Skip to content

Instantly share code, notes, and snippets.

@tuistit

tuistit/notarize.sh

Created January 2, 2025 12:01
Show Gist options
  • Save tuistit/0e756d7eb5a707d7b215ef4aa8d072d9 to your computer and use it in GitHub Desktop.
Save tuistit/0e756d7eb5a707d7b215ef4aa8d072d9 to your computer and use it in GitHub Desktop.
Download ZIP
A gist that includes bash scripts to sign and notarize CLIs for macOS environments
Raw
notarize.sh
#!/usr/bin/env bash
TEAM_ID="..."
APPLE_ID="..."
APP_SPECIFIC_PASSWORD="..."
RAW_JSON=$(xcrun notarytool submit "notarization-bundle.zip" \
--apple-id "$APPLE_ID" \
--team-id "$TEAM_ID" \
--password "$APP_SPECIFIC_PASSWORD" \
--output-format json)
echo "$RAW_JSON"
SUBMISSION_ID=$(echo "$RAW_JSON" | jq -r '.id')
echo "Submission ID: $SUBMISSION_ID"
while true; do
STATUS=$(xcrun notarytool info "$SUBMISSION_ID" \
--apple-id "$APPLE_ID" \
--team-id "$TEAM_ID" \
--password "$APP_SPECIFIC_PASSWORD" \
--output-format json | jq -r '.status')
case $STATUS in
"Accepted")
echo -e "Notarization succeeded!"
break
;;
"In Progress")
echo "Notarization in progress... waiting 30 seconds"
sleep 30
;;
"Invalid"|"Rejected")
echo "Notarization failed with status: $STATUS"
xcrun notarytool log "$SUBMISSION_ID" \
--apple-id "$APPLE_ID" \
--team-id "$TEAM_ID" \
--password "$APP_SPECIFIC_PASSWORD"
exit 1
;;
*)
echo "Unknown status: $STATUS"
exit 1
;;
esac
done
Raw
setup-temporary-keychain.sh
#!/usr/bin/env bash
TMP_DIR=$(mktemp -d)
KEYCHAIN_PASSWORD="...."
CERTIFICATE_PASSWORD="...."
KEYCHAIN_PATH=$TMP_DIR/keychain.keychain
CERTIFICATE_PATH=$TMP_DIR/certificate.p12
echo "$BASE_64_CERTIFICATE" | base64 --decode > $CERTIFICATE_PATH
security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security default-keychain -s $KEYCHAIN_PATH
security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_PATH
security import $CERTIFICATE_PATH -P $CERTIFICATE_PASSWORD -A
Raw
sign.sh
#!/usr/bin/env bash
CERTIFICATE_NAME="...."
/usr/bin/codesign --sign "$CERTIFICATE_NAME" --timestamp --options runtime --verbose /path/to/your/cli
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment