Apple Codesign 0.17.0
The apple-codesign project has moved to https://github.com/indygreg/apple-platform-rs. This is the final release to be published from the PyOxidizer repository. All future releases can be found at https://github.com/indygreg/apple-platform-rs/releases.
Release Info
Changelog
- Major feature: Notarization is now implemented in Rust and no longer
requires Apple's Transporter application. Going forward, you only need
thercodesign
executable (or this crate embedded as a library) and an
App Store Connect API Key to notarize. Major thanks to Robin Lambertz
(@roblabla) for contributing the bulk of the implementation in #593. - As a result of native notarization, integration with Apple's Transporter
has been removed. Thefind-transporter
command has been removed. Rust
APIs related to Transporter, the app metadata XML format it used, and App
Store Connect APIs previously used have been removed. - As a result of native notarization, UI and implementation details of
notarization have changed. The output when uploading assets is much more
concise. Before, code existed to normalize uploaded assets to a data format
required by Transporter. As a side-effect, assets were somewhat validated
locally before upload. In the new world, minimal checks are performed locally.
This can result in errors (such as attempting to upload an asset without a
code signature) occurring later than they did previously. - A new
encode-app-store-connect-api-key
command can be used to encode an
App Store Connect API Key in a single JSON object. These keys are used for
notarization and having all the API Key metadata in a single file / JSON
blob means you have 1 entity to define your App Store Connect API Key instead
of 3, making UI simpler. - The
notarize
command has been renamed tonotary-submit
. This follows
the terminology of Apple'snotarytool
and mimics the nomenclature used
by the Notary API. The oldnotarize
command is an alias to
notary-submit
. - The
notary-submit
command now has an--api-key-path
argument defining the
path to a JSON file containing the unified App Store Connect API Key emitted
by theencode-app-store-connect-api-key
command. We recommend using this
method for specifying the API Key going forward, as it is simpler. The old
method was required for use with Apple's Transporter application, which we
no longer use so we're no longer bound by its requirements. The old method
will likely be dropped from a future release. - A new
notary-wait
command can be used to wait on a previous notary
submission to complete and to view its log info. This command can be useful if
notary-submit
times out or otherwise fails and you want to query the
status of a previous notarization. - A new
notary-log
command will fetch the notarization log of a previous
submission from the Notary API server. - Fixed signing of Mach-O binaries having a gap between segments. (This is known
to commonly occur in Go binaries.) In previous versions, we would compute
digests of the file incorrectly and would encounter an assertion when copying
Mach-O data to the output binary. Both of these issues should now be fixed.
(#588 and #616) - minicbor crate upgraded from version 0.15. This created API differences in
remote signing code. - The APIs around Mach-O file parsing have been significantly overhauled. It
is probably best to diff themacho
module to see the full differences.
There are nowMachFile
andMachOBinary
types serving as interfaces
to custom Mach-O functionality. Most code interfacing with a Mach-O file now
uses these types. TheAppleSignable
trait has been deleted as it is no
longer needed since we have the dedicatedMachOBinary
type.