From 855b139c46cb09879b398dfd101d60385cd0d37d Mon Sep 17 00:00:00 2001
From: idk <hankhill19580@gmail.com>
Date: Wed, 1 Feb 2023 22:02:40 +0000
Subject: [PATCH] move NOTARIZE to it's own document

---
 NOTARIZE.md                    | 29 +++++++++++++++++++++++++++++
 config.sh => config.example.sh |  0
 2 files changed, 29 insertions(+)
 create mode 100644 NOTARIZE.md
 rename config.sh => config.example.sh (100%)

diff --git a/NOTARIZE.md b/NOTARIZE.md
new file mode 100644
index 0000000..f001258
--- /dev/null
+++ b/NOTARIZE.md
@@ -0,0 +1,29 @@
+# Notarization
+
+1. You need an "app-specific password" which you can create at https://appleid.apple.com
+2. Execute 
+```
+xcrun notarytool store-credentials "$AC_PASSWORD"
+               --apple-id "$AC_USERNAME"
+               --team-id "$WWDRTeamID"
+               --password "$secret_2FA_password"
+```
+ - In this example command:
+ - `AC_PASSWORD` is the name of the credentials config.
+ - `AC_USERNAME` is the username of the Apple Account.
+ - `WWDRTeamID` is the developer/team ID available from the Apple Account.
+ - `secret_2FA_Password` is the app-specific password you set up in the first step.
+3. Periodically execute the following to check the progress of the notarisation:
+```
+xcrun altool --eval-info <the long UUID string> -u <your Apple id>
+````
+4. If that returns success, staple the notarization to the dmg:
+```
+xcrun stapler staple <name of the .dmg>
+```
+
+- [This StackOverflow thread contains invaluable information about how to successfully notarize jpackage-based software](https://stackoverflow.com/questions/60953329/code-signing-notarization-using-jpackage-utility-isnt-working-on-macos)
+
+## Things I know about Apple Signing Keys
+
+ - It is always OK to refer to the key by it's sha256 fingerprint, that works in every command
\ No newline at end of file
diff --git a/config.sh b/config.example.sh
similarity index 100%
rename from config.sh
rename to config.example.sh