From f7adda1e705c056a06d5929093e162e1ed6be8a9 Mon Sep 17 00:00:00 2001
From: Julien Wadel <julien.wadel@belledonne-communications.com>
Date: Fri, 20 Oct 2023 10:55:29 +0200
Subject: [PATCH] Notarization : Change altool into notarytool Revert SDK

---
 .gitlab-ci-files/job-macosx-desktop.yml |  2 +-
 linphone-app/tools/sign_package.sh      |  2 +-
 linphone-sdk                            |  2 +-
 tools/app_notarization.sh               | 85 ++++---------------------
 4 files changed, 17 insertions(+), 74 deletions(-)

diff --git a/.gitlab-ci-files/job-macosx-desktop.yml b/.gitlab-ci-files/job-macosx-desktop.yml
index 2c90ee8a9..85545544e 100644
--- a/.gitlab-ci-files/job-macosx-desktop.yml
+++ b/.gitlab-ci-files/job-macosx-desktop.yml
@@ -18,7 +18,7 @@
   echo $DEFAULT_MACOS_CMAKE_OPTIONS
   echo $CMAKE_OPTIONS
   echo $ADDITIONAL_BUILD_OPTIONS
-  cmake .. -G "$CMAKE_GENERATOR" -DLINPHONESDK_PLATFORM=Macos -DCMAKE_OSX_DEPLOYMENT_TARGET=10.14 -DCMAKE_BUILD_TYPE=$CI_BUILD_TYPE $DEFAULT_MACOS_CMAKE_OPTIONS -DLINPHONE_BUILDER_SIGNING_IDENTITY="$MACOS_SIGNING_IDENTITY" $XCODE_OPTIONS $CMAKE_OPTIONS $SCHEDULE_CMAKE_OPTIONS -DCMAKE_TOOLCHAIN_FILE=$CMAKE_TOOLCHAIN_FILE $RELEASE_FILE
+  cmake .. -G "$CMAKE_GENERATOR" -DCMAKE_OSX_DEPLOYMENT_TARGET=10.14 -DCMAKE_BUILD_TYPE=$CI_BUILD_TYPE $DEFAULT_MACOS_CMAKE_OPTIONS -DLINPHONE_BUILDER_SIGNING_IDENTITY="$MACOS_SIGNING_IDENTITY" $XCODE_OPTIONS $CMAKE_OPTIONS $SCHEDULE_CMAKE_OPTIONS $RELEASE_FILE
   cmake --build . --target install --config $CI_BUILD_TYPE $LBC_NODEBUG_OPTIONS -- $ADDITIONAL_BUILD_OPTIONS
   ccache -s
 
diff --git a/linphone-app/tools/sign_package.sh b/linphone-app/tools/sign_package.sh
index 7f5b1e2aa..b5c299ada 100644
--- a/linphone-app/tools/sign_package.sh
+++ b/linphone-app/tools/sign_package.sh
@@ -4,5 +4,5 @@
 #	$2 = Identity
 #	$3 = Path to recursivly search
 
-find $3 -name "*"  -exec $1 --force --deep --timestamp --options runtime,library -s "$2" {} \;
+find $3 -name "*"  -type f -exec $1 --force --deep --timestamp --options runtime,library -s "$2" {} \;
 
diff --git a/linphone-sdk b/linphone-sdk
index a3943b61b..8756a37ad 160000
--- a/linphone-sdk
+++ b/linphone-sdk
@@ -1 +1 @@
-Subproject commit a3943b61b841fd7226dd495cd28ff0ecbbafc2a2
+Subproject commit 8756a37ad10399a0c27d32590a0d1cc87ea97c2e
diff --git a/tools/app_notarization.sh b/tools/app_notarization.sh
index f7c0bc509..b3a4ce829 100755
--- a/tools/app_notarization.sh
+++ b/tools/app_notarization.sh
@@ -9,78 +9,21 @@ do
     linphone_file=$f
 done
 
-echo "Uploading $linphone_file file with xcrun altool"
-xcrun altool --notarize-app --primary-bundle-id $MACOSX_SIGNING_IDENTIFIER -u "$MACOSX_SIGNING_MAIL" -p "$MACOSX_SIGNING_PASS" --asc-provider "$MACOSX_SIGNING_PROVIDER" --file $linphone_file --output-format xml > "notarize_result.plist"
-echo "dmg processed. Checking UUID"
-request_uuid="$("/usr/libexec/PlistBuddy" -c "Print notarization-upload:RequestUUID"  notarize_result.plist)"
-echo "Notarization UUID: ${request_uuid}"
-#Get status from upload
-declare -i tryCount=0
-declare -i maxCount=4
-for (( ; ; ))
-do
-    echo "Getting notarization status"
-	xcrun altool --notarization-info "${request_uuid}" -u "$MACOSX_SIGNING_MAIL" -p "$MACOSX_SIGNING_PASS" --asc-provider "$MACOSX_SIGNING_PROVIDER" --output-format xml > "notarize_result2.plist"
-	xcrun_result=$?
-	if [ "${xcrun_result}" != "0" ]
-	then
-		if [ "$tryCount" -lt "$maxCount" ]
-		then
-			tryCount=$((tryCount + 1))
-			sleep 60
-			continue
-		else
-			echo "Notarization failed: ${xcrun_result}"
-			cat "notarize_result2.plist"
-			exit 1
-		fi
-	fi
-	notarize_status="$("/usr/libexec/PlistBuddy" -c "Print notarization-info:Status"  notarize_result2.plist)"
-	if [[ "${notarize_status}" == *"in progress"* ]]; then
-		echo "Waiting for notarization to complete: ${notarize_status}"
-		sleep 20
-	else
-		echo "Notarization status: ${notarize_status}"
-		break
-	fi
-done
-log_url="$("/usr/libexec/PlistBuddy" -c "Print notarization-info:LogFileURL"  notarize_result2.plist)"
-echo "Notarization log URL: ${log_url}"
+echo "Uploading $linphone_file file with xcrun notarytool"
+xcrun notarytool submit -f json --team-id "$MACOSX_SIGNING_PROVIDER" --password "$MACOSX_SIGNING_PASS" --apple-id "$MACOSX_SIGNING_MAIL" --wait $linphone_file 2>&1 | tee /tmp/notarization_info.json
 
-if [ "${notarize_status}" != "success" ]
-then
-	echo "Notarization failed."
-	if [ ! -z "${log_url}" ]
-	then
-		curl "${log_url}"
-	fi
-	exit 1
+status=$(jq -r .status </tmp/notarization_info.json)
+id=$(jq -r .id </tmp/notarization_info.json)
+
+echo "status=${status} id=${id}"
+
+xcrun notarytool log --team-id "$MACOSX_SIGNING_PROVIDER" --password "$MACOSX_SIGNING_PASS" --apple-id "$MACOSX_SIGNING_MAIL" ${id} -f json >/tmp/notarization_log.json
+
+issues=$(jq -r .issues </tmp/notarization_log.json)
+if [ "$issues" != "null" ]; then
+    printf "There are issues with the notarization (${issues})\n"
+    printf "=== Log output === \n$(cat /tmp/notarization_log.json)\n"
+    exit 1
 fi
 
-echo "Stapling notarization result..."
-for (( ; ; ))
-do
-    xcrun stapler staple -q $linphone_file
-    stapler_result=$?
-    if [ "${stapler_result}" = "65" ]
-    then
-        echo "Waiting for stapling to find record"
-        sleep 10
-    else
-        echo "Stapler status: ${stapler_result}"
-        break
-    fi
-done
-
-
-spctl --assess --type open --context context:primary-signature -v $linphone_file
-#validation_result=$?
-
-echo "Validating image : $?"
-#if [ "${validation_result}" != 0 ]
-#then
-#	echo "Failed to validate image: ${validation_result}"
-#	curl "${log_url}"
-#	exit 1
-#fi
 exit 0