# HG changeset patch
# User Chris Cannam
# Date 1570631389 -3600
# Node ID ec88bcdc5a5bc5b720ed75903b1356a28f9a42cf
# Parent  6845d7dafebf4cd230e5370bd2d2575d9e7551cd
Update notarization notes

diff -r 6845d7dafebf -r ec88bcdc5a5b deploy/osx/notarize.sh
--- a/deploy/osx/notarize.sh	Wed Oct 09 15:17:57 2019 +0100
+++ b/deploy/osx/notarize.sh	Wed Oct 09 15:29:49 2019 +0100
@@ -5,11 +5,23 @@
 ## Before this, we need to open Application Loader and log in to the
 ## right iTunes Connect account
 
-# xcrun altool --notarize-app -f "Sonic Visualiser-3.2.dmg" --primary-bundle-id org.sonicvisualiser.SonicVisualiser -u "cannam+apple@all-day-breakfast.com" -p @keychain:"Application Loader: cannam+apple@all-day-breakfast.com"
+## Looks like the workflow has changed to using app-specific
+## passwords, for 2FA reasons.  See
+## https://developer.apple.com/documentation/xcode/notarizing_your_app_before_distribution/customizing_the_notarization_workflow?language=objc
+
+## The following assumes we have generated an app password at
+## appleid.apple.com and then stored it to keychain id "altool" using
+## e.g.
+## security add-generic-password -a "cannam+apple@all-day-breakfast.com" \
+##   -w "generated-app-password" -s "altool"
+
+## todo: script this
+
+# xcrun altool --notarize-app -f "Sonic Visualiser-4.0-pre2.dmg" --primary-bundle-id org.sonicvisualiser.SonicVisualiser -u "cannam+apple@all-day-breakfast.com" -p @keychain:altool
 
 ## That churns for a while and then dumps out a UUID
 
-# xcrun altool --notarization-info UUID -u "cannam+apple@all-day-breakfast.com" -p @keychain:"Application Loader: cannam+apple@all-day-breakfast.com"
+# xcrun altool --notarization-info UUID -u "cannam+apple@all-day-breakfast.com" -p @keychain:altool
 
 ## Returns "in progress" at first, then eventually a failure report
 ## with a URL that can be retrieved as JSON payload using wget. An