Notarize app for Catalina

My application won’t open on Catalina with the message
“XXXX can’t be opened because Apple cannot check it for malicious software. This software needs to be updated. Contact the developer for more information.”
Although the app is signed with my developer Id using command line I have never notarized it.
Is there a simple way to do this for a newbie.

Hello,

Try 2 ways:

1- The first is to right-click on mouse and clic to OPEN and see if it opens.

2- turn off the gatekeeper on terminal with the code below and place the option anywhere in the Control Panel / Security and Privacy / General.

sudo spctl --master-disable

See if it works and tell us please

Yes it works using this method
link text

But is there a simple way to submit to apple for motorisation so I don’t have my users go through this process?

The appwrapper app might be a good fit for you.
If you are installing with a pkg file then I can give you the terminal scripts

[quote=458543:@Craig Grech]Yes it works using this method
link text

But is there a simple way to submit to apple for motorisation so I don’t have my users go through this process?[/quote]

I am doing the code-signing and notarization with AppWrapper. Sam’s tool provides the simplest way to do this.

But is notarization simple? No, I wouldn’t say so. Apple turned into a bureaucracy juggernaut, killing personal computing.

Sorry to disagree with you Oliver, but I think notarization is super easy. I use AppWapper because all the stress and headaches is not worth it, and I have the funds to spare. I completely recommend it. I’ve successfully notarized three of my personal apps, including both ExeWrapper and WebGen.

Yes. The simple answer is AppWrapper! I love it. Can’t recommend it enough. https://ohanaware.com/appwrapper/

In AppWrapper, after wrapping click Notarize. Then submit. Then wait. That’s it.
(you do have to set up the account the first time)

The easiest way is certainly to use AppWapper, but of course you can do it yourself from the terminal. The software must be signed with your Developer ID including ‘Enable the Hardened Runtime’ and a timestamp (mandatory starting January 2020).
You don’t notarise directly the app, but the distribution package (pkg, dmg or zip). For the notarizsing process you will need an “App-Specific Password”, sign in to your Apple ID account page and in the Security section, click Generate Password below App-Specific Passwords.

If your app is signed just create a pkg or zip file, the following example create a pkg:

productbuild --component "path/to/your/app" /Applications --sign "your developer ID" "Installer: your installer certificate" "path/to/your/app.pkg"

Now you have your pkg and you can notarise it:

xcrun altool -t osx -f "path/to/your/app.pkg" --primary-bundle-id "your app Bundle Identifier"  --notarize-app -u "your developer ID" -p "your App-Specific Password"

Example:

xcrun altool -t osx -f "myApp.pkg" --primary-bundle-id "com.mycompany.myapp"  --notarize-app -u "myid@mycompany.com" -p "abcd-efgh-ijkl-mnop"

This command will send your pkg to Apple for notarization and the result (success or error) will be displayed in the terminal, this may take some minutes…

You can also add your App-Specific Password to the keychain and use -p “@keychain:yourPWDname” instead.

[quote=458633:@Tim Parnell]Sorry to disagree with you Oliver, but I think notarization is super easy. I use AppWapper because all the stress and headaches is not worth it, and I have the funds to spare. I completely recommend it. I’ve successfully notarized three of my personal apps, including both ExeWrapper and WebGen.

Yes. The simple answer is AppWrapper! I love it. Can’t recommend it enough. https://ohanaware.com/appwrapper/

In AppWrapper, after wrapping click Notarize. Then submit. Then wait. That’s it.
(you do have to set up the account the first time)[/quote]
That’s what I tried to say: with AppWrapper it is easy. AppWrapper is easy.

But otherwise the whole notarization and sandboxing etc thing has turned into a control freak story. Personal computers are supposed to be personal. But Apple obviously disagrees and slowly slowly turns the Mac into some kind of foolproof tablet device.

Security through control and bureaucracy? What a delusion! It appears to me as if individual responsibility is completely denied nowadays. You can’t go to a toilet without your lawyer and everywhere you have to agree with terms and legal yadayada.

Things are not more secure, just more complicated now.

[quote=458676:@Oliver Osswald]That’s what I tried to say: with AppWrapper it is easy. AppWrapper is easy.

But otherwise the whole notarization and sandboxing etc thing has turned into a control freak story. Personal computers are supposed to be personal. But Apple obviously disagrees and slowly slowly turns the Mac into some kind of foolproof tablet device.

Security through control and bureaucracy? What a delusion! It appears to me as if individual responsibility is completely denied nowadays. You can’t go to a toilet without your lawyer and everywhere you have to agree with terms and legal yadayada.

Things are not more secure, just more complicated now.[/quote]

Oliver, I agree 100% with you, and I say more, Apple go too far with this kind of thing, people are not idiots who can’t control their own machines and they need “Apple babysitters”.

I refuse to send my Apps for notorization while I can , and if this continues I’m seriously considering developing for Windows for the first time in my life, this kind of control they want is indecent and I don’t intend to submit to it.

If Apple want to control at least put as previously had the option to install and use ANYWARE in Gatekeeper that each judges what is good for you !

I saw value in the process when Apple claimed the app was scanned for malware and viruses; but they backtracked on that mesaage.

Also woth mentioning is that Zip files can be assessed, but cannot be stapled, so the Notarization details are not included. App Wrapper does have a solution for that; but I would advise against Zip because it incurs App-Translocation on macOS 10.12 and above.

Xip, has the capability; but Apple only support Xip files sigbed by Apple.

Never lose sight of the target: selling more software. At least mine. If you have a good business selling Mac apps outside of the MAS, what do you care if Apple runs some malware detection program on your apps ? It can only be good that customers trust blindly your software quality, because big guy Apple says so.

As for selling Windows software, it is way more difficult than Mac. I have continually sold both since the very beginning (in the 80’s). Surprisingly, as Windows represents about 20 times more computer sales than Mac, it sells less than Mac. At least for me. The Windows Store is only for Windows 10, and on top of it, apps must be made compatible with the Desktop App Converter. My sales on the Windows Store for the same titles, are half the MAS.

Sales are mostly possible through shareware/trialware, and conversion is not very good, like 3 per a thousand.

I have an app built for a customer, so I am using his Apple ID as team ID to sign the app.
When I try to notarize it too, I get this error message:

So I did, and all Apple did was sending me the link to the notarization faq where I cannot find an explanation for my issue. Does my customer have to create the app id? Or can I, but then, how do I use the -itc_provider command, especially when using DMG Canvas to notarize?

[quote=458965:@Ulrich Bogun]I have an app built for a customer, so I am using his Apple ID as team ID to sign the app.
When I try to notarize it too, I get this error message:

So I did, and all Apple did was sending me the link to the notarization faq where I cannot find an explanation for my issue. Does my customer have to create the app id? Or can I, but then, how do I use the -itc_provider command, especially when using DMG Canvas to notarize?[/quote]

OT: Von der Wiege bis zur Bahre, Formulare, Formulare …

[quote=458830:@Michel Bujardet]Never lose sight of the target: selling more software. At least mine. If you have a good business selling Mac apps outside of the MAS, what do you care if Apple runs some malware detection program on your apps ? It can only be good that customers trust blindly your software quality, because big guy Apple says so.

As for selling Windows software, it is way more difficult than Mac. I have continually sold both since the very beginning (in the 80’s). Surprisingly, as Windows represents about 20 times more computer sales than Mac, it sells less than Mac. At least for me. The Windows Store is only for Windows 10, and on top of it, apps must be made compatible with the Desktop App Converter . My sales on the Windows Store for the same titles, are half the MAS.

Sales are mostly possible through shareware/trialware, and conversion is not very good, like 3 per a thousand.[/quote]

Hi Michel, I haven’t talked to you in a while, it’s always a pleasure to exchange ideas with you !

My business is different, I don’t use Applestore or Sales on my site, I include my Apps as part of my Design and Image Manipulation services and accessory for my clients, so my cituation is different from most, and because I have a limited number of customer base makes it even more complicated to do, anyway thank you for your tips.

[quote=458822:@Sam Rowlands]I saw value in the process when Apple claimed the app was scanned for malware and viruses; but they backtracked on that mesaage.

Also woth mentioning is that Zip files can be assessed, but cannot be stapled, so the Notarization details are not included. App Wrapper does have a solution for that; but I would advise against Zip because it incurs App-Translocation on macOS 10.12 and above.

Xip, has the capability; but Apple only support Xip files sigbed by Apple.[/quote]

Tanks, Sam Rowlands !

Thanks for the replies, I downloaded App Wrapper and fully intend to buy it if I can just get the final Notarize step to work.
It wrapped successfully with a few warnings which i will examine more closely later.
I logged into my Apple account and created an app specific password which I have kept.
Now how or where do I enter that?
I was prompted for my Macbook password (twice I think) so the app could access my keychain but didn’t get prompted for anything else.
The submit step failed with the message to enter the app specific password in the app.

I have the general idea of the signing and notarizing and agree App Wrapper is my only way to go. I am slowly working through a number of issues AW raises for me to resolve, I can handle most of the improvements but don’t understand how to fix the following errors

[quote=459029:@Martin Fitzgibbons]I can handle most of the improvements but don’t understand how to fix the following errors

[/quote]
Hi Martin,
Your image link doesn’t appear to be working.

Edit - sorry does work but blocked by my work server as malicious (I’m sure it isn’t).

In App Wrapper, on the Notarize window, within the Account editor, there is an option to not enter only this information, but a lookup button to help you find it, there may be many.

In the same window as described above there is a link to a guide, which should help you to make a specific password for App Wrapper. Part of the new security drive is that apps using your developer identity should each have a unique password.[quote=459029:@Martin Fitzgibbons]I have the general idea of the signing and notarizing and agree App Wrapper is my only way to go. I am slowly working through a number of issues AW raises for me to resolve, I can handle most of the improvements but don’t understand how to fix the following errors[/quote]
The diagnostics (unless manually chosen) are for the unwrapped application only. To give you an idea of what may or may not need to be changed.

  1. On the general pane of App Wrapper, near the top is a category selector, choose the most appropriate one for your application.
  2. In the same place, there is a field for minimum OS version, enter in “10.10” there, Apple doesn’t like “10.10.0”.
  3. Again on the same pane, about midway down there is a selector for choosing a code signature, select either the App Store or Website identity.
  4. If you’re submitting to the Mac App Store, your application needs to be Sandboxed. If you haven’t done this before, it can a difficult process and some things inside of your application may need to be updated. I don’t have a general guide for it, so you’ll have to check the forums or contact me regarding the issues you find.

I hope that this helps.

Thanks finally managed to get the app wrapped but it fails on the Notorize upload with -
Could not connect to Apple’s web service.
Communication error. Please use diagnostic mode to check connectivity.

My Developer certificate expired in June but I can still code sign my apps until 2021. Do I need a current developer certificate to notorize. I don’t intend to submit to the App store just satisfy Gatekeeper.