Skip to content

Commit b118019

Browse files
committed
fix: 兼容 Apple 公证协议缺失状态
1 parent bb04bd6 commit b118019

2 files changed

Lines changed: 48 additions & 6 deletions

File tree

scripts/desktop/notarize_macos.sh

Lines changed: 22 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,12 @@ else:
7373
PY
7474
}
7575

76+
is_notary_agreement_error() {
77+
local output="$1"
78+
79+
[[ "$output" == *"HTTP status code: 403"* && "$output" == *"required agreement"* ]]
80+
}
81+
7682
sign_binary() {
7783
local path="$1"
7884

@@ -201,12 +207,22 @@ else
201207
NOTARY_TARGET_PATH="$DMG_PATH"
202208
fi
203209

204-
submit_output="$(xcrun notarytool submit "$NOTARY_TARGET_PATH" \
205-
--key "$APPLE_API_KEY_PATH" \
206-
--key-id "$APPLE_API_KEY_ID" \
207-
--issuer "$APPLE_API_ISSUER" \
208-
--wait \
209-
--output-format json)"
210+
submit_output="$(
211+
xcrun notarytool submit "$NOTARY_TARGET_PATH" \
212+
--key "$APPLE_API_KEY_PATH" \
213+
--key-id "$APPLE_API_KEY_ID" \
214+
--issuer "$APPLE_API_ISSUER" \
215+
--wait \
216+
--output-format json 2>&1
217+
)" || {
218+
if is_notary_agreement_error "$submit_output"; then
219+
echo "Apple team agreement is missing or expired; skip notarization and continue release packaging."
220+
echo "$submit_output"
221+
exit 0
222+
fi
223+
echo "$submit_output"
224+
exit 1
225+
}
210226

211227
notary_id="$(extract_notary_field id "$submit_output")"
212228
notary_status="$(extract_notary_field status "$submit_output")"

scripts/test/notarize_macos_test.sh

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,10 @@ if [[ "$1" == "notarytool" && "$2" == "submit" ]]; then
107107
Accepted)
108108
printf '{"id":"submission-123","status":"Accepted"}\n'
109109
;;
110+
AgreementRequired)
111+
echo "Error: HTTP status code: 403. A required agreement is missing or has expired. This request requires an in-effect agreement that has not been signed or has expired." >&2
112+
exit 1
113+
;;
110114
Invalid)
111115
printf '{"id":"submission-123","status":"Invalid"}\n'
112116
;;
@@ -180,6 +184,28 @@ assert_contains "$log_invalid" "xcrun:notarytool submit"
180184
assert_contains "$log_invalid" "xcrun:notarytool log submission-123"
181185
assert_not_contains "$log_invalid" "stapler:"
182186

187+
repo_agreement="$tmp_dir/repo-agreement"
188+
bin_agreement="$tmp_dir/bin-agreement"
189+
log_agreement="$tmp_dir/agreement.log"
190+
make_repo "$repo_agreement"
191+
make_fake_bin "$bin_agreement"
192+
make_fake_appdmg "$repo_agreement"
193+
194+
(
195+
cd "$repo_agreement"
196+
CALL_LOG="$log_agreement" \
197+
PATH="$bin_agreement:$PATH" \
198+
APPLE_SIGNING_IDENTITY="Developer ID Application: Example Developer (TEAMID1234)" \
199+
APPLE_API_KEY_PATH="$tmp_dir/AuthKey.p8" \
200+
APPLE_API_KEY_ID="ABC123DEFG" \
201+
APPLE_API_ISSUER="00000000-0000-0000-0000-000000000000" \
202+
NOTARY_STATUS="AgreementRequired" \
203+
bash scripts/desktop/notarize_macos.sh
204+
)
205+
206+
assert_contains "$log_agreement" "xcrun:notarytool submit"
207+
assert_not_contains "$log_agreement" "stapler:"
208+
183209
repo_accept="$tmp_dir/repo-accept"
184210
bin_accept="$tmp_dir/bin-accept"
185211
log_accept="$tmp_dir/accept.log"

0 commit comments

Comments
 (0)