sign-macos-pkg.sh: move gatekeeper verification

This now fails when the app is signed with a new certificate
create from our new Apple organization but is not notarized:
```
tmp/macos/dist/Status.app: rejected
source=Unnotarized Developer ID
```
I actually have absolutely no idea why this verification worked
with the old certificate, but it did.

For that reason I'm moving it to after notarization.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
Jakub Sokołowski 2023-08-10 19:57:33 +02:00 committed by Jakub
parent 0676f49f4c
commit 49ec6962b1
2 changed files with 8 additions and 11 deletions

View File

@ -64,4 +64,11 @@ fi
# Optional but preferrable to attach the ticket to the bundle.
echo -e "\n### Stapling Notarization Ticket..."
xcrun stapler staple "${BUNDLE_PATH}"
echo -e "\n### Validating Signature and Notarization..."
spctl --verbose=2 \
--assess --type open \
--context context:primary-signature \
"${BUNDLE_PATH}"
exit $?

View File

@ -17,7 +17,7 @@ CODESIGN_OPTS_EXTRA=("${@}")
function clean_up {
STATUS=$?
if [[ "${STATUS}" -eq 0 ]]; then
if [[ "${STATUS}" -ne 0 ]]; then
echo -e "\n###### ERROR: See above for details."
fi
set +e
@ -81,14 +81,4 @@ codesign ${CODESIGN_OPTS[@]} "${TARGET}"
echo -e "\n### Verifying signature..."
codesign --verify --strict=all --deep --verbose=4 "${TARGET}"
echo -e "\n### Assessing Gatekeeper validation..."
if [[ -d "${TARGET}" ]]; then
spctl --assess --type execute --verbose=2 "${TARGET}"
else
echo "WARNING: The 'open' type security assesment is disabled due to lack of 'Notarization'"
# Issue: https://github.com/status-im/status-mobile/pull/9172
# Details: https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution
#spctl --assess --type open --context context:primary-signature --verbose=2 "${OBJECT}"
fi
echo -e "\n###### DONE"