Apparently Apple are switching out the tools used for notarizing things, so we need to adapt to the new way of doing things. We got this warning from Apple: > We’re reaching out because you recently used the altool command-line utility > to notarize your macOS software with Apple. As announced last year at WWDC22, > if you’re still using altool with the Apple notary service, you should > transition to the notarytool command-line utility as soon as possible. > Notarizing software with altool was deprecated in Xcode 13, and the Apple > notary service will no longer accept uploads from altool as of November 1, > 2023. Existing notarized software will continue to function properly. > > For information on notarizing your apps, read TechNote TN3147: Migrating to > the latest notarization tool.
The move seems quite simple, the new tool looks to be easier to use which would allow us to simplify our tools. The guide here is helpful: https://developer.apple.com/documentation/technotes/tn3147-migrating-to-the-latest-notarization-tool
Our xcode-sign tool has been migrated to use the new command now. I have successfully notarized a new build using "download-sign-bundles". I also tested commenting out the codesign step to see how notarytool handled notarization errors. I also tested providing the wrong app-specific password. Those two errors are handled gracefully by our script. Our wiki documentation is not yet updated.
We have updated the beta release section on the wiki to reflect the changes we made.
> MUST > * The deprecated 'altool' command should be replaced with the new > recommended tool for notarization of the macOS client. We are now using notarytool instead of altool. > SHOULD > * Our documentation should reflect the changes. Documentation has been updated. > COULD > * The script output should be formatted in a consistent and easy to > understand way. Some improvements were made, and we are now outputting the notarization log directly when the script is run. Marking as resolved.
Successfully signed a custom build following our documentation. Verified that the iso was signed by running > codesign -dv on the installed app. > MUST > > ✅ The deprecated 'altool' command should be replaced with the new recommended tool for notarization of the macOS client. Indeed, the tool has been completely replaced with notarytool. > SHOULD > > ✅ Our documentation should reflect the changes. The documentation has been updated to account for the changes in logging. > COULD > ✅ The script output should be formatted in a consistent and easy to understand way. The output from my test run was consistent and easy to understand.
