Scripting notary tool and stapler

emendelson · September 9, 2022, 8:00pm

If I understand correctly, SD Notary will not be updated to use the notarytool command-line tool, so I’ve been trying to create an AppleScript app that will use the notarize and stapler commands automatically. After twenty years of trying, I’m still a beginner in AppleScript, but this script seems to work, although with one major inconvenience, which I’ll describe below the code. the property set in the first line of course should be the name of the keychain profile that you created according to the “store-credentials” instructions here:

https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/customizing_the_notarization_workflow

property keychainProfile : "YOUR_KEYCHAIN_PROFILE"

on open theDrop
   set theFile to item 1 of theDrop
   processFile(theFile)
end open

on run
   tell application "Finder" to set theFile to choose file
   processFile(theFile)
end run

on processFile(theFile)
   try
   	tell application "Finder"
   		set itemPath to quoted form of (POSIX path of theFile)
   		set theItem to theFile as alias
   		set destFolder to (container of theItem) as alias
   		set itemName to name of theItem
   		set zipFile to quoted form of (POSIX path of destFolder & itemName & ".zip")
   	end tell
   	try
   		do shell script "rm" & space & zipFile
   	end try
   	do shell script ("ditto -c -k --sequesterRsrc --keepParent " & quoted form of POSIX path of theItem & space & zipFile)
   	display dialog "Zip file created" buttons {"OK"} giving up after 1
   on error theError
   	tell me
   		activate
   		display dialog "Error: " & theError buttons {"OK"} default button 1 with icon stop
   		error number -128
   	end tell
   end try
   
   set notarizeResult to do shell script "xcrun notarytool submit" & space & zipFile & space & "--keychain-profile" & space & (quoted form of keychainProfile) & space & "--wait"
   
   if notarizeResult contains "Accepted" then
   	display dialog "Notarization accepted" buttons {"OK"} giving up after 1
   	try
   		do shell script "rm" & space & zipFile
   	end try
   	set staplerResult to do shell script "stapler staple" & space & itemPath
   	set staplerMessage to paragraph 2 of staplerResult & return & paragraph 3 of staplerResult
   	display dialog staplerMessage buttons {"OK"}
   else
   	display dialog notarizeResult buttons {"OK"}
   end if
end processFile

This is completely uninformative while the notarization tool is running, and I would prefer to open a terminal window and run the command inside it, but I can’t figure out how to get the result into a variable.

Anyway, this is mostly incompetent code, but I hope someone who is competent might be interested enough to improve it.

ShaneStanley · September 9, 2022, 11:37pm

It is our intention to update SD Notary to use the new tool before use of altool is deprecated. The logistics are still unclear; it may be in the form a of a separate app.

emendelson · September 10, 2022, 6:04am

@ShaneStanley - Ah, I misunderstood a post from a few months ago. This is very good news. Thank you.