New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix macOS notarization (signing), migrate to notarytool
#12735
Conversation
if (result.Contains("The software asset has already been uploaded. The upload ID is")) | ||
{ | ||
// Example: The software asset has already been uploaded. The upload ID is 7689dc08-d6c8-4783-8d28-33e575f5c967 | ||
uploadId = result.Split('"').First(line => line.Contains("The software asset has already been uploaded.")).Split("The upload ID is")[^1].Trim(); | ||
} | ||
else if (result.Contains("No errors uploading")) | ||
{ | ||
// Example: <key>RequestUUID</key>\n\t\t<string>2a2a164f-2ae7-4293-8357-5d5a5cdd580a</string> | ||
|
||
var lines = result.Split('\n'); | ||
|
||
for (int i = 0; i < lines.Length; i++) | ||
{ | ||
string line = lines[i].Trim(); | ||
if (!line.TrimStart().StartsWith("<key>", StringComparison.InvariantCultureIgnoreCase)) | ||
{ | ||
continue; | ||
} | ||
|
||
if (line.Contains("<key>RequestUUID</key>", StringComparison.InvariantCulture)) | ||
{ | ||
uploadId = lines[i + 1].Trim().Replace("<string>", "").Replace("</string>", ""); | ||
} | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't need the uploadId
anymore, so these hacks are obsolete.
Stopwatch sw = new(); | ||
sw.Start(); | ||
while (true) // Wait for the notarization. | ||
{ | ||
Console.WriteLine($"Checking notarization status. Elapsed time: {sw.Elapsed}"); | ||
using var process = Process.Start(new ProcessStartInfo | ||
{ | ||
FileName = "xcrun", | ||
Arguments = $"altool --notarization-info \"{uploadId}\" -u \"{appleId}\" -p \"{password}\"", | ||
RedirectStandardError = true, | ||
RedirectStandardOutput = true, | ||
}); | ||
var nonNullProcess = WaitProcessToFinish(process, "xcrum"); | ||
string result = $"{nonNullProcess.StandardError.ReadToEnd()} {nonNullProcess.StandardOutput.ReadToEnd()}"; | ||
if (result.Contains("Status Message: Package Approved")) | ||
{ | ||
break; | ||
} | ||
if (result.Contains("Status: in progress")) | ||
{ | ||
Thread.Sleep(4000); | ||
continue; | ||
} | ||
if (result.Contains("Could not find the RequestUUID")) | ||
{ | ||
Thread.Sleep(4000); | ||
continue; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No need to periodically send a request to Apple about the notarization's status.
Thanks to the --wait
option.
@@ -327,85 +328,22 @@ private static Process WaitProcessToFinish(Process? process, string processName) | |||
return process; | |||
} | |||
|
|||
private static void Notarize(string appleId, string password, string filePath, string bundleIdentifier) | |||
private static void Notarize(string appleId, string filePath) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed the unused params
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cACK
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I cannot test this but LGTM. ACK merging.
Fixes: #12722
Looks like
altool
is obsolete and that caused the issue.Very useful Apple documentation I used on how to migrate from
altool
tonotarytool
https://developer.apple.com/documentation/technotes/tn3147-migrating-to-the-latest-notarization-tool
According to the apple documentation:
New process:
notarytool submit --wait --apple-id \"{appleId}\" -p \"WasabiNotarize\" \"{filePath}\"
With these changes I was able to do successful notarizations 5 times in a row.
Please review it commit by commit, it's easier.