From 6ed1312926d70cf449e7beddacb56a17e51a25ac Mon Sep 17 00:00:00 2001 From: Jason Tsai Date: Mon, 23 Oct 2023 11:04:21 -0500 Subject: [PATCH] feat(macos): add team_id option for apple notarization (#52) * feat(macos): add team_id option for apple notarization Port of tauri-apps/tauri#7775 Co-authored-by: Trey Smith Co-authored-by: Lucas Nogueira * fix(macos): fix notraytool's apple-id option name Port of tauri-apps/tauri#7934 Co-authored-by: Jason Tsai Co-authored-by: Lucas Fernandes Nogueira * fix(macos): team ID is now required for notarytool via app password Port of tauri-apps/tauri#7972 Co-authored-by: Lucas Fernandes Nogueira * refactor: remove Error::MissingNotarizeAuthTeamId Co-authored-by: Lucas Nogueira --------- Co-authored-by: Trey Smith Co-authored-by: Lucas Nogueira Co-authored-by: Jason Tsai Co-authored-by: Lucas Nogueira --- .changes/mac-notarytool-team-id.md | 5 ++ crates/packager/src/codesign/macos.rs | 86 ++++++++++++--------------- crates/packager/src/error.rs | 2 +- 3 files changed, 44 insertions(+), 49 deletions(-) create mode 100644 .changes/mac-notarytool-team-id.md diff --git a/.changes/mac-notarytool-team-id.md b/.changes/mac-notarytool-team-id.md new file mode 100644 index 00000000..5882be9c --- /dev/null +++ b/.changes/mac-notarytool-team-id.md @@ -0,0 +1,5 @@ +--- +"cargo-packager": minor +--- + +Read the `APPLE_TEAM_ID` environment variable for macOS notarization arguments. \ No newline at end of file diff --git a/crates/packager/src/codesign/macos.rs b/crates/packager/src/codesign/macos.rs index 7df1fb2d..c11572ca 100644 --- a/crates/packager/src/codesign/macos.rs +++ b/crates/packager/src/codesign/macos.rs @@ -348,13 +348,14 @@ fn staple_app(app_bundle_path: PathBuf) -> crate::Result<()> { #[derive(Debug)] pub enum NotarizeAuth { AppleId { - apple_id: String, - password: String, + apple_id: OsString, + password: OsString, + team_id: OsString, }, ApiKey { - key: String, + key: OsString, key_path: PathBuf, - issuer: String, + issuer: OsString, }, } @@ -365,11 +366,20 @@ pub trait NotarytoolCmdExt { impl NotarytoolCmdExt for Command { fn notarytool_args(&mut self, auth: &NotarizeAuth) -> &mut Self { match auth { - NotarizeAuth::AppleId { apple_id, password } => self - .arg("--apple-id") - .arg(apple_id) - .arg("--password") - .arg(password), + NotarizeAuth::AppleId { + apple_id, + password, + team_id, + } => { + self.arg("--apple-id") + .arg(apple_id) + .arg("--password") + .arg(password) + .arg("--team-id") + .arg(team_id); + + self + } NotarizeAuth::ApiKey { key, key_path, @@ -390,50 +400,28 @@ pub fn notarize_auth() -> crate::Result { match ( std::env::var_os("APPLE_ID"), std::env::var_os("APPLE_PASSWORD"), + std::env::var_os("APPLE_TEAM_ID"), ) { - (Some(apple_id), Some(apple_password)) => { - let apple_id = apple_id - .to_str() - .expect("failed to convert APPLE_ID to string") - .to_string(); - let password = apple_password - .to_str() - .expect("failed to convert APPLE_PASSWORD to string") - .to_string(); - Ok(NotarizeAuth::AppleId { apple_id, password }) - } + (Some(apple_id), Some(password), Some(team_id)) => Ok(NotarizeAuth::AppleId { + apple_id, + password, + team_id, + }), _ => { match ( std::env::var_os("APPLE_API_KEY"), std::env::var_os("APPLE_API_ISSUER"), std::env::var("APPLE_API_KEY_PATH"), ) { - (Some(api_key), Some(api_issuer), Ok(key_path)) => { - let key = api_key - .to_str() - .expect("failed to convert APPLE_API_KEY to string") - .to_string(); - let issuer = api_issuer - .to_str() - .expect("failed to convert APPLE_API_ISSUER to string") - .to_string(); - Ok(NotarizeAuth::ApiKey { - key, - key_path: key_path.into(), - issuer, - }) - } - (Some(api_key), Some(api_issuer), Err(_)) => { - let key = api_key - .to_str() - .expect("failed to convert APPLE_API_KEY to string") - .to_string(); - let issuer = api_issuer - .to_str() - .expect("failed to convert APPLE_API_ISSUER to string") - .to_string(); - - let api_key_file_name = format!("AuthKey_{key}.p8"); + (Some(key), Some(issuer), Ok(key_path)) => Ok(NotarizeAuth::ApiKey { + key, + key_path: key_path.into(), + issuer, + }), + (Some(key), Some(issuer), Err(_)) => { + let mut api_key_file_name = OsString::from("AuthKey_"); + api_key_file_name.push(&key); + api_key_file_name.push(".p8"); let mut key_path = None; let mut search_paths = vec!["./private_keys".into()]; @@ -458,7 +446,9 @@ pub fn notarize_auth() -> crate::Result { }) } else { Err(Error::ApiKeyMissing { - filename: api_key_file_name, + filename: api_key_file_name + .into_string() + .expect("failed to convert api_key_file_name to string"), }) } } @@ -468,7 +458,7 @@ pub fn notarize_auth() -> crate::Result { } } -fn find_api_key(folder: PathBuf, file_name: &str) -> Option { +fn find_api_key(folder: PathBuf, file_name: &OsString) -> Option { let path = folder.join(file_name); if path.exists() { Some(path) diff --git a/crates/packager/src/error.rs b/crates/packager/src/error.rs index 3d537742..de528c5b 100644 --- a/crates/packager/src/error.rs +++ b/crates/packager/src/error.rs @@ -170,7 +170,7 @@ pub enum Error { filename: String, }, /// Missing notarize environment variables. - #[error("Could not find APPLE_ID & APPLE_PASSWORD or APPLE_API_KEY & APPLE_API_ISSUER & APPLE_API_KEY_PATH environment variables found")] + #[error("Could not find APPLE_ID & APPLE_PASSWORD & APPLE_TEAM_ID or APPLE_API_KEY & APPLE_API_ISSUER & APPLE_API_KEY_PATH environment variables found")] MissingNotarizeAuthVars, /// Failed to list keychains #[error("Failed to list keychains: {0}")]