Improve scripts that codesign and create a .dmg from a Universal bundle

This change adds the following:
- The solenv/bin/macosx-codesign-app-bundle script now uses
"--timestamp" wherever "--options runtime" is used in order to
pass Apple's notarization process.
- A second, required argument has been added to the
bin/create-dmg-from-merged-app-bundle script that specifies one
of the following types: "release", "dev", or "collabora". Only
the .DS_Store is different for each as no product set a volume
icon currently.
- Upon success, the bin/create-dmg-from-merged-app-bundle script
will print a warning that the .dmg is not notarized as well as
the commands to use to manually notarize the .dmg.

Change-Id: I7c3f2d60dbb16b25bd6088b7e0af8c82284702d9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/148490
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Patrick Luby <plubius@neooffice.org>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
(cherry picked from commit 86e612db56be2d1934275de021b3213875e9301d)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/148508
Tested-by: Jenkins

1 files changed, 5 insertions, 5 deletions

diff --git a/solenv/bin/macosx-codesign-app-bundle b/solenv/bin/macosx-codesign-app-bundle
index e569aef24333..b1b17dbf7393 100755
--- a/solenv/bin/macosx-codesign-app-bundle
+++ b/solenv/bin/macosx-codesign-app-bundle
@@ -75,8 +75,8 @@ done
 find "$APP_BUNDLE"/Contents -name '*.app' -type d |
 while read app; do
     # Assume the app has a XML (and not binary) Info.plist
-    id=`grep -A 1 '<key>CFBundleIdentifier</key>' $app/Contents/Info.plist | tail -1 | sed -e 's,.*<string>,,' -e 's,</string>.*,,'`
-    codesign --options=runtime --force --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$app" || exit 1
+    id=`grep -A 1 '<key>CFBundleIdentifier</key>' "$app/Contents/Info.plist" | tail -1 | sed -e 's,.*<string>,,' -e 's,</string>.*,,'`
+    codesign --timestamp --options=runtime --force --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$app" || exit 1
 done
 
 # Then .framework ones. Again, be generic just for kicks.
@@ -90,7 +90,7 @@ while read framework; do
 	    if test -d $version/bin; then
 		# files in bin are not covered by signing the framework...
 		for scriptorexecutable in $(find $version/bin/ -type f); do
-		    codesign --options=runtime --force --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$scriptorexecutable" || exit 1
+		    codesign --timestamp --options=runtime --force --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$scriptorexecutable" || exit 1
 		done
 	    fi
             codesign --force --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$version" || exit 1
@@ -114,7 +114,7 @@ while read file; do
 	    ;;
 	*)
 	    id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'`
-	    codesign --force --options=runtime --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$file" || exit 1
+	    codesign --force --timestamp --options=runtime --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$file" || exit 1
 	    ;;
     esac
 done
@@ -130,6 +130,6 @@ if test -n "$ENABLE_MACOSX_SANDBOX" && test -n "$application_identifier"; then
     # testflight/beta-testing won't work if that key is used when signing the other executables
     /usr/libexec/PlistBuddy -c "add com.apple.application-identifier string $application_identifier"  $BUILDDIR/lo.xcent
 fi
-codesign --force --options=runtime --identifier="${MACOSX_BUNDLE_IDENTIFIER}" --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$APP_BUNDLE" || exit 1
+codesign --force --timestamp --options=runtime --identifier="${MACOSX_BUNDLE_IDENTIFIER}" --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$APP_BUNDLE" || exit 1
 
 exit 0