Merge Apple Notary tool fixes back to main

AiraYumi · Apr 2, 2024 · 734b9a9 · 734b9a9
2 parents 26bdff6 + d3501a0
commit 734b9a9
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 42 deletions.
diff --git a/.github/workflows/build_viewer.yml b/.github/workflows/build_viewer.yml
@@ -178,6 +178,8 @@ jobs:
           echo -n "$FS_CERT_PASS" >${build_secrets_checkout}/code-signing-osx/password.txt
           echo -n "$NOTARIZE_CREDS" | base64 --decode --output ${build_secrets_checkout}/code-signing-osx/notarize_creds.sh
           security create-keychain -p "$FS_KEYCHAIN_PASS" ~/Library/Keychains/viewer.keychain
+          # notarize tool uses a specific database keychain by default we need to override this to ours.
+          security default-keychain -s viewer.keychain
           security set-keychain-settings -lut 21600 ~/Library/Keychains/viewer.keychain
           security unlock-keychain -p "$FS_KEYCHAIN_PASS" ~/Library/Keychains/viewer.keychain
           security import ${build_secrets_checkout}/code-signing-osx/fs-cert.p12 -P "$FS_CERT_PASS" -A -t cert -f pkcs12 -k ~/Library/Keychains/viewer.keychain

diff --git a/indra/newview/installers/darwin/apple-notarize.sh b/indra/newview/installers/darwin/apple-notarize.sh
@@ -11,43 +11,27 @@ if [[ -f "$CONFIG_FILE" ]]; then
     zip_file=${app_file/app/zip}
     ditto -c -k --keepParent "$app_file" "$zip_file"
     if [[ -f "$zip_file" ]]; then
-        res=$(xcrun altool --notarize-app --primary-bundle-id "org.firestormviewer.firestorm" \
-                                   --username $USERNAME \
-                                   --password $PASSWORD \
-                                   --asc-provider $ASC_PROVIDER \
-                                   --file "$zip_file" 2>&1)
+        # res=$(xcrun notarytool store-credentials \
+        #                         viewer.profile \
+        #                         --verbose 2>*1)
+        # echo $res
+        res=$(xcrun notarytool submit "$zip_file" \
+                                --apple-id $USERNAME \
+                                --password $PASSWORD \
+                                --verbose \
+                                --wait 2>&1)
+        echo "Notarytool submit:"
         echo $res
 
-        requestUUID=$(echo $res | awk '/RequestUUID/ { print $NF; }')
-        if [[ -n $requestUUID ]]; then
-            in_progress=1
-            while [[ $in_progress -eq 1 ]]; do
-                sleep 30
-                res=$(xcrun altool --notarization-info "$requestUUID" \
-                                            --username $USERNAME \
-                                            --password $PASSWORD 2>&1)
-                if [[ $res != *"in progress"* ]]; then 
-                    in_progress=0
-                fi
-                echo "."
-            done
-            # log results
-            echo $res
+        [[ "$res" =~ 'id: '([^[:space:]]+) ]]
+        match=$?
 
-            #remove temporary file
-            rm "$zip_file"
-
-            if [[ $res == *"success"* ]]; then
-                xcrun stapler staple "$app_file"
-                exit 0
-            elif [[ $res == *"invalid"* ]]; then
-                echo "Notarization error: failed to process the app file"
-                exit 1
-            else
-                echo "Notarization error: unknown response status"
-            fi
+        if [[ ! $match -eq 0 ]]; then
+            echo "Running Stapler"
+            xcrun stapler staple "$app_file"
+            exit 0
         else
-            echo "Notarization error: couldn't get request UUID"
+            echo "Notarization error"
             exit 1
         fi
     else

diff --git a/scripts/configure_firestorm.sh b/scripts/configure_firestorm.sh
@@ -620,15 +620,9 @@ if [ $WANTS_BUILD -eq $TRUE ] ; then
             make -j $JOBS | tee -a $LOG
         fi
     elif [ $TARGET_PLATFORM == "windows" ] ; then
-        if [ "${AUTOBUILD_VSVER}" -ge 170 ] ; then
-            msbuild.exe Firestorm.sln -p:Configuration=${BTYPE} -flp:LogFile="logs\\FirestormBuild_win-${AUTOBUILD_ADDRSIZE}.log" \
-                -flp1:"errorsonly;LogFile=logs\\FirestormBuild_win-${AUTOBUILD_ADDRSIZE}.err" -p:Platform=${AUTOBUILD_WIN_VSPLATFORM} -t:Build -p:useenv=true \
-                -verbosity:normal -toolsversion:Current -p:"VCBuildAdditionalOptions= /incremental"
-        else
-            msbuild.exe Firestorm.sln -p:Configuration=${BTYPE} -flp:LogFile="logs\\FirestormBuild_win-${AUTOBUILD_ADDRSIZE}.log" \
-                -flp1:"errorsonly;LogFile=logs\\FirestormBuild_win-${AUTOBUILD_ADDRSIZE}.err" -p:Platform=${AUTOBUILD_WIN_VSPLATFORM} -t:Build -p:useenv=true \
-                -verbosity:normal -toolsversion:15.0 -p:"VCBuildAdditionalOptions= /incremental"
-        fi
+        msbuild.exe Firestorm.sln -p:Configuration=${BTYPE} -flp:LogFile="logs\\FirestormBuild_win-${AUTOBUILD_ADDRSIZE}.log" \
+            -flp1:"errorsonly;LogFile=logs\\FirestormBuild_win-${AUTOBUILD_ADDRSIZE}.err" -p:Platform=${AUTOBUILD_WIN_VSPLATFORM} -t:Build -p:useenv=true \
+            -verbosity:normal -toolsversion:Current -p:"VCBuildAdditionalOptions= /incremental"
     fi
     # Check the return code of the build command
     if [ $? -ne 0 ]; then