I took the liberty to create a new thread. The other thread was becoming too large. :-)
Travis Hicks and Björn Eiríksson shared some code how to codesigned and notarise your apps. Björns way doesn't work (correct) for me. With the code of Travis and some changes, I got it working every time. Even when you have helper apps in the resources.
So for now, until Sam updates his wonderfull AppWrapper, you can use the following steps.
Codesigning on Mojave gives an error in most cases: “resource fork, Finder information, or similar detritus not allowed”
To fix this, you first need to clear the attributes:
xattr -rc </Path/to/your.app>
Now you can code sign your .app, including making it ready for notarising.
Of course this does not include entitlements and other stuff. It's just the basic way to codesign.
codesign --force --options runtime --deep --sign "Developer ID Application: <DeveloperIDNameHere>” </Path/to/your.app>
Now create a .DMG file including the .app file and code sign the .DMG file. I use DMG Canvas for this. It’s one of the best in its class. Make sure the option to codesign the .dmg is enabled.
Now we are going to request a RequestUUID number. It will upload the .DMG file and do some magic stuff. This can take a while so be patient.
xcrun altool -t osx -f </Path/to/your.dmg> --primary-bundle-id <APPBUNDLEID> --notarize-app --username <DeveloperIDNameHere>
After this is finished, you will see the requested UUID. It looks something like 5ecb3409-c20e-2fe5-5672-ebe6ff85c7
It’s time to notarize everything with the returned UUID.
xcrun altool --notarization-info <RequestUUID> -u <DeveloperIDNameHere> -p @keychain:"Application Loader: <DeveloperIDNameHere>"
If you leave out the
-p @keychain:"Application Loader: <DeveloperIDNameHere>" it will ask you for your AppleID password.
Now you will see a log::
No errors getting notarization info.
Date: 2018-10-20 14:07:30 +0000
Status Code: 0
Status Message: Package Approved
Last step, we need to staple the .DMG file.
xcrun stapler staple -v </Path/to/your.dmg>
You will see a long log but it should end with:
... The staple and validate action worked!
Congratulations .. your app has now been codesigned and notarised.
After you installed the app (from the .dmg) you can double check if everything is working:
spctl -a -v </Path/to/your.app>
After your app has been successfully notarised, you will also receive a mail from Apple:
Dear Sir, Your Mac software (bundle identifier ) has been notarized. You can now export this software and distribute it directly to users. For details on exporting a notarized app, visit Xcode Help. Best Regards, Apple Developer Relations