mirror of
https://gitlab.com/kelteseth/ScreenPlay.git
synced 2024-11-26 04:33:06 +01:00
Add docs
This commit is contained in:
parent
19ce4ce823
commit
fab7d0f4c3
@ -49,14 +49,55 @@ xcrun notarytool store-credentials
|
|||||||
```
|
```
|
||||||
|
|
||||||
1. Profile name:
|
1. Profile name:
|
||||||
- Profile name: tachiom
|
- Profile name: ScreenPlay
|
||||||
2. Path to App Store Connect API private key:
|
2. Path to App Store Connect API private key:
|
||||||
- `/Users/eliassteurer/Documents/AuthKey_xxxxxxx.p8`
|
- Path to App Store Connect API private key: `/Users/eliassteurer/Documents/AuthKey_xxxxxxx.p8`
|
||||||
3. App Store Connect API Key ID:
|
3. App Store go to : https://appstoreconnect.apple.com/access/api
|
||||||
- KEY ID at: https://appstoreconnect.apple.com/access/api
|
- Klick Keys in the top menu. Then you can answer the next two questions:
|
||||||
4. App Store Connect API Issuer ID:
|
- App Store Connect API Key ID: There is a list of `Active` names, generated by. Use this `KEY ID`
|
||||||
- USER ID at: https://appstoreconnect.apple.com/access/api
|
- App Store Connect API Issuer ID: Then copy the `Issuer ID` above it
|
||||||
|
- __IMPORTANT__: The Profile name must match the one set in:
|
||||||
|
```xcrun notarytool submit ScreenPlay.app.zip --keychain-profile 'ScreenPlay' --wait```
|
||||||
|
|
||||||
|
Example output:
|
||||||
|
```
|
||||||
|
eliassteurer@Eliass-Mac-mini Tools % xcrun notarytool store-credentials
|
||||||
|
|
||||||
|
This process stores your credentials securely in the Keychain. You reference these credentials later using a profile name.
|
||||||
|
|
||||||
|
Profile name:
|
||||||
|
xxxxxxx
|
||||||
|
We recommend using App Store Connect API keys for authentication. If you'd like to authenticate with an Apple ID and app-specific password instead, leave this unspecified.
|
||||||
|
|
||||||
|
Path to App Store Connect API private key:
|
||||||
|
/Users/xxxxxxxxxx/Documents/AuthKey_xxxxxxxxxxx.p8
|
||||||
|
App Store Connect API Key ID:
|
||||||
|
ScreenPlay
|
||||||
|
App Store Connect API Issuer ID:
|
||||||
|
xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
|
||||||
|
Validating your credentials...
|
||||||
|
Success. Credentials validated.
|
||||||
|
Credentials saved to Keychain.
|
||||||
|
To use them, specify `--keychain-profile "xxxxxxx"`
|
||||||
|
eliassteurer@Eliass-Mac-mini Tools % --keychain-profile "ScreenPlay"
|
||||||
|
```
|
||||||
|
|
||||||
|
## Add your credentials to the system:
|
||||||
|
See: https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/customizing_the_notarization_workflow
|
||||||
|
```
|
||||||
|
xcrun notarytool store-credentials "ScreenPlay"
|
||||||
|
--apple-id "AC_USERNAME"
|
||||||
|
--team-id <WWDRTeamID>
|
||||||
|
--password <secret_2FA_password>
|
||||||
|
```
|
||||||
|
- `AC_USERNAME` = Your email or something you set at AppleID (email): https://appleid.apple.com/account/manage/section/security
|
||||||
|
https://stackoverflow.com/questions/56890749/macos-notarize-in-script
|
||||||
|
- `WWDRTeamID` = Go to https://appstoreconnect.apple.com/access/users click on your listed user and copy the `xxxxxxx` from:
|
||||||
|
```
|
||||||
|
Team ID
|
||||||
|
XXXXXXXXXX View Membership Details
|
||||||
|
```
|
||||||
|
- `password` = Go to https://appleid.apple.com/account/manage/section/security then to `App-specific passwords` and use this password. This will not display you the password, but you can simply remove it, generate a new under the same name and copy the displayed password.
|
||||||
|
|
||||||
## Get an App-Specific Password
|
## Get an App-Specific Password
|
||||||
https://stackoverflow.com/questions/56890749/macos-notarize-in-script
|
https://stackoverflow.com/questions/56890749/macos-notarize-in-script
|
||||||
@ -64,15 +105,11 @@ https://stackoverflow.com/questions/56890749/macos-notarize-in-script
|
|||||||
security add-generic-password -a "kelteseth@gmail.com" -w "xxxx-xxx-xxx-xxx" -s "Developer ID Application: Elias Steurer (V887LHYKRH)"
|
security add-generic-password -a "kelteseth@gmail.com" -w "xxxx-xxx-xxx-xxx" -s "Developer ID Application: Elias Steurer (V887LHYKRH)"
|
||||||
```
|
```
|
||||||
|
|
||||||
## Upload to apple for notization
|
## Troubleshooting
|
||||||
We use [xcnotary](https://github.com/akeru-inc/xcnotary) tools for fast automatic upload. Install it via brew:
|
```
|
||||||
|
Processing complete
|
||||||
`brew install akeru-inc/tap/xcnotary`
|
id: xxxxxx-xxxxxx-xxxx-xxxxx-xxxxx
|
||||||
|
status: Invalid
|
||||||
Then run it with the
|
```
|
||||||
- `*.app` name
|
Run the follwoing if you get an signing error:
|
||||||
- `-d` the developer account email and
|
`xcrun notarytool log --apple-id "xxxxx@xxxx.com" --password "xxxx-xxxx-xxxx-xxxx" --team-id "xxxxxxxxxxx" <ID>`
|
||||||
- `-k` command is here the keychain name that contains your password from the app password step above!
|
|
||||||
|
|
||||||
`xcnotary notarize ScreenPlay.app -d yourDeveloperAccountEmail@example.com -k ScreenPlay`
|
|
||||||
|
|
||||||
|
@ -3,16 +3,17 @@
|
|||||||
from build import BuildConfig
|
from build import BuildConfig
|
||||||
from util import run
|
from util import run
|
||||||
from sys import stdout
|
from sys import stdout
|
||||||
|
import time
|
||||||
|
|
||||||
stdout.reconfigure(encoding='utf-8')
|
stdout.reconfigure(encoding='utf-8')
|
||||||
|
|
||||||
def sign(build_config: BuildConfig):
|
def sign(build_config: BuildConfig):
|
||||||
print("Run codedesign")
|
print("Run codedesign")
|
||||||
run("codesign --deep -f -s \"Developer ID Application: Elias Steurer (V887LHYKRH)\" --timestamp --options \"runtime\" -f --entitlements \"../../ScreenPlay/entitlements.plist\" --deep \"ScreenPlay.app/\"",
|
run("codesign --deep -f -s 'Developer ID Application: Elias Steurer (V887LHYKRH)' --timestamp --options 'runtime' -f --entitlements '../../ScreenPlay/entitlements.plist' --deep 'ScreenPlay.app/' ",
|
||||||
cwd=build_config.bin_dir)
|
cwd=build_config.bin_dir)
|
||||||
|
|
||||||
print("Run codedesign verify")
|
print("Run codedesign verify")
|
||||||
run("codesign --verify --verbose=4 \"ScreenPlay.app/\"",
|
run("codesign --verify --verbose=4 'ScreenPlay.app/'",
|
||||||
cwd=build_config.bin_dir)
|
cwd=build_config.bin_dir)
|
||||||
|
|
||||||
# TODO: Replace with https://github.com/akeru-inc/xcnotary/issues/22#issuecomment-1179170957
|
# TODO: Replace with https://github.com/akeru-inc/xcnotary/issues/22#issuecomment-1179170957
|
||||||
@ -23,14 +24,18 @@ def sign(build_config: BuildConfig):
|
|||||||
print("Packing .apps for upload")
|
print("Packing .apps for upload")
|
||||||
run("ditto -c -k --keepParent 'ScreenPlay.app' 'ScreenPlay.app.zip'", cwd=build_config.bin_dir)
|
run("ditto -c -k --keepParent 'ScreenPlay.app' 'ScreenPlay.app.zip'", cwd=build_config.bin_dir)
|
||||||
|
|
||||||
|
# run this if you get an error:
|
||||||
|
# `xcrun notarytool log --apple-id "xxxxx@xxxx.com" --password "xxxx-xxxx-xxxx-xxxx" --team-id "xxxxxxxxxxx" <ID>`
|
||||||
|
# Processing complete
|
||||||
|
# id: xxxxxx-xxxxxx-xxxx-xxxxx-xxxxx
|
||||||
|
# status: Invalid
|
||||||
print("Run xcnotary submit")
|
print("Run xcnotary submit")
|
||||||
run("xcrun notarytool submit ScreenPlay.app.zip --keychain-profile 'ScreenPlay' --wait", cwd=build_config.bin_dir)
|
run("xcrun notarytool submit --keychain-profile 'ScreenPlay' ScreenPlay.app.zip --wait", cwd=build_config.bin_dir)
|
||||||
|
|
||||||
print("Run stapler staple")
|
print("Run stapler staple")
|
||||||
run("xcrun stapler staple ScreenPlay.app", cwd=build_config.bin_dir)
|
run("xcrun stapler staple ScreenPlay.app", cwd=build_config.bin_dir)
|
||||||
|
|
||||||
print("Run spctl assess")
|
print("Run spctl assess")
|
||||||
run("spctl --assess --verbose \"ScreenPlay.app/\"", cwd=build_config.bin_dir)
|
run("spctl --assess --verbose 'ScreenPlay.app/'", cwd=build_config.bin_dir)
|
||||||
|
|
||||||
print("Remove *.app.zip files.")
|
print("Remove *.app.zip files.")
|
||||||
run("rm ScreenPlay.app.zip", cwd=build_config.bin_dir)
|
run("rm ScreenPlay.app.zip", cwd=build_config.bin_dir)
|
||||||
|
Loading…
Reference in New Issue
Block a user