-
Notifications
You must be signed in to change notification settings - Fork 2
/
macosx-notarize.sh
executable file
·112 lines (95 loc) · 4.49 KB
/
macosx-notarize.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
#!/usr/bin/env /bin/bash
#*******************************************************************************
# Copyright (c) 2019, 2023 IBM Corporation and others.
#
# This program and the accompanying materials
# are made available under the terms of the Eclipse Public License 2.0
# which accompanies this distribution, and is available at
# https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Sravan Kumar Lakkimsetti - initial API and implementation
# Jonah Graham - adapted for the EPP project (used https://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/tree/cje-production/scripts/common-functions.shsource?id=8866cc6db76d777751acb56456b248708dd80eda#n47 as source)
# Marc Dumais - adapted for the Trace Compass project (used https://github.com/eclipse-packaging/packages/blob/9282c079339625bac45c0eb394f72f8b8b5a8d5a/releng/org.eclipse.epp.config/tools/macosx-notarization-single.sh as source, as well as this EPP Jenkins job configuration: https://ci.eclipse.org/packaging/job/notarize-downloads/configure)
set -u # run with unset flag error so that missing parameters cause build failure
set -x # echo all commands used for debugging purposes
##
# Notatize all .dmg files found in the "RCP_DESTINATION" folder, that's assumed to
# reside on the "download" server. They need to be transfered to the Jenkins workspace
# first, and put back to the release folder at the end.
RCP_DESTINATION=$1
SSHUSER="genie.tracecompass@projects-storage.eclipse.org"
SSH="ssh ${SSHUSER}"
SCP="scp"
# Notatize a single "DMG" file passed as an argument. Uses current directory as a temporary directory
function notarize_single_dmg() {
DMG_FILE="$1"
DMG="$(basename "${DMG_FILE}")"
# keep a copy of the original dmg
cp "${DMG_FILE}" "${DMG_FILE}-notnotarized"
cp "${DMG_FILE}" "${DMG}"
# Prior to Mac M1 the primary bundle ID used was the name of the package with platform info stripped.
# However, the ID seems to be allowed to be arbitrary, therefore use the full file name so that
# aarch an x86_64 make the id unique. Except that it appears that _ is not permitted.
# See https://developer.apple.com/forums/thread/120421
PRIMARY_BUNDLE_ID="$(echo ${DMG} | sed 's/_/-/g')"
retryCount=1
while [ ${retryCount} -gt 0 ]; do
RESPONSE_RAW=$(curl --write-out "\n%{http_code}" -s -X POST -F file=@${DMG} -F 'options={"primaryBundleId": "'${PRIMARY_BUNDLE_ID}'", "staple": true};type=application/json' https://cbi.eclipse.org/macos/xcrun/notarize)
RESPONSE=$(head -n1 <<<"${RESPONSE_RAW}")
STATUS_CODE=$(tail -n1 <<<"${RESPONSE_RAW}")
UUID="$(echo "${RESPONSE}" | jq -r '.uuid')"
STATUS="$(echo "${RESPONSE}" | jq -r '.notarizationStatus.status')"
if [[ ${STATUS_CODE} == '503' || ${STATUS_CODE} == '502' ]]; then
echo Initial upload failed, Retrying
else
while [[ ${STATUS} == 'IN_PROGRESS' || ${STATUS_CODE} == '503' || ${STATUS_CODE} == '502' ]]; do
sleep 1m
RESPONSE_RAW=$(curl --write-out "\n%{http_code}" -s https://cbi.eclipse.org/macos/xcrun/${UUID}/status)
RESPONSE=$(head -n1 <<<"${RESPONSE_RAW}")
STATUS_CODE=$(tail -n1 <<<"${RESPONSE_RAW}")
STATUS=$(echo ${RESPONSE} | jq -r '.notarizationStatus.status')
done
fi
if [[ ${STATUS} != 'COMPLETE' ]]; then
echo "Notarization failed: ${RESPONSE}"
retryCount=$(expr $retryCount - 1)
if [ $retryCount -eq 0 ]; then
echo "Notarization failed. Exiting"
exit 1
else
echo "Retrying..."
fi
else
break
fi
done
rm "${DMG}"
curl -JO https://cbi.eclipse.org/macos/xcrun/${UUID}/download
cp -vf "${DMG}" "${DMG_FILE}"
}
# Main script
# fetch dmg files from download server/area
mkdir temp
pushd temp
for path in $(${SSH} find ${RCP_DESTINATION} -maxdepth 1 -name '*.dmg'); do
${SCP} ${SSHUSER}:${path} .
done
popd
# notarize each dmg files
for i in $(find ./temp -name '*.dmg'); do
LOG=$(basename ${i}).log
echo "Starting ${i}" >>${LOG}
notarize_single_dmg ${i} |& tee --append ${LOG} &
sleep 18s # start jobs at a small interval from each other
done
jobs -p
wait < <(jobs -p)
# upload dmg files (including original "-notnotarized" file) to their release folder
pushd temp
for i in $(find * -name '*.dmg'); do
${SCP} ${i}* ${SSHUSER}:${RCP_DESTINATION}
done
popd