34 lines
809 B
Bash
Executable file
34 lines
809 B
Bash
Executable file
#!/bin/bash
|
|
# usage: script/sign <file>
|
|
#
|
|
# Signs macOS binaries using codesign, notarizes macOS zip archives using notarytool
|
|
#
|
|
set -e
|
|
|
|
sign_macos() {
|
|
if [[ -z "$APPLE_DEVELOPER_ID" ]]; then
|
|
echo "skipping macOS code-signing; APPLE_DEVELOPER_ID not set" >&2
|
|
return 0
|
|
fi
|
|
|
|
if [[ $1 == *.zip ]]; then
|
|
xcrun notarytool submit "$1" --apple-id "${APPLE_ID?}" --team-id "${APPLE_DEVELOPER_ID?}" --password "${APPLE_ID_PASSWORD?}"
|
|
else
|
|
codesign --timestamp --options=runtime -s "${APPLE_DEVELOPER_ID?}" -v "$1"
|
|
fi
|
|
}
|
|
|
|
if [[ $# -eq 0 ]]; then
|
|
echo "usage: script/sign <file>" >&2
|
|
exit 1
|
|
fi
|
|
|
|
platform="$(uname -s)"
|
|
if [[ $platform != "Darwin" ]]; then
|
|
echo "error: must run on macOS; skipping codesigning/notarization" >&2
|
|
exit 1
|
|
fi
|
|
|
|
for input_file; do
|
|
sign_macos "$input_file"
|
|
done
|