fix(emacs-builder): resolve issues with notarizing Emacs app (#100)

By updating gon, and switching to a maintained fork, notarization works again.
2026-02-19 02:36:39 +00:00 · 2024-04-03 09:37:18 +01:00
parent c38075ee8c
commit 1743035a6d
5 changed files with 50 additions and 35 deletions
--- a/go.mod
+++ b/go.mod
@@ -3,11 +3,11 @@ module github.com/jimeh/build-emacs-for-macos
 go 1.20

 require (
+	github.com/bearer/gon v0.0.36
 	github.com/google/go-github/v35 v35.3.0
 	github.com/hashicorp/go-hclog v1.5.0
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/jimeh/undent v1.1.0
-	github.com/mitchellh/gon v0.2.5
 	github.com/stretchr/testify v1.7.2
 	github.com/urfave/cli/v2 v2.25.7
 	golang.org/x/oauth2 v0.14.0
@@ -21,9 +21,7 @@ require (
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
-	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
--- a/go.sum
+++ b/go.sum
@@ -1,6 +1,8 @@
 github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
 github.com/apparentlymart/go-dump v0.0.0-20180507223929-23540a00eaa3/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM=
 github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
+github.com/bearer/gon v0.0.36 h1:IswEKy8WbBPx7ZxCs4T7mHN6Rj8CbLpS/0u8wka6fO8=
+github.com/bearer/gon v0.0.36/go.mod h1:jiD3TC2OA5lR2oADhe83a/FLxNS7/ra+58QUT9sQveg=
 github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM=
 github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -30,19 +32,12 @@ github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
-github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-hclog v0.9.3-0.20191025211905-234833755cb2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
 github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-retryablehttp v0.6.3/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
-github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=
-github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
 github.com/hashicorp/hcl/v2 v2.0.0/go.mod h1:oVVDG71tEinNGYCxinCYadcmKU9bglqW9pV3txagJ90=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
@@ -68,15 +63,12 @@ github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
-github.com/mitchellh/gon v0.2.5 h1:mVWtqTzV03W0avJqmqjk9M0qls3TDUXfc9ETJaPIOWY=
-github.com/mitchellh/gon v0.2.5/go.mod h1:Ua18ZhqjZHg8VyqZo8kNHAY331ntV6nNJ9mT3s2mIo8=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rhysd/go-fakeio v1.0.0 h1:+TjiKCOs32dONY7DaoVz/VPOdvRkPfBkEyUDIpM8FQY=
 github.com/rhysd/go-fakeio v1.0.0/go.mod h1:joYxF906trVwp2JLrE4jlN7A0z6wrz8O6o1UjarbFzE=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/sebdah/goldie v1.0.0 h1:9GNhIat69MSlz/ndaBg48vl9dF5fI+NBB6kfOxgfkMc=
 github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdkkZBH4=
 github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
 github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
--- a/pkg/cli/notarize.go
+++ b/pkg/cli/notarize.go
@@ -25,9 +25,9 @@ func notarizeCmd() *cli2.Command {
 				EnvVars: []string{"AC_USERNAME"},
 			},
 			&cli2.StringFlag{
-				Name:  "ac-password",
-				Usage: "Apple Connect password",
-				Value: "@env:AC_PASSWORD",
+				Name:    "ac-password",
+				Usage:   "Apple Connect password",
+				EnvVars: []string{"AC_PASSWORD"},
 			},
 			&cli2.StringFlag{
 				Name:    "ac-provider",
--- a/pkg/cli/package.go
+++ b/pkg/cli/package.go
@@ -76,9 +76,9 @@ func packageCmd() *cli2.Command {
 				EnvVars: []string{"AC_USERNAME"},
 			},
 			&cli2.StringFlag{
-				Name:  "ac-password",
-				Usage: "(with --sign) Apple Connect password",
-				Value: "@env:AC_PASSWORD",
+				Name:    "ac-password",
+				Usage:   "(with --sign) Apple Connect password",
+				EnvVars: []string{"AC_PASSWORD"},
 			},
 			&cli2.StringFlag{
 				Name:    "ac-provider",
--- a/pkg/notarize/notarize.go
+++ b/pkg/notarize/notarize.go
@@ -7,9 +7,9 @@ import (
 	"sync"
 	"time"

+	"github.com/bearer/gon/notarize"
+	"github.com/bearer/gon/staple"
 	"github.com/hashicorp/go-hclog"
-	"github.com/mitchellh/gon/notarize"
-	"github.com/mitchellh/gon/staple"
 )

 type Options struct {
@@ -25,21 +25,23 @@ func Notarize(ctx context.Context, opts *Options) error {
 	logger := hclog.FromContext(ctx).Named("notarize")

 	notarizeOpts := &notarize.Options{
-		File:     opts.File,
-		BundleId: opts.BundleID,
-		Username: opts.Username,
-		Password: opts.Password,
-		Provider: opts.Provider,
-		BaseCmd:  exec.CommandContext(ctx, ""),
+		File:        opts.File,
+		DeveloperId: opts.Username,
+		Password:    opts.Password,
+		Provider:    opts.Provider,
+		BaseCmd:     exec.CommandContext(ctx, ""),
 		Status: &status{
 			Lock:   &sync.Mutex{},
 			Logger: logger,
 		},
+		// Ensure we don't log anything from the notarize package, as it will
+		// log the password. We'll handle logging ourselves.
+		Logger: hclog.NewNullLogger(),
 	}

 	logger.Info("notarizing", "file", filepath.Base(opts.File))

-	info, err := notarize.Notarize(ctx, notarizeOpts)
+	info, _, err := notarize.Notarize(ctx, notarizeOpts)
 	if err != nil {
 		return err
 	}
@@ -68,9 +70,15 @@ type status struct {
 	Lock   *sync.Mutex
 	Logger hclog.Logger

-	lastStatusTime time.Time
+	lastinfoStatus     string
+	lastInfoStatusTime time.Time
+
+	lastLogStatus     string
+	lastLogStatusTime time.Time
 }

+var _ notarize.Status = (*status)(nil)
+
 func (s *status) Submitting() {
 	s.Lock.Lock()
 	defer s.Lock.Unlock()
@@ -82,17 +90,34 @@ func (s *status) Submitted(uuid string) {
 	s.Lock.Lock()
 	defer s.Lock.Unlock()

-	s.Logger.Info("submitted")
-	s.Logger.Debug("request", "uuid", uuid)
-	s.Logger.Info("waiting for result from Apple...")
+	msg := "submitted, waiting for result from Apple"
+	if s.Logger.IsDebug() {
+		s.Logger.Debug(msg, "uuid", uuid)
+	} else {
+		s.Logger.Info(msg)
+	}
 }

-func (s *status) Status(info notarize.Info) {
+func (s *status) InfoStatus(info notarize.Info) {
 	s.Lock.Lock()
 	defer s.Lock.Unlock()

-	if time.Now().After(s.lastStatusTime.Add(60 * time.Second)) {
-		s.lastStatusTime = time.Now()
+	if s.lastinfoStatus != info.Status ||
+		time.Now().After(s.lastInfoStatusTime.Add(60*time.Second)) {
+		s.lastinfoStatus = info.Status
+		s.lastInfoStatusTime = time.Now()
 		s.Logger.Info("status update", "status", info.Status)
 	}
 }
+
+func (s *status) LogStatus(log notarize.Log) {
+	s.Lock.Lock()
+	defer s.Lock.Unlock()
+
+	if s.lastLogStatus != log.Status ||
+		time.Now().After(s.lastLogStatusTime.Add(60*time.Second)) {
+		s.lastLogStatus = log.Status
+		s.lastLogStatusTime = time.Now()
+		s.Logger.Info("log status update", "status", log.Status)
+	}
+}