diff --git a/scripts/notarize-macos-pkg.sh b/scripts/notarize-macos-pkg.sh index 24b7bda8d2..e108c8e4d5 100755 --- a/scripts/notarize-macos-pkg.sh +++ b/scripts/notarize-macos-pkg.sh @@ -64,4 +64,11 @@ fi # Optional but preferrable to attach the ticket to the bundle. echo -e "\n### Stapling Notarization Ticket..." xcrun stapler staple "${BUNDLE_PATH}" + +echo -e "\n### Validating Signature and Notarization..." +spctl --verbose=2 \ + --assess --type open \ + --context context:primary-signature \ + "${BUNDLE_PATH}" + exit $? diff --git a/scripts/sign-macos-pkg.sh b/scripts/sign-macos-pkg.sh index 9e1d79355e..09524c7e1e 100755 --- a/scripts/sign-macos-pkg.sh +++ b/scripts/sign-macos-pkg.sh @@ -17,7 +17,7 @@ CODESIGN_OPTS_EXTRA=("${@}") function clean_up { STATUS=$? - if [[ "${STATUS}" -eq 0 ]]; then + if [[ "${STATUS}" -ne 0 ]]; then echo -e "\n###### ERROR: See above for details." fi set +e @@ -81,14 +81,4 @@ codesign ${CODESIGN_OPTS[@]} "${TARGET}" echo -e "\n### Verifying signature..." codesign --verify --strict=all --deep --verbose=4 "${TARGET}" -echo -e "\n### Assessing Gatekeeper validation..." -if [[ -d "${TARGET}" ]]; then - spctl --assess --type execute --verbose=2 "${TARGET}" -else - echo "WARNING: The 'open' type security assesment is disabled due to lack of 'Notarization'" - # Issue: https://github.com/status-im/status-mobile/pull/9172 - # Details: https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution - #spctl --assess --type open --context context:primary-signature --verbose=2 "${OBJECT}" -fi - echo -e "\n###### DONE"