UncategorizedMay 29, 2018

Notarizing Mac apps with Apple

By cherpake

Since I can’t distribute my app via the Mac App Store due to sandboxing restrictions, I’m forced to do it via my website (https://cherpake.com/get).

Recently Apple urged developers to start notarizing their Mac apps, to prepare for the upcoming changes in the Mac Gatekeeper. So naturally, I decided to give it a try.

As I want to automate the process as much as I can — it took me some time to find all the necessary commands.

This command will upload the specified file to Apple:

xcrun altool \
 -u <APPLE_ID> \
 -p @keychain:<KEY_CHAIN_ITEM_WITH_PASSWORD_FOR_APPLE_ID> \
 -t osx \
 -f <PATH_TO_PKG_FILE> \
 -primary-bundle-id <BUNDLE_IDENTIFIER> \
 -output-format xml \
 -notarize-app

And after a short while you will receive an email either with “Your Mac software was not notarized.” or with “You can now distribute your Mac software.”

To decipher what went wrong you should use the request identifier from the email with the following command:

xcrun altool -u \
 -u <APPLE_ID> \
 -p @keychain:<KEY_CHAIN_ITEM_WITH_PASSWORD_FOR_APPLE_ID> \
 -notarization-info <REQUEST_IDENTIFIER>

Response for this command will include LogFileURL — which is a link to JSON file that includes all the errors. To save you some time — I suggest you make sure every binary in your app bundle is properly signed (like Autoupdate.app inside Sparkle.framework), and that you have set:

CODE_SIGN_INJECT_BASE_ENTITLEMENTS = No

If everything went well, and your package was successfully notarized, you need to staple the ticket to it, you can use:

xcrun stapler staple <PATH_TO_PKG_FILE>

For some reason, I’m constantly getting

Although we wrote the ticket, the written data did not validate. Please restore <PATH_TO_PKG_FILE> from backup to try again.
The staple and validate action failed! Error 73.

Then Rosyna Keller helped me by asking for output of

xcrun stapler staple -v <PATH_TO_PKG_FILE>

where I saw the reason for failure being that I used sudo to create the package, and stapler obviously failed to overwrite the original file.

Hope this helps someone.

Also if you are a Mac user, you might want to checkout my iOS app to control your Mac remotely: https://geo.itunes.apple.com/us/app/remote-control-for-mac-pro/id884153085

Related Posts

Don’t crap where you eat… App Store version

October 31, 2018
%d bloggers like this: