feat: move to notarytool (apply PR 72)

.gon.hcl

@@ -4,6 +4,7 @@ bundle_id = "com.mitchellh.gon"
 apple_id {
   username = "mitchell.hashimoto@gmail.com"
   password = "@env:AC_PASSWORD"
+  provider = "UL304B4VGY"
 }
 
 sign {

README.md

@@ -149,6 +149,7 @@ bundle_id = "com.mitchellh.example.terraform"
 apple_id {
   username = "mitchell@example.com"
   password = "@env:AC_PASSWORD"
+  provider = "UL304B4VGY"
 }
 
 sign {

cmd/gon/item.go

@@ -2,13 +2,11 @@ package main
 
 import (
 	"context"
-	"fmt"
 	"os"
 	"sync"
 
 	"github.com/fatih/color"
 	"github.com/hashicorp/go-hclog"
-	"github.com/hashicorp/go-multierror"
 
 	"github.com/mitchellh/gon/internal/config"
 	"github.com/mitchellh/gon/notarize"
@@ -66,19 +64,18 @@ func (i *item) notarize(ctx context.Context, opts *processOptions) error {
 	}
 
 	// Start notarization
-	info, err := notarize.Notarize(ctx, &notarize.Options{
-		File:       i.Path,
-		BundleId:   bundleId,
-		Username:   opts.Config.AppleId.Username,
-		Password:   opts.Config.AppleId.Password,
-		Provider:   opts.Config.AppleId.Provider,
-		Logger:     opts.Logger.Named("notarize"),
-		Status:     &statusHuman{Prefix: opts.Prefix, Lock: lock},
-		UploadLock: opts.UploadLock,
+	_, _, err := notarize.Notarize(ctx, &notarize.Options{
+		File:        i.Path,
+		DeveloperId: opts.Config.AppleId.Username,
+		Password:    opts.Config.AppleId.Password,
+		Provider:    opts.Config.AppleId.Provider,
+		Logger:      opts.Logger.Named("notarize"),
+		Status:      &statusHuman{Prefix: opts.Prefix, Lock: lock},
+		UploadLock:  opts.UploadLock,
 	})
 
 	// Save the error state. We don't save the notarization result yet
-	// because we don't know it for sure until we download the log file.
+	// because we don't know it for sure until we retrieve the log information.
 	i.State.NotarizeError = err
 
 	// If we had an error, we mention immediate we have an error.
@@ -88,73 +85,6 @@ func (i *item) notarize(ctx context.Context, opts *processOptions) error {
 		lock.Unlock()
 	}
 
-	// If we have a log file, download it. We do this whether we have an error
-	// or not because the log file can contain more details about the error.
-	if info != nil && info.LogFileURL != "" {
-		opts.Logger.Info(
-			"downloading log file for notarization",
-			"request_uuid", info.RequestUUID,
-			"url", info.LogFileURL,
-		)
-
-		log, logerr := notarize.DownloadLog(info.LogFileURL)
-		opts.Logger.Debug("log file downloaded", "log", log, "err", logerr)
-		if logerr != nil {
-			opts.Logger.Warn(
-				"error downloading log file, this isn't a fatal error",
-				"err", err,
-			)
-
-			// If we already failed notarization, just return that error
-			if err := i.State.NotarizeError; err != nil {
-				return err
-			}
-
-			// If it appears we succeeded notification, we make a new error.
-			// We can't say notarization is successful without downloading this
-			// file because warnings will cause notarization to not work
-			// when loaded.
-			lock.Lock()
-			color.New(color.FgRed).Fprintf(os.Stdout,
-				"    %sError downloading log file to verify notarization.\n",
-				opts.Prefix,
-			)
-			lock.Unlock()
-
-			return fmt.Errorf(
-				"Error downloading log file to verify notarization success: %s\n\n"+
-					"You can download the log file manually at: %s",
-				logerr, info.LogFileURL,
-			)
-		}
-
-		// If we have any issues then it is a failed notarization. Notarization
-		// can "succeed" with warnings, but when you attempt to use/open a file
-		// Gatekeeper rejects it. So we currently reject any and all issues.
-		if len(log.Issues) > 0 {
-			var err error
-
-			lock.Lock()
-			color.New(color.FgRed).Fprintf(os.Stdout,
-				"    %s%d issues during notarization:\n",
-				opts.Prefix, len(log.Issues))
-			for idx, issue := range log.Issues {
-				color.New(color.FgRed).Fprintf(os.Stdout,
-					"    %sIssue #%d (%s) for path %q: %s\n",
-					opts.Prefix, idx+1, issue.Severity, issue.Path, issue.Message)
-
-				// Append the error so we can return it
-				err = multierror.Append(err, fmt.Errorf(
-					"%s for path %q: %s",
-					issue.Severity, issue.Path, issue.Message,
-				))
-			}
-			lock.Unlock()
-
-			return err
-		}
-	}
-
 	// If we aren't notarized, then return
 	if err := i.State.NotarizeError; err != nil {
 		return err

cmd/gon/status_human.go

@@ -18,7 +18,8 @@ type statusHuman struct {
 	Prefix string
 	Lock   *sync.Mutex
 
-	lastStatus string
+	lastInfoStatus string
+	lastLogStatus  string
 }
 
 func (s *statusHuman) Submitting() {
@@ -37,13 +38,23 @@ func (s *statusHuman) Submitted(uuid string) {
 		os.Stdout, "    %sWaiting for results from Apple. This can take minutes to hours.\n", s.Prefix)
 }
 
-func (s *statusHuman) Status(info notarize.Info) {
+func (s *statusHuman) InfoStatus(info notarize.Info) {
 	s.Lock.Lock()
 	defer s.Lock.Unlock()
 
-	if info.Status != s.lastStatus {
-		s.lastStatus = info.Status
-		color.New().Fprintf(os.Stdout, "    %sStatus: %s\n", s.Prefix, info.Status)
+	if info.Status != s.lastInfoStatus {
+		s.lastInfoStatus = info.Status
+		color.New().Fprintf(os.Stdout, "    %sInfoStatus: %s\n", s.Prefix, info.Status)
+	}
+}
+
+func (s *statusHuman) LogStatus(log notarize.Log) {
+	s.Lock.Lock()
+	defer s.Lock.Unlock()
+
+	if log.Status != s.lastLogStatus {
+		s.lastLogStatus = log.Status
+		color.New().Fprintf(os.Stdout, "    %sLogStatus: %s\n", s.Prefix, log.Status)
 	}
 }
 

go.mod

@@ -5,10 +5,8 @@ go 1.13
 require (
 	github.com/davecgh/go-spew v1.1.1
 	github.com/fatih/color v1.7.0
-	github.com/hashicorp/go-cleanhttp v0.5.1
 	github.com/hashicorp/go-hclog v0.9.3-0.20191025211905-234833755cb2
 	github.com/hashicorp/go-multierror v1.0.0
-	github.com/hashicorp/go-retryablehttp v0.6.3
 	github.com/hashicorp/hcl/v2 v2.0.0
 	github.com/sebdah/goldie v1.0.0
 	github.com/stretchr/testify v1.3.0

go.sum

@@ -26,18 +26,11 @@ github.com/gosuri/uilive v0.0.0-20170323041506-ac356e6e42cd/go.mod h1:qkLSc0A5EX
 github.com/hashicorp/errwrap v0.0.0-20180715044906-d6c0cd880357/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM=
-github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI=
-github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-hclog v0.9.3-0.20191025211905-234833755cb2 h1:STV8OvzphW1vlhPFxcG8d6OIilzBSKRAoWFJt+Onu10=
 github.com/hashicorp/go-hclog v0.9.3-0.20191025211905-234833755cb2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-multierror v0.0.0-20180717150148-3d5d8f294aa0/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I=
 github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uPribsnS6o=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
-github.com/hashicorp/go-retryablehttp v0.6.3 h1:tuulM+WnToeqa05z83YLmKabZxrySOmJAd4mJ+s2Nfg=
-github.com/hashicorp/go-retryablehttp v0.6.3/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl/v2 v2.0.0 h1:efQznTz+ydmQXq3BOnRa3AXzvCeTq1P4dKj/z5GLlY8=
 github.com/hashicorp/hcl/v2 v2.0.0/go.mod h1:oVVDG71tEinNGYCxinCYadcmKU9bglqW9pV3txagJ90=

notarize/info.go

@@ -7,7 +7,6 @@ import (
 	"io"
 	"os/exec"
 	"path/filepath"
-	"time"
 
 	"github.com/hashicorp/go-hclog"
 	"howett.net/plist"
@@ -23,33 +22,19 @@ type Info struct {
 	// RequestUUID is the UUID provided by Apple after submitting the
 	// notarization request. This can be used to look up notarization information
 	// using the Apple tooling.
-	RequestUUID string `plist:"RequestUUID"`
+	RequestUUID string `plist:"id"`
 
 	// Date is the date and time of submission
-	Date time.Time `plist:"Date"`
+	Date string `plist:"createdDate"`
 
-	// Hash is the encoded hash value for the submitted file. This is provided
-	// by Apple. This is not decoded into a richer type like hash/sha256 because
-	// it doesn't seem to be guaranteed by Apple anywhere what format this is in.
-	Hash string `plist:"Hash"`
-
-	// LogFileURL is a URL to a log file for more details.
-	LogFileURL string `plist:"LogFileURL"`
+	// Name is th file uploaded for submission.
+	Name string `plist:"name"`
 
 	// Status the status of the notarization.
-	//
-	// StatusMessage is a human-friendly message associated with a status.
-	Status        string `plist:"Status"`
-	StatusMessage string `plist:"Status Message"`
-}
-
-// infoResult is the structure of the plist emitted directly from
-// --notarization-info
-type infoResult struct {
-	Info *Info `plist:"notarization-info"`
+	Status string `plist:"status"`
 
-	// Errors is the list of errors that occurred while uploading
-	Errors Errors `plist:"product-errors"`
+	// StatusMessage is a human-friendly message associated with a status.
+	StatusMessage string `plist:"message"`
 }
 
 // info requests the information about a notarization and returns
@@ -78,12 +63,13 @@ func info(ctx context.Context, uuid string, opts *Options) (*Info, error) {
 
 	cmd.Args = []string{
 		filepath.Base(cmd.Path),
-		"altool",
-		"--notarization-info",
+		"notarytool",
+		"info",
 		uuid,
-		"-u", opts.Username,
-		"-p", opts.Password,
-		"--output-format", "xml",
+		"--apple-id", opts.DeveloperId,
+		"--password", opts.Password,
+		"--team-id", opts.Provider,
+		"--output-format", "plist",
 	}
 
 	// We store all output in out for logging and in case there is an error
@@ -109,23 +95,18 @@ func info(ctx context.Context, uuid string, opts *Options) (*Info, error) {
 
 	// If we have any output, try to decode that since even in the case of
 	// an error it will output some information.
-	var result infoResult
+	var result Info
 	if out.Len() > 0 {
 		if _, perr := plist.Unmarshal(out.Bytes(), &result); perr != nil {
 			return nil, fmt.Errorf("failed to decode notarization submission output: %w", perr)
 		}
 	}
 
-	// If there are errors in the result, then show that error
-	if len(result.Errors) > 0 {
-		return nil, result.Errors
-	}
-
 	// Now we check the error for actually running the process
 	if err != nil {
 		return nil, fmt.Errorf("error checking on notarization status:\n\n%s", combined.String())
 	}
 
-	logger.Info("notarization info", "uuid", uuid, "info", result.Info)
-	return result.Info, nil
+	logger.Info("notarization info", "uuid", uuid, "info", result)
+	return &result, nil
 }