From b42c00b706f3e2e33c882398c912368dd5f8a1c1 Mon Sep 17 00:00:00 2001
From: ridiculousfish <rf@fishshell.com>
Date: Mon, 26 Dec 2022 14:33:57 -0800
Subject: [PATCH] macOS notarization: migrate from altool to notarytool

altool is deprecated and notarytool is much nicer. Switch to using it.
This only affects the notarization process for macOS binaries.
---
 build_tools/mac_notarize.sh | 82 ++++++-------------------------------
 1 file changed, 12 insertions(+), 70 deletions(-)

diff --git a/build_tools/mac_notarize.sh b/build_tools/mac_notarize.sh
index 3c215046e..8d5eef396 100755
--- a/build_tools/mac_notarize.sh
+++ b/build_tools/mac_notarize.sh
@@ -1,80 +1,22 @@
 #!/usr/bin/env bash
 
 # Helper to notarize an .app.zip or .pkg file.
-# Based on https://www.logcg.com/en/archives/3222.html
 
 set -e
 
 die() { echo "$*" 1>&2 ; exit 1; }
 
-check_status() {
-    echo "STATUS" $1
-}
 
-get_req_uuid() {
-    RESPONSE=$(</dev/stdin)
-    if echo "$RESPONSE" | egrep -q "RequestUUID"; then
-        echo "$RESPONSE" | egrep RequestUUID | awk '{print $3'}
-    elif echo "$RESPONSE" | egrep -q "The upload ID is "; then
-        echo "$RESPONSE" | egrep -p "The upload ID is [-a-z0-9]+" | awk '{print $5}'
-    else
-        die "Could not get Request UUID"
-    fi
-}
+test "$#" -ge 1 || die "No paths specified."
 
-INPUT=$1
-AC_USER=$2
+for INPUT in "$@"; do
+    echo "Processing $INPUT"
+    test -f "$INPUT" || die "Not a file: $INPUT"
+    ext="${INPUT##*.}"
+    (test "$ext" = "zip" || test "$ext" = "pkg") || die "Unrecognized extension: $ext"
 
-test -z "$AC_USER" && die "AC_USER not specified as second param"
-test -z "$INPUT" && die "No path specified"
-test -f "$INPUT" || die "Not a file: $INPUT"
+    xcrun notarytool submit "$INPUT" --keychain-profile AC_PASSWORD --wait
 
-ext="${INPUT##*.}"
-(test "$ext" = "zip" || test "$ext" = "pkg") || die "Unrecognized extension: $ext"
-
-LOGFILE=$(mktemp -t mac_notarize_log)
-AC_PASS="@keychain:AC_PASSWORD"
-echo "Logs at $LOGFILE"
-
-NOTARIZE_UUID=$(xcrun altool --notarize-app \
-                --primary-bundle-id "com.ridiculousfish.fish-shell" \
-                --username "$AC_USER" \
-                --password "$AC_PASS" \
-                --file "$INPUT" 2>&1 |
-                    tee -a "$LOGFILE" |
-                    get_req_uuid)
-
-test -z "$NOTARIZE_UUID" && cat "$LOGFILE" && die "Could not get RequestUUID"
-echo "RequestUUID: $NOTARIZE_UUID"
-
-# notarization-info doesn't always know about our request immediately.
-echo "Giving notarization-info a chance to catch up..."
-sleep 15
-
-success=0
-for i in $(seq 20); do
-    echo "Checking progress..."
-    PROGRESS=$(xcrun altool --notarization-info "${NOTARIZE_UUID}" \
-                -u "$AC_USER" \
-                -p "$AC_PASS" 2>&1 |
-                    tee -a "$LOGFILE")
-    echo "${PROGRESS}" | tail -n 1
-
-    if [ $? -ne 0 ] || [[ "${PROGRESS}" =~ "Invalid" ]] ; then
-        echo "Error with notarization. Exiting"
-        break
-    fi
-
-    if ! [[ "${PROGRESS}" =~ "in progress" ]]; then
-        success=1
-        break
-    else
-        echo "Not completed yet. Sleeping for 30 seconds."
-    fi
-    sleep 30
-done
-
-if [ $success -eq 1 ] ; then
     if test "$ext" = "zip"; then
         TMPDIR=$(mktemp -d)
         echo "Extracting to $TMPDIR"
@@ -95,9 +37,9 @@ if [ $success -eq 1 ] ; then
         cd "$(dirname "$STAPLE_TARGET")"
         zip -r -q "$INPUT_FULL" $(basename "$STAPLE_TARGET")
     fi
-fi
-echo "Processed $INPUT"
+    echo "Processed $INPUT"
 
-if test "$ext" = "zip"; then
-    spctl -a -v "$STAPLE_TARGET"
-fi
+    if test "$ext" = "zip"; then
+        spctl -a -v "$STAPLE_TARGET"
+    fi
+done