From 8af6b79044c2d4176a915884c4c76b9a836828ab Mon Sep 17 00:00:00 2001
From: Norihiro Kamae <norihiro@nagater.net>
Date: Sat, 30 Jul 2022 03:46:51 +0900
Subject: [PATCH] CI: Use xcrun notarytool instead of xcnotary

xcnotary was discontinued since Apple now provides `xcrun notarytool`.
This commit used `xcrun notarytool` to notarize the package.
---
 CI/include/build_support_macos.sh |  8 +++----
 CI/macos/03_package_obs.sh        | 38 ++++++++-----------------------
 2 files changed, 13 insertions(+), 33 deletions(-)

diff --git a/CI/include/build_support_macos.sh b/CI/include/build_support_macos.sh
index 9c03412b2..63003b148 100644
--- a/CI/include/build_support_macos.sh
+++ b/CI/include/build_support_macos.sh
@@ -157,7 +157,7 @@ read_codesign_ident() {
 #   + Your Apple developer ID is needed for notarization
 #   + An app-specific password is necessary for notarization from CLI
 #   + This password will be stored in your macOS keychain under the identifier
-#     'OBS-Codesign-Password' with access Apple's 'altool' only.
+#     'OBS-Codesign-Password' with access Apple's 'notarytool' only.
 ##############################################################################
 
 read_codesign_pass() {
@@ -174,8 +174,8 @@ read_codesign_pass() {
 
     step "Update notarization keychain..."
 
-    echo -n "${COLOR_ORANGE}"
-    /usr/bin/xcrun altool --store-password-in-keychain-item "OBS-Codesign-Password" -u "${CODESIGN_IDENT_USER}" -p "${CODESIGN_IDENT_PASS}"
-    echo -n "${COLOR_RESET}"
     CODESIGN_IDENT_SHORT=$(echo "${CODESIGN_IDENT}" | /usr/bin/sed -En "s/.+\((.+)\)/\1/p")
+    echo -n "${COLOR_ORANGE}"
+    /usr/bin/xcrun notarytool store-credentials "OBS-Codesign-Password" --apple-id "${CODESIGN_IDENT_USER}" --team-id "${CODESIGN_IDENT_SHORT}" --password "${CODESIGN_IDENT_PASS}"
+    echo -n "${COLOR_RESET}"
 }
diff --git a/CI/macos/03_package_obs.sh b/CI/macos/03_package_obs.sh
index 4ab3f56d2..fe94bc3d1 100755
--- a/CI/macos/03_package_obs.sh
+++ b/CI/macos/03_package_obs.sh
@@ -47,31 +47,21 @@ notarize_obs() {
         exit 1
     fi
 
-    if ! exists xcnotary; then
-        step "Install notarization dependency 'xcnotary'"
-        brew install akeru-inc/tap/xcnotary
-    fi
-
     ensure_dir "${CHECKOUT_DIR}"
 
     if [ "${NOTARIZE_IMAGE}" ]; then
-        trap "_caught_error_xcnotary '${NOTARIZE_IMAGE}'" ERR
+        trap "_caught_error_hdiutil_verify '${NOTARIZE_IMAGE}'" ERR
 
-        step "Attach OBS disk image ${NOTARIZE_IMAGE}..."
-        hdiutil attach -readonly -noverify -noautoopen -quiet "${NOTARIZE_IMAGE}"
+        step "Verify OBS disk image ${NOTARIZE_IMAGE}..."
+        hdiutil verify "${NOTARIZE_IMAGE}"
 
-        VOLUME_NAME=$(hdiutil info -plist | grep "/Volumes/OBS-" | sed 's/<string>\/Volumes\/\([^<]*\)<\/string>/\1/' | sed -e 's/^[[:space:]]*//')
-        PRECHECK="/Volumes/${VOLUME_NAME}/OBS.app"
         NOTARIZE_TARGET="${NOTARIZE_IMAGE}"
     elif [ "${NOTARIZE_BUNDLE}" ]; then
-        PRECHECK="${NOTARIZE_BUNDLE}"
         NOTARIZE_TARGET="${NOTARIZE_BUNDLE}"
     else
         OBS_IMAGE="${BUILD_DIR}/${FILE_NAME}"
 
         if [ -f "${OBS_IMAGE}" ]; then
-            OBS_BUNDLE=$(/usr/bin/find "${BUILD_DIR}/_CPack_Packages" -type d -name "OBS.app")
-            PRECHECK="${OBS_BUNDLE}"
             NOTARIZE_TARGET="${OBS_IMAGE}"
         else
             error "No notarization application bundle ('OBS.app') or disk image ('${NOTARIZE_IMAGE:-${FILE_NAME}}') found"
@@ -79,30 +69,20 @@ notarize_obs() {
         fi
     fi
 
-    step "Run notarization pre-checks on OBS.app..."
-    xcnotary precheck "${PRECHECK}"
-
     if [ "$?" -eq 0 ]; then
         read_codesign_ident
         read_codesign_pass
 
-        step "Run xcnotary with ${NOTARIZE_TARGET}..."
-        xcnotary notarize "${NOTARIZE_TARGET}" --developer-account "${CODESIGN_IDENT_USER}" --developer-password-keychain-item "OBS-Codesign-Password" --provider "${CODESIGN_IDENT_SHORT}"
-    fi
+        step "Notarize ${NOTARIZE_TARGET}..."
+        /usr/bin/xcrun notarytool submit "${NOTARIZE_TARGET}" --keychain-profile "OBS-Codesign-Password" --wait
 
-    if [ "${NOTARIZE_IMAGE}" -a -d "/Volumes/${VOLUME_NAME}" ]; then
-        step "Detach OBS disk image ${NOTARIZE_IMAGE}..."
-        hdiutil detach "/Volumes/${VOLUME_NAME}" -quiet
+        step "Staple the ticket to ${NOTARIZE_TARGET}..."
+        /usr/bin/xcrun stapler staple "${NOTARIZE_TARGET}"
     fi
 }
 
-_caught_error_xcnotary() {
-    error "ERROR during notarization of image '${1}'"
-
-    if [ -d "/Volumes/${1}" ]; then
-        step "Detach OBS disk image ${1}..."
-        hdiutil detach "/Volumes/${1}" -quiet
-    fi
+_caught_error_hdiutil_verify() {
+    error "ERROR during verifying image '${1}'"
 
     cleanup
     exit 1