I had already several request of users who prefer a separated version for Intel or ARM. Basically, they do not like Universal builds (mostly because the file size if bigger). Proofs users are aware of file sizes.
Especially for background apps this can be advised to use separated apps when build with Xojo.
Anyhow, I am considering doing this but I don’t know if code signing (and especially notarizing) can have issues.
When notarizing an app, you need to provide the version number. Now, what if you notarise the same app , with the same version, twice. Will the first notarised versions .dmg ticket be rendered obsolete by Apple and when downloading that first notarised, will it show it is not trustworthy?
Now and then I notarize test versions with the same version number. Never had problems.
Well. I did the test myself and… it doesn’t work here.
Did you upload them and download it?
In my small test, the first notarised is showing the message : “… cannot be opened because the developer cannot be verified.”
What exactly did you test? I’m using AppWrapper for notarising. The product version includes the build number. Does that make a difference?
How about telling users to do the “weight loss” themselves? See https://eclecticlight.co/2020/07/30/instant-weight-loss-how-to-strip-universal-apps/
It really depends on the undocumented and undisclosed mechanics of the system.
My guess is that the Notarization tickets are attached to the code signature hash, as that is unique each and every time.
1 Like
If you want to do UB splitting with App Wrapper, you can try the following.
Configure
Update to App Wrapper 4.1 from https://www.ohanaware.com/appwrapper/ The reason for this will be clear at the end.
On the “General” Page, make sure that “Use Subfolder” option is check and has a value that includes “$(bundleArch)”.
This will create a unique sub folder for each architecture (or just a single one for UB).
On the “Packing” page, also make sure that “Package Name” includes the same dynamic constant “$(bundleArch)” so that each archive is named for each architecture.
While in Packing, select “Auto-Pack” and make sure there is an account selected under “Submit to Apple”, with Auto-Submit, Notarization is unselected.
Go…
- Back on the “General” page, under “Compatibility” select “64” under Intel and unselect “64” for ARM.
- Select “Wrap & Pack” from the “Action” menu.
- Once it has created the archive for x86_64, go back to the “General” page and select “64” for ARM, and unselect “64” for Intel.
- Select “Wrap & Pack” from the “Action” menu.
- Once both archives have been created, click on the “Notarize” button next to each one.
At the end you should have two subfolders, containing separate archives (one for x86_64 and one for arm).
In the Results page of App Wrapper, click on the “Action” menu next to one of the archives. Select “Quarantine” from the menu, then double click the icon in the results window to open the archive.
Select “Quarantine” again from the menu to remove it.
1 Like
It are two different .app (Intel and ARM). Only the version is the same. So maybe that’s why it doesn’t work for notarising.
I will try to change the Non-Release version … maybe that works.
I got a work-a-round and that is to use a different ‘Non-release version’ for the Intel and ARM builds.
That way notarizing works for both .dmg files without seeing the macOS alarming message box after downloding the dmg files.