Command line notarization for distribution

Question

Created May ’22

Replies 2

Boosts 0

Views 1.2k

Participants 3

We have a desktop application we build using Cmake and Qt to build. I am able to codesign and notarize the app bundle and got "statusSummary": "Ready for distribution", in the log from notarization.

I stapled to the .app and used ditto to zip it again but was still getting unidentified developer when I sent it to coworkers to try.

I then ran create-dmg to create a dmg to distribute the application since this is our normal distribution method and was getting unverified developer warnings when sending and trying the application on other systems.

I guessed that maybe I needed to codesign and notarize the .dmg as well so I did that and again got "statusSummary": "Ready for distribution", in the log but I am still seeing errors when trying to open and run on other systems.

is there an order of operations I am missing in the process or a better way for me to test locally because everything I see on my end says its passing the checks.

Boost

Answer 1

nk_kennedy OP

May ’22

Both Cmake and Qt are notorious for generating scrambled bundles with novel ways of loading dynamic libraries.

Also, you haven't actually said what commands you used to codesign and notarize. Strange as it may seem, people who have trouble with code signing and notarization frequently do their code signing an notarization commands incorrectly.

0

Answer 2

DTS Engineer OP

Apple

May ’22

better way for me to test locally

For my advice on that front, see Testing a Notarised Product.

I guessed that maybe I needed to codesign and notarize the .dmg as well

Best practice is to sign and notarise your outermost container, which in this case is your disk image. However, it’s unlikely that this is the cause of this problem.

As to what is, it’s hard to say without more info. To start, I recommend that you review the advice in:

Beyond that, the most likely cause of this problem is that you have disabled library validation, either on your main app or on some executable nested within your app. As it says in the docs, “Gatekeeper runs extra security checks on programs that have it disabled.” Assuming you don’t need to run plug-ins from other third-party developers, try re-enabling library validation and see if that helps.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0