@@ -26,6 +26,7 @@ gon helps you automate the process of notarization.
2626- [ Usage] ( #usage )
2727 - [ Prerequisite: Acquiring a Developer ID Certificate] ( #prerequisite-acquiring-a-developer-id-certificate )
2828 - [ Configuration File] ( #configuration-file )
29+ - [ Notarization-Only Configuration] ( #notarization-only-configuration )
2930 - [ Processing Time] ( #processing-time )
3031 - [ Using within Automation] ( #using-within-automation )
3132 - [ Machine-Readable Output] ( #machine-readable-output )
@@ -253,6 +254,12 @@ You can configure `gon` to notarize already-signed files. This is useful
253254if you're integrating ` gon ` into an existing build pipeline that may already
254255support creation of pkg, app, etc. files.
255256
257+ Because notarization requires the payload of packages to also be signed, this
258+ mode assumes that you have codesigned the payload as well as the package
259+ itself. ` gon ` _ will not_ sign your package in the ` notarize ` blocks.
260+ Please do not confuse this with when ` source ` is set and ` gon ` itself
261+ _ creates_ your packages, in which case it will also sign them.
262+
256263You can use this in addition to specifying ` source ` as well. In this case,
257264we will codesign & package the files specified in ` source ` and then notarize
258265those results as well as those in ` notarize ` blocks.
@@ -282,13 +289,13 @@ apple_id {
282289
283290 "notarize" : [{
284291 "path" : " /path/to/terraform.pkg"
285- "bundle_id" : " com.mitchellh.example.terraform"
286- "staple" : true
292+ "bundle_id" : " com.mitchellh.example.terraform"
293+ "staple" : true
287294 }],
288295
289296 "apple_id" : {
290297 "username" : " mitchell@example.com"
291- "password" : " @env:AC_PASSWORD"
298+ "password" : " @env:AC_PASSWORD"
292299 }
293300}
294301```
0 commit comments