FYI: Notarizing Your App Before Distribution (macOS 10.14.5 and beyond)

Source: https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution

I wonder if this affects me.
Is that only for people with new accounts? Newly created certificate?

from developers new to distributing with Developer ID

They are writing “Developer ID”, so i assume it should not affect you. But who knows? Only time will tell. :slight_smile:

What does “new to” mean in this case (English is a foreign language to me… so I’m not quite sure if I understand this correctly)?
A Developer that currently/recently/in-the-past already has been “distributing with DeveloperID” - is he “new to” or not?
Does this mean “all developers” that “are distributing using DeveloperID”?

My best guess is: Applications signed before “Date X” will continue to be accepted by 10.14.5. However, Applications that are being “signed after Date X” will be “flagged” by 10.14.5 (and 10.15).
But then again: that’s just my guess… I’d love to understand what Apple actually means with that sentence.

I read this as new developers to the macOS; but it could be interpreted as those who are only just applying for a Developer ID certificate. In theory if you’ve been shipping macOS apps with Developer ID already, it shouldn’t apply to you.

We honestly won’t know for sure until Apple actually activates this switch.

App Wrapper 3.9 has a Notarize function in it; I haven’t released it as I’ve been really busy on a project that should wrap up in 13 days, but someone has noticed that I already need to make changes to the work I’ve done as at least one thing has changed since the original announcement of Notarization.

The next round of Apple stupidity. Sigh…

+1 for Sam and AppWrapper.

Does anybody know which Xojo versions can be used to build apps compatible with App Notarization?

Nobody can, because Apple will constantly “tune” the automated Notarizsation Check and any Tool which works fine today can be “broken” tomorrow. I try to always use the latest Xojo Version and 3rd Party Plugins while i do App Store related work and App Wrapper is a must-have for Xojo-for-MAS Devs. :slight_smile:

Well, I have several times adjusted my plugins to avoid false positives.

Agreed. However, it would be good to know which versions of Xojo have been used at this present time to successfully notarize their apps.

I like this idea. Perhaps a running “App Notarization Success” thread similar to the mac app store thread, but without huge screenshots. People could post their Xojo version and notarization success status, the post date would help people figure out how relevant the success is. The first post should include the instructions or a link to the instructions for notarization.

i did with 2018 R4/2019 R1 with Einhugur and MBS Plugins used.

I’ve notarized an app built with 2017r3. I don’t see any relationship between notarization and the tool used to build the application.

Success: 2018r3 (I don’t change IDE during new project development, unless I absolutely have too). Joe R’s Blocks plug-in.

Is there a version of App Wrapper that can do notarization? I haven’t had any success trying to follow the various instructions that I’ve seen posted around here at all. I got stuck at the requirement to do a deep sign. I thought when I signed the app it signed everything in the bundle but maybe not?

Yes :slight_smile:

Notarization needs the hardened runtime flag set when signing. I had read that the app must be linked with the macOS 10.14 SDK for the hardened runtime to work. Only recent versions of Xojo link to the macOS 10.14 SDK.

If this has worked for an app built with 2017r3 it means that the macOS 10.14 SDK requirement for the hardened runtime is currently not true.

Sorry for my doubt if it is very basic but I do not understand if this is only for Applications distributed by MAS or any Application that is installed on the MAC outside the MAS ?

Notarization is for any app installed on macOS from outside of MAS

Hello,

I know that Apple Notarization process will need to be done in all the applications running on the Mac from now, what I do not understand is what I need to do for this validation, I’ve never sent applications to MAS, all mine applications I personally install on my clients, my question is:

what I took to do besides having a developer account at Apple, I will have to put something in the Bundle Identifier or on Package Info of my Apps or something like this, how will the Apps I already have and are in XOJO be validated ?

I’m very confused by all this, could someone give me some help, Please.