From 6d88c36df1fb853f792363ab80676467cb256b7b Mon Sep 17 00:00:00 2001
From: Malcolm Smith <smith@chaquo.com>
Date: Tue, 14 Feb 2023 18:14:05 +0000
Subject: [PATCH] macOS signing and notarization fixes

---
 changes/1100.bugfix.rst                             | 1 +
 docs/how-to/code-signing/macOS.rst                  | 4 ++--
 docs/reference/commands/package.rst                 | 2 +-
 src/briefcase/platforms/macOS/__init__.py           | 6 +++++-
 tests/platforms/macOS/app/test_package__notarize.py | 4 ++++
 tests/platforms/macOS/app/test_signing.py           | 5 ++++-
 6 files changed, 17 insertions(+), 5 deletions(-)
 create mode 100644 changes/1100.bugfix.rst

diff --git a/changes/1100.bugfix.rst b/changes/1100.bugfix.rst
new file mode 100644
index 000000000..e66bec75c
--- /dev/null
+++ b/changes/1100.bugfix.rst
@@ -0,0 +1 @@
+The command to store notarization credentials no longer causes Briefcase to hang.
diff --git a/docs/how-to/code-signing/macOS.rst b/docs/how-to/code-signing/macOS.rst
index 1edaf8317..06390554a 100644
--- a/docs/how-to/code-signing/macOS.rst
+++ b/docs/how-to/code-signing/macOS.rst
@@ -182,5 +182,5 @@ certificate.
 Next steps
 ----------
 
-Now it's time to start using the Developer ID Application Certificate to sign,
-notarize, and distribute your application!
+Now you can use the certificate to sign and notarize your application with the
+:doc:`briefcase package </reference/commands/package>` command.
diff --git a/docs/reference/commands/package.rst b/docs/reference/commands/package.rst
index 5e2d1ebbf..b60892b06 100644
--- a/docs/reference/commands/package.rst
+++ b/docs/reference/commands/package.rst
@@ -62,4 +62,4 @@ Sign app with adhoc identity.
 ``-i <identity>`` / ``--identity <identity>``
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-The code signing identity to use when signing the app.
+The :doc:`code signing identity </how-to/code-signing/index>` to use when signing the app.
diff --git a/src/briefcase/platforms/macOS/__init__.py b/src/briefcase/platforms/macOS/__init__.py
index 92da7f403..27c7c6599 100644
--- a/src/briefcase/platforms/macOS/__init__.py
+++ b/src/briefcase/platforms/macOS/__init__.py
@@ -243,7 +243,10 @@ def select_identity(self, identity=None):
                     ) from e
 
         if len(identities) == 0:
-            raise BriefcaseCommandError("No code signing identities are available.")
+            raise BriefcaseCommandError(
+                "No code signing identities are available: see "
+                "https://briefcase.readthedocs.io/en/stable/how-to/code-signing/macOS.html"
+            )
         elif len(identities) == 1:
             identity, identity_name = list(identities.items())[0]
         else:
@@ -497,6 +500,7 @@ def notarize(self, filename, team_id):
                                 profile,
                             ],
                             check=True,
+                            stream_output=False,  # Command reads from stdin.
                         )
                     except subprocess.CalledProcessError as e:
                         raise BriefcaseCommandError(
diff --git a/tests/platforms/macOS/app/test_package__notarize.py b/tests/platforms/macOS/app/test_package__notarize.py
index fb48d56db..3973d2e9e 100644
--- a/tests/platforms/macOS/app/test_package__notarize.py
+++ b/tests/platforms/macOS/app/test_package__notarize.py
@@ -176,6 +176,7 @@ def test_notarize_dmg_unknown_credentials(package_command, first_app_dmg):
                     "briefcase-macOS-DEADBEEF",
                 ],
                 check=True,
+                stream_output=False,
             ),
             # Submit for notarization a second time
             mock.call(
@@ -269,6 +270,7 @@ def test_credential_storage_failure_app(
                     "briefcase-macOS-DEADBEEF",
                 ],
                 check=True,
+                stream_output=False,
             ),
         ]
     )
@@ -326,6 +328,7 @@ def test_credential_storage_failure_dmg(package_command, first_app_dmg):
                     "briefcase-macOS-DEADBEEF",
                 ],
                 check=True,
+                stream_output=False,
             ),
         ]
     )
@@ -480,6 +483,7 @@ def test_notarize_unknown_credentials_after_storage(package_command, first_app_d
                     "briefcase-macOS-DEADBEEF",
                 ],
                 check=True,
+                stream_output=False,
             ),
             # Submit for notarization a second time
             mock.call(
diff --git a/tests/platforms/macOS/app/test_signing.py b/tests/platforms/macOS/app/test_signing.py
index 29de6eb55..15b7084c3 100644
--- a/tests/platforms/macOS/app/test_signing.py
+++ b/tests/platforms/macOS/app/test_signing.py
@@ -190,7 +190,10 @@ def test_no_identities(dummy_command):
 
     with pytest.raises(
         BriefcaseCommandError,
-        match=r"No code signing identities are available.",
+        match=(
+            r"No code signing identities are available: see "
+            r"https://briefcase.readthedocs.io/en/stable/how-to/code-signing/macOS.html"
+        ),
     ):
         dummy_command.select_identity()