Hello,
we are distributig our application package as a DMG. I will simplify its content.
The DMG contains 2 elements:
- an app
- customizable content that our user will modify maybe sign and notarize
We cannot sign the customizable content, as our user will corrupt it and break the signature.
We have found a way for him to unsign it but it is not documented in "manual" and we are not sure this is recommended. Maybe the command will be removed or could have side effects? (fyi, we were using codesign --remove-signature for this).
When we notarize the dmg as is, we get warnings for the unsigned content.
So I guess after January 2020, no ticket will be produced and even the app will no longer be notarized as the whole operation will be rejected.
So here is what we are currently doing :
1. we sign and zip our app and send it for notarization
2. in the meantime, we build a dmg containing the signed app + the customizable content/.
3. We sign the dmg.
4. Once the zip is notarized, we staple the dmg. So the contained app would be the only part stapled.
It looks like we end up with the desired result.
Here are my questions:
1. So far, we can mount unnotarized DMG (downloaded through internet). Will this continue to work on 2020?
2. I have read it is recommended to notarize at dmg level. Is it because it is easier or are things are going to change preventing us to do it as we does currently ?
3. Will every warning in the notarization log will be turned into an error on 2020 and the whole notarization request in the dmg will be rejected, or will the notarization process will create ticket for each top component of a given DMG ?
4. Do you have any advice of what we should be doing instead ?
Thanks a lot for your help,
Kind regards,