Notarizing Filmulator for macOS 10.15 Catalina (Illustrated)

App notarization for macOS 10.15 Catalina

Once the .app bundle is deployed codesign (timestamped and with the hardened runtime flag on) and zip it with

codesign --deep --force -v -s "Developer ID Application: Firstname Lastname (XXXXXXXXXX)" -o runtime --timestamp *.app && ditto -c -k --sequesterRsrc --keepParent *app Filmulator.zip

Next you must transport the zip to the mothership (Apple Computer, Inc.)

xcrun altool --notarize-app --primary-bundle-id "com.filmulator" -u "USERNAME" -p "PASSCODE" --file Filmulator.zip

Apple will scan the app for malware.

Once this is complete the app has been notarized and a cryptographic signature called a ticket is generated by the mothership. This process takes a few minutes. Check your status with

xcrun altool --notarization-history 0 -u  "USERNAME" -p "PASSCODE" | head -6 | tail -1

At this point the ticket has been issued certifying that Siri did her due diligence during the malware scan. The ticket is stored in Apple’s servers.

When you launch, the app may contact the mothership to retrieve the ticket if the ticket has not been stapled to the app. Staple the ticket to the app with:

stapler staple *app

Then you can verify the attachment of the ticket:

stapler validate -v *app

It is possible to notarize both .apps and .dmgs. First generate the dmg using your stapled app and codesign it:

sudo hdiutil create -ov -fs HFS+ -srcfolder *.app Filmulator-$(git describe --tags --always)-Qt5.13.dmg && sudo codesign --deep --force -v -s "Developer ID Application: Firstname Lastname (XXXXXXXXXX)" --timestamp *.dmg 

zip that and send it off to the mothership

zip Filmulator.dmg.zip *dmg && xcrun altool --notarize-app --primary-bundle-id "com.filmulator" -u "USERNAME" -p "PASSCODE" --file Filmulator.dmg.zip

The .dmg doesn’t take as long as the .app does to notarize. Watch the status again:

xcrun altool --notarization-history 0 -u  "USERNAME" -p "PASSCODE" | head -6 | tail -1

Once this succeeds you may staple and distribute:

sudo stapler staple *dmg

Verify your ticket with:

stapler validate -v *dmg

Automated notarization


Hope this has been informative, enjoy your stay in beautiful Santa Catalina Island.
3 Likes

Now tell us, what did you procrastinate ? :stuck_out_tongue:

2 Likes

hypnotised by cheese, validated by bart :+1:

1 Like