feat: Move to Notarytool #72

LuisUrr · 2023-08-03T07:37:17Z

This PR covers migration from altool to notarytool

Output following changes looks like below:

==> ✏️  Signing files...
{"@level":"info","@message":"executing codesigning","@module":"sign","@timestamp":"2023-08-03T08:43:40.698044+01:00","command_args":["codesign","-s","Developer ID Application: Mitchell Hashimoto","-f","-v","--timestamp","--options","runtime","./terraform"],"command_path":"/usr/bin/codesign","files":["./terraform"]}
{"@level":"info","@message":"codesigning complete","@module":"sign","@timestamp":"2023-08-03T08:43:46.865679+01:00","output":"./terraform: replacing existing signature\n./terraform: signed Mach-O thin (x86_64) [terraform]\n"}
    Code signing successful
==> 📦  Creating Zip archive...
    Zip archive created with signed files
==> 🍎  Notarizing...
    Path: terraform.zip
    Submitting file for notarization...
{"@level":"info","@message":"submitting file for notarization","@module":"notarize","@timestamp":"2023-08-03T08:43:47.516562+01:00","command_args":["xcrun","notarytool","submit","terraform.zip","--apple-id","[email protected]","--password","@env:AC_PASSWORD","--team-id","UL304B4VGY","--output-format","plist"],"command_path":"/usr/bin/xcrun","file":"terraform.zip"}
{"@level":"info","@message":"notarization submission complete","@module":"notarize","@timestamp":"2023-08-03T08:43:57.952918+01:00","err":null,"output":"\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003c!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\"\u003e\n\u003cplist version=\"1.0\"\u003e\n\u003cdict\u003e\n\t\u003ckey\u003eid\u003c/key\u003e\n\t\u003cstring\u003e68cf83f4-48dc-42bc-a910-393638b191ed\u003c/string\u003e\n\t\u003ckey\u003emessage\u003c/key\u003e\n\t\u003cstring\u003eSuccessfully uploaded file\u003c/string\u003e\n\t\u003ckey\u003epath\u003c/key\u003e\n\t\u003cstring\u003e/gon/cmd/gon/terraform.zip\u003c/string\u003e\n\u003c/dict\u003e\n\u003c/plist\u003e\n\n"}
{"@level":"info","@message":"notarization request submitted","@module":"notarize","@timestamp":"2023-08-03T08:43:57.953155+01:00","request_id":"68cf83f4-48dc-42bc-a910-393638b191ed"}
    Submitted. Request UUID: 68cf83f4-48dc-42bc-a910-393638b191ed
    Waiting for results from Apple. This can take minutes to hours.
{"@level":"info","@message":"requesting notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:07.953490+01:00","command_args":["xcrun","notarytool","info","68cf83f4-48dc-42bc-a910-393638b191ed","--apple-id","[email protected]","--password","@env:AC_PASSWORD","--team-id","UL304B4VGY","--output-format","plist"],"command_path":"/usr/bin/xcrun","uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"notarization info command finished","@module":"notarize","@timestamp":"2023-08-03T08:44:09.126064+01:00","err":null,"output":"\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003c!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\"\u003e\n\u003cplist version=\"1.0\"\u003e\n\u003cdict\u003e\n\t\u003ckey\u003ecreatedDate\u003c/key\u003e\n\t\u003cstring\u003e2023-08-03T07:43:48.780Z\u003c/string\u003e\n\t\u003ckey\u003eid\u003c/key\u003e\n\t\u003cstring\u003e68cf83f4-48dc-42bc-a910-393638b191ed\u003c/string\u003e\n\t\u003ckey\u003emessage\u003c/key\u003e\n\t\u003cstring\u003eSuccessfully received submission info\u003c/string\u003e\n\t\u003ckey\u003ename\u003c/key\u003e\n\t\u003cstring\u003eterraform.zip\u003c/string\u003e\n\t\u003ckey\u003estatus\u003c/key\u003e\n\t\u003cstring\u003eIn Progress\u003c/string\u003e\n\u003c/dict\u003e\n\u003c/plist\u003e\n\n"}
{"@level":"info","@message":"notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:09.126204+01:00","info":{"RequestUUID":"68cf83f4-48dc-42bc-a910-393638b191ed","Date":"2023-08-03T07:43:48.780Z","Name":"terraform.zip","Status":"In Progress","StatusMessage":"Successfully received submission info"},"uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"requesting notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:09.126303+01:00","command_args":["xcrun","notarytool","info","68cf83f4-48dc-42bc-a910-393638b191ed","--apple-id","[email protected]","--password","@env:AC_PASSWORD","--team-id","UL304B4VGY","--output-format","plist"],"command_path":"/usr/bin/xcrun","uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"notarization info command finished","@module":"notarize","@timestamp":"2023-08-03T08:44:10.388970+01:00","err":null,"output":"\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003c!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\"\u003e\n\u003cplist version=\"1.0\"\u003e\n\u003cdict\u003e\n\t\u003ckey\u003ecreatedDate\u003c/key\u003e\n\t\u003cstring\u003e2023-08-03T07:43:48.780Z\u003c/string\u003e\n\t\u003ckey\u003eid\u003c/key\u003e\n\t\u003cstring\u003e68cf83f4-48dc-42bc-a910-393638b191ed\u003c/string\u003e\n\t\u003ckey\u003emessage\u003c/key\u003e\n\t\u003cstring\u003eSuccessfully received submission info\u003c/string\u003e\n\t\u003ckey\u003ename\u003c/key\u003e\n\t\u003cstring\u003eterraform.zip\u003c/string\u003e\n\t\u003ckey\u003estatus\u003c/key\u003e\n\t\u003cstring\u003eIn Progress\u003c/string\u003e\n\u003c/dict\u003e\n\u003c/plist\u003e\n\n"}
{"@level":"info","@message":"notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:10.389120+01:00","info":{"RequestUUID":"68cf83f4-48dc-42bc-a910-393638b191ed","Date":"2023-08-03T07:43:48.780Z","Name":"terraform.zip","Status":"In Progress","StatusMessage":"Successfully received submission info"},"uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
    InfoStatus: In Progress
{"@level":"info","@message":"requesting notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:15.389412+01:00","command_args":["xcrun","notarytool","info","68cf83f4-48dc-42bc-a910-393638b191ed","--apple-id","[email protected]","--password","@env:AC_PASSWORD","--team-id","UL304B4VGY","--output-format","plist"],"command_path":"/usr/bin/xcrun","uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"notarization info command finished","@module":"notarize","@timestamp":"2023-08-03T08:44:16.609973+01:00","err":null,"output":"\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003c!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\"\u003e\n\u003cplist version=\"1.0\"\u003e\n\u003cdict\u003e\n\t\u003ckey\u003ecreatedDate\u003c/key\u003e\n\t\u003cstring\u003e2023-08-03T07:43:48.780Z\u003c/string\u003e\n\t\u003ckey\u003eid\u003c/key\u003e\n\t\u003cstring\u003e68cf83f4-48dc-42bc-a910-393638b191ed\u003c/string\u003e\n\t\u003ckey\u003emessage\u003c/key\u003e\n\t\u003cstring\u003eSuccessfully received submission info\u003c/string\u003e\n\t\u003ckey\u003ename\u003c/key\u003e\n\t\u003cstring\u003eterraform.zip\u003c/string\u003e\n\t\u003ckey\u003estatus\u003c/key\u003e\n\t\u003cstring\u003eIn Progress\u003c/string\u003e\n\u003c/dict\u003e\n\u003c/plist\u003e\n\n"}
{"@level":"info","@message":"notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:16.610136+01:00","info":{"RequestUUID":"68cf83f4-48dc-42bc-a910-393638b191ed","Date":"2023-08-03T07:43:48.780Z","Name":"terraform.zip","Status":"In Progress","StatusMessage":"Successfully received submission info"},"uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"requesting notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:21.610403+01:00","command_args":["xcrun","notarytool","info","68cf83f4-48dc-42bc-a910-393638b191ed","--apple-id","[email protected]","--password","@env:AC_PASSWORD","--team-id","UL304B4VGY","--output-format","plist"],"command_path":"/usr/bin/xcrun","uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"notarization info command finished","@module":"notarize","@timestamp":"2023-08-03T08:44:22.825724+01:00","err":null,"output":"\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003c!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\"\u003e\n\u003cplist version=\"1.0\"\u003e\n\u003cdict\u003e\n\t\u003ckey\u003ecreatedDate\u003c/key\u003e\n\t\u003cstring\u003e2023-08-03T07:43:48.780Z\u003c/string\u003e\n\t\u003ckey\u003eid\u003c/key\u003e\n\t\u003cstring\u003e68cf83f4-48dc-42bc-a910-393638b191ed\u003c/string\u003e\n\t\u003ckey\u003emessage\u003c/key\u003e\n\t\u003cstring\u003eSuccessfully received submission info\u003c/string\u003e\n\t\u003ckey\u003ename\u003c/key\u003e\n\t\u003cstring\u003eterraform.zip\u003c/string\u003e\n\t\u003ckey\u003estatus\u003c/key\u003e\n\t\u003cstring\u003eIn Progress\u003c/string\u003e\n\u003c/dict\u003e\n\u003c/plist\u003e\n\n"}
{"@level":"info","@message":"notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:22.825893+01:00","info":{"RequestUUID":"68cf83f4-48dc-42bc-a910-393638b191ed","Date":"2023-08-03T07:43:48.780Z","Name":"terraform.zip","Status":"In Progress","StatusMessage":"Successfully received submission info"},"uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"requesting notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:27.827136+01:00","command_args":["xcrun","notarytool","info","68cf83f4-48dc-42bc-a910-393638b191ed","--apple-id","[email protected]","--password","@env:AC_PASSWORD","--team-id","UL304B4VGY","--output-format","plist"],"command_path":"/usr/bin/xcrun","uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"notarization info command finished","@module":"notarize","@timestamp":"2023-08-03T08:44:29.105726+01:00","err":null,"output":"\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003c!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\"\u003e\n\u003cplist version=\"1.0\"\u003e\n\u003cdict\u003e\n\t\u003ckey\u003ecreatedDate\u003c/key\u003e\n\t\u003cstring\u003e2023-08-03T07:43:48.780Z\u003c/string\u003e\n\t\u003ckey\u003eid\u003c/key\u003e\n\t\u003cstring\u003e68cf83f4-48dc-42bc-a910-393638b191ed\u003c/string\u003e\n\t\u003ckey\u003emessage\u003c/key\u003e\n\t\u003cstring\u003eSuccessfully received submission info\u003c/string\u003e\n\t\u003ckey\u003ename\u003c/key\u003e\n\t\u003cstring\u003eterraform.zip\u003c/string\u003e\n\t\u003ckey\u003estatus\u003c/key\u003e\n\t\u003cstring\u003eIn Progress\u003c/string\u003e\n\u003c/dict\u003e\n\u003c/plist\u003e\n\n"}
{"@level":"info","@message":"notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:29.105892+01:00","info":{"RequestUUID":"68cf83f4-48dc-42bc-a910-393638b191ed","Date":"2023-08-03T07:43:48.780Z","Name":"terraform.zip","Status":"In Progress","StatusMessage":"Successfully received submission info"},"uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"requesting notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:34.106995+01:00","command_args":["xcrun","notarytool","info","68cf83f4-48dc-42bc-a910-393638b191ed","--apple-id","[email protected]","--password","@env:AC_PASSWORD","--team-id","UL304B4VGY","--output-format","plist"],"command_path":"/usr/bin/xcrun","uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"notarization info command finished","@module":"notarize","@timestamp":"2023-08-03T08:44:35.239615+01:00","err":null,"output":"\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003c!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\"\u003e\n\u003cplist version=\"1.0\"\u003e\n\u003cdict\u003e\n\t\u003ckey\u003ecreatedDate\u003c/key\u003e\n\t\u003cstring\u003e2023-08-03T07:43:48.780Z\u003c/string\u003e\n\t\u003ckey\u003eid\u003c/key\u003e\n\t\u003cstring\u003e68cf83f4-48dc-42bc-a910-393638b191ed\u003c/string\u003e\n\t\u003ckey\u003emessage\u003c/key\u003e\n\t\u003cstring\u003eSuccessfully received submission info\u003c/string\u003e\n\t\u003ckey\u003ename\u003c/key\u003e\n\t\u003cstring\u003eterraform.zip\u003c/string\u003e\n\t\u003ckey\u003estatus\u003c/key\u003e\n\t\u003cstring\u003eAccepted\u003c/string\u003e\n\u003c/dict\u003e\n\u003c/plist\u003e\n\n"}
{"@level":"info","@message":"notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:35.239747+01:00","info":{"RequestUUID":"68cf83f4-48dc-42bc-a910-393638b191ed","Date":"2023-08-03T07:43:48.780Z","Name":"terraform.zip","Status":"Accepted","StatusMessage":"Successfully received submission info"},"uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
    InfoStatus: Accepted
{"@level":"info","@message":"requesting notarization log","@module":"notarize","@timestamp":"2023-08-03T08:44:35.239936+01:00","command_args":["xcrun","notarytool","log","68cf83f4-48dc-42bc-a910-393638b191ed","--apple-id","[email protected]","--password","@env:AC_PASSWORD","--team-id","UL304B4VGY"],"command_path":"/usr/bin/xcrun","uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"notarization log command finished","@module":"notarize","@timestamp":"2023-08-03T08:44:37.375880+01:00","err":null,"output":"{\n  \"logFormatVersion\": 1,\n  \"jobId\": \"68cf83f4-48dc-42bc-a910-393638b191ed\",\n  \"status\": \"Accepted\",\n  \"statusSummary\": \"Ready for distribution\",\n  \"statusCode\": 0,\n  \"archiveFilename\": \"terraform.zip\",\n  \"uploadDate\": \"2023-08-03T07:43:57.821Z\",\n  \"sha256\": \"73eb6e677004e795f98a520c4addfbf98716ea6cd0f8364adcade001fabd6631\",\n  \"ticketContents\": [\n    {\n      \"path\": \"terraform.zip/terraform\",\n      \"digestAlgorithm\": \"SHA-256\",\n      \"cdhash\": \"b26962bc9df1d3a60bdf304ed5eb87b7eadc9db6\",\n      \"arch\": \"x86_64\"\n    }\n  ],\n  \"issues\": null\n}\n"}
{"@level":"info","@message":"notarization log","@module":"notarize","@timestamp":"2023-08-03T08:44:37.376119+01:00","info":{"jobId":"68cf83f4-48dc-42bc-a910-393638b191ed","status":"Accepted","statusSummary":"Ready for distribution","statusCode":0,"archiveFilename":"terraform.zip","uploadDate":"2023-08-03T07:43:57.821Z","sha256":"73eb6e677004e795f98a520c4addfbf98716ea6cd0f8364adcade001fabd6631","issues":null,"ticketContents":[{"path":"terraform.zip/terraform","digestAlgorithm":"SHA-256","cdhash":"b26962bc9df1d3a60bdf304ed5eb87b7eadc9db6","arch":"x86_64"}]},"uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
    LogStatus: Accepted
    File notarized!

Notarization complete! Notarized files:
  - terraform.zip (notarized)

puneet-ekline · 2023-09-27T16:01:48Z

@mitchellh Can we merge this pull request, and release a new version.

puneet-ekline · 2023-09-27T16:06:05Z

@LuisUrr Are you building it from the source to run this version?

LuisUrr · 2023-09-28T06:56:21Z

@LuisUrr Are you building it from the source to run this version?

The output in the above description comes from using the binary following a local Go build

puneet-ekline · 2023-09-29T05:52:37Z

@LuisUrr It seems that notarytool does not take in the password as @env:AC_PASSWORD https://keith.github.io/xcode-man-pages/notarytool.1.html

altool did allow to pass in the password using @env:AC_PASSWORD

I believe we might need to update the code in main.go to fix this problem.

Right now if I use @env:AC_PASSWORD notarytool just says invalid credentials.

That said, I go see tthe output you shared above, and it somehow says that it is able to accept @env:AC_PASSWORD which I am not sure about.

LuisUrr · 2023-09-29T07:12:32Z

@LuisUrr It seems that notarytool does not take in the password as @env:AC_PASSWORD https://keith.github.io/xcode-man-pages/notarytool.1.html

altool did allow to pass in the password using @env:AC_PASSWORD

I believe we might need to update the code in main.go to fix this problem.

Right now if I use @env:AC_PASSWORD notarytool just says invalid credentials.

That said, I go see tthe output you shared above, and it somehow says that it is able to accept @env:AC_PASSWORD which I am not sure about.

Notarytool takes this -password app-specific-password parameter which is the one taken from @env:AC_PASSWORD for all the notarytool commands such as submit, log and info. wonder if the credentials you're using aren't the correct ones for the app. When I tested this I used the same @env:AC_PASSWORD for both altool and notarytool and they worked for me...

puneet-ekline · 2023-09-29T07:20:42Z

They are correct, as it works when I pass them directly.

Try the following

 AC_PASSWORD="your-password" xcrun notarytool history  --apple-id "[email protected]" --password "@env:AC_PASSWORD" --team-id "UHO56587K"

⤴ This will likely fail.

Then try

xcrun notarytool history  --apple-id "[email protected]" --password "your_password" --team-id "UHO56587K"

⤴ This suceeds if the password is correct.

puneet-ekline · 2023-09-29T07:23:18Z

Notarytool takes this -password app-specific-password parameter which is the one taken from @env:AC_PASSWORD for all the notarytool commands such as submit

Is there a place you get this from? I don't see it in notarytool documentation.

% xcrun notarytool submit --help
OVERVIEW: Submit an archive to the Notary service

USAGE: notarytool submit [<options>] <file-path>

ARGUMENTS:
  <file-path>             Path to the archive

OPTIONS:
  -v, --verbose
  -k, --key <key>         App Store Connect API key. File system path to the private key.
  -d, --key-id <key-id>   App Store Connect API Key ID. Usually 10 alphanumeric characters.
  -i, --issuer <issuer>   App Store Connect API Issuer ID. UUID format.
  --apple-id <apple-id>   Developer Apple ID.
  --password <password>   App-specific password for your Apple ID. You will be given a secure prompt on the command line if Apple ID and Team ID are provided and '--password' option is not
                          specified.

puneet-ekline · 2023-09-29T07:25:11Z

For altool it clearly states:

 ~ xcrun altool --help
2023-09-29 00:23:55.315 Copyright (c) 2009-2021, Apple Inc. Version 6.043.14043
2023-09-29 00:23:55.317
2023-09-29 00:23:55.317 usage: altool --upload-package <file> --type <platform> --asc-public-id <id> --apple-id <id>
2023-09-29 00:23:55.317                   --bundle-version <version> --bundle-short-version-string <string>
2023-09-29 00:23:55.317                   --bundle-id <id>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --upload-hosted-content <file> --sku <sku> --type <platform> --product-id <id> --asc-provider <id>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --validate-app -f <file> -t <platform>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --upload-app -f <file> -t <platform>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --notarize-app -f <file> --primary-bundle-id <bundle_id>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317                   [--asc-provider <name> | --team-id <id> | --asc-public-id <id>]
2023-09-29 00:23:55.317        altool --notarization-info <uuid>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --notarization-history <page>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317                   [--asc-provider <name> | --team-id <id> | --asc-public-id <id>]
2023-09-29 00:23:55.317        altool --list-apps
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --list-providers
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.318        altool --store-password-in-keychain-item <keychain_item_name> -u <username> -p <password>
2023-09-29 00:23:55.318                   [--keychain <filename> | --sync]
2023-09-29 00:23:55.318
2023-09-29 00:23:55.318 Exit codes: 0 success, 1 failure (Upon failure, an error code and message are generally also displayed.)
2023-09-29 00:23:55.318
2023-09-29 00:23:55.318 Authentication: Most commands require authorization.
2023-09-29 00:23:55.318                 There are two methods available: user name with password, and apiKey with apiIssuer.
2023-09-29 00:23:55.318
2023-09-29 00:23:55.318                 -u, --username <username> Username. Required to connect for validation, upload, and notarization.
2023-09-29 00:23:55.318                 -p, --password <password> Password. Required if username specified. If this argument is not supplied on the command line,
2023-09-29 00:23:55.318                                           it will be read from stdin.
2023-09-29 00:23:55.318                                           Alternatively to entering <password> in plaintext, it may also be specified using a '@keychain:'
2023-09-29 00:23:55.318                                           or '@env:' prefix followed by a keychain password item name or environment variable name.
2023-09-29 00:23:55.318                                           Example: '-p @keychain:<name>' uses the password stored in the keychain password item named <name>.
2023-09-29 00:23:55.318                                                                          You can create and update keychain items with the
2023-09-29 00:23:55.318                                                                          --store-password-in-keychain-item command. Note also that the
2023-09-29 00:23:55.318                                                                          --username can be inferred from the keychain item so --username
2023-09-29 00:23:55.318                                                                          can be omitted when using a '-p @keychain:' option.
2023-09-29 00:23:55.318                                           Example: '-p @env:<variable>'  uses the value in the environment variable named <variable>

LuisUrr · 2023-09-29T08:36:19Z

For altool it clearly states:

 ~ xcrun altool --help
2023-09-29 00:23:55.315 Copyright (c) 2009-2021, Apple Inc. Version 6.043.14043
2023-09-29 00:23:55.317
2023-09-29 00:23:55.317 usage: altool --upload-package <file> --type <platform> --asc-public-id <id> --apple-id <id>
2023-09-29 00:23:55.317                   --bundle-version <version> --bundle-short-version-string <string>
2023-09-29 00:23:55.317                   --bundle-id <id>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --upload-hosted-content <file> --sku <sku> --type <platform> --product-id <id> --asc-provider <id>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --validate-app -f <file> -t <platform>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --upload-app -f <file> -t <platform>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --notarize-app -f <file> --primary-bundle-id <bundle_id>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317                   [--asc-provider <name> | --team-id <id> | --asc-public-id <id>]
2023-09-29 00:23:55.317        altool --notarization-info <uuid>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --notarization-history <page>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317                   [--asc-provider <name> | --team-id <id> | --asc-public-id <id>]
2023-09-29 00:23:55.317        altool --list-apps
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --list-providers
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.318        altool --store-password-in-keychain-item <keychain_item_name> -u <username> -p <password>
2023-09-29 00:23:55.318                   [--keychain <filename> | --sync]
2023-09-29 00:23:55.318
2023-09-29 00:23:55.318 Exit codes: 0 success, 1 failure (Upon failure, an error code and message are generally also displayed.)
2023-09-29 00:23:55.318
2023-09-29 00:23:55.318 Authentication: Most commands require authorization.
2023-09-29 00:23:55.318                 There are two methods available: user name with password, and apiKey with apiIssuer.
2023-09-29 00:23:55.318
2023-09-29 00:23:55.318                 -u, --username <username> Username. Required to connect for validation, upload, and notarization.
2023-09-29 00:23:55.318                 -p, --password <password> Password. Required if username specified. If this argument is not supplied on the command line,
2023-09-29 00:23:55.318                                           it will be read from stdin.
2023-09-29 00:23:55.318                                           Alternatively to entering <password> in plaintext, it may also be specified using a '@keychain:'
2023-09-29 00:23:55.318                                           or '@env:' prefix followed by a keychain password item name or environment variable name.
2023-09-29 00:23:55.318                                           Example: '-p @keychain:<name>' uses the password stored in the keychain password item named <name>.
2023-09-29 00:23:55.318                                                                          You can create and update keychain items with the
2023-09-29 00:23:55.318                                                                          --store-password-in-keychain-item command. Note also that the
2023-09-29 00:23:55.318                                                                          --username can be inferred from the keychain item so --username
2023-09-29 00:23:55.318                                                                          can be omitted when using a '-p @keychain:' option.
2023-09-29 00:23:55.318                                           Example: '-p @env:<variable>'  uses the value in the environment variable named <variable>

They are correct, as it works when I pass them directly.

Try the following
 AC_PASSWORD="your-password" xcrun notarytool history  --apple-id "[email protected]" --password "@env:AC_PASSWORD" --team-id "UHO56587K"
⤴ This will likely fail.

Then try
xcrun notarytool history  --apple-id "[email protected]" --password "your_password" --team-id "UHO56587K"
⤴ This suceeds if the password is correct.

I see what you mean above, I'd need to test it again and make changes if I can manage to replicate the issue, could look into this next week when I get some time to do so. Thanks for looking into this btw.

cfabianski · 2023-10-04T09:49:11Z

@mitchellh Do you have any plans on merging and making a new release for this one? 🙏

cfabianski · 2023-10-16T15:44:42Z

I have forked and built a new Gon from this PR.
I have been facing the issue @puneet-ekline was facing regarding the @env:AC_PASSWORD which is not supported in the new tool. I updated the documentation to take that into account.

See Bearer/bearer#1335

Feel free to give it a try and let me if you are facing issues.

The fork is using itself to build so that's a good sign that it works I'd say :D

mitchellh · 2023-10-31T17:02:10Z

Thanks! Sorry for taking so long, I don't really use this tool anymore so its falling by the wayside 😄 I appreciate the help.

umbynos · 2023-10-31T20:25:58Z

@mitchellh could you please make a release? So that users can benefit from it

mitchellh · 2023-10-31T20:43:46Z

@mitchellh could you please make a release? So that users can benefit from it

Not really. I don't have any of the required things installed my computer (Go, certs, etc.) and I unfortunately never setup release automation for this repo. :( You'll have to build from source.

LuisUrr added 5 commits July 28, 2023 11:41

feat: Replace altool commands to notarytool

31550e8

Amend plist decoding

a448a73

feat: Add Log cmd and tests

66d5ca3

feat: Add log submission to process

f0322b5

feat: standardize commands

ee5bbfd

LuisUrr marked this pull request as ready for review August 3, 2023 07:55

LuisUrr mentioned this pull request Aug 3, 2023

Moving to notarytool #70

Closed

cfabianski approved these changes Oct 4, 2023

View reviewed changes

cfabianski mentioned this pull request Oct 4, 2023

Migrate to new Notarytool Bearer/bearer#1301

Closed

cfabianski mentioned this pull request Oct 16, 2023

chore(release): migrate to our own gon version Bearer/bearer#1335

Merged

4 tasks

alanhamlett mentioned this pull request Oct 30, 2023

Migrate to new Apple notarytool wakatime/wakatime-cli#976

Merged

mitchellh merged commit b23c789 into mitchellh:master Oct 31, 2023

umbynos mentioned this pull request Oct 31, 2023

Deprecated altool used for macOS notarization in Go-based release templates arduino/tooling-project-assets#359

Closed

This was referenced Nov 2, 2023

Replace mitchellh/go used for macOS notarization arduino/arduino-cli#2399

Merged

Replace mitchellh/go used for macOS notarization arduino/arduino-create-agent#851

Merged

MatteoPologruto mentioned this pull request Nov 22, 2023

Bump release workflow to match the template in the tooling-project-assets repository arduino/nicla-sense-me-fw#117

Merged

slayerjain mentioned this pull request Jun 7, 2024

ci: change the version of gon used keploy/keploy#1940

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: Move to Notarytool #72

feat: Move to Notarytool #72

LuisUrr commented Aug 3, 2023 •

edited

Loading

puneet-ekline commented Sep 27, 2023

puneet-ekline commented Sep 27, 2023

LuisUrr commented Sep 28, 2023

puneet-ekline commented Sep 29, 2023 •

edited

Loading

LuisUrr commented Sep 29, 2023 •

edited

Loading

puneet-ekline commented Sep 29, 2023 •

edited

Loading

puneet-ekline commented Sep 29, 2023

puneet-ekline commented Sep 29, 2023

LuisUrr commented Sep 29, 2023

cfabianski commented Oct 4, 2023

cfabianski commented Oct 16, 2023

mitchellh commented Oct 31, 2023

umbynos commented Oct 31, 2023

mitchellh commented Oct 31, 2023

feat: Move to Notarytool #72

feat: Move to Notarytool #72

Conversation

LuisUrr commented Aug 3, 2023 • edited Loading

puneet-ekline commented Sep 27, 2023

puneet-ekline commented Sep 27, 2023

LuisUrr commented Sep 28, 2023

puneet-ekline commented Sep 29, 2023 • edited Loading

LuisUrr commented Sep 29, 2023 • edited Loading

puneet-ekline commented Sep 29, 2023 • edited Loading

puneet-ekline commented Sep 29, 2023

puneet-ekline commented Sep 29, 2023

LuisUrr commented Sep 29, 2023

cfabianski commented Oct 4, 2023

cfabianski commented Oct 16, 2023

mitchellh commented Oct 31, 2023

umbynos commented Oct 31, 2023

mitchellh commented Oct 31, 2023

LuisUrr commented Aug 3, 2023 •

edited

Loading

puneet-ekline commented Sep 29, 2023 •

edited

Loading

LuisUrr commented Sep 29, 2023 •

edited

Loading

puneet-ekline commented Sep 29, 2023 •

edited

Loading