Closed freakboy3742 closed 3 weeks ago
I'll have to wait for my Apple developer account to reactivate before I can test this – I paid today, but it apparently takes 24-48 hours to take effect.
Signing works fine, but notarization has now been "in progress" for over an hour. This probably isn't Briefcase's fault, but I'll leave it overnight and see what happens.
[consoletest] Notarizing PKG with team ID T72CJ4HQ74...
Conducting pre-submission checks for Console test-0.0.1.pkg and initiating connection to the Apple notary service...
Submission ID received
id: 292fb6c1-2616-4b8c-b357-175f699a8ba0
Successfully uploaded file
id: 292fb6c1-2616-4b8c-b357-175f699a8ba0
path: /Users/msmith/git/beeware/apps/consoletest/dist/Console test-0.0.1.pkg
Waiting for processing to complete.
Current status: In Progress...
Current status: In Progress....
Current status: In Progress.....
Current status: In Progress......
Current status: In Progress.......
Current status: In Progress........
Current status: In Progress.........
Current status: In Progress..........
...
Yeah - notarisation is known to be a bit flaky. Not sure what we can do to make it less flaky though; we're entirely dependent on Apple's servers returning a response.
My first notarization attempt was still "in progress" after 10 hours. I interrupted it and tried again, and it succeeded after an additional 4 hours and 25 minutes.
I've only ever notarized something once before (this DMG). I don't remember how long it took, but it wasn't this long.
If this happens to other people then it might be worth printing a prominent warning. But it doesn't look as if many people are using the macOS packaging feature yet, so let's wait until we get some more feedback.
Unsigned macOS Installers are a bit difficult to use, as the OS "unknown developer" handling prevents installation.
This PR adds signing and notarisation options to
.pkg
builds.This signing requires a different signing identity - you need a "Development ID Installer" identity, rather than a "Development ID Application". To facilitate this, a
--installer-identity
option has been added (plus a--no-sign-installer
option to avoid signing entirely).Identity selection is a little complicated, because macOS doesn't appear to give a way to just list the installer certificates; so - this implementation lists all non-app certificates from the same Team ID as the application certificate.
PR Checklist: