From 9abf29e9955b2ca039482ca2cb3fcffbe7375175 Mon Sep 17 00:00:00 2001
From: Beq <beqjanus@gmail.com>
Date: Mon, 1 Apr 2024 22:45:17 +0100
Subject: [PATCH] A bunch more changes for notarising.

fingers crossed.
---
 .github/workflows/build_viewer.yml            |  2 +
 .../installers/darwin/apple-notarize.sh       | 42 +++++--------------
 2 files changed, 13 insertions(+), 31 deletions(-)

diff --git a/.github/workflows/build_viewer.yml b/.github/workflows/build_viewer.yml
index bcacdc8789..803ec090c4 100644
--- a/.github/workflows/build_viewer.yml
+++ b/.github/workflows/build_viewer.yml
@@ -178,6 +178,8 @@ jobs:
           echo -n "$FS_CERT_PASS" >${build_secrets_checkout}/code-signing-osx/password.txt
           echo -n "$NOTARIZE_CREDS" | base64 --decode --output ${build_secrets_checkout}/code-signing-osx/notarize_creds.sh
           security create-keychain -p "$FS_KEYCHAIN_PASS" ~/Library/Keychains/viewer.keychain
+          # notarize tool uses a specific database keychain by default we need to override this to ours.
+          security default-keychain -s viewer.keychain
           security set-keychain-settings -lut 21600 ~/Library/Keychains/viewer.keychain
           security unlock-keychain -p "$FS_KEYCHAIN_PASS" ~/Library/Keychains/viewer.keychain
           security import ${build_secrets_checkout}/code-signing-osx/fs-cert.p12 -P "$FS_CERT_PASS" -A -t cert -f pkcs12 -k ~/Library/Keychains/viewer.keychain
diff --git a/indra/newview/installers/darwin/apple-notarize.sh b/indra/newview/installers/darwin/apple-notarize.sh
index 5466c65778..953ad5e093 100755
--- a/indra/newview/installers/darwin/apple-notarize.sh
+++ b/indra/newview/installers/darwin/apple-notarize.sh
@@ -12,46 +12,26 @@ if [[ -f "$CONFIG_FILE" ]]; then
     ditto -c -k --keepParent "$app_file" "$zip_file"
     if [[ -f "$zip_file" ]]; then
         res=$(xcrun notarytool store-credentials \
-                                viewer.keychain-db \
+                                viewer.profile \
                                 --verbose \
-                                --apple-id $USERNAME \
-                                --password $PASSWORD 2>&1)
         echo $res
         res=$(xcrun notarytool submit "$zip_file" \
-                                --keychain-profile viewer.keychain-db \
+                                --apple-id $USERNAME \
+                                --password $PASSWORD \
                                 --verbose \
                                 --wait 2>&1)
+        echo "Notarytool submit:"
         echo $res
         
-        requestUUID=$(echo $res | awk '/RequestUUID/ { print $NF; }')
-        if [[ -n $requestUUID ]]; then
-            in_progress=1
-            while [[ $in_progress -eq 1 ]]; do
-                sleep 30
-                res=$(xcrun notarytool info "$requestUUID" \
-                                            --keychain-profile viewer.keychain-db 2>&1)
-                if [[ $res != *"in progress"* ]]; then 
-                    in_progress=0
-                fi
-                echo "."
-            done
-            # log results
-            echo $res
+        [[ "$res" =~ 'id: '([^[:space:]]+) ]]
+        match=$?
 
-            #remove temporary file
-            rm "$zip_file"
-
-            if [[ $res == *"success"* ]]; then
-                xcrun stapler staple "$app_file"
-                exit 0
-            elif [[ $res == *"invalid"* ]]; then
-                echo "Notarization error: failed to process the app file"
-                exit 1
-            else
-                echo "Notarization error: unknown response status"
-            fi
+        if [[ ! $match -eq 0 ]]; then
+            echo "Running Stapler"
+            xcrun stapler staple "$app_file"
+            exit 0
         else
-            echo "Notarization error: couldn't get request UUID"
+            echo "Notarization error"
             exit 1
         fi
     else