@JonathanAshwell One is that the app isn't hardened. Is there a straightforward way to do this via the .plist?
No. It’s done as a code signing step. You’ll need to add two options to your codesign call.
...and fwiw, you need to do this on 10.13.6 or above.
@Christoph Dnbsp;Vocht Isn't 2019R1.1 using SDK 10.9?
against a binary and you should find a load command like
Load command 10 cmd LC_VERSION_MIN_MACOSX cmdsize 16 version 10.10 sdk 10.14
what this command tells you is the SDK version linked against (10.14) and the lowest deployment version supported (10.10)
@JonathanAshwell Another is the lack of secure timestamp. I've read that XCode will add that for you. But of course we're not using that.
When code signing you should already be using this; I seem to recall that Apple recent 'forced' this option on without the need for the option to be specified. However it could be they reversed this decision at some point.
A quick test is to try code signing with no internet connection; no matter what I try I get a code signing failure because it can't connect to Apple (for the secure time stamps). It also means that you can't fiddle with your system clock, otherwise that causes failures and even fails to verify the code signature.
@Christoph Dnbsp;Vocht I tried everything but the notarised .dmg files keeps popping up the 'unidentified developer'. :-(
It seems I have to switch to .pkg (which does work when it is notarised).
Anyone else tried this?
Same issue here.
@Christoph Dnbsp;Vocht Christian Schmitz: Are you sure the beta 1 is not broken in this regard?
That may be the case. Although I did download .dmg files that do not show this popup. It's an odd issue for sure.
I wouldn't worry about it right now. Let's wait for (public) Beta 1/2/3.
As a cross-check, I have just codesigned (not Notarized and stapled to the dmg). And surprise - you don't get the "unidentified developer", and (the not notarized app) runs just fine. So my guess is that they are still working on this "feature / restrictions-to-come".
@Christoph Dnbsp;Vocht Tested on a 'future' macOS version.
When creating, codesigning and notarising a .dmg file always results in prompting 'Unidentified Developer' and you cannot open the .dmg (after you downloaded the .dmg file).
I see the same thing. My older notarized signed DMGs work fine, but a newly-created notarized signed DMG refuses to mount on the beta. The newer DMGs mount if I delete the com.apple.quarantine attribute.
I suggest reporting it via Apple's Feedback Assistant.
Nice, just got my first mail from a customer who says my software cannot be launched because ... 'I am an unidentified developer'. Good job Apple, you are taking down my reputation as a developer. And I even payed you for this. :/
I already have made a standard reply to answer those questions (that it is probably a beta issue). Nevertheless, this isn't very encouraging.
Christophe; contact Apple Developer Support. Explain to them that you need to know what's changed because your Notarized application works fine on 10.4.5 but won't open on Catalina. Try to keep emotion out of your letter. Don't forget to tell them that your bug report was closed almost instantly with "By Design", don't forget to tell them that now they've released the public beta, you're getting e-mails from customers about this and you don't know what to do.
@Beatrix W How are other apps doing the notarization? DropDMG for instance starts fine on Catalina without the "unidentified developer" warning.
Did you upload the dmg first? The message is not shown when you just create and notzarize the dmg file. You first need to download it.
BTW I am using DMGCanvas.
Hu? That's odd. DropDMG isn't my product. For my own app I'm still wrestling with Catalina itself. There is now a version of Valentina that should work for hardening. As soon as this wonderful heatwave is a bit better and my brain is back to working I'm going to test notarization.