From 8ae71d8a3d44ce98f1c0600cbbece4c1780eb60e Mon Sep 17 00:00:00 2001
From: Michael Tibben <michael.tibben@99designs.com>
Date: Tue, 29 Oct 2019 12:18:56 +1100
Subject: [PATCH] Sign dmg and add hardened runtime and timestamp to signature

---
 bin/create-dmg | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/bin/create-dmg b/bin/create-dmg
index a579ecdea..e0e4551b4 100755
--- a/bin/create-dmg
+++ b/bin/create-dmg
@@ -29,16 +29,19 @@ cp -a $BIN_PATH $tmpdir/aws-vault
 src_path="$tmpdir/aws-vault"
 
 echo "Signing binary"
-codesign -s "$CERT_ID" "$src_path"
+codesign --options runtime --timestamp --sign "$CERT_ID" "$src_path"
 
 echo "Creating dmg"
-hdiutil create -quiet -srcfolder $src_path $DMG_PATH
+hdiutil create -quiet -srcfolder "$src_path" "$DMG_PATH"
+
+echo "Signing dmg"
+codesign --timestamp --sign "$CERT_ID" "$DMG_PATH"
 
 echo "Submitting notorization request"
 request_uuid=$(xcrun altool --notarize-app --primary-bundle-id "$BUNDLE_ID" --username "$APPLE_ID_USERNAME" --password "$APPLE_ID_APP_PASSWORD" --file $DMG_PATH 2>&1 \
   | awk '/RequestUUID/ { print $NF; }')
+echo "Finished submitting, got Request UUID $request_uuid"
 
-echo "RequestUUID: $request_uuid"
 echo -n "Waiting for notorization to complete"
 while [[ "$(notarization_status "$request_uuid")" == "in progress" ]] ; do
   echo -n .