Notarize single binary executable

Hello, we have a bunch of codesigned and notarized applications that are distributed as pkg and dmg but for the first time I faced situation when application downloads a zip archive from the server and unzipps a single binary file that is used like a module with command line interface.

This binary of course has to be signed I'm trying to figure out if we have to notarize it too. Obviously I can't just upload binary without any container, I tried to zip it before sending but no luck.

/Applications/Xcode.app/Contents/Developer/usr/bin/altool --notarize-app --primary-bundle-id "id" --username "email" --password "@keychain:AC_PASSWORD" --file ./archive.ZIP --output-format "xml" --asc-provider "company"  

resulted into

[Step 1/1] 	<key>notarization-info</key>
[Step 1/1] 	<dict>
[Step 1/1] 		<key>Date</key>
[Step 1/1] 		<date>2022-12-02T15:50:48Z</date>
...
[Step 1/1] 		<key>Status</key>
[Step 1/1] 		<string>invalid</string>

So I wonder maybe with this weird way of distribution just signing is enough? I mean I can put it inside the pkg and notarize but I can't staple a ticket to the binary anyway...

Obviously I can't just upload binary without any container, I tried to zip it before sending

That should work.

Get the notary log and find out what it’s complaining about. See Fetching the Notary Log.

IMPORTANT altool is deprecated for the purposes of notarisation and will stop working in Fall 2023. If you’re currently notarising with altool, switch to notarytool now. For more information about notarytool, watch WWDC 2021 Session 10261 Faster and simpler notarization for Mac apps.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Notarize single binary executable
 
 
Q