diff deploy/osx/notarize.sh @ 2354:ec88bcdc5a5b

Update notarization notes
author Chris Cannam
date Wed, 09 Oct 2019 15:29:49 +0100
parents 6e9a125ac5f3
children 9ca6872a5d0f
line wrap: on
line diff
--- a/deploy/osx/notarize.sh	Wed Oct 09 15:17:57 2019 +0100
+++ b/deploy/osx/notarize.sh	Wed Oct 09 15:29:49 2019 +0100
@@ -5,11 +5,23 @@
 ## Before this, we need to open Application Loader and log in to the
 ## right iTunes Connect account
 
-# xcrun altool --notarize-app -f "Sonic Visualiser-3.2.dmg" --primary-bundle-id org.sonicvisualiser.SonicVisualiser -u "cannam+apple@all-day-breakfast.com" -p @keychain:"Application Loader: cannam+apple@all-day-breakfast.com"
+## Looks like the workflow has changed to using app-specific
+## passwords, for 2FA reasons.  See
+## https://developer.apple.com/documentation/xcode/notarizing_your_app_before_distribution/customizing_the_notarization_workflow?language=objc
+
+## The following assumes we have generated an app password at
+## appleid.apple.com and then stored it to keychain id "altool" using
+## e.g.
+## security add-generic-password -a "cannam+apple@all-day-breakfast.com" \
+##   -w "generated-app-password" -s "altool"
+
+## todo: script this
+
+# xcrun altool --notarize-app -f "Sonic Visualiser-4.0-pre2.dmg" --primary-bundle-id org.sonicvisualiser.SonicVisualiser -u "cannam+apple@all-day-breakfast.com" -p @keychain:altool
 
 ## That churns for a while and then dumps out a UUID
 
-# xcrun altool --notarization-info UUID -u "cannam+apple@all-day-breakfast.com" -p @keychain:"Application Loader: cannam+apple@all-day-breakfast.com"
+# xcrun altool --notarization-info UUID -u "cannam+apple@all-day-breakfast.com" -p @keychain:altool
 
 ## Returns "in progress" at first, then eventually a failure report
 ## with a URL that can be retrieved as JSON payload using wget. An