async def staple_notarization(all_paths, path_attr="app_path"):
"""Staple the notarization results to each app.
Args:
all_paths (list): the list of App objects
path_attr (str, optional): the path attribute to staple. Defaults to
``app_path``
Raises:
IScriptError: on failure
"""
log.info("Stapling apps")
futures = []
for app in all_paths:
app.check_required_attrs([path_attr, "parent_dir"])
cwd = os.path.dirname(getattr(app, path_attr))
path = os.path.basename(getattr(app, path_attr))
futures.append(
asyncio.ensure_future(
retry_async(
run_command,
args=[["xcrun", "stapler", "staple", path]],
kwargs={
"cwd": cwd,
"exception": IScriptError,
"log_level": logging.DEBUG,
},
retry_exceptions=(IScriptError, ),
attempts=10,
)))
await raise_future_exceptions(futures)
async def wrap_notarization_with_sudo(config,
key_config,
all_paths,
path_attr="zip_path"):
"""Wrap the notarization requests with sudo.
Apple creates a lockfile per user for notarization. To notarize concurrently,
we use sudo against a set of accounts (``config['local_notarization_accounts']``).
Args:
config (dict): the running config
key_config (dict): the config for this signing key
all_paths (list): the list of ``App`` objects
path_attr (str, optional): the attribute that the zip path is under.
Defaults to ``zip_path``
Raises:
IScriptError: on failure
Returns:
dict: uuid to log path
"""
futures = []
accounts = config["local_notarization_accounts"]
counter = 0
uuids = {}
for app in all_paths:
app.check_required_attrs([path_attr, "parent_dir"])
while counter < len(all_paths):
futures = []
for account in accounts:
app = all_paths[counter]
app.notarization_log_path = f"{app.parent_dir}-notarization.log"
bundle_id = get_bundle_id(key_config["base_bundle_id"],
counter=str(counter))
zip_path = getattr(app, path_attr)
base_cmdln = " ".join([
"xcrun",
"altool",
"--notarize-app",
"-f",
zip_path,
"--primary-bundle-id",
'"{}"'.format(bundle_id),
"-u",
key_config["apple_notarization_account"],
"--asc-provider",
key_config["apple_asc_provider"],
"--password",
])
cmd = [
"sudo",
"su",
account,
"-c",
base_cmdln + " {}".format(
shlex.quote(key_config["apple_notarization_password"])),
]
log_cmd = ["sudo", "su", account, "-c", base_cmdln + " ********"]
futures.append(
asyncio.ensure_future(
retry_async(
run_command,
args=[cmd],
kwargs={
"log_path": app.notarization_log_path,
"log_cmd": log_cmd,
"exception": IScriptError,
},
retry_exceptions=(IScriptError, ),
attempts=10,
)))
counter += 1
if counter >= len(all_paths):
break
await raise_future_exceptions(futures)
for app in all_paths:
uuids[get_uuid_from_log(
app.notarization_log_path)] = app.notarization_log_path
return uuids