FYI: if you are using the altool command-line utility to notarize your macOS software with Apple, you will have to switch to the new notarytool command-line utility - after Nov. 1th, 2023 Apple will no longer accept upoloads with the old command-line tool.
Hope @Sam_Rowlands is able to adapt his AppWrapper to the new tool…
This was the mail I got today from Apple:
Hello Thomas,
We’re reaching out because you recently used the altool command-line utility to notarize your macOS software with Apple. As announced last year at WWDC22, if you’re still using altool with the Apple notary service, you should transition to the notarytool command-line utility as soon as possible. Notarizing software with altool was deprecated in Xcode 13, and the Apple notary service will no longer accept uploads from altool as of November 1, 2023. Existing notarized software will continue to function properly.
Sam is well aware that the technology is changing, but is doing a better job than me at rebuilding his mental health by not replying to topics here. Sam has spent the month of June intentionally not posting here. Not that anyone has noticed or cared.
Sam is upset by Xojo’s decisions and has chosen not to speak here. We should respect that. If you have concerns reach out to him privately. Let’s not bait him with a thread, he’s doing so well. You can reach Sam Rowlands here: Contact Us - Ohanaware.com
Well, I think we can respect Sam’s work by using AppWrapper as it is now (with the atool version). It surely will get compatible with the new tool before November.
There is value in signing debug runs, as it will change the behavior of your apps. Keychain prompts aren’t as noisy, for example. And although I’m assuming your app isn’t sandboxed, that is a big behavior change.
I built my own codesigning app, which uses a keychain profile and notarytool to notarize my pkg files. The new notarytool is actually a lot easier to use as you can wait for the completed notarization compared to looking up a GUI and “Asking” how my notarization is going.
I use this command line
xcrun notarytool submit [PATH TO PKG] --keychain-profile “[SAVED_KEYCHAIN_PROFILE]” --wait
I use AppWrapper to code-sign the .app. Then I use Disk Utility build the .dmg (containing the app and documentation etc) and use appWrapper to notarise that. The dmg then goes to a website for folks to download.
Manually, you need to make sure info.plist entries are right.
You may need enticement file.
You need to sign frameworks, helpers and app from inside to outside.
Then you need to make a nice dmg.
And sign & notarize it.