utils/osx_signing/README

   1 Signing and Notarizing install4j DMGs for OSX
   2
   3 0. You will need an up to date Apple Developer ID subscription and have a valid developer key for signing/notarizing apps, installers and DMGs available on your system.
   4
   5 1. Build the install4j installers - signing these for windows requires a Certum cryptokey or other suitable java codesigning cert. Details to be provided.
   6
   7 2. Unpack the OSX installer to a local directory
   8 hdiutil attach build/install4j/11/Jalview_Develop-2_11_2_0dev-d20210128-macos-java_11.dmg
   9 mkdir newdmg; ditto /Volumes/Jalview\ Develop\ Installer newdmg/
  10
  11 3. Remove the uninstaller if necessary/and/or others, and then deep sign the dmg
  12
  13
  14 mkdir t
  15 cd t
  16 jar -xf ../newdmg/Jalview\ Develop.app/Contents/Resources/app/alt/Jmol-NO_LOG4J-14.31.53.jar
  17 codesign  --remove-signature --force --deep -vvvv -s "Developer ID" --options runtime --entitlements ../utils/osx_signing/entitlements.txt META-INF/jniinchi/1.03_1/MAC-X86_64/JniInchi-1.03_1-MAC-X86_64
  18 jar -cf ../newdmg/Jalview\ Develop.app/Contents/Resources/app/alt/Jmol-NO_LOG4J-14.31.53.jar ./*
  19 cd ..
  20 rm -Rf t
  21
  22 xattr -cr ./newdmg/Jalview\ Develop.app/Contents/Resources/app/jre/Contents/MacOS/libjli.dylib
  23 codesign --verify --deep -v ./newdmg/Jalview\ Develop.app/Contents/Resources/app/jre/Contents/MacOS/libjli.dylib
  24
  25 codesign  --remove-signature --force --deep -vvvv -s "Developer ID" --options runtime --entitlements ./utils/osx_signing/entitlements.txt ./newdmg/Jalview\ Develop.app/Contents/Resources/app/jre/Contents/MacOS/libjli.dylib
  26
  27 codesign  --verify --deep -v ./newdmg/Jalview\ Develop.app/Contents/Resources/app/jre/Contents/MacOS/libjli.dylib
  28
  29 codesign --remove-signature --force --deep -vvvv -s "Developer ID" --options runtime --entitlements ./utils/osx_signing/entitlements.txt  newdmg/Jalview\ Develop.app/Contents/MacOS/JavaApplicationStub
  30
  31 hdiutil create -megabytes 240 -srcfolder ./newdmg -volname 'Jalview Develop Installer (2.11.2)' Jalview_Develop-2_11_2-macos-java_11.dmg
  32
  33 codesign --force --deep -vvvv -s "Developer ID" --options runtime --entitlements ./utils/osx_signing/entitlements.txt Jalview_Develop-2_11_2-macos-java_11.dmg
  34
  35 codesign --deep -vvvv Jalview_Develop-2_11_2-macos-java_11.dmg
  36
  37 4. Notarize
  38 xcrun altool --notarize-app --primary-bundle-id "org.jalview.jalview-desktop" -u jalview-dev-owner@jalview.org -p $ALTOOL_PASSWORD --file Jalview_Develop-2_11_2-macos-java_11.dmg
  39 .. run with --notarization-info $notarization-session-id until complete
  40
  41 5. Staple to dmg so it can be verified without a net connection.