sign-macos-pkg.sh: move gatekeeper verification
This now fails when the app is signed with a new certificate create from our new Apple organization but is not notarized: ``` tmp/macos/dist/Status.app: rejected source=Unnotarized Developer ID ``` I actually have absolutely no idea why this verification worked with the old certificate, but it did. For that reason I'm moving it to after notarization. Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
parent
0676f49f4c
commit
49ec6962b1
|
@ -64,4 +64,11 @@ fi
|
||||||
# Optional but preferrable to attach the ticket to the bundle.
|
# Optional but preferrable to attach the ticket to the bundle.
|
||||||
echo -e "\n### Stapling Notarization Ticket..."
|
echo -e "\n### Stapling Notarization Ticket..."
|
||||||
xcrun stapler staple "${BUNDLE_PATH}"
|
xcrun stapler staple "${BUNDLE_PATH}"
|
||||||
|
|
||||||
|
echo -e "\n### Validating Signature and Notarization..."
|
||||||
|
spctl --verbose=2 \
|
||||||
|
--assess --type open \
|
||||||
|
--context context:primary-signature \
|
||||||
|
"${BUNDLE_PATH}"
|
||||||
|
|
||||||
exit $?
|
exit $?
|
||||||
|
|
|
@ -17,7 +17,7 @@ CODESIGN_OPTS_EXTRA=("${@}")
|
||||||
|
|
||||||
function clean_up {
|
function clean_up {
|
||||||
STATUS=$?
|
STATUS=$?
|
||||||
if [[ "${STATUS}" -eq 0 ]]; then
|
if [[ "${STATUS}" -ne 0 ]]; then
|
||||||
echo -e "\n###### ERROR: See above for details."
|
echo -e "\n###### ERROR: See above for details."
|
||||||
fi
|
fi
|
||||||
set +e
|
set +e
|
||||||
|
@ -81,14 +81,4 @@ codesign ${CODESIGN_OPTS[@]} "${TARGET}"
|
||||||
echo -e "\n### Verifying signature..."
|
echo -e "\n### Verifying signature..."
|
||||||
codesign --verify --strict=all --deep --verbose=4 "${TARGET}"
|
codesign --verify --strict=all --deep --verbose=4 "${TARGET}"
|
||||||
|
|
||||||
echo -e "\n### Assessing Gatekeeper validation..."
|
|
||||||
if [[ -d "${TARGET}" ]]; then
|
|
||||||
spctl --assess --type execute --verbose=2 "${TARGET}"
|
|
||||||
else
|
|
||||||
echo "WARNING: The 'open' type security assesment is disabled due to lack of 'Notarization'"
|
|
||||||
# Issue: https://github.com/status-im/status-mobile/pull/9172
|
|
||||||
# Details: https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution
|
|
||||||
#spctl --assess --type open --context context:primary-signature --verbose=2 "${OBJECT}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo -e "\n###### DONE"
|
echo -e "\n###### DONE"
|
||||||
|
|
Loading…
Reference in New Issue