For reasons beyond the scope of this post, I need to build one of my products on macOS 10.14 I was using xcrun altool --notarize-app but it stopped working today (per the recent announcement that it was going away, so not a surprise)
I am told that it is possible to run the notarytool on 10.14, i.e. xcrun notarytool, which is what I use for builds on newer platforms.
I'm hoping that someone can help me to get a version of notarytool that will run on 10.14
Thanks in advance
Same here, 10.14 and 10.15 both need to be notarized. With 10.15 I can copy the notarytool from Monterey's xcode (13.1), and it runs fine.
With 10.14 it does not run due to:
dyld: Library not loaded: /System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit
If I copy over a local copy of CryptoKit, I can not set DYLD_LIBRARY_PATH anymore, sad-face. Possibly I could strip it of the codesign certificate and add "com.apple.security.cs.allow-dyld-environment-variables" but that feels like I'm close to yak shaving.
10.13 does not need notarizing, so it is odd Apple left one OS out in the cold.
Has anyone come up with a solution that doesn't require me to copy it to a 2nd VM running newer macOS?
We only support notarytool back to 10.15. I see a couple of options here:
Create your own code that notarising via the Notary API.
Build your product and then move it to a more modern machine and notarise from there.
Honestly, I think the latter is your best bet.
lundman wrote:
If I copy over a local copy of CryptoKit
Please don’t do that. It’s unlikely to work but, even if it do, it puts you on a wildly unsupported path.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Copying CryptoKit wasn't the path I wanted to take. It was nice to have all build servers spool up VM, build and package. But I can probably find a way to "ssh" to notarize on 10.14. Thanks Quinn.
Cooked together a "notarytool" replacement that will do the work for me, and the build environment can remain the same. Instead of calling "xcrun notarytool" I run this:
https://gist.github.com/lundman/9166dc8bef1973e5d9fc5428e0cedc57
Nothing special, but might save someone a few minutes having to do it themselves.