UncategorizedMay 29, 2018

Notarizing Mac apps with Apple

By cherpake

Since I can’t distribute my app via the Mac App Store due to sandboxing restrictions, I’m forced to do it via my website (https://cherpake.com/get).

Recently Apple urged developers to start notarizing their Mac apps, to prepare for the upcoming changes in the Mac Gatekeeper. So naturally, I decided to give it a try.

As I want to automate the process as much as I can — it took me some time to find all the necessary commands.

Notarizing Mac apps with Apple 1

This command will upload the specified file to Apple:

xcrun altool \
 -u <APPLE_ID> \
 -p @keychain:<KEY_CHAIN_ITEM_WITH_PASSWORD_FOR_APPLE_ID> \
 -t osx \
 -f <PATH_TO_PKG_FILE> \
 -primary-bundle-id <BUNDLE_IDENTIFIER> \
 -output-format xml \
 -notarize-app

And after a short while you will receive an email either with “Your Mac software was not notarized.” or with “You can now distribute your Mac software.”

Notarizing Mac apps with Apple 2

To decipher what went wrong you should use the request identifier from the email with the following command:

xcrun altool -u \
 -u <APPLE_ID> \
 -p @keychain:<KEY_CHAIN_ITEM_WITH_PASSWORD_FOR_APPLE_ID> \
 -notarization-info <REQUEST_IDENTIFIER>

Response for this command will include LogFileURL — which is a link to JSON file that includes all the errors. To save you some time — I suggest you make sure every binary in your app bundle is properly signed (like Autoupdate.app inside Sparkle.framework), and that you have set:

CODE_SIGN_INJECT_BASE_ENTITLEMENTS = No

Notarizing Mac apps with Apple 3

If everything went well, and your package was successfully notarized, you need to staple the ticket to it, you can use:

xcrun stapler staple <PATH_TO_PKG_FILE>

Notarizing Mac apps with Apple 4

For some reason, I’m constantly getting

Although we wrote the ticket, the written data did not validate. Please restore <PATH_TO_PKG_FILE> from backup to try again.
The staple and validate action failed! Error 73.

Then Rosyna Keller helped me by asking for output of

xcrun stapler staple -v <PATH_TO_PKG_FILE>

where I saw the reason for failure being that I used sudo to create the package, and stapler obviously failed to overwrite the original file.

Hope this helps someone.

Also if you are a Mac user, you might want to checkout my iOS app to control your Mac remotely: https://geo.itunes.apple.com/us/app/remote-control-for-mac-pro/id884153085

Related Posts

Windows is coming…

January 30, 2020

Don’t crap where you eat… App Store version

October 31, 2018
%d bloggers like this: