Skip to content

Commit ca7d512

Browse files
ChrisTitusTechChrisTitusTech
committed
fix signing notarization
1 parent d92fef8 commit ca7d512

1 file changed

Lines changed: 96 additions & 7 deletions

File tree

MacUtilGUI/sign_macos.sh

Lines changed: 96 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,20 @@ print_warning "IMPORTANT: Make sure you have:"
6868
print_warning "1. A valid Developer ID Application certificate in your Keychain"
6969
print_warning "2. Updated the DEVELOPER_ID variable in this script"
7070
print_warning "3. An Apple Developer account for notarization"
71+
print_warning "4. Set up AC_PASSWORD in keychain with:"
72+
print_warning " security add-generic-password -a 'contact@christitus.com' -s 'AC_PASSWORD' -w"
73+
print_warning " (it will prompt you to enter your app-specific password securely)"
74+
echo
75+
76+
# Check if AC_PASSWORD is accessible in keychain
77+
print_status "Checking keychain access for AC_PASSWORD..."
78+
if security find-generic-password -a 'contact@christitus.com' -s 'AC_PASSWORD' >/dev/null 2>&1; then
79+
print_success "AC_PASSWORD found in keychain"
80+
else
81+
print_error "AC_PASSWORD not found in keychain or keychain is locked"
82+
print_status "Please ensure the keychain is unlocked and AC_PASSWORD is stored"
83+
print_status "You can test with: security find-generic-password -a 'contact@christitus.com' -s 'AC_PASSWORD'"
84+
fi
7185
echo
7286

7387
read -p "Do you want to proceed with code signing? (y/N): " -n 1 -r
@@ -102,13 +116,88 @@ if [ $? -eq 0 ]; then
102116
if [ $? -eq 0 ]; then
103117
print_success "Signature verification passed!"
104118
echo
105-
print_status "🎯 Next Steps for Distribution:"
106-
echo "1. Test the signed app on a different Mac"
107-
echo "2. For notarization (required for macOS 10.15+):"
108-
echo " a. Create a zip: ditto -c -k --sequesterRsrc --keepParent '$APP_BUNDLE_PATH' MacUtil.zip"
109-
echo " b. Submit for notarization: xcrun altool --notarize-app -f MacUtil.zip --primary-bundle-id com.macutil.gui -u your@apple.id -p @keychain:AC_PASSWORD"
110-
echo " c. Wait for notarization to complete"
111-
echo " d. Staple the notarization: xcrun stapler staple '$APP_BUNDLE_PATH'"
119+
120+
# Ask if user wants to proceed with notarization
121+
read -p "Do you want to proceed with notarization? (y/N): " -n 1 -r
122+
echo
123+
if [[ $REPLY =~ ^[Yy]$ ]]; then
124+
print_status "Starting notarization process..."
125+
126+
# Ensure keychain is unlocked
127+
print_status "Ensuring keychain is unlocked..."
128+
security unlock-keychain ~/Library/Keychains/login.keychain-db
129+
130+
# Retrieve AC_PASSWORD from keychain (silently)
131+
print_status "Retrieving app-specific password from keychain..."
132+
AC_PASSWORD=$(security find-generic-password -a 'contact@christitus.com' -s 'AC_PASSWORD' -w 2>/dev/null)
133+
if [ $? -ne 0 ] || [ -z "$AC_PASSWORD" ]; then
134+
print_error "Failed to retrieve AC_PASSWORD from keychain"
135+
print_status "Please ensure the keychain is unlocked and AC_PASSWORD is stored correctly"
136+
exit 1
137+
fi
138+
print_success "App-specific password retrieved successfully"
139+
140+
# Create zip for notarization
141+
ZIP_NAME="MacUtil.zip"
142+
print_status "Creating zip file for notarization: $ZIP_NAME"
143+
if [ -f "$ZIP_NAME" ]; then
144+
rm "$ZIP_NAME"
145+
fi
146+
ditto -c -k --sequesterRsrc --keepParent "$APP_BUNDLE_PATH" "$ZIP_NAME"
147+
148+
if [ $? -eq 0 ]; then
149+
print_success "Zip file created successfully!"
150+
151+
# Submit for notarization
152+
print_status "Submitting for notarization (this may take several minutes)..."
153+
print_status "You will see progress updates from Apple's notarization service..."
154+
echo
155+
156+
# Submit for notarization with real-time output
157+
xcrun notarytool submit "$ZIP_NAME" --apple-id contact@christitus.com --team-id 8ZHX2A9ALF --password "$AC_PASSWORD" --wait
158+
159+
if [ $? -eq 0 ]; then
160+
161+
# Staple the notarization
162+
print_status "Stapling notarization to app bundle..."
163+
xcrun stapler staple "$APP_BUNDLE_PATH"
164+
165+
if [ $? -eq 0 ]; then
166+
print_success "Notarization stapled successfully!"
167+
print_success "App is now ready for distribution! 🚀"
168+
echo
169+
print_status "Next steps:"
170+
echo "1. Test the notarized app on a different Mac"
171+
echo "2. Distribute the app bundle: $APP_BUNDLE_PATH"
172+
else
173+
print_error "Failed to staple notarization"
174+
print_status "The app is notarized but stapling failed. You can distribute it anyway."
175+
fi
176+
else
177+
print_error "Notarization failed!"
178+
print_status "Check your Apple ID credentials and app-specific password"
179+
print_status "You can still distribute the signed app, but users may see security warnings"
180+
fi
181+
182+
# Clear the password variable for security
183+
unset AC_PASSWORD
184+
185+
# Clean up zip file
186+
if [ -f "$ZIP_NAME" ]; then
187+
rm "$ZIP_NAME"
188+
print_status "Cleaned up temporary zip file"
189+
fi
190+
else
191+
print_error "Failed to create zip file for notarization"
192+
fi
193+
else
194+
print_status "Skipping notarization"
195+
echo
196+
print_status "🎯 Manual notarization steps (if needed later):"
197+
echo "1. Create a zip: ditto -c -k --sequesterRsrc --keepParent '$APP_BUNDLE_PATH' MacUtil.zip"
198+
echo "2. Submit for notarization: xcrun notarytool submit MacUtil.zip --apple-id contact@christitus.com --team-id 8ZHX2A9ALF --password \$(security find-generic-password -a 'contact@christitus.com' -s 'AC_PASSWORD' -w) --wait"
199+
echo "3. If successful, staple: xcrun stapler staple '$APP_BUNDLE_PATH'"
200+
fi
112201
echo
113202
print_success "Code signing complete! 🔐"
114203
else

0 commit comments

Comments
 (0)