2021-12-18 01:06:31 +08:00
#!/bin/bash
function cleanup ( ) {
echo "Cleaning up any existing Telegraf or Telegraf.app"
printf "\n"
rm -rf Telegraf
rm -rf Telegraf.app
}
2023-06-16 01:25:47 +08:00
function archive_notarize( )
{
target = " ${ 1 } "
# submit archive for notarization, extract uuid
uuid = " $(
# This extracts the value from `notarytool's` output. Unfortunately,
# the 'id' is written to multiple times in the output. This requires
# `awk` to `exit` after the first instance. However, doing so closes
# `stdout` for `notarytool` which results with error code 141. This
# takes the *complete* output from `notarytool` then
# parses it with `awk`.
awk '{ if ( $1 == "id:" ) { $1 = ""; print $0; exit 0; } }' \
<<< " $(
# shellcheck disable=SC2154
xcrun notarytool submit \
--apple-id " ${ AppleUsername } " \
--password " ${ ApplePassword } " \
--team-id 'M7DN9H35QT' \
" ${ target } "
) "
) "
shopt -s extglob
uuid = " ${ uuid %%+([[ : space : ]]) } " # strips leading whitespace
uuid = " ${ uuid ##+([[ : space : ]]) } " # strips trailing whitespace
if [ [ -z " ${ uuid } " ] ] ; then
exit 1
fi
# loop until notarization is complete
while true ; do
sleep 10
response = " $(
# This extracts the value from `notarytool's` output. Unfortunately,
# the 'id' is written to multiple times in the output. This requires
# `awk` to `exit` after the first instance. However, doing so closes
# `stdout` for `notarytool` which results with error code 141. This
# takes the *complete* output from `notarytool` then
# parses it with `awk`.
awk '{ if ( $1 == "status:" ) { $1 = ""; print $0; exit 0; } }' \
<<< " $(
# shellcheck disable=SC2154
xcrun notarytool info \
--apple-id " ${ AppleUsername } " \
--password " ${ ApplePassword } " \
--team-id 'M7DN9H35QT' \
" ${ uuid } "
) "
) "
shopt -s extglob
response = " ${ response %%+([[ : space : ]]) } " # strips leading whitespace
response = " ${ response ##+([[ : space : ]]) } " # strips trailing whitespace
if [ [ " ${ response } " != 'In Progress' ] ] ; then
break
fi
done
if [ [ " ${ response } " != 'Accepted' ] ] ; then
exit 1
fi
}
2021-03-05 23:14:01 +08:00
# Acquire the necessary certificates.
2021-12-18 01:06:31 +08:00
# MacCertificate, MacCertificatePassword, AppleSigningAuthorityCertificate are environment variables, to follow convention they should have been all caps.
# shellcheck disable=SC2154
base64 -D -o MacCertificate.p12 <<< " $MacCertificate "
# shellcheck disable=SC2154
sudo security import MacCertificate.p12 -k /Library/Keychains/System.keychain -P " $MacCertificatePassword " -A
# shellcheck disable=SC2154
base64 -D -o AppleSigningAuthorityCertificate.cer <<< " $AppleSigningAuthorityCertificate "
2021-03-05 23:14:01 +08:00
sudo security import AppleSigningAuthorityCertificate.cer -k '/Library/Keychains/System.keychain' -A
2021-12-18 01:06:31 +08:00
amdFile = $( find " $HOME /project/dist " -name "*darwin_amd64.tar*" )
armFile = $( find " $HOME /project/dist " -name "*darwin_arm64.tar*" )
macFiles = ( " ${ amdFile } " " ${ armFile } " )
2022-07-21 22:59:07 +08:00
version = $( make version)
2024-07-24 02:30:46 +08:00
plutil -insert CFBundleShortVersionString -string " $version " ~/project/Info.plist
plutil -insert CFBundleVersion -string " $version " ~/project/Info.plist
2022-07-21 22:59:07 +08:00
2021-12-18 01:06:31 +08:00
for tarFile in " ${ macFiles [@] } " ;
do
cleanup
# Create the .app bundle directory structure
RootAppDir = "Telegraf.app/Contents"
mkdir -p " $RootAppDir "
mkdir -p " $RootAppDir /MacOS "
mkdir -p " $RootAppDir /Resources "
DeveloperID = "Developer ID Application: InfluxData Inc. (M7DN9H35QT)"
2024-07-24 02:30:46 +08:00
# Sign telegraf binary
2021-12-18 01:06:31 +08:00
echo " Extract $tarFile to $RootAppDir /Resources "
tar -xzvf " $tarFile " --strip-components= 2 -C " $RootAppDir /Resources "
printf "\n"
TelegrafBinPath = " $RootAppDir /Resources/usr/bin/telegraf "
codesign --force -s " $DeveloperID " --timestamp --options= runtime " $TelegrafBinPath "
echo " Verify if $TelegrafBinPath was signed "
codesign -dvv " $TelegrafBinPath "
printf "\n"
cp ~/project/scripts/telegraf_entry_mac " $RootAppDir " /MacOS
2024-07-24 02:30:46 +08:00
cp ~/project/Info.plist " $RootAppDir "
2022-03-28 23:47:02 +08:00
cp ~/project/assets/windows/icon.icns " $RootAppDir /Resources "
2021-12-18 01:06:31 +08:00
chmod +x " $RootAppDir /MacOS/telegraf_entry_mac "
2021-03-05 23:14:01 +08:00
2021-12-16 07:26:59 +08:00
# Sign the entire .app bundle, and wrap it in a DMG.
2021-12-18 01:06:31 +08:00
codesign -s " $DeveloperID " --timestamp --options= runtime --deep --force Telegraf.app
baseName = $( basename " $tarFile " .tar.gz)
echo " $baseName "
2021-12-16 07:26:59 +08:00
hdiutil create -size 500m -volname Telegraf -srcfolder Telegraf.app " $baseName " .dmg
2021-12-18 01:06:31 +08:00
codesign -s " $DeveloperID " --timestamp --options= runtime " $baseName " .dmg
2021-03-05 23:14:01 +08:00
2023-06-16 01:25:47 +08:00
archive_notarize " ${ baseName } .dmg "
2021-12-16 07:26:59 +08:00
# Attach the notarization to the DMG.
xcrun stapler staple " $baseName " .dmg
2021-12-18 01:06:31 +08:00
cleanup
2021-12-23 06:50:55 +08:00
mkdir -p ~/project/build/dist
mv " $baseName " .dmg ~/project/build/dist
2021-12-16 07:26:59 +08:00
2021-12-18 01:06:31 +08:00
echo " $baseName .dmg signed and notarized! "
done
