First, sign it. Use
export SignatureKeychainId="Developer ID Application"
Generate an app-specific password at http://appleid.apple.com -> "Security", and add this generated password to the keychain:
xcrun altool --store-password-in-keychain-item "APPLEDEVID_PASSWORD" -u "<appleid>" -p "<app_specific_password>"
Zip app bundle:
ditto -ck --sequesterRsrc --keepParent myapp.app myapp.zip
The actual notarization can be done using a command
xcrun altool -f <zipped or dmg'ed app bundle> --primary-bundle-id "<any_random_bundle_id_used_when_emailing_status>" --notarize-app --username <appleid> --password "@keychain:APPLEDEVID_PASSWORD"
Also, this command will give a logfile url, that can be used for debugging issues.
Notarization status can be verified with a command
xcrun altool --notarization-info <submission request guid> -u <appleid> -p "@keychain:APPLEDEVID_PASSWORD"
It's convenient to see the errors
Staple the app so it can be launched even if the user doesn't have an internet connection, using
xcrun stapler staple "<AppName.app>"
codesign must be run with "--option=runtime" to enable hardened runtime
Sparkle framework's internals currently needs individual codesigning (https://github.com/sparkle-project/Sparkle/issues/1389), prior to codesigning the app bundle itself, in 3 steps (see https://furbo.org/2019/08/16/catalina-app-notarization-and-sparkle/):
codesign --force -o runtime --deep --timestamp --verify --verbose -s "$SignatureKeychainId" "OurAppBundle.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app"
codesign --force -o runtime --verbose -s "$SignatureKeychainId" "OurAppBundle.app/Mac Linguist.app/Contents/Frameworks/Sparkle.framework"
codesign --force --options=runtime --deep --timestamp --verify --verbose --sign "$SignatureKeychainId" "OurAppBundle.app/Mac Linguist.app"
codesign -dvvv myapp.app
codesign --deep --force -o runtime --verbose -s "$SignatureKeychainId" myapp.app
https://developer.apple.com/forums/thread/128166
https://developer.apple.com/library/archive/technotes/tn2206/_index.html
https://developer.apple.com/videos/play/wwdc2019/703/
https://developer.apple.com/forums/thread/130855
https://developer.apple.com/forums/thread/125567
← Back to Articles