Merge pull request #702 from kewde/kewde/fix-codesigning

ActivityWatch · Jan 5, 2022 · e62f483 · e62f483
2 parents b515f96 + 68836eb
commit e62f483
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 53 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -146,6 +146,7 @@ jobs:
       env:
         APPLE_EMAIL: ${{ secrets.APPLE_EMAIL }}
         APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
+        APPLE_PERSONALID: ${{ secrets.APPLE_TEAMID }} # APPLE_PERSONAL_ID == APPLE_TEAM_ID for personal accounts
         APPLE_TEAMID: ${{ secrets.APPLE_TEAMID }}
 
     - name: Upload packages

diff --git a/Makefile b/Makefile
@@ -133,18 +133,15 @@ aw-qt/media/logo/logo.icns:
 	mv build/MyIcon.icns aw-qt/media/logo/logo.icns
 
 dist/ActivityWatch.app: aw-qt/media/logo/logo.icns
-	pyinstaller --clean --noconfirm --windowed --codesign-identity $$APPLE_TEAMID aw.spec
-
-dist/notarize:
-	./scripts/notarize.sh
+	pyinstaller --clean --noconfirm --windowed aw.spec
 
 dist/ActivityWatch.dmg: dist/ActivityWatch.app
 	pip install dmgbuild
 	dmgbuild -s scripts/package/dmgbuild-settings.py -D app=dist/ActivityWatch.app "ActivityWatch" dist/ActivityWatch.dmg
-# Don't try to run this outside CI, it causes messes in your macos keychain
-codesign-dmg: dist/ActivityWatch.dmg
-	./scripts/ci/import-macos-p12.sh
-	codesign --verbose -s ActivityWatch --deep dist/ActivityWatch.dmg
+	codesign --verbose -s ${APPLE_PERSONALID} dist/ActivityWatch.dmg
+
+dist/notarize:
+	./scripts/notarize.sh
 
 package:
 	mkdir -p dist/activitywatch

diff --git a/aw.spec b/aw.spec
@@ -18,8 +18,8 @@ current_release = subprocess.run(
 print("bundling activitywatch version " + current_release)
 
 entitlements_file = Path(".") / "scripts" / "package" / "entitlements.plist"
-codesign_identity = os.environ.get("APPLE_TEAMID")
-assert codesign_identity, "Environment variable APPLE_TEAMID not set"
+codesign_identity = os.environ.get("APPLE_PERSONALID")
+assert codesign_identity, "Environment variable APPLE_PERSONALID not set"
 
 aw_core_path = Path(os.path.dirname(aw_core.__file__))
 restx_path = Path(os.path.dirname(flask_restx.__file__))
@@ -158,6 +158,7 @@ aww_exe = EXE(
     upx=True,
     console=True,
     entitlements_file=entitlements_file,
+    codesign_identity=codesign_identity,
 )
 aww_coll = COLLECT(
     aww_exe,
@@ -180,6 +181,7 @@ awa_exe = EXE(
     upx=True,
     console=True,
     entitlements_file=entitlements_file,
+    codesign_identity=codesign_identity,
 )
 awa_coll = COLLECT(
     awa_exe,
@@ -203,6 +205,7 @@ aws_exe = EXE(
     upx=True,
     console=True,
     entitlements_file=entitlements_file,
+    codesign_identity=codesign_identity,
 )
 aws_coll = COLLECT(
     aws_exe,
@@ -226,6 +229,7 @@ awq_exe = EXE(
     icon=icon,
     console=False if platform.system() == "Windows" else True,
     entitlements_file=entitlements_file,
+    codesign_identity=codesign_identity,
 )
 awq_coll = COLLECT(
     awq_exe,

diff --git a/scripts/codesign.sh b/scripts/codesign.sh
diff --git a/scripts/notarize.sh b/scripts/notarize.sh
@@ -1,9 +1,9 @@
 #!/bin/bash
 
-appleid=$APPLE_EMAIL # Email address used for Apple ID
+applemail=$APPLE_EMAIL # Email address used for Apple ID
 password=$APPLE_PASSWORD # See apps-specific password https://support.apple.com/en-us/HT204397
 teamid=$APPLE_TEAMID # Team idenitifer (if single developer, then set to developer identifier)
-keychain_profile="activitywatch-$APPLE_TEAMID"  # name of the keychain profile to use
+keychain_profile="activitywatch-$APPLE_PERSONALID"  # name of the keychain profile to use
 bundleid=net.activitywatch.ActivityWatch # Match aw.spec
 app=dist/ActivityWatch.app
 dmg=dist/ActivityWatch.dmg
@@ -12,7 +12,7 @@ dmg=dist/ActivityWatch.dmg
 run_notarytool() {
     dist=$1
     # Setup the credentials for notarization
-    xcrun notarytool store-credentials $keychain_profile --apple-id $appleid --team-id $teamid --password $password
+    xcrun notarytool store-credentials $keychain_profile --apple-id $applemail --team-id $teamid --password $password
     # Notarize and wait
     echo "Notarization: starting for $dist"
     echo "Notarization: in progress for $dist"
@@ -23,13 +23,13 @@ run_notarytool() {
 run_altool() {
     dist=$1
     # Setup the credentials for notarization
-    xcrun altool --store-password-in-keychain-item $keychain_profile -u $appleid -p $password
+    xcrun altool --store-password-in-keychain-item $keychain_profile -u $applemail -p $password
     # Notarize and wait
     echo "Notarization: starting for $dist"
-    upload=$(xcrun altool --notarize-app -t osx -f $dist --primary-bundle-id $bundleid -u $appleid --password "@keychain:$keychain_profile")
+    upload=$(xcrun altool --notarize-app -t osx -f $dist --primary-bundle-id $bundleid -u $applemail --password "@keychain:$keychain_profile")
     uuid = $(/usr/libexec/PlistBuddy -c "Print :notarization-upload:RequestUUID" $upload)
     while true; do 
-        req=$(xcrun altool --notarization-info $uuid -u $appleid -p $password --output-format xml)
+        req=$(xcrun altool --notarization-info $uuid -u $applemail -p $password --output-format xml)
         status=$(/usr/libexec/PlistBuddy -c "Print :notarization-info:Status" $req)
         if [ $status != "in progress" ]; then 
             break