATION_CHECK_ATTEMPTS and run again." - break - fi - fi -done - -if [ ${SUCCESS} -eq 1 ]; then +xcrun notarytool log ${UUID} --apple-id "$AD_USERNAME" --team-id "$TEAM_ID" --password "$NOTARY_PASSWORD" &> ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} +STATUS=$(grep 'status: Accepted' ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} | wc -l) + +if [[ ${STATUS} -gt 0 ]]; then + # Staple notarization to all elements of package that were previously signed + #xcrun stapler staple ${THIRD_PARTY_BINS} # NOTE: Fails with "Stapler is incapable of working with MATLAB Mex files." + + # Validate stapling of notarization + #xcrun stapler validation ${THIRD_PARTY_BINS} # NOTE: Skipping notarization stapling validation because this is not a true package nor app + + # Compress signed and notarized package + ditto -ck --sequesterRsrc --keepParent ${PKG} ${COMPRESSED_PKG} + echo "Notarization successful!" else Index: /issm/trunk-jpl/packagers/mac/sign-issm-mac-binaries-python-3.sh =================================================================== --- /issm/trunk-jpl/packagers/mac/sign-issm-mac-binaries-python-3.sh (revision 27987) +++ /issm/trunk-jpl/packagers/mac/sign-issm-mac-binaries-python-3.sh (revision 27988) @@ -8,5 +8,5 @@ # new builds. # -# In order to replicate the requried Jenkins project configuration: +# In order to replicate the required Jenkins project configuration: # - First, navigate to 'Manage Jenkins' -> 'Manage Plugins' and install the # 'Credentials Bindings Plugin' if it is not already installed. @@ -80,5 +80,4 @@ PASSWORD=${ISSM_BINARIES_PASS} PKG="ISSM-macOS-Python-3" -PRIMARY_BUNDLE_ID="gov.nasa.jpl.issm.python" SIGNED_REPO_COPY="./signed" SIGNED_REPO_URL="https://issm.ess.uci.edu/svn/issm-binaries/mac/python/3/signed" @@ -112,5 +111,4 @@ rm -rf ${PKG} ${SIGNED_REPO_COPY} - # Extract package contents @@ -160,11 +158,5 @@ # Submit compressed package for notarization echo "Submitting signed package to Apple for notarization" -xcrun altool --notarize-app --primary-bundle-id ${PRIMARY_BUNDLE_ID} --username ${AD_USERNAME} --password ${ALTOOL_PASSWORD} --asc-provider ${ASC_PROVIDER} --file ${COMPRESSED_PKG} &> ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} - -# Sleep until notarization request response is received -echo "Waiting for notarization request response" -while [[ ! -f ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} || ! -z $(find ${NOTARIZATION_LOGFILE_PATH} -empty -name ${NOTARIZATION_LOGFILE}) ]]; do - sleep 30 -done +xcrun notarytool submit ${COMPRESSED_PKG} --apple-id "$AD_USERNAME" --team-id "$TEAM_ID" --password "$NOTARY_PASSWORD" --wait &> ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} echo "Notarization request response received" @@ -196,51 +188,17 @@ # echo "Checking notarization status" -SUCCESS=0 -for ATTEMPT in $(seq 1 ${NOTARIZATION_CHECK_ATTEMPTS}); do - echo " Attempt #${ATTEMPT}..." - xcrun altool --notarization-info ${UUID} --username ${AD_USERNAME} --password ${ALTOOL_PASSWORD} &> ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} - if [[ -f ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} && -z $(find ${NOTARIZATION_LOGFILE_PATH} -empty -name ${NOTARIZATION_LOGFILE}) ]]; then - - # First, check if there is an error - ERROR_CHECK=$(grep 'Error' ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE}) - if [ ! -z "${ERROR_CHECK}" ]; then - break - fi - - # No error, so check status - STATUS=$(grep 'Status:' ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} | sed -e 's/[[:space:]]*Status: //') - if [[ "${STATUS}" == "success" ]]; then - # Staple notarization to all elements of package that were previously signed - #xcrun stapler staple ${THIRD_PARTY_BINS} # NOTE: Fails with "Stapler is incapable of working with MATLAB Mex files." - - # Validate stapling of notarization - #xcrun stapler validation ${THIRD_PARTY_BINS} # NOTE: Skipping notarization stapling validation because this is not a true package nor app - - # Compress signed and notarized package - ditto -ck --sequesterRsrc --keepParent ${PKG} ${COMPRESSED_PKG} - - # Set flag indicating notarization was successful - SUCCESS=1 - - break - elif [[ "${STATUS}" == "in progress" ]]; then - echo " ...in progress still; checking again in ${NOTARIZATION_CHECK_PERIOD} seconds." - sleep ${NOTARIZATION_CHECK_PERIOD} - elif [[ "${STATUS}" == "invalid" ]]; then - break - fi - else - if [ ${ATTEMPT} -lt ${NOTARIZATION_CHECK_ATTEMPTS} ]; then - echo " ...not ready yet; checking again in ${NOTARIZATION_CHECK_PERIOD} seconds" - sleep ${NOTARIZATION_CHECK_PERIOD} - else - echo " ...maximum attempts reached, but no response, or something else went wrong" - echo " If contents of notarization status check logfile appear to be valid, increase NOTARIZATION_CHECK_ATTEMPTS and run again" - break - fi - fi -done - -if [ ${SUCCESS} -eq 1 ]; then +xcrun notarytool log ${UUID} --apple-id "$AD_USERNAME" --team-id "$TEAM_ID" --password "$NOTARY_PASSWORD" &> ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} +STATUS=$(grep 'status: Accepted' ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} | wc -l) + +if [[ ${STATUS} -gt 0 ]]; then + # Staple notarization to all elements of package that were previously signed + #xcrun stapler staple ${THIRD_PARTY_BINS} # NOTE: Fails with "Stapler is incapable of working with MATLAB Mex files." + + # Validate stapling of notarization + #xcrun stapler validation ${THIRD_PARTY_BINS} # NOTE: Skipping notarization stapling validation because this is not a true package nor app + + # Compress signed and notarized package + ditto -ck --sequesterRsrc --keepParent ${PKG} ${COMPRESSED_PKG} + echo "Notarization successful!" else