AppWrapper is by Sam Rowlands, available at Ohanaware.com. The notarization step will require that you create a .pkg or .dmg installer, for this is what is finally submitted to Apple for notarization. You will need to have Xcode installed, and also create an “app-specific password” in your developer account. If going the .dmg route, DMGCanvas (https://www.araelium.com) is a great tool which itself can handle signing/notarization. AppWrapper allows easy integration of DMGCanvas in the workflow.
Beatrix may elaborate on her “no”, but Gatekeeper should allow anything whose certificate was valid at the time of signing. An exception would be if Apple revoked the certificate for some reason, which should (!) only be if the certificate got associated with something nefarious.
I got DMGCanvas, I thought I had my cert downloaded and added to my Keychain properly, I’ve having a few issues.
I also tried to download Xcode, I’m I’m getting another error:
I’m on Catalina if that makes an difference.
Did you create an app-specidic password?
Looks like you need to be on Big Sur for Xcode.
Yes, the app-specific password needs to be created on the developer site. You need separate ones for AppWrapper and DMGCanvas (if you use the two in tandem via AppWrapper, it can handle everything.) In my experience, separate app-specific passwords will also be necessary if you’re working on multiple Macs.
If you’re not on Big Sur, I believe you can get older Xcode from the developer download site, under “More”
You only mention DMGCanvas. If I’m not mistaken, it only signs the .dmg, and not your app bundle. You will still need to do that first, with or without AppWrapper.
I wasn’t prompted to create a password through any of this.
And, isn’t there an Xcode for Catalina? My primary system is Catalina. I do have a Mac Mini with Big Sur I could use if necessary to sign the Apps.
And a warning about app-specific passwords: if you change your ApplieID, all your app-specific passwords become invalid for your subsequent attempts to code-sign / notarise. I found this out because I could never remember what my AppleID was as I don’t use iCloud. So I reset it each time and it took me a while to correlate that with code-sign/ notarise failures especially as Apple’s error messages are pretty obscure. Along with the other 1.0E99 logins we accumulate I write 'em down these days.
See my comments above
You can download Xcode 12, from where I said on the developer downloads page. You will just have to scroll a ways to find it. The App Store only links to the current Xcode.
Note that you must have Xcode put in before trying anything else.
Then, a search will show you how to create app-specific passwords in your developer account, for DMGCanvas and/or AppWrapper. Both apps will have fields for taking this.
…and by “put in”, I also mean to launch it and allow it to “install necessary components” when prompted.
I just installed Xcode on my Mac mini that’s running Big Sur. I need to install the certs on that system. I’ll pick that up tomorrow. I guess I’ll just do my development on the Catalina system since it’s my primary system and copy over to the Mini to do the signing when ready for that step.
I had elaborated on my answer but someone flagged the answer as off-topic.
Theoretically, you don’t need to do updates. Practically, every year Apple has new ideas about what we need to support. This year it’s the notch.
A simple app cannot be notarised?
You can put a notarized app in a zip archive too. The process requires zipping the app, sending the zip to Apple, stapling the receipt to the app, and putting the app in a new zip for distribution. With a DMG or PKG, you staple the receipt to them and distribute them.
Emphasize the should as sadly there have been several mistake at Apple’s end that have have lead to the certificate being revoked.
To get started with App Wrapper and things like Code signing, I have created some help. You can either access this directly within App Wrapper or also online from the following link.
Yes, but what about a .app bundle without any container?
That’s called a folder. You can’t download a folder.
I fairly know that. You can give an .app folder to friends with USB disks or network apps.
True, but in that case just ask them to right-click and choose open. We’re not really talking about private apps. That’s not what notarization is for.
That won’t answer my question, though.
“We” minus me, as I’m talking about them.
Why not? If I put my .app file and send it to friends, notarising the app would let me avoiding telling them all to open it in hidden ways.