From f7ed24109f31d5a8c80a48036cf702cf3bc7560a Mon Sep 17 00:00:00 2001
From: Joachim Schmitz <jojo@schmitz-digital.de>
Date: Thu, 9 Jan 2025 07:36:55 +0100
Subject: [PATCH] Debugging code signing and notarization

---
 build/ci/macos/notarize.sh | 15 ++++++++++++---
 build/package_mac          |  3 ++-
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/build/ci/macos/notarize.sh b/build/ci/macos/notarize.sh
index 0f99124aeebb1..633c4637c1615 100755
--- a/build/ci/macos/notarize.sh
+++ b/build/ci/macos/notarize.sh
@@ -33,12 +33,15 @@ echo "Uploading to apple to notarize..."
 
 for i in 1 2 3; do
     c=0
-    xcrun notarytool submit \
+    set -o pipefail
+    (xcrun notarytool submit $ARTIFACTS_DIR/$ARTIFACT_NAME \
         --apple-id $APPLE_USERNAME \
-        --team-id $APPLE_TEAM_ID \
         --password $APPLE_PASSWORD \
-        --wait $ARTIFACTS_DIR/$ARTIFACT_NAME \
+        --team-id $APPLE_TEAM_ID \
+        --wait \
+        | tee -a notarytool_log.txt) \
         || c=$?
+    set +o pipefail
     if [ $c -eq 0 ]; then break; fi
     if [ $i -eq 3 ]; then
         echo "notarytool failed; exiting after 3 retries."
@@ -47,6 +50,12 @@ for i in 1 2 3; do
     echo "notarytool failed; retrying in 30s"
     sleep 30
 done
+xcrun notarytool log $(awk '/id:/ { print $2; exit}' notarytool_log.txt) \
+        --apple-id $APPLE_USERNAME \
+        --password $APPLE_PASSWORD \
+        --team-id $APPLE_TEAM_ID \
+        notary_extra_log.json
+jq "." notary_extra_log.json || cat notary_extra_log.json
 
 echo "Stapling and running packaging up"
 xcrun stapler staple $ARTIFACTS_DIR/$ARTIFACT_NAME
diff --git a/build/package_mac b/build/package_mac
index 8574c9f3c18d4..7bc8d511fb2cb 100644
--- a/build/package_mac
+++ b/build/package_mac
@@ -199,9 +199,10 @@ find "${VOLUME}/${LONGER_NAME}.app/Contents/Resources" -name '*.dylib' -exec cod
 # Sign code in other (more conventional) locations
 codesign --force --options runtime --entitlements "${WORKING_DIRECTORY}/../build/macosx_entitlements.plist" --deep -s "Developer ID Application: ${DEVELOPER_NAME}" "${CODE_PATHS[@]}"
 echo "spctl"
-spctl --assess --type execute "${VOLUME}/${LONGER_NAME}.app"
+spctl --assess --type execute --verbose=4 --ignore-cache --no-cache "${VOLUME}/${LONGER_NAME}.app"
 echo "Codesign verify"
 codesign --verify --deep --strict --verbose=2 "${CODE_PATHS[@]}"
+codesign -d -vvv "${CODE_PATHS[@]}"
 
 echo "Unmount"
 for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do