Added signing and notarizing process

pandora_agents/unix/Darwin/dmg/build_darwin_dmg.sh

@@ -6,6 +6,13 @@ function error {
 	exit 1
 }
 
+# Gets information about Apple notarization process
+function get_notarization_info() {
+	CALL=$(xcrun altool --notarization-info "$1" -u $APPLE_USER -p "$APPLE_PASS"| grep -Ei "Status:|Status Message")
+	STATUS=`echo $CALL |grep -ic "in progress"`
+	MESSAGE=`echo $CALL |grep -ic "package approved"`
+}
+
 # Keeping this for future CICD integration
 if [ "$CI_PROJECT_DIR" != "" ]; then
 	LOCALINST="$CODEHOME/pandora_agents/unix/Darwin/dmg"
@@ -36,9 +43,13 @@ fi
 
 BUILD_DMG="$BUILD_PATH/build"
 BUILD_TMP="$BUILD_PATH/buildtmp"
+APPLE_USER="kevin.rojas@pandorafms.com"
+APPLE_PASS="@keychain:signing"
+APPLE_DEVNAME="Developer ID Installer: Artica Soluciones Tecnologicas SL"
+APPLE_DEVID="Q35RP2Y7WU"
 
 FULLNAME="$DMGNAME-$VERSION.dmg"
-echo "VERSION-"$VERSION" NAME-"$DMGNAME
+printf "VERSION-'$VERSION' NAME-'$DMGNAME'\n"
 pushd .
 cd $LOCALINST
 
@@ -49,8 +60,8 @@ cp ../../../../pandora_agents/unix/tentacle* files/pandorafms/
 cp -R ../../../../pandora_agents/unix/plugins files/pandorafms/
 cp -R ../../../../pandora_agents/unix/man files/pandorafms/
 cp -R ../../../../pandora_agents/unix/Darwin/pandora_agent.conf files/pandorafms/
-mkdir $BUILD_DMG
-mkdir $BUILD_TMP
+mkdir -p $BUILD_DMG
+mkdir -p $BUILD_TMP
 
 # Build pandorafms agent component
 pkgbuild --root files/pandorafms/ \
@@ -72,13 +83,47 @@ productbuild --distribution extras/distribution.xml \
 	--resources resources \
 	--scripts scripts \
 	--version "$VERSION" \
-	$BUILD_TMP/pandorafms_agent.pkg || error
+	$BUILD_TMP/pfms_agent.pkg || error
+
+# Sign the package
+productsign --sign "$APPLE_DEVNAME ($APPLE_DEVID)" \
+        $BUILD_TMP/pfms_agent.pkg \
+        $BUILD_TMP/pandorafms_agent.pkg
+
+# Notarize
+NOTARIZE=$(xcrun altool --notarize-app \
+	--primary-bundle-id "com.pandorafms.pandorafms" \
+	--asc-provider "$APPLE_DEVID" \
+	--username "$APPLE_USER" \
+	--password "$APPLE_PASS" \
+ 	--file "$BUILD_TMP/pandorafms_agent.pkg" 2>&1)
+
+RUUID=$(echo $NOTARIZE | awk '{print $NF}')
+
+printf "\nPkg sent for notarization (Request UUID= $RUUID ). This may take a few minutes...\n"
+
+# In order to staple the pkg, notarization must be approved!
+STATUS=1
+while [ $STATUS -eq 1 ]; do
+	get_notarization_info "$RUUID"
+	printf "Pkg not yet notarized by Apple. Trying again in 60 seconds...\n"
+	sleep 60
+done
+
+if [ $MESSAGE -eq 1 ]
+then
+	echo "Package notarized. Stapling pkg..."
+	xcrun stapler staple "$BUILD_TMP/pandorafms_agent.pkg" || error
+fi
+
 
 # Clean and prepare dmg creation
+rm $BUILD_TMP/pfms_agent.pkg
 rm $BUILD_TMP/pandorafms_src.pdk
 rm $BUILD_TMP/pandorafms_uninstall.pdk
 
 #Create dmg file
+printf "Creating DMG file...\n"
 hdiutil create -volname "Pandora FMS agent installer" \
 	-srcfolder "$BUILD_TMP" \
 	-ov -format UDZO \
@@ -90,6 +135,10 @@ DeRez -only icns extras/pandora_installer.png > tmpicns.rsrc || error
 Rez -append tmpicns.rsrc -o "$BUILD_DMG/$FULLNAME" || error
 SetFile -a C "$BUILD_DMG/$FULLNAME" || error
 
+# Sign DMG. Not needed, but does not harm
+printf "Signing DMG file...\n"
+codesign --timestamp --options=runtime --sign "$APPLE_DEVNAME ($APPLE_DEVID)" \
+	"$BUILD_DMG/$FULLNAME"
 
 # Copy and clean folder
 rm -Rf $BUILD_TMP