Closed LuisUrr closed 11 months ago
@mitchellh Can we merge this pull request, and release a new version.
@LuisUrr Are you building it from the source to run this version?
@LuisUrr Are you building it from the source to run this version?
The output in the above description comes from using the binary following a local Go build
@LuisUrr It seems that notarytool does not take in the password as @env:AC_PASSWORD
https://keith.github.io/xcode-man-pages/notarytool.1.html
altool did allow to pass in the password using @env:AC_PASSWORD
I believe we might need to update the code in main.go
to fix this problem.
Right now if I use @env:AC_PASSWORD
notarytool just says invalid credentials.
That said, I go see tthe output you shared above, and it somehow says that it is able to accept @env:AC_PASSWORD
which I am not sure about.
@LuisUrr It seems that notarytool does not take in the password as
@env:AC_PASSWORD
https://keith.github.io/xcode-man-pages/notarytool.1.htmlaltool did allow to pass in the password using
@env:AC_PASSWORD
I believe we might need to update the code in
main.go
to fix this problem.Right now if I use
@env:AC_PASSWORD
notarytool just says invalid credentials.That said, I go see tthe output you shared above, and it somehow says that it is able to accept
@env:AC_PASSWORD
which I am not sure about.
Notarytool takes this -password app-specific-password
parameter which is the one taken from @env:AC_PASSWORD
for all the notarytool
commands such as submit, log and info. wonder if the credentials you're using aren't the correct ones for the app. When I tested this I used the same @env:AC_PASSWORD
for both altool and notarytool and they worked for me...
They are correct, as it works when I pass them directly.
Try the following
AC_PASSWORD="your-password" xcrun notarytool history --apple-id "abcd@icloud.com" --password "@env:AC_PASSWORD" --team-id "UHO56587K"
‴ This will likely fail.
Then try
xcrun notarytool history --apple-id "abcd@icloud.com" --password "your_password" --team-id "UHO56587K"
‴ This suceeds if the password is correct.
Notarytool takes this -password app-specific-password parameter which is the one taken from @env:AC_PASSWORD for all the notarytool commands such as submit
Is there a place you get this from? I don't see it in notarytool documentation.
% xcrun notarytool submit --help
OVERVIEW: Submit an archive to the Notary service
USAGE: notarytool submit [<options>] <file-path>
ARGUMENTS:
<file-path> Path to the archive
OPTIONS:
-v, --verbose
-k, --key <key> App Store Connect API key. File system path to the private key.
-d, --key-id <key-id> App Store Connect API Key ID. Usually 10 alphanumeric characters.
-i, --issuer <issuer> App Store Connect API Issuer ID. UUID format.
--apple-id <apple-id> Developer Apple ID.
--password <password> App-specific password for your Apple ID. You will be given a secure prompt on the command line if Apple ID and Team ID are provided and '--password' option is not
specified.
For altool it clearly states:
~ xcrun altool --help
2023-09-29 00:23:55.315 Copyright (c) 2009-2021, Apple Inc. Version 6.043.14043
2023-09-29 00:23:55.317
2023-09-29 00:23:55.317 usage: altool --upload-package <file> --type <platform> --asc-public-id <id> --apple-id <id>
2023-09-29 00:23:55.317 --bundle-version <version> --bundle-short-version-string <string>
2023-09-29 00:23:55.317 --bundle-id <id>
2023-09-29 00:23:55.317 {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317 altool --upload-hosted-content <file> --sku <sku> --type <platform> --product-id <id> --asc-provider <id>
2023-09-29 00:23:55.317 {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317 altool --validate-app -f <file> -t <platform>
2023-09-29 00:23:55.317 {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317 altool --upload-app -f <file> -t <platform>
2023-09-29 00:23:55.317 {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317 altool --notarize-app -f <file> --primary-bundle-id <bundle_id>
2023-09-29 00:23:55.317 {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317 [--asc-provider <name> | --team-id <id> | --asc-public-id <id>]
2023-09-29 00:23:55.317 altool --notarization-info <uuid>
2023-09-29 00:23:55.317 {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317 altool --notarization-history <page>
2023-09-29 00:23:55.317 {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317 [--asc-provider <name> | --team-id <id> | --asc-public-id <id>]
2023-09-29 00:23:55.317 altool --list-apps
2023-09-29 00:23:55.317 {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317 altool --list-providers
2023-09-29 00:23:55.317 {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.318 altool --store-password-in-keychain-item <keychain_item_name> -u <username> -p <password>
2023-09-29 00:23:55.318 [--keychain <filename> | --sync]
2023-09-29 00:23:55.318
2023-09-29 00:23:55.318 Exit codes: 0 success, 1 failure (Upon failure, an error code and message are generally also displayed.)
2023-09-29 00:23:55.318
2023-09-29 00:23:55.318 Authentication: Most commands require authorization.
2023-09-29 00:23:55.318 There are two methods available: user name with password, and apiKey with apiIssuer.
2023-09-29 00:23:55.318
2023-09-29 00:23:55.318 -u, --username <username> Username. Required to connect for validation, upload, and notarization.
2023-09-29 00:23:55.318 -p, --password <password> Password. Required if username specified. If this argument is not supplied on the command line,
2023-09-29 00:23:55.318 it will be read from stdin.
2023-09-29 00:23:55.318 Alternatively to entering <password> in plaintext, it may also be specified using a '@keychain:'
2023-09-29 00:23:55.318 or '@env:' prefix followed by a keychain password item name or environment variable name.
2023-09-29 00:23:55.318 Example: '-p @keychain:<name>' uses the password stored in the keychain password item named <name>.
2023-09-29 00:23:55.318 You can create and update keychain items with the
2023-09-29 00:23:55.318 --store-password-in-keychain-item command. Note also that the
2023-09-29 00:23:55.318 --username can be inferred from the keychain item so --username
2023-09-29 00:23:55.318 can be omitted when using a '-p @keychain:' option.
2023-09-29 00:23:55.318 Example: '-p @env:<variable>' uses the value in the environment variable named <variable>
For altool it clearly states:
~ xcrun altool --help 2023-09-29 00:23:55.315 Copyright (c) 2009-2021, Apple Inc. Version 6.043.14043 2023-09-29 00:23:55.317 2023-09-29 00:23:55.317 usage: altool --upload-package <file> --type <platform> --asc-public-id <id> --apple-id <id> 2023-09-29 00:23:55.317 --bundle-version <version> --bundle-short-version-string <string> 2023-09-29 00:23:55.317 --bundle-id <id> 2023-09-29 00:23:55.317 {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>} 2023-09-29 00:23:55.317 altool --upload-hosted-content <file> --sku <sku> --type <platform> --product-id <id> --asc-provider <id> 2023-09-29 00:23:55.317 {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>} 2023-09-29 00:23:55.317 altool --validate-app -f <file> -t <platform> 2023-09-29 00:23:55.317 {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>} 2023-09-29 00:23:55.317 altool --upload-app -f <file> -t <platform> 2023-09-29 00:23:55.317 {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>} 2023-09-29 00:23:55.317 altool --notarize-app -f <file> --primary-bundle-id <bundle_id> 2023-09-29 00:23:55.317 {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>} 2023-09-29 00:23:55.317 [--asc-provider <name> | --team-id <id> | --asc-public-id <id>] 2023-09-29 00:23:55.317 altool --notarization-info <uuid> 2023-09-29 00:23:55.317 {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>} 2023-09-29 00:23:55.317 altool --notarization-history <page> 2023-09-29 00:23:55.317 {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>} 2023-09-29 00:23:55.317 [--asc-provider <name> | --team-id <id> | --asc-public-id <id>] 2023-09-29 00:23:55.317 altool --list-apps 2023-09-29 00:23:55.317 {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>} 2023-09-29 00:23:55.317 altool --list-providers 2023-09-29 00:23:55.317 {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>} 2023-09-29 00:23:55.318 altool --store-password-in-keychain-item <keychain_item_name> -u <username> -p <password> 2023-09-29 00:23:55.318 [--keychain <filename> | --sync] 2023-09-29 00:23:55.318 2023-09-29 00:23:55.318 Exit codes: 0 success, 1 failure (Upon failure, an error code and message are generally also displayed.) 2023-09-29 00:23:55.318 2023-09-29 00:23:55.318 Authentication: Most commands require authorization. 2023-09-29 00:23:55.318 There are two methods available: user name with password, and apiKey with apiIssuer. 2023-09-29 00:23:55.318 2023-09-29 00:23:55.318 -u, --username <username> Username. Required to connect for validation, upload, and notarization. 2023-09-29 00:23:55.318 -p, --password <password> Password. Required if username specified. If this argument is not supplied on the command line, 2023-09-29 00:23:55.318 it will be read from stdin. 2023-09-29 00:23:55.318 Alternatively to entering <password> in plaintext, it may also be specified using a '@keychain:' 2023-09-29 00:23:55.318 or '@env:' prefix followed by a keychain password item name or environment variable name. 2023-09-29 00:23:55.318 Example: '-p @keychain:<name>' uses the password stored in the keychain password item named <name>. 2023-09-29 00:23:55.318 You can create and update keychain items with the 2023-09-29 00:23:55.318 --store-password-in-keychain-item command. Note also that the 2023-09-29 00:23:55.318 --username can be inferred from the keychain item so --username 2023-09-29 00:23:55.318 can be omitted when using a '-p @keychain:' option. 2023-09-29 00:23:55.318 Example: '-p @env:<variable>' uses the value in the environment variable named <variable>
They are correct, as it works when I pass them directly.
Try the following
AC_PASSWORD="your-password" xcrun notarytool history --apple-id "abcd@icloud.com" --password "@env:AC_PASSWORD" --team-id "UHO56587K"
‴ This will likely fail.
Then try
xcrun notarytool history --apple-id "abcd@icloud.com" --password "your_password" --team-id "UHO56587K"
‴ This suceeds if the password is correct.
I see what you mean above, I'd need to test it again and make changes if I can manage to replicate the issue, could look into this next week when I get some time to do so. Thanks for looking into this btw.
@mitchellh Do you have any plans on merging and making a new release for this one? π
I have forked and built a new Gon from this PR.
I have been facing the issue @puneet-ekline was facing regarding the @env:AC_PASSWORD
which is not supported in the new tool. I updated the documentation to take that into account.
See https://github.com/Bearer/bearer/pull/1335
Feel free to give it a try and let me if you are facing issues.
The fork is using itself to build so that's a good sign that it works I'd say :D
Thanks! Sorry for taking so long, I don't really use this tool anymore so its falling by the wayside π I appreciate the help.
@mitchellh could you please make a release? So that users can benefit from it
@mitchellh could you please make a release? So that users can benefit from it
Not really. I don't have any of the required things installed my computer (Go, certs, etc.) and I unfortunately never setup release automation for this repo. :( You'll have to build from source.
This PR covers migration from altool to notarytool
Output following changes looks like below: