diff --git a/.github/workflows/build_slim_packages.yaml b/.github/workflows/build_slim_packages.yaml index 2e7b658cf..2793d9074 100644 --- a/.github/workflows/build_slim_packages.yaml +++ b/.github/workflows/build_slim_packages.yaml @@ -124,7 +124,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - uses: emqx/self-hosted-cleanup-action@v1.0.3 - if: matrix.os == macos-12-arm64 + if: ${{ matrix.os == 'macos-12-arm64' }} - uses: actions/checkout@v3 with: fetch-depth: 0 # clone full git history diff --git a/build b/build index f0adb79d0..e740ff3b3 100755 --- a/build +++ b/build @@ -236,10 +236,18 @@ make_zip() { # --apple-id \ # --password # --team-id - xcrun notarytool submit \ - --apple-id "${APPLE_ID}" \ - --password "${APPLE_ID_PASSWORD}" \ - --team-id "${APPLE_TEAM_ID}" "${target_zip}" --wait + echo 'Submitting the package for notarization to Apple (normally takes about a minute)' + notarytool_output="$(xcrun notarytool submit \ + --apple-id "${APPLE_ID}" \ + --password "${APPLE_ID_PASSWORD}" \ + --team-id "${APPLE_TEAM_ID}" "${target_zip}" \ + --no-progress \ + --wait)" + echo "$notarytool_output" + echo "$notarytool_output" | grep -q 'status: Accepted' || { + echo 'Notarization failed'; + exit 1; + } fi # sha256sum may not be available on macos openssl dgst -sha256 "${target_zip}" | cut -d ' ' -f 2 > "${target_zip}.sha256" diff --git a/scripts/macos-sign-binaries.sh b/scripts/macos-sign-binaries.sh index 384744b2a..135730694 100755 --- a/scripts/macos-sign-binaries.sh +++ b/scripts/macos-sign-binaries.sh @@ -43,10 +43,24 @@ done security -v list-keychains -s "${keychain_names[@]}" "${KEYCHAIN}" # known runtime executables and binaries -codesign -s "${APPLE_DEVELOPER_IDENTITY}" -f --verbose=4 --timestamp --options=runtime "${REL_DIR}"/erts-*/bin/{beam.smp,dyn_erl,epmd,erl,erl_call,erl_child_setup,erlexec,escript,heart,inet_gethost,run_erl,to_erl} -codesign -s "${APPLE_DEVELOPER_IDENTITY}" -f --verbose=4 --timestamp --options=runtime "${REL_DIR}"/lib/runtime_tools-*/priv/lib/{dyntrace.so,trace_ip_drv.so,trace_file_drv.so} -codesign -s "${APPLE_DEVELOPER_IDENTITY}" -f --verbose=4 --timestamp --options=runtime "${REL_DIR}"/lib/os_mon-*/priv/bin/{cpu_sup,memsup} +codesign -s "${APPLE_DEVELOPER_IDENTITY}" -f --verbose=4 --timestamp --options=runtime \ + "${REL_DIR}"/erts-*/bin/{beam.smp,dyn_erl,epmd,erl,erl_call,erl_child_setup,erlexec,escript,heart,inet_gethost,run_erl,to_erl} +codesign -s "${APPLE_DEVELOPER_IDENTITY}" -f --verbose=4 --timestamp --options=runtime \ + "${REL_DIR}"/lib/runtime_tools-*/priv/lib/{dyntrace.so,trace_ip_drv.so,trace_file_drv.so} +codesign -s "${APPLE_DEVELOPER_IDENTITY}" -f --verbose=4 --timestamp --options=runtime \ + "${REL_DIR}"/lib/os_mon-*/priv/bin/{cpu_sup,memsup} # other files from runtime and dependencies -for f in asn1rt_nif.so bcrypt_nif.so crypto.so otp_test_engine.so crypto_callback.so jiffy.so crc32cer_nif.so sasl_auth.so snappyer.so odbcserver; do +for f in \ + asn1rt_nif.so \ + bcrypt_nif.so \ + crypto.so \ + otp_test_engine.so \ + crypto_callback.so \ + jiffy.so \ + crc32cer_nif.so \ + sasl_auth.so \ + snappyer.so \ + odbcserver \ + ; do find "${REL_DIR}"/lib/ -name "$f" -exec codesign -s "${APPLE_DEVELOPER_IDENTITY}" -f --verbose=4 --timestamp --options=runtime {} \; done