search

mitchellh / gon

Sign, notarize, and package macOS CLI tools and applications written in any language. Available as both a CLI and a Go library.
MIT License
1.47k stars 96 forks source link

feat: Move to Notarytool #72

Closed LuisUrr closed 11 months ago

LuisUrr commented 1 year ago

This PR covers migration from altool to notarytool

Output following changes looks like below:

==> ✏️  Signing files...
{"@level":"info","@message":"executing codesigning","@module":"sign","@timestamp":"2023-08-03T08:43:40.698044+01:00","command_args":["codesign","-s","Developer ID Application: Mitchell Hashimoto","-f","-v","--timestamp","--options","runtime","./terraform"],"command_path":"/usr/bin/codesign","files":["./terraform"]}
{"@level":"info","@message":"codesigning complete","@module":"sign","@timestamp":"2023-08-03T08:43:46.865679+01:00","output":"./terraform: replacing existing signature\n./terraform: signed Mach-O thin (x86_64) [terraform]\n"}
    Code signing successful
==> πŸ“¦  Creating Zip archive...
    Zip archive created with signed files
==> 🍎  Notarizing...
    Path: terraform.zip
    Submitting file for notarization...
{"@level":"info","@message":"submitting file for notarization","@module":"notarize","@timestamp":"2023-08-03T08:43:47.516562+01:00","command_args":["xcrun","notarytool","submit","terraform.zip","--apple-id","mitchell.hashimoto@gmail.com","--password","@env:AC_PASSWORD","--team-id","UL304B4VGY","--output-format","plist"],"command_path":"/usr/bin/xcrun","file":"terraform.zip"}
{"@level":"info","@message":"notarization submission complete","@module":"notarize","@timestamp":"2023-08-03T08:43:57.952918+01:00","err":null,"output":"\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003c!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\"\u003e\n\u003cplist version=\"1.0\"\u003e\n\u003cdict\u003e\n\t\u003ckey\u003eid\u003c/key\u003e\n\t\u003cstring\u003e68cf83f4-48dc-42bc-a910-393638b191ed\u003c/string\u003e\n\t\u003ckey\u003emessage\u003c/key\u003e\n\t\u003cstring\u003eSuccessfully uploaded file\u003c/string\u003e\n\t\u003ckey\u003epath\u003c/key\u003e\n\t\u003cstring\u003e/gon/cmd/gon/terraform.zip\u003c/string\u003e\n\u003c/dict\u003e\n\u003c/plist\u003e\n\n"}
{"@level":"info","@message":"notarization request submitted","@module":"notarize","@timestamp":"2023-08-03T08:43:57.953155+01:00","request_id":"68cf83f4-48dc-42bc-a910-393638b191ed"}
    Submitted. Request UUID: 68cf83f4-48dc-42bc-a910-393638b191ed
    Waiting for results from Apple. This can take minutes to hours.
{"@level":"info","@message":"requesting notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:07.953490+01:00","command_args":["xcrun","notarytool","info","68cf83f4-48dc-42bc-a910-393638b191ed","--apple-id","mitchell.hashimoto@gmail.com","--password","@env:AC_PASSWORD","--team-id","UL304B4VGY","--output-format","plist"],"command_path":"/usr/bin/xcrun","uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"notarization info command finished","@module":"notarize","@timestamp":"2023-08-03T08:44:09.126064+01:00","err":null,"output":"\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003c!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\"\u003e\n\u003cplist version=\"1.0\"\u003e\n\u003cdict\u003e\n\t\u003ckey\u003ecreatedDate\u003c/key\u003e\n\t\u003cstring\u003e2023-08-03T07:43:48.780Z\u003c/string\u003e\n\t\u003ckey\u003eid\u003c/key\u003e\n\t\u003cstring\u003e68cf83f4-48dc-42bc-a910-393638b191ed\u003c/string\u003e\n\t\u003ckey\u003emessage\u003c/key\u003e\n\t\u003cstring\u003eSuccessfully received submission info\u003c/string\u003e\n\t\u003ckey\u003ename\u003c/key\u003e\n\t\u003cstring\u003eterraform.zip\u003c/string\u003e\n\t\u003ckey\u003estatus\u003c/key\u003e\n\t\u003cstring\u003eIn Progress\u003c/string\u003e\n\u003c/dict\u003e\n\u003c/plist\u003e\n\n"}
{"@level":"info","@message":"notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:09.126204+01:00","info":{"RequestUUID":"68cf83f4-48dc-42bc-a910-393638b191ed","Date":"2023-08-03T07:43:48.780Z","Name":"terraform.zip","Status":"In Progress","StatusMessage":"Successfully received submission info"},"uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"requesting notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:09.126303+01:00","command_args":["xcrun","notarytool","info","68cf83f4-48dc-42bc-a910-393638b191ed","--apple-id","mitchell.hashimoto@gmail.com","--password","@env:AC_PASSWORD","--team-id","UL304B4VGY","--output-format","plist"],"command_path":"/usr/bin/xcrun","uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"notarization info command finished","@module":"notarize","@timestamp":"2023-08-03T08:44:10.388970+01:00","err":null,"output":"\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003c!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\"\u003e\n\u003cplist version=\"1.0\"\u003e\n\u003cdict\u003e\n\t\u003ckey\u003ecreatedDate\u003c/key\u003e\n\t\u003cstring\u003e2023-08-03T07:43:48.780Z\u003c/string\u003e\n\t\u003ckey\u003eid\u003c/key\u003e\n\t\u003cstring\u003e68cf83f4-48dc-42bc-a910-393638b191ed\u003c/string\u003e\n\t\u003ckey\u003emessage\u003c/key\u003e\n\t\u003cstring\u003eSuccessfully received submission info\u003c/string\u003e\n\t\u003ckey\u003ename\u003c/key\u003e\n\t\u003cstring\u003eterraform.zip\u003c/string\u003e\n\t\u003ckey\u003estatus\u003c/key\u003e\n\t\u003cstring\u003eIn Progress\u003c/string\u003e\n\u003c/dict\u003e\n\u003c/plist\u003e\n\n"}
{"@level":"info","@message":"notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:10.389120+01:00","info":{"RequestUUID":"68cf83f4-48dc-42bc-a910-393638b191ed","Date":"2023-08-03T07:43:48.780Z","Name":"terraform.zip","Status":"In Progress","StatusMessage":"Successfully received submission info"},"uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
    InfoStatus: In Progress
{"@level":"info","@message":"requesting notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:15.389412+01:00","command_args":["xcrun","notarytool","info","68cf83f4-48dc-42bc-a910-393638b191ed","--apple-id","mitchell.hashimoto@gmail.com","--password","@env:AC_PASSWORD","--team-id","UL304B4VGY","--output-format","plist"],"command_path":"/usr/bin/xcrun","uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"notarization info command finished","@module":"notarize","@timestamp":"2023-08-03T08:44:16.609973+01:00","err":null,"output":"\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003c!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\"\u003e\n\u003cplist version=\"1.0\"\u003e\n\u003cdict\u003e\n\t\u003ckey\u003ecreatedDate\u003c/key\u003e\n\t\u003cstring\u003e2023-08-03T07:43:48.780Z\u003c/string\u003e\n\t\u003ckey\u003eid\u003c/key\u003e\n\t\u003cstring\u003e68cf83f4-48dc-42bc-a910-393638b191ed\u003c/string\u003e\n\t\u003ckey\u003emessage\u003c/key\u003e\n\t\u003cstring\u003eSuccessfully received submission info\u003c/string\u003e\n\t\u003ckey\u003ename\u003c/key\u003e\n\t\u003cstring\u003eterraform.zip\u003c/string\u003e\n\t\u003ckey\u003estatus\u003c/key\u003e\n\t\u003cstring\u003eIn Progress\u003c/string\u003e\n\u003c/dict\u003e\n\u003c/plist\u003e\n\n"}
{"@level":"info","@message":"notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:16.610136+01:00","info":{"RequestUUID":"68cf83f4-48dc-42bc-a910-393638b191ed","Date":"2023-08-03T07:43:48.780Z","Name":"terraform.zip","Status":"In Progress","StatusMessage":"Successfully received submission info"},"uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"requesting notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:21.610403+01:00","command_args":["xcrun","notarytool","info","68cf83f4-48dc-42bc-a910-393638b191ed","--apple-id","mitchell.hashimoto@gmail.com","--password","@env:AC_PASSWORD","--team-id","UL304B4VGY","--output-format","plist"],"command_path":"/usr/bin/xcrun","uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"notarization info command finished","@module":"notarize","@timestamp":"2023-08-03T08:44:22.825724+01:00","err":null,"output":"\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003c!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\"\u003e\n\u003cplist version=\"1.0\"\u003e\n\u003cdict\u003e\n\t\u003ckey\u003ecreatedDate\u003c/key\u003e\n\t\u003cstring\u003e2023-08-03T07:43:48.780Z\u003c/string\u003e\n\t\u003ckey\u003eid\u003c/key\u003e\n\t\u003cstring\u003e68cf83f4-48dc-42bc-a910-393638b191ed\u003c/string\u003e\n\t\u003ckey\u003emessage\u003c/key\u003e\n\t\u003cstring\u003eSuccessfully received submission info\u003c/string\u003e\n\t\u003ckey\u003ename\u003c/key\u003e\n\t\u003cstring\u003eterraform.zip\u003c/string\u003e\n\t\u003ckey\u003estatus\u003c/key\u003e\n\t\u003cstring\u003eIn Progress\u003c/string\u003e\n\u003c/dict\u003e\n\u003c/plist\u003e\n\n"}
{"@level":"info","@message":"notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:22.825893+01:00","info":{"RequestUUID":"68cf83f4-48dc-42bc-a910-393638b191ed","Date":"2023-08-03T07:43:48.780Z","Name":"terraform.zip","Status":"In Progress","StatusMessage":"Successfully received submission info"},"uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"requesting notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:27.827136+01:00","command_args":["xcrun","notarytool","info","68cf83f4-48dc-42bc-a910-393638b191ed","--apple-id","mitchell.hashimoto@gmail.com","--password","@env:AC_PASSWORD","--team-id","UL304B4VGY","--output-format","plist"],"command_path":"/usr/bin/xcrun","uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"notarization info command finished","@module":"notarize","@timestamp":"2023-08-03T08:44:29.105726+01:00","err":null,"output":"\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003c!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\"\u003e\n\u003cplist version=\"1.0\"\u003e\n\u003cdict\u003e\n\t\u003ckey\u003ecreatedDate\u003c/key\u003e\n\t\u003cstring\u003e2023-08-03T07:43:48.780Z\u003c/string\u003e\n\t\u003ckey\u003eid\u003c/key\u003e\n\t\u003cstring\u003e68cf83f4-48dc-42bc-a910-393638b191ed\u003c/string\u003e\n\t\u003ckey\u003emessage\u003c/key\u003e\n\t\u003cstring\u003eSuccessfully received submission info\u003c/string\u003e\n\t\u003ckey\u003ename\u003c/key\u003e\n\t\u003cstring\u003eterraform.zip\u003c/string\u003e\n\t\u003ckey\u003estatus\u003c/key\u003e\n\t\u003cstring\u003eIn Progress\u003c/string\u003e\n\u003c/dict\u003e\n\u003c/plist\u003e\n\n"}
{"@level":"info","@message":"notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:29.105892+01:00","info":{"RequestUUID":"68cf83f4-48dc-42bc-a910-393638b191ed","Date":"2023-08-03T07:43:48.780Z","Name":"terraform.zip","Status":"In Progress","StatusMessage":"Successfully received submission info"},"uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"requesting notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:34.106995+01:00","command_args":["xcrun","notarytool","info","68cf83f4-48dc-42bc-a910-393638b191ed","--apple-id","mitchell.hashimoto@gmail.com","--password","@env:AC_PASSWORD","--team-id","UL304B4VGY","--output-format","plist"],"command_path":"/usr/bin/xcrun","uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"notarization info command finished","@module":"notarize","@timestamp":"2023-08-03T08:44:35.239615+01:00","err":null,"output":"\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003c!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\"\u003e\n\u003cplist version=\"1.0\"\u003e\n\u003cdict\u003e\n\t\u003ckey\u003ecreatedDate\u003c/key\u003e\n\t\u003cstring\u003e2023-08-03T07:43:48.780Z\u003c/string\u003e\n\t\u003ckey\u003eid\u003c/key\u003e\n\t\u003cstring\u003e68cf83f4-48dc-42bc-a910-393638b191ed\u003c/string\u003e\n\t\u003ckey\u003emessage\u003c/key\u003e\n\t\u003cstring\u003eSuccessfully received submission info\u003c/string\u003e\n\t\u003ckey\u003ename\u003c/key\u003e\n\t\u003cstring\u003eterraform.zip\u003c/string\u003e\n\t\u003ckey\u003estatus\u003c/key\u003e\n\t\u003cstring\u003eAccepted\u003c/string\u003e\n\u003c/dict\u003e\n\u003c/plist\u003e\n\n"}
{"@level":"info","@message":"notarization info","@module":"notarize","@timestamp":"2023-08-03T08:44:35.239747+01:00","info":{"RequestUUID":"68cf83f4-48dc-42bc-a910-393638b191ed","Date":"2023-08-03T07:43:48.780Z","Name":"terraform.zip","Status":"Accepted","StatusMessage":"Successfully received submission info"},"uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
    InfoStatus: Accepted
{"@level":"info","@message":"requesting notarization log","@module":"notarize","@timestamp":"2023-08-03T08:44:35.239936+01:00","command_args":["xcrun","notarytool","log","68cf83f4-48dc-42bc-a910-393638b191ed","--apple-id","mitchell.hashimoto@gmail.com","--password","@env:AC_PASSWORD","--team-id","UL304B4VGY"],"command_path":"/usr/bin/xcrun","uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
{"@level":"info","@message":"notarization log command finished","@module":"notarize","@timestamp":"2023-08-03T08:44:37.375880+01:00","err":null,"output":"{\n  \"logFormatVersion\": 1,\n  \"jobId\": \"68cf83f4-48dc-42bc-a910-393638b191ed\",\n  \"status\": \"Accepted\",\n  \"statusSummary\": \"Ready for distribution\",\n  \"statusCode\": 0,\n  \"archiveFilename\": \"terraform.zip\",\n  \"uploadDate\": \"2023-08-03T07:43:57.821Z\",\n  \"sha256\": \"73eb6e677004e795f98a520c4addfbf98716ea6cd0f8364adcade001fabd6631\",\n  \"ticketContents\": [\n    {\n      \"path\": \"terraform.zip/terraform\",\n      \"digestAlgorithm\": \"SHA-256\",\n      \"cdhash\": \"b26962bc9df1d3a60bdf304ed5eb87b7eadc9db6\",\n      \"arch\": \"x86_64\"\n    }\n  ],\n  \"issues\": null\n}\n"}
{"@level":"info","@message":"notarization log","@module":"notarize","@timestamp":"2023-08-03T08:44:37.376119+01:00","info":{"jobId":"68cf83f4-48dc-42bc-a910-393638b191ed","status":"Accepted","statusSummary":"Ready for distribution","statusCode":0,"archiveFilename":"terraform.zip","uploadDate":"2023-08-03T07:43:57.821Z","sha256":"73eb6e677004e795f98a520c4addfbf98716ea6cd0f8364adcade001fabd6631","issues":null,"ticketContents":[{"path":"terraform.zip/terraform","digestAlgorithm":"SHA-256","cdhash":"b26962bc9df1d3a60bdf304ed5eb87b7eadc9db6","arch":"x86_64"}]},"uuid":"68cf83f4-48dc-42bc-a910-393638b191ed"}
    LogStatus: Accepted
    File notarized!

Notarization complete! Notarized files:
  - terraform.zip (notarized)
puneet-ekline commented 1 year ago

@mitchellh Can we merge this pull request, and release a new version.

puneet-ekline commented 1 year ago

@LuisUrr Are you building it from the source to run this version?

LuisUrr commented 1 year ago

@LuisUrr Are you building it from the source to run this version?

The output in the above description comes from using the binary following a local Go build

puneet-ekline commented 1 year ago

@LuisUrr It seems that notarytool does not take in the password as @env:AC_PASSWORD https://keith.github.io/xcode-man-pages/notarytool.1.html

altool did allow to pass in the password using @env:AC_PASSWORD

I believe we might need to update the code in main.go to fix this problem.

Right now if I use @env:AC_PASSWORD notarytool just says invalid credentials.

That said, I go see tthe output you shared above, and it somehow says that it is able to accept @env:AC_PASSWORD which I am not sure about.

LuisUrr commented 1 year ago

@LuisUrr It seems that notarytool does not take in the password as @env:AC_PASSWORD https://keith.github.io/xcode-man-pages/notarytool.1.html

altool did allow to pass in the password using @env:AC_PASSWORD

I believe we might need to update the code in main.go to fix this problem.

Right now if I use @env:AC_PASSWORD notarytool just says invalid credentials.

That said, I go see tthe output you shared above, and it somehow says that it is able to accept @env:AC_PASSWORD which I am not sure about.

Notarytool takes this -password app-specific-password parameter which is the one taken from @env:AC_PASSWORD for all the notarytool commands such as submit, log and info. wonder if the credentials you're using aren't the correct ones for the app. When I tested this I used the same @env:AC_PASSWORD for both altool and notarytool and they worked for me...

puneet-ekline commented 1 year ago

They are correct, as it works when I pass them directly.

Try the following

 AC_PASSWORD="your-password" xcrun notarytool history  --apple-id "abcd@icloud.com" --password "@env:AC_PASSWORD" --team-id "UHO56587K"

‴ This will likely fail.

Then try 

xcrun notarytool history  --apple-id "abcd@icloud.com" --password "your_password" --team-id "UHO56587K"

‴ This suceeds if the password is correct.

puneet-ekline commented 1 year ago

Notarytool takes this -password app-specific-password parameter which is the one taken from @env:AC_PASSWORD for all the notarytool commands such as submit

Is there a place you get this from? I don't see it in notarytool documentation. 

% xcrun notarytool submit --help
OVERVIEW: Submit an archive to the Notary service

USAGE: notarytool submit [<options>] <file-path>

ARGUMENTS:
  <file-path>             Path to the archive

OPTIONS:
  -v, --verbose
  -k, --key <key>         App Store Connect API key. File system path to the private key.
  -d, --key-id <key-id>   App Store Connect API Key ID. Usually 10 alphanumeric characters.
  -i, --issuer <issuer>   App Store Connect API Issuer ID. UUID format.
  --apple-id <apple-id>   Developer Apple ID.
  --password <password>   App-specific password for your Apple ID. You will be given a secure prompt on the command line if Apple ID and Team ID are provided and '--password' option is not
                          specified.
puneet-ekline commented 1 year ago

For altool it clearly states: 

 ~ xcrun altool --help
2023-09-29 00:23:55.315 Copyright (c) 2009-2021, Apple Inc. Version 6.043.14043
2023-09-29 00:23:55.317
2023-09-29 00:23:55.317 usage: altool --upload-package <file> --type <platform> --asc-public-id <id> --apple-id <id>
2023-09-29 00:23:55.317                   --bundle-version <version> --bundle-short-version-string <string>
2023-09-29 00:23:55.317                   --bundle-id <id>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --upload-hosted-content <file> --sku <sku> --type <platform> --product-id <id> --asc-provider <id>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --validate-app -f <file> -t <platform>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --upload-app -f <file> -t <platform>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --notarize-app -f <file> --primary-bundle-id <bundle_id>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317                   [--asc-provider <name> | --team-id <id> | --asc-public-id <id>]
2023-09-29 00:23:55.317        altool --notarization-info <uuid>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --notarization-history <page>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317                   [--asc-provider <name> | --team-id <id> | --asc-public-id <id>]
2023-09-29 00:23:55.317        altool --list-apps
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --list-providers
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.318        altool --store-password-in-keychain-item <keychain_item_name> -u <username> -p <password>
2023-09-29 00:23:55.318                   [--keychain <filename> | --sync]
2023-09-29 00:23:55.318
2023-09-29 00:23:55.318 Exit codes: 0 success, 1 failure (Upon failure, an error code and message are generally also displayed.)
2023-09-29 00:23:55.318
2023-09-29 00:23:55.318 Authentication: Most commands require authorization.
2023-09-29 00:23:55.318                 There are two methods available: user name with password, and apiKey with apiIssuer.
2023-09-29 00:23:55.318
2023-09-29 00:23:55.318                 -u, --username <username> Username. Required to connect for validation, upload, and notarization.
2023-09-29 00:23:55.318                 -p, --password <password> Password. Required if username specified. If this argument is not supplied on the command line,
2023-09-29 00:23:55.318                                           it will be read from stdin.
2023-09-29 00:23:55.318                                           Alternatively to entering <password> in plaintext, it may also be specified using a '@keychain:'
2023-09-29 00:23:55.318                                           or '@env:' prefix followed by a keychain password item name or environment variable name.
2023-09-29 00:23:55.318                                           Example: '-p @keychain:<name>' uses the password stored in the keychain password item named <name>.
2023-09-29 00:23:55.318                                                                          You can create and update keychain items with the
2023-09-29 00:23:55.318                                                                          --store-password-in-keychain-item command. Note also that the
2023-09-29 00:23:55.318                                                                          --username can be inferred from the keychain item so --username
2023-09-29 00:23:55.318                                                                          can be omitted when using a '-p @keychain:' option.
2023-09-29 00:23:55.318                                           Example: '-p @env:<variable>'  uses the value in the environment variable named <variable>
LuisUrr commented 1 year ago

For altool it clearly states:

 ~ xcrun altool --help
2023-09-29 00:23:55.315 Copyright (c) 2009-2021, Apple Inc. Version 6.043.14043
2023-09-29 00:23:55.317
2023-09-29 00:23:55.317 usage: altool --upload-package <file> --type <platform> --asc-public-id <id> --apple-id <id>
2023-09-29 00:23:55.317                   --bundle-version <version> --bundle-short-version-string <string>
2023-09-29 00:23:55.317                   --bundle-id <id>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --upload-hosted-content <file> --sku <sku> --type <platform> --product-id <id> --asc-provider <id>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --validate-app -f <file> -t <platform>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --upload-app -f <file> -t <platform>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --notarize-app -f <file> --primary-bundle-id <bundle_id>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317                   [--asc-provider <name> | --team-id <id> | --asc-public-id <id>]
2023-09-29 00:23:55.317        altool --notarization-info <uuid>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --notarization-history <page>
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317                   [--asc-provider <name> | --team-id <id> | --asc-public-id <id>]
2023-09-29 00:23:55.317        altool --list-apps
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.317        altool --list-providers
2023-09-29 00:23:55.317                   {-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
2023-09-29 00:23:55.318        altool --store-password-in-keychain-item <keychain_item_name> -u <username> -p <password>
2023-09-29 00:23:55.318                   [--keychain <filename> | --sync]
2023-09-29 00:23:55.318
2023-09-29 00:23:55.318 Exit codes: 0 success, 1 failure (Upon failure, an error code and message are generally also displayed.)
2023-09-29 00:23:55.318
2023-09-29 00:23:55.318 Authentication: Most commands require authorization.
2023-09-29 00:23:55.318                 There are two methods available: user name with password, and apiKey with apiIssuer.
2023-09-29 00:23:55.318
2023-09-29 00:23:55.318                 -u, --username <username> Username. Required to connect for validation, upload, and notarization.
2023-09-29 00:23:55.318                 -p, --password <password> Password. Required if username specified. If this argument is not supplied on the command line,
2023-09-29 00:23:55.318                                           it will be read from stdin.
2023-09-29 00:23:55.318                                           Alternatively to entering <password> in plaintext, it may also be specified using a '@keychain:'
2023-09-29 00:23:55.318                                           or '@env:' prefix followed by a keychain password item name or environment variable name.
2023-09-29 00:23:55.318                                           Example: '-p @keychain:<name>' uses the password stored in the keychain password item named <name>.
2023-09-29 00:23:55.318                                                                          You can create and update keychain items with the
2023-09-29 00:23:55.318                                                                          --store-password-in-keychain-item command. Note also that the
2023-09-29 00:23:55.318                                                                          --username can be inferred from the keychain item so --username
2023-09-29 00:23:55.318                                                                          can be omitted when using a '-p @keychain:' option.
2023-09-29 00:23:55.318                                           Example: '-p @env:<variable>'  uses the value in the environment variable named <variable>

They are correct, as it works when I pass them directly.

Try the following

 AC_PASSWORD="your-password" xcrun notarytool history  --apple-id "abcd@icloud.com" --password "@env:AC_PASSWORD" --team-id "UHO56587K"

‴ This will likely fail.

Then try

xcrun notarytool history  --apple-id "abcd@icloud.com" --password "your_password" --team-id "UHO56587K"

‴ This suceeds if the password is correct.

I see what you mean above, I'd need to test it again and make changes if I can manage to replicate the issue, could look into this next week when I get some time to do so. Thanks for looking into this btw.

cfabianski commented 1 year ago

@mitchellh Do you have any plans on merging and making a new release for this one? πŸ™

cfabianski commented 11 months ago

I have forked and built a new Gon from this PR. I have been facing the issue @puneet-ekline was facing regarding the @env:AC_PASSWORD which is not supported in the new tool. I updated the documentation to take that into account.

See https://github.com/Bearer/bearer/pull/1335

Feel free to give it a try and let me if you are facing issues.

The fork is using itself to build so that's a good sign that it works I'd say :D

mitchellh commented 11 months ago

Thanks! Sorry for taking so long, I don't really use this tool anymore so its falling by the wayside πŸ˜„ I appreciate the help.

umbynos commented 11 months ago

@mitchellh could you please make a release? So that users can benefit from it

mitchellh commented 11 months ago

@mitchellh could you please make a release? So that users can benefit from it

Not really. I don't have any of the required things installed my computer (Go, certs, etc.) and I unfortunately never setup release automation for this repo. :( You'll have to build from source.