Fetch service response even when succeeded. Optional flag to skip pre…

…check for troubleshooting.

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Change Log
 
+## [v0.4.8](https://github.com/akeru-inc/xcnotary/releases/tag/v0.4.0)
+
+* Added `--no-precheck` option for help troubleshooting some code signing scenarios
+* Notarization service output is now fetched even in the succcess case, following Apple documentation guidance: "Always check the log file, even if notarization succeeds, because it might contain warnings that you can fix prior to your next submission."
+
 ## [v0.4.0](https://github.com/akeru-inc/xcnotary/releases/tag/v0.4.0)
 
 * Added support for .dmg file notarization. [#3](https://github.com/akeru-inc/xcnotary/issues/3)

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "xcnotary"
-version = "0.4.7"
+version = "0.4.8"
 authors = ["David Vartan <[email protected]>"]
 edition = "2018"
 license = "MIT OR Apache-2.0"

README.md

@@ -45,6 +45,7 @@ xcnotary notarize <input path> \
   --developer-account <Apple Developer account> \
   --developer-password-keychain-item <name of keychain item, see below> \
   [--provider <provider short name>]
+  [--no-precheck]
 ```
 
 Supported inputs:
@@ -71,6 +72,13 @@ xcrun altool --list-providers  -u "$DEVELOPER_ACCOUNT_USERNAME" -p "@keychain:$P
 
 - When notarization fails, `xcnotary` will connect to `https://osxapps-ssl.itunes.apple.com/` on port 443 to retrieve the failure log.
 
+### Service response
+
+Apple [documentation](https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution/customizing_the_notarization_workflow) advises: "Always check the log file, even if notarization succeeds, because it might contain warnings that you can fix prior to your next submission."
+
+`xcnotary` will fetch and display the notarization service response upon completion.
+
+
 # Bundle pre-checks
 
 `xcnotary` attempts to check the input for some [common notarization issues](https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution/resolving_common_notarization_issues) before uploading it to Apple. While not foolproof, these checks may potentially save you minutes waiting for a response only to fail due to an incorrect code signing flag.
@@ -86,6 +94,8 @@ When the input is an app bundle, the following checks will be performed:
 
 When the input is a *.dmg* or a *.pkg*, only the Developer ID signing check is performed, i.e. the only check that can be performed at the moment without extracting the contents. In your workflow, you may want to run `xcnotary precheck` on your bundle target before packaging it.
 
+In rare cases, it may be helpful to troubleshoot code signing issues directly using the notarization service response. To do so, specify `--no-precheck` when invoking `xcnotary notarize`.
+
 # Building for notarization
 
 The following examples set various necessary build flags, such as code signing with a "secure timestamp."

src/main.rs

@@ -29,10 +29,14 @@ fn run() -> Result<(), Box<dyn Error>> {
             password_keychain_item,
             input_path,
             provider,
+            no_precheck,
         } => {
             let (path_type, bundle_id) = util::input_path::path_info(&input_path)?;
 
-            precheck::run(&input_path, &path_type, false)?;
+            if !no_precheck {
+                precheck::run(&input_path, &path_type, false)?;
+            }
+
             notarize::run(
                 input_path,
                 path_type,

src/notarize/run.rs

@@ -66,7 +66,7 @@ impl NotarizeOp {
 
         let pb = progress_bar("Waiting for notarization");
 
-        loop {
+        let (success, log_url) = loop {
             std::io::stdout().flush().unwrap();
 
             std::thread::sleep(std::time::Duration::from_secs(5));
@@ -76,29 +76,37 @@ impl NotarizeOp {
             match info.details.status {
                 NotarizationStatus::InProgress => continue,
                 NotarizationStatus::Success => {
-                    break;
+                    break (true, info.details.logfile_url);
                 }
                 NotarizationStatus::Invalid => {
-                    let log_url = info.details.logfile_url.unwrap();
-
-                    let log_response = reqwest::blocking::get(&log_url).unwrap().text().unwrap();
-
-                    return Err(OperationError::detail(
-                        "Notarization failed. Server response",
-                        &log_response,
-                    )
-                    .into());
+                    break (false, info.details.logfile_url);
                 }
             }
-        }
+        };
+
+        pb.finish();
 
+        let pb = progress_bar("Requesting log file");
+        let log_text = reqwest::blocking::get(&log_url.unwrap())
+            .unwrap()
+            .text()
+            .unwrap();
         pb.finish();
 
+        if !success {
+            return Err(OperationError::detail(
+                "Notarization failed. Service response:",
+                &log_text,
+            )
+            .into());
+        }
+
         let pb = progress_bar("Stapling");
         self.staple()?;
         pb.finish();
 
-        println!("\n{}", style("Success!").green().bold());
+        println!("\n{}", style("Success! Review the service response for additional issues or warnings:").green().bold());
+        println!("{}", log_text);
 
         Ok(())
     }

src/util/cli.rs

@@ -30,6 +30,10 @@ pub(crate) enum Args {
         /// Required if the developer credentials are associated with more than one team. Corresponds to "ProviderShortname" from running `xcrun altool --list-providers`
         #[structopt(long)]
         provider: Option<String>,
+
+        /// Skip client-side pre-checks, deferring to notarization service for troubleshooting
+        #[structopt(long)]
+        no_precheck: bool,
     },
 }