notarytool can't get password from keychain like altool does

Code Signing Notarization
yhnfc OP
Created Aug ’23
Replies 4
Boosts 1
Views 656
Participants 1

This is the command I use, but must migrate, to notarize a macOS app:

xcrun altool --notarize-app -f "$outputDmg" --primary-bundle-id "$notarizeBundleId" -u "$notarizeUser" -p "@keychain:AC_PASSWORD"

The migration docs I read implied that the following should work:

xcrun notarytool submit --apple-id "$notarizeUser" "--team-id" $notarizeTeam --password "@keychain:AC_PASSWORD" "$outputDmg"

But it doesn't. I can get it to work only if I put the password from the keychain on the command line. I cannot accept this.

What can I do to make this work?

Replies  4
Boosts  1
Views  656
Participants  1
yhnfc OP
Aug ’23

I should mention the fact that I can display the password in the keychain if I execute this: security find-generic-password -w -s 'AC_PASSWORD' -a "$notarizeUser"

0
yhnfc OP
Aug ’23

And I should mention that I'm using an app-specific password and that I've been using altool this way for years.

0
yhnfc OP
Aug ’23

Here is a link to the migration doc I cited: TN3147: Migrating to the latest notarization tool | Apple Developer Documentation?changes=_3_3

0
yhnfc OP
Aug ’23

Looks like I have to jump through some hoops to store the password a different way and then add the --keychain-profile AC_PASSWORD option on the command line. Not at all happy as this provides me with no apparent benefit. Just lots of change. Thanks for nothin.

0
notarytool can't get password from keychain like altool does
First post date Last post date
 
 
Q