HISE Logo Forum
    • Categories
    • Register
    • Login

    Apple Notarisation - Notarytool (altool depracated)

    Scheduled Pinned Locked Moved General Questions
    10 Posts 4 Posters 560 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DanHD
      DanH
      last edited by

      Is anyone using notarytool yet? Altool will be deprecated tomorrow. If anyone can share an example if so that would be very helpful!

      https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution?changes=_3_3

      Thanks!

      DHPlugins / DC Breaks | Artist / Producer / DJ / Developer
      https://dhplugins.com/ | https://dcbreaks.com/
      London, UK

      1 Reply Last reply Reply Quote 0
      • bendursoB
        bendurso
        last edited by

        This is the command I use for the new notarytool:

        xcrun notarytool submit "MyPluginInstaller.pkg" --keychain-profile "Mykeychain" --wait
        
        DanHD 1 Reply Last reply Reply Quote 0
        • d.healeyD
          d.healey
          last edited by d.healey

          Yeah I've been using it for a long while, works just fine. My script is a bit complicated to share as it downloads my project from github, compiles it, codesigns it, builds an installer, notarizes, and then checks for the confirmation.

          Libre Wave - Freedom respecting instruments and effects
          My Patreon - HISE tutorials
          YouTube Channel - Public HISE tutorials

          DanHD 1 Reply Last reply Reply Quote 0
          • DanHD
            DanH @bendurso
            last edited by

            @bendurso thanks! How do you define the keychain?

            DHPlugins / DC Breaks | Artist / Producer / DJ / Developer
            https://dhplugins.com/ | https://dcbreaks.com/
            London, UK

            bendursoB 1 Reply Last reply Reply Quote 0
            • DanHD
              DanH @d.healey
              last edited by

              @d-healey could just take the notarisation line?

              DHPlugins / DC Breaks | Artist / Producer / DJ / Developer
              https://dhplugins.com/ | https://dcbreaks.com/
              London, UK

              d.healeyD LindonL 2 Replies Last reply Reply Quote 0
              • d.healeyD
                d.healey @DanH
                last edited by

                @DanH said in Apple Notarisation - Notarytool (altool depracated):

                could just take the notarisation line?

                It's more than a line :)

                echo "Notarizing"
                
                response=$(xcrun notarytool submit --apple-id "$apple_id" --password "$app_specific_password" --team-id "$team_id_for_notarization" "$output/$project_name Installer $version.pkg" --wait);
                
                # Get notarization ID
                job_id_line=$(grep -m 1 '  id:' < <(echo -e "${response}"))
                job_id=$(echo "${job_id_line}" | cut -d ":" -s -f 2 | cut -d " " -f 2)
                
                # Get the notarization status from the response
                status_line=$(grep -m 1 '  status:' < <(echo -e "${response}"))
                status_result=$(echo "${status_line}" | cut -d ":" -s -f 2 | cut -d " " -f 2)
                
                echo "${response}"
                
                if [[ ${status_result} != "Accepted" ]]; then
                  exit 1
                fi
                
                # Staple the notarization result
                echo "Adding notarization to $project_name Installer $version.pkg"
                success=$(xcrun stapler staple "$output/$project_name Installer $version.pkg")
                if [[ -z "${success}" ]]; then
                  echo "[ERROR] Could not staple notarization to app"
                  exit 1
                fi
                
                # Confirm stapling
                echo "Checking notarization to $project_name Installer $version.pkg "
                spctl --assess -vvv --type install "$output/$project_name Installer $version.pkg"
                

                Libre Wave - Freedom respecting instruments and effects
                My Patreon - HISE tutorials
                YouTube Channel - Public HISE tutorials

                1 Reply Last reply Reply Quote 1
                • bendursoB
                  bendurso @DanH
                  last edited by

                  @DanH Mm I don't remember how I created that keychain. But I think you can make it with your app specific password and team ID, like this: https://forum.hise.audio/topic/7714/apple-altool-vs-notarytool/4

                  1 Reply Last reply Reply Quote 1
                  • LindonL
                    Lindon @DanH
                    last edited by Lindon

                    @DanH

                    you are best reading this:

                    https://developer.apple.com/documentation/technotes/tn3147-migrating-to-the-latest-notarization-tool?changes=_3_3

                    --which I see you posted at the thread start -- hang on I will be on the mac in about an hour so I will post an example...

                    HISE Development for hire.
                    www.channelrobot.com

                    LindonL 1 Reply Last reply Reply Quote 0
                    • LindonL
                      Lindon @Lindon
                      last edited by

                      @Lindon ok here a bit quicker than I thought

                      So the "keychain" option is really a short cut but if you havent been using it before then ..lets go with the standard replacement notarytool command

                      to submit something:

                      xcrun notarytool submit --apple-id "<your apple id>" --password "<your altool password>" --team-id "<your team ID>" "<path to your zip or pkg>" --wait
                      

                      your old altool cammand for notarization should give you everything you need - except perhaps your teamID - but its in there is like a string like this. "7734UZ9PFG". - or its available in your apple developer account...

                      adding --wait at the end will make the process not complete until it gets a final status, this is useful as apple will no longer be emailing you with the results....instead in the command window once you've started this command you should see a percentage for the upload, then probably a status of "In Progress..." and eventually(if all goes well): "Accepted"

                      HISE Development for hire.
                      www.channelrobot.com

                      DanHD 1 Reply Last reply Reply Quote 2
                      • DanHD
                        DanH @Lindon
                        last edited by

                        @Lindon amazing - really appreciate that thank you!

                        DHPlugins / DC Breaks | Artist / Producer / DJ / Developer
                        https://dhplugins.com/ | https://dcbreaks.com/
                        London, UK

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post

                        17

                        Online

                        1.8k

                        Users

                        11.9k

                        Topics

                        103.8k

                        Posts