Add docs

Docs/macOSSigning.md

@@ -49,14 +49,55 @@ xcrun notarytool  store-credentials
 ```
 
 1. Profile name: 
-    - Profile name: tachiom
+    - Profile name: ScreenPlay
 2. Path to App Store Connect API private key:
-    - `/Users/eliassteurer/Documents/AuthKey_xxxxxxx.p8`
-3. App Store Connect API Key ID:
-    - KEY ID at: https://appstoreconnect.apple.com/access/api
-4. App Store Connect API Issuer ID:
-    - USER ID at: https://appstoreconnect.apple.com/access/api
+    - Path to App Store Connect API private key: `/Users/eliassteurer/Documents/AuthKey_xxxxxxx.p8`
+3. App Store go to : https://appstoreconnect.apple.com/access/api
+    - Klick Keys in the top menu. Then you can answer the next two questions:
+    - App Store Connect API Key ID: There is a list of `Active` names, generated by. Use this `KEY ID`
+    - App Store Connect API Issuer ID: Then copy the `Issuer ID` above it
+    - __IMPORTANT__: The Profile name must match the one set in:
+    ```xcrun notarytool submit ScreenPlay.app.zip --keychain-profile 'ScreenPlay' --wait```
 
+Example output:
+```
+eliassteurer@Eliass-Mac-mini Tools % xcrun notarytool  store-credentials
+
+This process stores your credentials securely in the Keychain. You reference these credentials later using a profile name.
+
+Profile name:
+xxxxxxx
+We recommend using App Store Connect API keys for authentication. If you'd like to authenticate with an Apple ID and app-specific password instead, leave this unspecified.
+
+Path to App Store Connect API private key:
+/Users/xxxxxxxxxx/Documents/AuthKey_xxxxxxxxxxx.p8
+App Store Connect API Key ID:
+ScreenPlay
+App Store Connect API Issuer ID:
+xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
+Validating your credentials...
+Success. Credentials validated.
+Credentials saved to Keychain.
+To use them, specify `--keychain-profile "xxxxxxx"`
+eliassteurer@Eliass-Mac-mini Tools % --keychain-profile "ScreenPlay"
+```
+
+## Add your credentials to the system:
+See: https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/customizing_the_notarization_workflow
+```
+xcrun notarytool store-credentials "ScreenPlay"
+               --apple-id "AC_USERNAME"
+               --team-id <WWDRTeamID>
+               --password <secret_2FA_password>
+```
+- `AC_USERNAME` = Your email or something you set at AppleID (email): https://appleid.apple.com/account/manage/section/security
+https://stackoverflow.com/questions/56890749/macos-notarize-in-script
+- `WWDRTeamID` = Go to https://appstoreconnect.apple.com/access/users click on your listed user and copy the `xxxxxxx` from:
+```
+Team ID
+XXXXXXXXXX View Membership Details
+```
+- `password` = Go to https://appleid.apple.com/account/manage/section/security then to `App-specific passwords` and use this password. This will not display you the password, but you can simply remove it, generate a new under the same name and copy the displayed password.
 
 ## Get an App-Specific Password
 https://stackoverflow.com/questions/56890749/macos-notarize-in-script
@@ -64,15 +105,11 @@ https://stackoverflow.com/questions/56890749/macos-notarize-in-script
 security add-generic-password -a "kelteseth@gmail.com" -w "xxxx-xxx-xxx-xxx" -s "Developer ID Application: Elias Steurer (V887LHYKRH)"
 ```
 
-## Upload to apple for notization
-We use [xcnotary](https://github.com/akeru-inc/xcnotary) tools for fast automatic upload. Install it via brew:
-
-`brew install akeru-inc/tap/xcnotary`
-
-Then run it with the 
-- `*.app` name
-- `-d` the developer account email and 
-- `-k` command is here the keychain name that contains your password from the app password step above!
-
-`xcnotary notarize ScreenPlay.app -d yourDeveloperAccountEmail@example.com -k ScreenPlay`
-
+## Troubleshooting
+```
+Processing complete
+id: xxxxxx-xxxxxx-xxxx-xxxxx-xxxxx
+status: Invalid
+```
+Run the follwoing if you get an signing error:
+`xcrun notarytool log --apple-id "xxxxx@xxxx.com" --password "xxxx-xxxx-xxxx-xxxx" --team-id "xxxxxxxxxxx"  <ID>`

Tools/macos_sign.py

@@ -3,16 +3,17 @@
 from build import BuildConfig
 from util import  run
 from sys import stdout
+import time
 
 stdout.reconfigure(encoding='utf-8')
 
 def sign(build_config: BuildConfig):
     print("Run codedesign")
-    run("codesign --deep -f -s \"Developer ID Application: Elias Steurer (V887LHYKRH)\" --timestamp --options \"runtime\" -f --entitlements \"../../ScreenPlay/entitlements.plist\"  --deep \"ScreenPlay.app/\"", 
+    run("codesign --deep -f -s 'Developer ID Application: Elias Steurer (V887LHYKRH)' --timestamp --options 'runtime' -f --entitlements '../../ScreenPlay/entitlements.plist'  --deep 'ScreenPlay.app/' ", 
         cwd=build_config.bin_dir)
 
     print("Run codedesign verify")
-    run("codesign --verify --verbose=4  \"ScreenPlay.app/\"", 
+    run("codesign --verify --verbose=4  'ScreenPlay.app/'", 
         cwd=build_config.bin_dir)
 
     # TODO: Replace with https://github.com/akeru-inc/xcnotary/issues/22#issuecomment-1179170957
@@ -22,15 +23,19 @@ def sign(build_config: BuildConfig):
     # xcrun stapler staple "ScreenPlay.app"
     print("Packing .apps for upload")
     run("ditto -c -k --keepParent 'ScreenPlay.app' 'ScreenPlay.app.zip'", cwd=build_config.bin_dir)
-    
+
+    # run this  if you get an error:
+    # `xcrun notarytool log --apple-id "xxxxx@xxxx.com"  --password "xxxx-xxxx-xxxx-xxxx" --team-id "xxxxxxxxxxx"  <ID>`
+    # Processing complete
+    # id: xxxxxx-xxxxxx-xxxx-xxxxx-xxxxx
+    # status: Invalid
     print("Run xcnotary submit")
-    run("xcrun notarytool submit ScreenPlay.app.zip --keychain-profile 'ScreenPlay' --wait", cwd=build_config.bin_dir)
+    run("xcrun notarytool submit --keychain-profile 'ScreenPlay' ScreenPlay.app.zip  --wait", cwd=build_config.bin_dir)
 
     print("Run stapler staple")
     run("xcrun stapler staple ScreenPlay.app", cwd=build_config.bin_dir)
-
     print("Run spctl assess")
-    run("spctl --assess --verbose  \"ScreenPlay.app/\"", cwd=build_config.bin_dir)
+    run("spctl --assess --verbose  'ScreenPlay.app/'", cwd=build_config.bin_dir)
 
     print("Remove *.app.zip files.")
     run("rm ScreenPlay.app.zip",  cwd=build_config.bin_dir)