1 jaar geleden · dfbbca423b
--- a/.changes/notarytool.md
+++ b/.changes/notarytool.md
@@ -2,4 +2,4 @@
 
				 "tauri-bundler": minor:breaking
			
 
				 ---
			
 
				 
			
 
				-The macOS notarization now uses `notarytool` as `altool` will be discontinued on November 2023. When authenticating with an API key, the key `.p8` file path must be provided in the `APPLE_API_KEY_PATH` environment variable.
			
 
				+The macOS notarization now uses `notarytool` as `altool` will be discontinued on November 2023. When authenticating with an API key, the key `.p8` file path must be provided in the `APPLE_API_KEY_PATH` environment variable. To prevent a breaking change, we will try to find the key path in the `altool` default search paths.
			
--- a/tooling/bundler/src/bundle/macos/sign.rs
+++ b/tooling/bundler/src/bundle/macos/sign.rs
@@ -384,8 +384,44 @@ pub fn notarize_auth() -> crate::Result<NotarizeAuth> {
 
				           let issuer = api_issuer.to_str().expect("failed to convert APPLE_API_ISSUER to string").to_string();
			
 
				           Ok(NotarizeAuth::ApiKey { key, key_path: key_path.into(), issuer })
			
 
				         },
			
 
				+        (Some(api_key), Some(api_issuer), Err(_)) => {
			
 
				+          let key = api_key.to_str().expect("failed to convert APPLE_API_KEY to string").to_string();
			
 
				+          let issuer = api_issuer.to_str().expect("failed to convert APPLE_API_ISSUER to string").to_string();
			
 
				+
			
 
				+          let api_key_file_name = format!("AuthKey_{key}.p8");
			
 
				+          let mut key_path = None;
			
 
				+
			
 
				+          let mut search_paths = vec!["./private_keys".into()];
			
 
				+          if let Some(home_dir) = dirs_next::home_dir() {
			
 
				+            search_paths.push(home_dir.join("private_keys"));
			
 
				+            search_paths.push(home_dir.join(".private_keys"));
			
 
				+            search_paths.push(home_dir.join(".appstoreconnect").join("private_keys"));
			
 
				+          }
			
 
				+
			
 
				+          for folder in search_paths {
			
 
				+            if let Some(path) = find_api_key(folder, &api_key_file_name) {
			
 
				+              key_path = Some(path);
			
 
				+              break;
			
 
				+            }
			
 
				+          }
			
 
				+
			
 
				+          if let Some(key_path) = key_path {
			
 
				+          Ok(NotarizeAuth::ApiKey { key, key_path, issuer })
			
 
				+          } else {
			
 
				+            Err(anyhow::anyhow!("could not find API key file. Please set the APPLE_API_KEY_PATH environment variables to the path to the {api_key_file_name} file").into())
			
 
				+          }
			
 
				+        }
			
 
				         _ => Err(anyhow::anyhow!("no APPLE_ID & APPLE_PASSWORD or APPLE_API_KEY & APPLE_API_ISSUER & APPLE_API_KEY_PATH environment variables found").into())
			
 
				       }
			
 
				     }
			
 
				   }
			
 
				 }
			
 
				+
			
 
				+fn find_api_key(folder: PathBuf, file_name: &str) -> Option<PathBuf> {
			
 
				+  let path = folder.join(file_name);
			
 
				+  if path.exists() {
			
 
				+    Some(path)
			
 
				+  } else {
			
 
				+    None
			
 
				+  }
			
 
				+}
			
--- a/tooling/cli/ENVIRONMENT_VARIABLES.md
+++ b/tooling/cli/ENVIRONMENT_VARIABLES.md
@@ -26,10 +26,9 @@ These environment variables are inputs to the CLI which may have an equivalent C
 
				 - `APPLE_ID` — The Apple ID used to notarize the application. If this environment variable is provided, `APPLE_PASSWORD` must also be set. Alternatively, `APPLE_API_KEY` and `APPLE_API_ISSUER` can be used to authenticate.
			
 
				 - `APPLE_PASSWORD` — The Apple password used to authenticate for application notarization. Required if `APPLE_ID` is specified. An app-specific password can be used. Alternatively to entering the password in plaintext, it may also be specified using a '@keychain:' or '@env:' prefix followed by a keychain password item name or environment variable name.
			
 
				 - `APPLE_API_KEY` — Alternative to `APPLE_ID` and `APPLE_PASSWORD` for notarization authentication using JWT.
			
 
				-  - This option will search the following directories in sequence for a private key file with the name of 'AuthKey_<api_key>.p8': './private_keys', '~/private_keys', '~/.private_keys', and '~/.appstoreconnect/private_keys'. Additionally, you can set environment variable $API_PRIVATE_KEYS_DIR or a user default API_PRIVATE_KEYS_DIR to specify the directory where your AuthKey file is located.
			
 
				   - See [creating API keys](https://developer.apple.com/documentation/appstoreconnectapi/creating_api_keys_for_app_store_connect_api) for more information.
			
 
				 - `APPLE_API_ISSUER` — Issuer ID. Required if `APPLE_API_KEY` is specified.
			
 
				-- `APPLE_API_KEY_PATH` - path to the API key `.p8` file.
			
 
				+- `APPLE_API_KEY_PATH` - path to the API key `.p8` file. If not specified, the bundler searches the following directories in sequence for a private key file with the name of 'AuthKey_<api_key>.p8': './private_keys', '~/private_keys', '~/.private_keys', and '~/.appstoreconnect/private_keys'.
			
 
				 - `APPLE_SIGNING_IDENTITY` — The identity used to code sign. Overwrites `tauri.conf.json > tauri > bundle > macOS > signingIdentity`.
			
 
				 - `APPLE_PROVIDER_SHORT_NAME` — If your Apple ID is connected to multiple teams, you have to specify the provider short name of the team you want to use to notarize your app. Overwrites `tauri.conf.json > tauri > bundle > macOS > providerShortName`.
			
 
				 - `CI` — If set, the CLI will run in CI mode and won't require any user interaction.