Notarization: Transition to the notarytool command-line utility until Nov. 2023

FYI: if you are using the altool command-line utility to notarize your macOS software with Apple, you will have to switch to the new notarytool command-line utility - after Nov. 1th, 2023 Apple will no longer accept upoloads with the old command-line tool.

Hope @Sam_Rowlands is able to adapt his AppWrapper to the new tool…

This was the mail I got today from Apple:

Hello Thomas,

We’re reaching out because you recently used the altool command-line utility to notarize your macOS software with Apple. As announced last year at WWDC22, if you’re still using altool with the Apple notary service, you should transition to the notarytool command-line utility as soon as possible. Notarizing software with altool was deprecated in Xcode 13, and the Apple notary service will no longer accept uploads from altool as of November 1, 2023. Existing notarized software will continue to function properly.

For information on notarizing your apps, read TechNote TN3147: Migrating to the latest notarization tool.

I sent an email to Sam forwarding the lovely email from Apple.

Yes, I got the same mail too (except for the Thomas part :grin:).

He probably got it earlier, doesn’t he?

For sure - this change was announced last year when Apple deprecated altools, but now there is a deadline…

My point was about the necessity to forward the mail to him a second time. I’m probably missing something.


Sam is aware of this changing technology

Sam is well aware that the technology is changing, but is doing a better job than me at rebuilding his mental health by not replying to topics here. Sam has spent the month of June intentionally not posting here. Not that anyone has noticed or cared.

Sam is upset by Xojo’s decisions and has chosen not to speak here. We should respect that. If you have concerns reach out to him privately. Let’s not bait him with a thread, he’s doing so well. You can reach Sam Rowlands here: Contact Us -


May the (so far free) SD Notary could be a alternative. I use it for some time for little helper apps with success.

Version 2 Beta supports notarytool.

Well, I think we can respect Sam’s work by using AppWrapper as it is now (with the atool version). It surely will get compatible with the new tool before November.


I just put a sample shell script on my blog:

Notarize script


I’m going to try and turn that into an IDE Build Script. Here, hold my beer …

1 Like

Please don’t do this on every build.

Just do Code signing.
And then later build dmg and notarize.

I don’t even run the code signing unless it’s a release build. As long as the Stage Code is not 3, neither will execute.

There is value in signing debug runs, as it will change the behavior of your apps. Keychain prompts aren’t as noisy, for example. And although I’m assuming your app isn’t sandboxed, that is a big behavior change.


I need full disk access for my app so I always code sign.

1 Like

I built my own codesigning app, which uses a keychain profile and notarytool to notarize my pkg files. The new notarytool is actually a lot easier to use as you can wait for the completed notarization compared to looking up a GUI and “Asking” how my notarization is going.

I use this command line

xcrun notarytool submit [PATH TO PKG] --keychain-profile “[SAVED_KEYCHAIN_PROFILE]” --wait

Your reply here implies that you only need to notarize the DMG. Is that true and can you code sign and notarize just using DMGCanvas then?

I use AppWrapper to code-sign the .app. Then I use Disk Utility build the .dmg (containing the app and documentation etc) and use appWrapper to notarise that. The dmg then goes to a website for folks to download.

If you don’t know the details, use App Wrapper.

Manually, you need to make sure info.plist entries are right.
You may need enticement file.
You need to sign frameworks, helpers and app from inside to outside.
Then you need to make a nice dmg.
And sign & notarize it.