-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Enabled Hardened Runtime, made configuration changes necessary for No…
…tarization, added a Makefile for archiving, signing, and notarizing, and incremented version and build numbers.
- Loading branch information
1 parent
985a592
commit 5cc1c86
Showing
8 changed files
with
142 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -22,3 +22,7 @@ DerivedData | |
*.ipa | ||
*.xcuserstate | ||
*.orig | ||
|
||
# Archives | ||
buildArchive/ | ||
*.xcarchive |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | ||
<plist version="1.0"> | ||
<dict> | ||
<key>method</key> | ||
<string>mac-application</string> | ||
</dict> | ||
</plist> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
.PHONY: notarize | ||
|
||
# Mostly cribbed from https://gist.github.com/shpakovski/31067c499d69d1d4180856be3d67e5a5. | ||
|
||
# XCS_ARCHIVE is an environment variable typically set by Xcode Server. | ||
# We're not using Xcode server so I'm hardcoding it here. | ||
# | ||
# https://developer.apple.com/library/archive/documentation/IDEs/Conceptual/xcode_guide-continuous_integration/EnvironmentVariableReference.html | ||
XCS_ARCHIVE := "buildArchive/EFIgy.xcarchive" | ||
|
||
EXPORT_PATH := $(XCS_ARCHIVE)/Submissions | ||
BUNDLE_APP := $(EXPORT_PATH)/EFIgy.app | ||
BUNDLE_ZIP := $(EXPORT_PATH)/EFIgy.zip | ||
UPLOAD_INFO_PLIST := $(EXPORT_PATH)/UploadInfo.plist | ||
REQUEST_INFO_PLIST := $(EXPORT_PATH)/RequestInfo.plist | ||
AUDIT_INFO_JSON := $(EXPORT_PATH)/AuditInfo.json | ||
PRODUCT_DIR := $(XCS_ARCHIVE)/Products/Applications | ||
PRODUCT_APP := $(PRODUCT_DIR)/EFIgy.app | ||
PRIMARY_BUNDLE_ID := "com.duosecurity.EFIgy" | ||
CODE_SIGN_IDENTITY_NAME := "Developer ID Application: Duo Security, Inc. (FNN8Z5JMFP)" | ||
|
||
define notify | ||
@ /usr/bin/osascript -e 'display notification $2 with title $1' | ||
endef | ||
|
||
define wait_while_in_progress | ||
while true; do \ | ||
/usr/bin/xcrun altool --notarization-info `/usr/libexec/PlistBuddy -c "Print :notarization-upload:RequestUUID" $(UPLOAD_INFO_PLIST)` -u $(DEVELOPER_USERNAME) -p $(DEVELOPER_PASSWORD) --output-format xml > $(REQUEST_INFO_PLIST) ;\ | ||
if [ "`/usr/libexec/PlistBuddy -c "Print :notarization-info:Status" $(REQUEST_INFO_PLIST)`" != "in progress" ]; then \ | ||
break ;\ | ||
fi ;\ | ||
/usr/bin/osascript -e 'display notification "Zzz..." with title "Notarization"' ;\ | ||
sleep 60 ;\ | ||
done | ||
endef | ||
|
||
archive: | ||
$(call notify, "Archiving", "Creating archive...") | ||
xcodebuild -workspace EFIgy.xcworkspace -scheme EFIgy -configuration Release clean archive -archivePath "$XCS_ARCHIVE" CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO | ||
|
||
export-archive: | ||
$(call notify, "Archiving", "Exporting an archive...") | ||
/usr/bin/xcrun xcodebuild -exportArchive -archivePath $(XCS_ARCHIVE) -exportPath $(EXPORT_PATH) -exportOptionsPlist ./ExportOptions.plist -IDEPostProgressNotifications=YES -DVTAllowServerCertificates=YES -DVTProvisioningUseServerAccounts=YES -configuration Release | ||
|
||
codesign: | ||
$(call notify, "Code Signing", "Code signing Sparkle AutoUpdate. Please enter PIN and touch the security key...") | ||
codesign --timestamp --verbose --force --deep -o runtime --sign $(CODE_SIGN_IDENTITY_NAME) $(BUNDLE_APP)/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app | ||
$(call notify, "Code Signing", "Code signing app. Please enter PIN and touch the security key...") | ||
codesign --timestamp --verbose --deep -o runtime -s $(CODE_SIGN_IDENTITY_NAME) -fv $(BUNDLE_APP) | ||
|
||
notarize: | ||
$(call notify, "Notarization", "Building a ZIP archive...") | ||
/usr/bin/ditto -c -k --rsrc --keepParent $(BUNDLE_APP) $(BUNDLE_ZIP) | ||
$(call notify, "Notarization", "Uploading for notarization...") | ||
/usr/bin/xcrun altool --notarize-app --primary-bundle-id $(PRIMARY_BUNDLE_ID) -u $(DEVELOPER_USERNAME) -p $(DEVELOPER_PASSWORD) -f $(BUNDLE_ZIP) --output-format xml > $(UPLOAD_INFO_PLIST) | ||
sleep 2 | ||
$(call notify, "Notarization", "Waiting while notarized...") | ||
/usr/bin/xcrun altool --notarization-info `/usr/libexec/PlistBuddy -c "Print :notarization-upload:RequestUUID" $(UPLOAD_INFO_PLIST)` -u $(DEVELOPER_USERNAME) -p $(DEVELOPER_PASSWORD) --output-format xml > $(REQUEST_INFO_PLIST) | ||
$(call wait_while_in_progress) | ||
$(call notify, "Notarization", "Downloading log file...") | ||
/usr/bin/curl -o $(AUDIT_INFO_JSON) `/usr/libexec/PlistBuddy -c "Print :notarization-info:LogFileURL" $(REQUEST_INFO_PLIST)` | ||
if [ `/usr/libexec/PlistBuddy -c "Print :notarization-info:Status" $(REQUEST_INFO_PLIST)` != "success" ]; then \ | ||
false; \ | ||
fi | ||
$(call notify, "Notarization", "Stapling...") | ||
/usr/bin/xcrun stapler staple $(BUNDLE_APP) | ||
$(call notify, "Notarization", "Replacing original product...") | ||
rm -rf $(PRODUCT_APP) | ||
mv $(BUNDLE_APP) $(PRODUCT_DIR)/ | ||
$(call notify, "Notarization", "✅ Done!") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,5 @@ | ||
platform :osx, '10.12' | ||
|
||
target 'EFIgy' do | ||
use_frameworks! | ||
pod 'LetsMove' | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,15 +1,20 @@ | ||
PODS: | ||
- LetsMove (1.22) | ||
- Sparkle (1.16.0) | ||
- LetsMove (1.24) | ||
- Sparkle (1.21.3) | ||
|
||
DEPENDENCIES: | ||
- LetsMove | ||
- Sparkle | ||
|
||
SPEC REPOS: | ||
https://github.com/cocoapods/specs.git: | ||
- LetsMove | ||
- Sparkle | ||
|
||
SPEC CHECKSUMS: | ||
LetsMove: 407d4d14815e6dc1549b6a9fe8e4b0f6aed3e305 | ||
Sparkle: 57650c525b8922b1ef72021f9d92287fc7d5d6f0 | ||
LetsMove: fefe56bc7bc7fb7d37049e28a14f297961229fc5 | ||
Sparkle: 3f75576db8b0265adef36c43249d747f22d0b708 | ||
|
||
PODFILE CHECKSUM: de348ddbda39c9c335ba8bbbacbb300ace8ff4d2 | ||
PODFILE CHECKSUM: 2a9995deee40fbd399df209dcfa18ef1319235c8 | ||
|
||
COCOAPODS: 1.1.1 | ||
COCOAPODS: 1.7.0.beta.3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
// | ||
// Common.xcconfig | ||
// EFIgy | ||
// | ||
// Created by James Barclay on 8/15/19. | ||
// Copyright © 2019 Duo Security. All rights reserved. | ||
// | ||
|
||
// Configuration settings file format documentation can be found at: | ||
// https://help.apple.com/xcode/#/dev745c5c974 | ||
|
||
ENABLE_HARDENED_RUNTIME = YES | ||
OTHER_CODE_SIGN_FLAGS = --deep --timestamp |