The apple-codesign project has moved to https://github.com/indygreg/apple-platform-rs. This is the final release to be published from the PyOxidizer repository. All future releases can be found at https://github.com/indygreg/apple-platform-rs/releases.

Release Info

• Documentation
• Known issues and limitations
• Debugging and bug filing instructions

Changelog

• Major feature: Notarization is now implemented in Rust and no longer
  requires Apple's Transporter application. Going forward, you only need
  the rcodesign executable (or this crate embedded as a library) and an
  App Store Connect API Key to notarize. Major thanks to Robin Lambertz
  (@roblabla) for contributing the bulk of the implementation in #593.
• As a result of native notarization, integration with Apple's Transporter
  has been removed. The find-transporter command has been removed. Rust
  APIs related to Transporter, the app metadata XML format it used, and App
  Store Connect APIs previously used have been removed.
• As a result of native notarization, UI and implementation details of
  notarization have changed. The output when uploading assets is much more
  concise. Before, code existed to normalize uploaded assets to a data format
  required by Transporter. As a side-effect, assets were somewhat validated
  locally before upload. In the new world, minimal checks are performed locally.
  This can result in errors (such as attempting to upload an asset without a
  code signature) occurring later than they did previously.
• A new encode-app-store-connect-api-key command can be used to encode an
  App Store Connect API Key in a single JSON object. These keys are used for
  notarization and having all the API Key metadata in a single file / JSON
  blob means you have 1 entity to define your App Store Connect API Key instead
  of 3, making UI simpler.
• The notarize command has been renamed to notary-submit. This follows
  the terminology of Apple's notarytool and mimics the nomenclature used
  by the Notary API. The old notarize command is an alias to
  notary-submit.
• The notary-submit command now has an --api-key-path argument defining the
  path to a JSON file containing the unified App Store Connect API Key emitted
  by the encode-app-store-connect-api-key command. We recommend using this
  method for specifying the API Key going forward, as it is simpler. The old
  method was required for use with Apple's Transporter application, which we
  no longer use so we're no longer bound by its requirements. The old method
  will likely be dropped from a future release.
• A new notary-wait command can be used to wait on a previous notary
  submission to complete and to view its log info. This command can be useful if
  notary-submit times out or otherwise fails and you want to query the
  status of a previous notarization.
• A new notary-log command will fetch the notarization log of a previous
  submission from the Notary API server.
• Fixed signing of Mach-O binaries having a gap between segments. (This is known
  to commonly occur in Go binaries.) In previous versions, we would compute
  digests of the file incorrectly and would encounter an assertion when copying
  Mach-O data to the output binary. Both of these issues should now be fixed.
  (#588 and #616)
• minicbor crate upgraded from version 0.15. This created API differences in
  remote signing code.
• The APIs around Mach-O file parsing have been significantly overhauled. It
  is probably best to diff the macho module to see the full differences.
  There are now MachFile and MachOBinary types serving as interfaces
  to custom Mach-O functionality. Most code interfacing with a Mach-O file now
  uses these types. The AppleSignable trait has been deleted as it is no
  longer needed since we have the dedicated MachOBinary type.