EFForg / apkeep

MIT License
838 stars 53 forks source link

cargo-update: bump cryptographic-message-syntax from 0.16.0 to 0.17.0 #116

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps cryptographic-message-syntax from 0.16.0 to 0.17.0.

Release notes

Sourced from cryptographic-message-syntax's releases.

Apple Codesign 0.17.0

Release Info

Changelog

  • Major feature: Notarization is now implemented in Rust and no longer requires Apple's Transporter application. Going forward, you only need the rcodesign executable (or this crate embedded as a library) and an App Store Connect API Key to notarize. Major thanks to Robin Lambertz (@​roblabla) for contributing the bulk of the implementation in #593.
  • As a result of native notarization, integration with Apple's Transporter has been removed. The find-transporter command has been removed. Rust APIs related to Transporter, the app metadata XML format it used, and App Store Connect APIs previously used have been removed.
  • As a result of native notarization, UI and implementation details of notarization have changed. The output when uploading assets is much more concise. Before, code existed to normalize uploaded assets to a data format required by Transporter. As a side-effect, assets were somewhat validated locally before upload. In the new world, minimal checks are performed locally. This can result in errors (such as attempting to upload an asset without a code signature) occurring later than they did previously.
  • A new encode-app-store-connect-api-key command can be used to encode an App Store Connect API Key in a single JSON object. These keys are used for notarization and having all the API Key metadata in a single file / JSON blob means you have 1 entity to define your App Store Connect API Key instead of 3, making UI simpler.
  • The notarize command has been renamed to notary-submit. This follows the terminology of Apple's notarytool and mimics the nomenclature used by the Notary API. The old notarize command is an alias to notary-submit.
  • The notary-submit command now has an --api-key-path argument defining the path to a JSON file containing the unified App Store Connect API Key emitted by the encode-app-store-connect-api-key command. We recommend using this method for specifying the API Key going forward, as it is simpler. The old method was required for use with Apple's Transporter application, which we no longer use so we're no longer bound by its requirements. The old method will likely be dropped from a future release.
  • A new notary-wait command can be used to wait on a previous notary submission to complete and to view its log info. This command can be useful if notary-submit times out or otherwise fails and you want to query the status of a previous notarization.
  • A new notary-log command will fetch the notarization log of a previous submission from the Notary API server.
  • Fixed signing of Mach-O binaries having a gap between segments. (This is known to commonly occur in Go binaries.) In previous versions, we would compute digests of the file incorrectly and would encounter an assertion when copying

... (truncated)

Commits
  • db345ba releasebot: release-version-change cryptographic-message-syntax 0.17.0-pre ->...
  • 2bcfe15 releasebot: release-version-change x509-certificate 0.14.0-pre -> 0.14.0
  • 71b31aa releasebot: release-version-change pgp-cleartext 0.3.0-pre -> 0.3.0
  • 313e378 apple-codesign: add release date for 0.17
  • d3a7859 pyoxidizer: synchronize new-project-cargo.lock
  • a7ef243 apple-codesign: docs tweaks
  • b30bc50 apple-codesign: remove unused dependencies
  • e2614e3 apple-codesign: use common function for sending App Store Connect API requests
  • ec89148 apple-codesign: remove unused constant
  • 1df03e3 apple-codesign: add notary-log command
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 2 years ago

The following labels could not be found: dependencies.

dependabot[bot] commented 2 years ago

Looks like cryptographic-message-syntax is up-to-date now, so this is no longer needed.