Notarized Qt binaries for OSX

Notarization sh script for automate whole process. Script is created based on several examples found on the web. Links to these examples can be found bellow (mostly thanks to Logcg.com blog).

Notarize DMG file

#!/bin/sh

APPLICATION_PATH=$1
UNDLE_ID="___BUNDLE_ID____"
APPLE_USER="___APPLE_USER____"
APPLE_PASSWORD="___APLE_APPSPECIFIC_PASSWORD___"

 
echo "Running notarize-app command for file $APPLICATION_PATH"
xcrun altool --notarize-app -t osx -f "$APPLICATION_PATH" --primary-bundle-id=$BUNDLE_ID -u $APPLE_USER -p $APPLE_PASSWORD &> notarize-status.txt

echo "Notarize-app complete. Result: "
cat notarize-status.txt

uuid=`cat notarize-status.txt | grep -Eo '\w{8}-(\w{4}-){3}\w{12}$'`
echo "Request UUID is $uuid"

while true; do
    echo "checking for notarization..."
    xcrun altool --notarization-info "$uuid" --username $APPLE_USER --password $APPLE_PASSWORD &> notarize-response.txt
    
    echo "Response:"
    cat notarize-response.txt
    
    t=`cat notarize-response.txt | grep "success"`
    f=`cat notarize-response.txt | grep "invalid"`
    if [[ "$t" != "" ]]; then
        echo "notarization done! Stampling application $APPLICATION_PATH"
        xcrun stapler staple "$APPLICATION_PATH"
        echo "stapler done!"
        break
    fi
    if [[ "$f" != "" ]]; then
        echo "$r"
        return 1
    fi
    echo "not finish yet, sleep 30sec then check again..."
    sleep 30
done

Notarize .app / .zip

#!/bin/sh

APPLICATION_PATH=$1
ZIP_PATH=./application-to-notarize.zip
BUNDLE_ID="___BUNDLE_ID____"
APPLE_USER="___APPLE_USER____"
APPLE_PASSWORD="___APLE_APPSPECIFIC_PASSWORD___"


echo "Packing app $APPLICATION_PATH to zip file $ZIP_PATH"
ditto -ck --rsrc --sequesterRsrc $APPLICATION_PATH $ZIP_PATH
 
echo "Running notarize-app command for file $ZIP_PATH"
xcrun altool --notarize-app -t osx -f "$ZIP_PATH" --primary-bundle-id=$BUNDLE_ID -u $APPLE_USER -p $APPLE_PASSWORD &> notarize-status.txt

echo "Notarize-app complete. Result: "
cat notarize-status.txt

uuid=`cat notarize-status.txt | grep -Eo '\w{8}-(\w{4}-){3}\w{12}$'`
echo "Request UUID is $uuid"

while true; do
    echo "checking for notarization..."
    xcrun altool --notarization-info "$uuid" --username $APPLE_USER --password $APPLE_PASSWORD &> notarize-response.txt
    
    echo "Response:"
    cat notarize-response.txt
    
    t=`cat notarize-response.txt | grep "success"`
    f=`cat notarize-response.txt | grep "invalid"`
    if [[ "$t" != "" ]]; then
        echo "notarization done! Stampling application $APPLICATION_PATH"
        xcrun stapler staple "$APPLICATION_PATH"
        echo "stapler done!"
        break
    fi
    if [[ "$f" != "" ]]; then
        echo "$r"
        return 1
    fi
    echo "not finish yet, sleep 30sec then check again..."
    sleep 30
done

Useful links:

Jenkinks and MacOS application signing

After re-installing our MacOS building machine which we’re using for ORM Designer deploy, we started to getting following message:

./OrmDesigner2.app: User interaction is not allowed.

After short searching on the internet I found it’s required to click on “Always Allow” dialog…. which unfortunately we don’t have on the console ;-).

The trick is in the keychain unlock. For this purpose we can use following command:

security unlock-keychain -pPASSWORD ~/Library/Keychains/login.keychain

That’s all. After this command I’m able to sign my application from Jenkinks command line again.

External links