UncategorizedMay 29, 2018

Notarizing Mac apps with Apple

By cherpake

Since I can’t distribute my app via the Mac App Store due to sandboxing restrictions, I’m forced to do it via my website (https://cherpake.com/get).

Recently Apple urged developers to start notarizing their Mac apps, to prepare for the upcoming changes in the Mac Gatekeeper. So naturally, I decided to give it a try.

As I want to automate the process as much as I can — it took me some time to find all the necessary commands.

Notarizing Mac apps with Apple 9

This command will upload the specified file to Apple:

xcrun altool \
 -u <APPLE_ID> \
 -p @keychain:<KEY_CHAIN_ITEM_WITH_PASSWORD_FOR_APPLE_ID> \
 -t osx \
 -f <PATH_TO_PKG_FILE> \
 -primary-bundle-id <BUNDLE_IDENTIFIER> \
 -output-format xml \
 -notarize-app

And after a short while you will receive an email either with “Your Mac software was not notarized.” or with “You can now distribute your Mac software.”

Notarizing Mac apps with Apple 10

To decipher what went wrong you should use the request identifier from the email with the following command:

xcrun altool -u \
 -u <APPLE_ID> \
 -p @keychain:<KEY_CHAIN_ITEM_WITH_PASSWORD_FOR_APPLE_ID> \
 -notarization-info <REQUEST_IDENTIFIER>

Response for this command will include LogFileURL — which is a link to JSON file that includes all the errors. To save you some time — I suggest you make sure every binary in your app bundle is properly signed (like Autoupdate.app inside Sparkle.framework), and that you have set:

CODE_SIGN_INJECT_BASE_ENTITLEMENTS = No

Notarizing Mac apps with Apple 11

If everything went well, and your package was successfully notarized, you need to staple the ticket to it, you can use:

xcrun stapler staple <PATH_TO_PKG_FILE>

Notarizing Mac apps with Apple 12

For some reason, I’m constantly getting

Although we wrote the ticket, the written data did not validate. Please restore <PATH_TO_PKG_FILE> from backup to try again.
The staple and validate action failed! Error 73.

Then Rosyna Keller helped me by asking for output of

xcrun stapler staple -v <PATH_TO_PKG_FILE>

where I saw the reason for failure being that I used sudo to create the package, and stapler obviously failed to overwrite the original file.

Hope this helps someone.

Also if you are a Mac user, you might want to checkout my iOS app to control your Mac remotely: https://geo.itunes.apple.com/us/app/remote-control-for-mac-pro/id884153085

Related Posts

Windows is coming…

January 30, 2020

Don’t crap where you eat… App Store version

October 31, 2018
%d bloggers like this: