Consider using rust implementation of notarization tool

[netomi]

The project https://github.com/indygreg/apple-platform-rs is a rust implementation of various apple related tools.
This includes codesigning and notarization.

Investigate if we can utilize that library to do the notarization which would allow us to deploy the service in the okd cluster.

[mbarbero]

That would be amazing!

[netomi]

To notarize and staple, you’ll need an App Store Connect API Key to authenticate connections to Apple’s servers.

You can generate one at https://appstoreconnect.apple.com/access/api.

[netomi]

If someone can generate me such an api key I can start working on that. In oder to create the api key you need to login to the Apple Developer Account via the url above.

[netomi]

I could successfully notarize an app with the rcodesign binary and retrieve the notarization log.
The tool itself does not print relevant information like the notarytool (i.e. in plist format which can be easily parsed), but we can parse the information from the output for the start which is provided in a freeform style. I would suggest to provide a POC using this tool and also work on patches for the project to dump the information in a more structured way for processing of the output.

Furthermore, there is no good replacement for the info command. There is a wait command that you can run with max wait time of 1s which will also give you the notary log if the notarization succeeded, but counterpart for info would be handy though not mandatory.

[netomi]

Created an issue at the upstream repo to discuss potential changes that would make the integration easier: indygreg/apple-platform-rs#120