A bunch more changes for notarising.

fingers crossed.
2024-04-01 22:45:17 +01:00 · 2024-04-01 22:45:17 +01:00 · 9abf29e995
parent adf35472f5
commit 9abf29e995
2 changed files with 13 additions and 31 deletions
--- a/.github/workflows/build_viewer.yml
+++ b/.github/workflows/build_viewer.yml
@ -178,6 +178,8 @@ jobs:
          echo -n "$FS_CERT_PASS" >${build_secrets_checkout}/code-signing-osx/password.txt
          echo -n "$NOTARIZE_CREDS" | base64 --decode --output ${build_secrets_checkout}/code-signing-osx/notarize_creds.sh
          security create-keychain -p "$FS_KEYCHAIN_PASS" ~/Library/Keychains/viewer.keychain
+          # notarize tool uses a specific database keychain by default we need to override this to ours.
+          security default-keychain -s viewer.keychain
          security set-keychain-settings -lut 21600 ~/Library/Keychains/viewer.keychain
          security unlock-keychain -p "$FS_KEYCHAIN_PASS" ~/Library/Keychains/viewer.keychain
          security import ${build_secrets_checkout}/code-signing-osx/fs-cert.p12 -P "$FS_CERT_PASS" -A -t cert -f pkcs12 -k ~/Library/Keychains/viewer.keychain
--- a/indra/newview/installers/darwin/apple-notarize.sh
+++ b/indra/newview/installers/darwin/apple-notarize.sh
@ -12,46 +12,26 @@ if [[ -f "$CONFIG_FILE" ]]; then
    ditto -c -k --keepParent "$app_file" "$zip_file"
    if [[ -f "$zip_file" ]]; then
        res=$(xcrun notarytool store-credentials \
-                                viewer.keychain-db \
+                                viewer.profile \
                                --verbose \
-                                --apple-id $USERNAME \
-                                --password $PASSWORD 2>&1)
        echo $res
        res=$(xcrun notarytool submit "$zip_file" \
-                                --keychain-profile viewer.keychain-db \
+                                --apple-id $USERNAME \
+                                --password $PASSWORD \
                                --verbose \
                                --wait 2>&1)
+        echo "Notarytool submit:"
        echo $res
        
-        requestUUID=$(echo $res | awk '/RequestUUID/ { print $NF; }')
-        if [[ -n $requestUUID ]]; then
-            in_progress=1
-            while [[ $in_progress -eq 1 ]]; do
-                sleep 30
-                res=$(xcrun notarytool info "$requestUUID" \
-                                            --keychain-profile viewer.keychain-db 2>&1)
-                if [[ $res != *"in progress"* ]]; then 
-                    in_progress=0
-                fi
-                echo "."
-            done
-            # log results
-            echo $res
+        [[ "$res" =~ 'id: '([^[:space:]]+) ]]
+        match=$?

-            #remove temporary file
-            rm "$zip_file"
-
-            if [[ $res == *"success"* ]]; then
+        if [[ ! $match -eq 0 ]]; then
+            echo "Running Stapler"
            xcrun stapler staple "$app_file"
            exit 0
-            elif [[ $res == *"invalid"* ]]; then
-                echo "Notarization error: failed to process the app file"
-                exit 1
        else
-                echo "Notarization error: unknown response status"
-            fi
-        else
-            echo "Notarization error: couldn't get request UUID"
+            echo "Notarization error"
            exit 1
        fi
    else