app_tar.sh
#!/bin/bash
#################################
# 制作dmg镜像
#################################
### 变量声明
gitDir="/Volumes/vs2015/demo"
# 工程目录
projectDir="$gitDir/src/chai"
# 编译目录
buildDir="$HOME/qt/build/chai-Release"
# 应用程序名
appName="chai"
# 镜像目录
dmgDir="$HOME/Desktop/$appName"
# 证书
identity="Developer ID Application: XXXXX (MVGBX5DTX9)"
qtVersion="5.9.6"
### 工程编译
echo "**************************************** start make ****************************************"
rm -rf $buildDir
mkdir -p $buildDir
cd $buildDir
# 获取环境变量VERSION,以及获取的版本md5值
buildVer="${VERSION} 2e923332a004adcad600236a2f27ccab45e8b93c"
# 修改pro的DEFINES VER_CHAI变量,修改版本宏的变量
sed -i "" "s/VER_CHAI=.*/VER_CHAI=\\\\\"\\\\\\\\\\\\\"${buildVer}\\\\\"\\\\\\\\\\\\\"/g" $projectDir/chai.pro
$HOME/Qt${qtVersion}/${qtVersion}/clang_64/bin/qmake $projectDir/chai.pro -o $buildDir
make -j 4
if [ $? -ne 0 ]; then exit -1; fi
### 拷贝其他资源文件
echo "**************************************** copy resources ****************************************"
resArr=(
cfg.db
Resources/appIcon.icns
)
# 由于资源都在windows存放,会存在权限不正确的现象
for res in ${resArr[@]}
do
# 对资源里的目录进行权限调整:对文件修改为666,对目录修改为755
if [ -d "$projectDir/$res" ];then
cp -r $projectDir/$res $appName.app/Contents/Resources/$(basename $res)
find $appName.app/Contents/Resources/$(basename $res) -type d -exec chmod 755 {} \;
find $appName.app/Contents/Resources/$(basename $res) -type f -exec chmod 666 {} \;
# 对资源里的dylib进行权限调整
elif [ "dylib" == "${res##*.}" ];then
cp $projectDir/$res $appName.app/Contents/Resources/
chmod 755 $appName.app/Contents/Resources/$(basename $res)
# 对其他普通文件权限进行调整
else
cp $projectDir/$res $appName.app/Contents/Resources/
chmod 666 $appName.app/Contents/Resources/$(basename $res)
fi
done
### 拷贝dmg资源,供appdmg使用
resArr=(
Resources/install_bg.png
Resources/dmg.json
)
for res in "${resArr[@]}"
do
cp $projectDir/$res .
done
### 拷贝qt相关的资源、文件、so
echo "**************************************** copy qt resources ****************************************"
$HOME/Qt${qtVersion}/${qtVersion}/clang_64/bin/macdeployqt $appName.app -qmldir=$projectDir
# 设置Info.plist文件
infoArr=(
# 应用程序图标
"Set :CFBundleIconFile appIcon.icns"
"Set :CFBundleIdentifier 'com.chai.demo'"
# 设置网页启动
"Add :CFBundleURLTypes array"
"Add :CFBundleURLTypes:0 dict"
"Add :CFBundleURLTypes:0:CFBundleTypeRole string 'Editor'"
"Add :CFBundleURLTypes:0:CFBundleURLName string 'com.chai.demo'"
"Add :CFBundleURLTypes:0:CFBundleURLSchemes array"
# 设置启动的 scheme
"Add :CFBundleURLTypes:0:CFBundleURLSchemes:0 string 'chai_demo'"
)
for info in "${infoArr[@]}"
do
/usr/libexec/PlistBuddy -c "$info" $appName.app/Contents/Info.plist
done
### 开始签名
echo "**************************************** signature ****************************************"
function signature()
{
# 证书解锁,输入密码交互
(/usr/bin/expect <<-EOF
spawn security unlock-keychain login.keychain
expect {
"password*" { send "123456\r" }
}
expect eof
EOF
)
# 这句话在脚本里一定要有,不然公证的时候可能会出现奇葩的问题
plutil -convert xml1 "$projectDir/../script/chai.entitlements"
codesign -f --deep --timestamp -o runtime -v --entitlements "$projectDir/../script/chai.entitlements" -s "$identity" "$1"
}
signature "$appName.app"
# 制作dmg镜像文件
echo "**************************************** tar dmg ****************************************"
rm ${appName}-${VERSION}.dmg
# https://github.com/LinusU/node-appdmg 查看具体安装方法及配置说明
appdmg dmg.json ${appName}-${VERSION}.dmg
# 插入公证的shell脚本位置
mv ${appName}-${VERSION}.dmg $HOME/Desktop
查看appdmg具体安装方法及配置说明
公证需要codesign的时候加上-o runtime参数,加上了此参数,就需要给app赋予权限,否则会导致运行时的崩溃。chai.entitlements就是权限的描述文件
-
errSecInternalComponent:错误的其中一种情况
启动台->其他->钥匙串访问
钥匙串选择登陆
种类选择证书
找到签名的证书,展开,找到种类为专用秘钥的钥匙串,双击,点击访问控制,将访问权限改为允许所有应用程序访问此项目
chai.entitlements
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.cs.disable-executable-page-protection</key>
<true/>
</dict>
</plist>
查看chai.entitlements权限说明
如果不清楚里面具体的含义,建议把上述的配置文件的权限如数加上,减少不必要的问题。其他权限可以根据需求来定
dmg.json
{
"title": "chai",
"icon-size": 128,
"background": "install_bg.png",
"contents": [
{ "x": 230, "y": 190, "type": "file", "path": "chai.app" },
{ "x": 550, "y": 190, "type": "link", "path": "/Applications" }
],
"window": {
"size": {
"width": 770,
"height": 500
}
},
"format": "UDZO"
}
notarization.sh
#!/bin/bash
#################################
# 公证dmg镜像安装包
#################################
# appleID
notarizationUser="chai@email.com"
# 公证密码,不是appleID密码,需要到 https://appleid.apple.com 生成app专用密码,生成的格式如下
notarizationPasswd="xxxx-xxxx-xxxx-xxxx"
# 与打包脚本的CFBundleIdentifier一致
bundleId="com.chai.demo"
# 证书里面()的内容
identityId="MVGBX5DTX9"
cd $HOME/Desktop
### 开始公证
function notarizationApp()
{
appName="$1"
echo "**************************************** notarization $appName ****************************************"
uploadInfo=$(xcrun altool --notarize-app --primary-bundle-id "$bundleId" --username "$notarizationUser" --password "$notarizationPasswd" --asc-provider "$identityId" --file ${appName}-${VERSION}.dmg)
uploadUUID=$(echo $uploadInfo | awk '{print $7}')
echo "uploadUUID:$uploadUUID"
# 循环查询公证结果
echo "**************************************** start waiting notarization ****************************************"
sleep 120
while :
do
status=$(xcrun altool --notarization-info "$uploadUUID" --username "$notarizationUser" --password "$notarizationPasswd" | grep "Status: " | awk -F":" '{print $2}')
if [ " in progress" == "$status" ];then
echo "**************************************** waiting notarization ****************************************"
sleep 30
elif [ " success" == "$status" ]; then
echo "**************************************** notarization success ****************************************"
break
else
echo "**************************************** notarization error ****************************************"
exit
fi
done
# 对dmg添加票据
xcrun stapler staple -v ${appName}-${VERSION}.dmg
}
notarizationApp "chai"
identityId获取方法,执行xcrun altool --list-providers -u "$notarizationUser" -p "$notarizationPasswd"即可获取
- 问题 Embedded entitlements are invalid: syntax error near line 1
使用spctl --verbose=4 --assess --type chai.app查看签名没有问题,但是公证的时候会遇到以下问题
{
"severity": "error",
"code": null,
"path": "chai-V1.0.0.dmg/chai.app/Contents/Frameworks/QtCore.framework/Versions/5/QtCore",
"message": "Embedded entitlements are invalid: syntax error near line 1",
"docUrl": null,
"architecture": null
}
是因为chai.entitlements格式不正确,一般在windows、mac混用会出现的问题,使用以下命令进行转换平台格式即可
plutil -convert xml1 "chai.entitlements"
