mac build: follow-up prev (altool -> notarytool migration)

related 7ee078852a

contrib/osx/README.md

@@ -88,14 +88,19 @@ Let brew install the Xcode CLI tools.
 
 This creates both a folder named Electrum.app and the .dmg file.
 
-If you want the binaries codesigned for MacOS and notarised by Apple's central server,
+##### 2.1. For release binaries, here be dragons
+
+If you want the binaries codesigned for macOS and notarised by Apple's central server,
 provide these env vars to the `make_osx.sh` script:
 
     CODESIGN_CERT="Developer ID Application: Electrum Technologies GmbH (L6P37P7P56)" \
+    APPLE_TEAM_ID="L6P37P7P56" \
     APPLE_ID_USER="me@email.com" \
     APPLE_ID_PASSWORD="1234" \
     ./contrib/osx/make_osx.sh
 
+(note: `APPLE_ID_PASSWORD` is an app-specific password, *not* the account password)
+
 
 ## Verifying reproducibility and comparing against official binary
 

contrib/osx/notarize_app.sh

@@ -24,10 +24,12 @@ ditto -c -k --rsrc --keepParent "$APP_BUNDLE" "${APP_BUNDLE}.zip"
 # Submit for notarization
 echo "Submitting $APP_BUNDLE for notarization..."
 RESULT=$(xcrun notarytool submit \
-    --team-id $APPLE_TEAM_ID \
-    --apple-id $APPLE_ID_USER \
-    --password $APPLE_ID_PASSWORD \
+    --team-id "$APPLE_TEAM_ID" \
+    --apple-id "$APPLE_ID_USER" \
+    --password "$APPLE_ID_PASSWORD" \
+    --output-format plist \
     --wait \
+    --timeout 10m \
     "${APP_BUNDLE}.zip"
 )
 
@@ -37,8 +39,16 @@ if [ $? -ne 0 ]; then
     exit 1
 fi
 
-# success
-echo $RESULT
+STATUS=$(echo "$RESULT" | xpath -e \
+  "//key[normalize-space(text()) = 'status']/following-sibling::string[1]/text()" 2> /dev/null)
+
+if [ "$STATUS" = "Accepted" ]; then
+    echo "Notarization of $APP_BUNDLE succeeded!"
+else
+    echo "Notarization of $APP_BUNDLE failed:"
+    echo "$RESULT"
+    exit 1
+fi
 
 # Staple the notary ticket
 xcrun stapler staple "$APP_BUNDLE"