From dfbbca423b82320bfa0b5181acba98642e441eb7 Mon Sep 17 00:00:00 2001 From: Lucas Fernandes Nogueira Date: Thu, 7 Sep 2023 10:01:12 -0300 Subject: [PATCH] feat(bundler): try to find API key file for notarization, ref #7616 (#7771) --- .changes/notarytool.md | 2 +- tooling/bundler/src/bundle/macos/sign.rs | 36 ++++++++++++++++++++++++ tooling/cli/ENVIRONMENT_VARIABLES.md | 3 +- 3 files changed, 38 insertions(+), 3 deletions(-) diff --git a/.changes/notarytool.md b/.changes/notarytool.md index 16c46f5eff13..59a8a8245c05 100644 --- a/.changes/notarytool.md +++ b/.changes/notarytool.md @@ -2,4 +2,4 @@ "tauri-bundler": minor:breaking --- -The macOS notarization now uses `notarytool` as `altool` will be discontinued on November 2023. When authenticating with an API key, the key `.p8` file path must be provided in the `APPLE_API_KEY_PATH` environment variable. +The macOS notarization now uses `notarytool` as `altool` will be discontinued on November 2023. When authenticating with an API key, the key `.p8` file path must be provided in the `APPLE_API_KEY_PATH` environment variable. To prevent a breaking change, we will try to find the key path in the `altool` default search paths. diff --git a/tooling/bundler/src/bundle/macos/sign.rs b/tooling/bundler/src/bundle/macos/sign.rs index e06c401bb036..7b9e8ce5bfd6 100644 --- a/tooling/bundler/src/bundle/macos/sign.rs +++ b/tooling/bundler/src/bundle/macos/sign.rs @@ -384,8 +384,44 @@ pub fn notarize_auth() -> crate::Result { let issuer = api_issuer.to_str().expect("failed to convert APPLE_API_ISSUER to string").to_string(); Ok(NotarizeAuth::ApiKey { key, key_path: key_path.into(), issuer }) }, + (Some(api_key), Some(api_issuer), Err(_)) => { + let key = api_key.to_str().expect("failed to convert APPLE_API_KEY to string").to_string(); + let issuer = api_issuer.to_str().expect("failed to convert APPLE_API_ISSUER to string").to_string(); + + let api_key_file_name = format!("AuthKey_{key}.p8"); + let mut key_path = None; + + let mut search_paths = vec!["./private_keys".into()]; + if let Some(home_dir) = dirs_next::home_dir() { + search_paths.push(home_dir.join("private_keys")); + search_paths.push(home_dir.join(".private_keys")); + search_paths.push(home_dir.join(".appstoreconnect").join("private_keys")); + } + + for folder in search_paths { + if let Some(path) = find_api_key(folder, &api_key_file_name) { + key_path = Some(path); + break; + } + } + + if let Some(key_path) = key_path { + Ok(NotarizeAuth::ApiKey { key, key_path, issuer }) + } else { + Err(anyhow::anyhow!("could not find API key file. Please set the APPLE_API_KEY_PATH environment variables to the path to the {api_key_file_name} file").into()) + } + } _ => Err(anyhow::anyhow!("no APPLE_ID & APPLE_PASSWORD or APPLE_API_KEY & APPLE_API_ISSUER & APPLE_API_KEY_PATH environment variables found").into()) } } } } + +fn find_api_key(folder: PathBuf, file_name: &str) -> Option { + let path = folder.join(file_name); + if path.exists() { + Some(path) + } else { + None + } +} diff --git a/tooling/cli/ENVIRONMENT_VARIABLES.md b/tooling/cli/ENVIRONMENT_VARIABLES.md index 78f04462b81e..66f44d8887ef 100644 --- a/tooling/cli/ENVIRONMENT_VARIABLES.md +++ b/tooling/cli/ENVIRONMENT_VARIABLES.md @@ -26,10 +26,9 @@ These environment variables are inputs to the CLI which may have an equivalent C - `APPLE_ID` — The Apple ID used to notarize the application. If this environment variable is provided, `APPLE_PASSWORD` must also be set. Alternatively, `APPLE_API_KEY` and `APPLE_API_ISSUER` can be used to authenticate. - `APPLE_PASSWORD` — The Apple password used to authenticate for application notarization. Required if `APPLE_ID` is specified. An app-specific password can be used. Alternatively to entering the password in plaintext, it may also be specified using a '@keychain:' or '@env:' prefix followed by a keychain password item name or environment variable name. - `APPLE_API_KEY` — Alternative to `APPLE_ID` and `APPLE_PASSWORD` for notarization authentication using JWT. - - This option will search the following directories in sequence for a private key file with the name of 'AuthKey_.p8': './private_keys', '~/private_keys', '~/.private_keys', and '~/.appstoreconnect/private_keys'. Additionally, you can set environment variable $API_PRIVATE_KEYS_DIR or a user default API_PRIVATE_KEYS_DIR to specify the directory where your AuthKey file is located. - See [creating API keys](https://developer.apple.com/documentation/appstoreconnectapi/creating_api_keys_for_app_store_connect_api) for more information. - `APPLE_API_ISSUER` — Issuer ID. Required if `APPLE_API_KEY` is specified. -- `APPLE_API_KEY_PATH` - path to the API key `.p8` file. +- `APPLE_API_KEY_PATH` - path to the API key `.p8` file. If not specified, the bundler searches the following directories in sequence for a private key file with the name of 'AuthKey_.p8': './private_keys', '~/private_keys', '~/.private_keys', and '~/.appstoreconnect/private_keys'. - `APPLE_SIGNING_IDENTITY` — The identity used to code sign. Overwrites `tauri.conf.json > tauri > bundle > macOS > signingIdentity`. - `APPLE_PROVIDER_SHORT_NAME` — If your Apple ID is connected to multiple teams, you have to specify the provider short name of the team you want to use to notarize your app. Overwrites `tauri.conf.json > tauri > bundle > macOS > providerShortName`. - `CI` — If set, the CLI will run in CI mode and won't require any user interaction.