签名脚本
bash
function traverseCodesign() {
targetDir="$1"
echo "traverseCodesign in dir:$targetDir"
echo "pwd:$(pwd)"
# 检查目标目录是否存在
if [ ! -d "$targetDir" ]; then
echo "Error: Directory does not exist: $targetDir"
return 1 # 返回错误码 1 表示目录不存在
fi
# 获取当前工作目录的名称
current_dir=$(basename "${targetDir}")
# 检查目录名称是否以 .framework 结尾
if [[ "$current_dir" == *.framework ]]; then
echo "codesign ${targetDir}"
codesign --force --options runtime --timestamp -s "${cert}" "${targetDir}"
return 0
fi
# 进入目标目录
cd "$targetDir" || return 1 # 如果 cd 失败,也返回错误码 1
# 遍历当前目录下的所有文件和子目录
for file in *; do
# 使用 file 命令获取文件类型描述
file_type=$(file "${file}")
if [ -d "$file" ]; then
# 如果是子目录,递归调用 traverseCodesign
traverseCodesign "$file"
# 签名动态库、静态库、可执行文件,其他文件不需要签名
elif [[ "$file_type" =~ "Mach-O dynamically linked shared library" ]] || \
[[ "$file_type" =~ "Mach-O 64-bit dynamically linked shared library" ]] || \
[[ "$file_type" =~ "current ar archive" ]] || \
[[ "$file_type" =~ "Mach-O executable" ]]; then
# 移除可能存在的旧签名并重新签名
codesign --remove-signature "$file" 2>/dev/null
echo "codesign $file"
codesign --force --options runtime --timestamp -s "${cert}" "$file"
fi
done
# 返回上一级目录
cd ..
}
codesign --deep --force --timestamp --options "runtime" -s "${cert}" ${apppath}/Contents/MacOS/appname
codesign --deep --force --timestamp --options "runtime" -s "${cert}" ${apppath}验证签名是否生效的命令
bash
codesign -vvv --deep ${apppath}
spctl --verbose=4 --assess --type execute ${apppath}
codesign --verify --verbose ${apppath}公证脚本
bash
cp -RP name.app Applications
delete_if_exists Applications.zip
zip --symlinks -r -q -X Applications.zip ./Applications
echo "Submitting app for notarization..."
xcrun notarytool submit --apple-id "$USERNAME" --password "$PASSWORD" --team-id "$PROVIDER" --wait Applications.zip 2>&1 | tee tmp
# 检查提交是否成功
if [[ $? -ne 0 ]]; then
echo "Failed to submit app for notarization."
cat tmp
exit 1
fi
echo tmp
# 提取 UUID
UUID=$(cat tmp | grep -Eo '\w{8}-(\w{4}-){3}\w{12}' | head -n 1)
echo "Submission successful. UUID: $UUID"
# 检查公证结果
while true; do
echo "Checking notarization status..."
xcrun notarytool info "$UUID" --apple-id "$USERNAME" --password "$PASSWORD" --team-id "$PROVIDER" 2>&1 | tee tmp
cat tmp
# 检查输出
STATUS=$(cat tmp | grep "status" | awk '{print $2}' | tr -d '"')
echo "Current status: $STATUS"
if [[ "$STATUS" == "Accepted" ]]; then
echo "Notarization successful!"
break
elif [[ "$STATUS" == "Invalid" ]]; then
echo "Notarization failed."
cat tmp
exit 1
else
echo "Notarization not completed yet. Waiting 20 seconds..."
sleep 20
fi
done
# Staple 签名
echo "Stapling notarization ticket to app..."
xcrun stapler staple "$APP_NAME"验证公证是否成功
bash
xcrun stapler validate /path/to/YourApp.app
spctl -a -t open --context context:primary-signature -vvv /path/to/your.app