0
0
mirror of https://github.com/nodejs/node.git synced 2024-11-30 07:27:22 +01:00
nodejs/tools/osx-notarize.sh
Rod Vagg 6db6af4057
build: macOS package notarization
Includes hardened-runtime patch from gdams from
https://github.com/nodejs/node/issues/29216#issuecomment-546932966

PR-URL: https://github.com/nodejs/node/pull/31459
Refs: https://github.com/nodejs/node/issues/29216
Reviewed-By: Christian Clauss <cclauss@me.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ash Cripps <ashley.cripps@ibm.com>
Signed-off-by: Rod Vagg <rod@vagg.org>
2020-03-10 20:14:52 +11:00

38 lines
1003 B
Bash
Executable File

#!/bin/bash
# Uses gon, from https://github.com/mitchellh/gon, to notarize a generated node-<version>.pkg file
# with Apple for installation on macOS Catalina and later as validated by Gatekeeper.
set -e
gon_version="0.2.2"
gon_exe="${HOME}/.gon/gon_${gon_version}"
__dirname="$(CDPATH= cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
pkgid="$1"
if [ "X${pkgid}" == "X" ]; then
echo "Usage: $0 <pkgid>"
exit 1
fi
if [ "X$NOTARIZATION_ID" == "X" ]; then
echo "No NOTARIZATION_ID environment var. Skipping notarization."
exit 0
fi
set -x
mkdir -p "${HOME}/.gon/"
if [ ! -f "${gon_exe}" ]; then
curl -sL "https://github.com/mitchellh/gon/releases/download/v${gon_version}/gon_${gon_version}_macos.zip" -o "${gon_exe}.zip"
(cd "${HOME}/.gon/" && rm -f gon && unzip "${gon_exe}.zip" && mv gon "${gon_exe}")
fi
cat tools/osx-gon-config.json.tmpl \
| sed -e "s/{{appleid}}/${NOTARIZATION_ID}/" -e "s/{{pkgid}}/${pkgid}/" \
> gon-config.json
"${gon_exe}" -log-level=info gon-config.json