As of June 26, 2019, we started signing mac builds on the mac notarization pool (Fx69). These tasks also notarize the signed builds, and create signed pkg installers.
A machine list is here.
We’re working on adding deployment support to ronin-puppet. Currently we need to ssh in to debug and deploy fixes.
extract the files from a dmg
sign widevine and omnija (autograph signing)
sign mac, without the mac signing servers
create a zipfile of the .app files
send that zipfile to Apple for notarization
poll Apple for notarization status
on success, “staple” the notarization to the app
create tarballs of the .app files
create .pkg installers and sign them
The code used is here.
An error like
iscript.exceptions.TimeoutError: Timed out polling for uuid aa2dc2bc-9059-426e-a292-0bfb575a337b!
means that Apple has taken too long to notarize. We may want to bump the
everywhere. Generally a rerun has fixed this issue.
Aki, Nick, and Simon know notarization the best, and can help debug.