Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(macos): fix notraytool's apple-id option name, close #7917 #7934

Merged
merged 3 commits into from
Oct 2, 2023

Conversation

pewsheen
Copy link
Contributor

@pewsheen pewsheen commented Oct 2, 2023

What kind of change does this PR introduce?

  • Bugfix
  • Feature
  • Docs
  • New Binding issue #___
  • Code style update
  • Refactor
  • Build-related changes
  • Other, please describe:

Does this PR introduce a breaking change?

  • Yes, and the changes were approved in issue #___
  • No

Checklist

  • When resolving issues, they are referenced in the PR's title (e.g fix: remove a typo, closes #___, #___)
  • A change file is added if any packages will require a version bump due to this PR per the instructions in the readme.
  • I have added a convincing reason for adding this feature, if necessary

Other information

Issue: #7917

OVERVIEW: Submit an archive to the Notary service

USAGE: notarytool submit [<options>] <file-path>

ARGUMENTS:
  <file-path>             Path to the archive

OPTIONS:
  -v, --verbose
  -k, --key <key>         App Store Connect API key. File system path to the private key.
  -d, --key-id <key-id>   App Store Connect API Key ID. Usually 10 alphanumeric characters.
  -i, --issuer <issuer>   App Store Connect API Issuer ID. UUID format.
  --apple-id <apple-id>   Developer Apple ID.
  --password <password>   App-specific password for your Apple ID. You will be given a secure prompt on the command line if Apple ID and Team ID are provided and '--password' option is
                          not specified.
  --team-id <team-id>     Developer Team ID.
  -p, --keychain-profile <keychain-profile>
                          Authenticate with credentials stored in the Keychain. Use the profile name you provided in the "store-credentials" command.
  --keychain <keychain>   Pass the path to a keychain file to use for reading the keychain item. If the specified keychain is locked, you'll be prompted to unlock it.
  -f, --output-format <output-format>
                          Desired output format. Note that 'json' and 'plist' are incompatible with '--progress'; a single update will be output at the end of the operation. Choices:
                          ["normal", "json", "plist"] (default: normal)
  --progress/--no-progress
                          Display progress indicators. Only compatible with normal output format (default) and will be otherwise suppressed. (default: true)
  --webhook <webhook>     Designate a public webhook URL to receive HTTP notifications on.
  --wait/--no-wait        Wait until processing is complete. Optionally set a '--timeout' if waiting. (default: false)
  --timeout <duration>    Optional time limit for 'wait'. notarytool will exit after polling for <duration>. The Notary service will continue processing even if the timeout is reached.
        'duration' is an integer followed by an optional suffix: seconds 's' (default), minutes 'm', hours 'h'. Examples: '3600', '60m', '1h'
  --s3-acceleration/--no-s3-acceleration
                          Use S3 Transfer Acceleration for uploads. (default: true)
  --force                 Upload the file even if pre-flight validation or other problems are encountered.
  --version               Show the version.
  -h, --help              Show help information.

Not seeing the --username option in the notarytool's manual, I guess it might be a typo?
After changing it back to --apple-id, it signed successfully.

@pewsheen pewsheen requested a review from a team as a code owner October 2, 2023 07:43
@lucasfernog lucasfernog merged commit d6eb46c into tauri-apps:1.x Oct 2, 2023
1 check passed
@pewsheen pewsheen deleted the fix/notarytool-args-apple-id branch October 2, 2023 15:16
@reyamir
Copy link

reyamir commented Oct 4, 2023

This PR introduce new error

Must provide all app-specific password authentication arguments (--apple-id, --password, --team-id). You may leave '--password' unspecified on initial invocation to receive a secure prompt.

       Error [tauri_cli_node] failed to bundle project: failed to upload app to Apple's notarization servers.
 ELIFECYCLE  Command failed with exit code 1.

@pewsheen
Copy link
Contributor Author

pewsheen commented Oct 4, 2023

This PR introduce new error

Must provide all app-specific password authentication arguments (--apple-id, --password, --team-id). You may leave '--password' unspecified on initial invocation to receive a secure prompt.

       Error [tauri_cli_node] failed to bundle project: failed to upload app to Apple's notarization servers.
 ELIFECYCLE  Command failed with exit code 1.

Hmm, Did you set your APPLE_TEAM_ID to the environment when bundling? This is a new environment variable in 1.5 and seems required by the new notarytools

@chirok11
Copy link

chirok11 commented Oct 6, 2023

If it is required, so why it is in Option<> then?

@FabianLars
Copy link
Member

We left it as an option because the apple docs made it sound like it was optional. A pr to make it required was already opened.

@chirok11
Copy link

chirok11 commented Oct 6, 2023

Yes, it seem's to be. Anyway it would be better to make it as required as it is best-practice.
https://developer.apple.com/documentation/technotes/tn3147-migrating-to-the-latest-notarization-tool

If your Apple ID only belongs to one team then you don’t need to supply a Team ID. However, it’s best practice to include it regardless. That way, joining another team at some point in the future won’t break your notarization workflow. To find your Team ID, go to the Account page on the Apple Developer website.

@FabianLars
Copy link
Member

To be clear, their docs make it sound like it's optional when it's not. It is required by notarytool and not just best practice. We'll adapt the tauri cli to also require it as mentioned above in this PR: #7972

jason-crabnebula added a commit to jason-crabnebula/cargo-packager that referenced this pull request Oct 18, 2023
Port of tauri-apps/tauri#7934

Co-authored-by: Jason Tsai <jason@pews.dev>
Co-authored-by: Lucas Fernandes Nogueira <lucas@tauri.app>
jason-crabnebula added a commit to jason-crabnebula/cargo-packager that referenced this pull request Oct 18, 2023
Port of tauri-apps/tauri#7934

Co-authored-by: Jason Tsai <jason@pews.dev>
Co-authored-by: Lucas Fernandes Nogueira <lucas@tauri.app>
lucasfernog-crabnebula added a commit to crabnebula-dev/cargo-packager that referenced this pull request Oct 23, 2023
* feat(macos): add team_id option for apple notarization
Port of tauri-apps/tauri#7775

Co-authored-by: Trey Smith <trey@fulcrum-acoustic.com>
Co-authored-by: Lucas Nogueira <lucas@tauri.app>

* fix(macos): fix notraytool's apple-id option name
Port of tauri-apps/tauri#7934

Co-authored-by: Jason Tsai <jason@pews.dev>
Co-authored-by: Lucas Fernandes Nogueira <lucas@tauri.app>

* fix(macos): team ID is now required for notarytool via app password
Port of tauri-apps/tauri#7972

Co-authored-by: Lucas Fernandes Nogueira <lucas@tauri.app>

* refactor: remove Error::MissingNotarizeAuthTeamId

Co-authored-by: Lucas Nogueira <lucas@crabnebula.dev>

---------

Co-authored-by: Trey Smith <trey@fulcrum-acoustic.com>
Co-authored-by: Lucas Nogueira <lucas@tauri.app>
Co-authored-by: Jason Tsai <jason@pews.dev>
Co-authored-by: Lucas Nogueira <lucas@crabnebula.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: 🔎 In audit
Development

Successfully merging this pull request may close these issues.

5 participants