Post not yet marked as solved
Thank you for your assistance. Literally could not have figured this out without your insights.I've documented the steps that successfully got my macOS app, built using LiveCode, notarized for distribution outside of the Mac App Store as a Developer ID App. http://lessons.livecode.com/a/1088036-signing-and-notarizing-macos-apps-for-gatekeeperBasically it is all the steps required to notarize an app not written in Objective-C or Swift, one that doesn't use Xcode as the Interactive Development Environment.Alternatively, Late Night Software's SD Notary https://latenightsw.com/sd-notary-1-0-1-released/ can be used. Late Night Software produces Script Debugger for AppleScripts and they needed a way to Notarize AppleScripts turned into standalone apps. SD Notary is a general purpose tool whereas my lesson is composed of Terminal commands and is focused on LiveCode apps.
Post not yet marked as solved
Let me see if I am understanding.An app in the App Store with a generic sandbox=true entitlements file is allowed to do a limited number of things. Want to open files to read and write, you need to add an entitlement. With each capability, an entitlement might need to be added.An app that is not in the App Store, sandbox=false, can do anything except for the stuff prohibited by Hardening. Opening and writing to a file does not require an extra entitlement as long as the app is Notarized and not distributed via the App Store. There are a small number of things that Hardening prevents and to do those in an app not distributed through the App Store, one must add those entitlements to bypass generic hardening.So if I understand correctly, a hardened non-App Store app that includes the codesign terminal command "--option=runtime", can read and write to any disk files with an entitlements file of:<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict> <key>com.apple.security.app-sandbox</key> <false/></dict></plist>Is this correct?(Still voting for a flag in the entitlements.plist to tell the system to log entitlement violations as they occur and detail what exact entitlement is missing.)(BTW, Is there a shorthand way of referring to "apps that are distributed through the App Store apps" and "apps that are not distributed through the App Store"?)
Post not yet marked as solved
Love it! I wrote and maintain the page describing signing and uploading apps to the Mac App Store (just because it took me and others forever to figure it out). Trying to write one for Notarized apps that don't go into the App Store and so far, I've been unsuccessful in getting it to work. But it is totally amusing (I am chuckling about it) to be referred to my own page.
