impact of notarization on dev

Hello all,


Recently there has been some information about notarization being required in the future for apps.


E.g., https://developer.apple.com/news/?id=10192018a says:


"In an upcoming release of macOS, Gatekeeper will require Developer ID–signed software to be notarized by Apple."


We develop some software that has its own installer on macOS. Can someone clarify what is the impact of this requirement?


Does it mean all software with its own installer will need to be notarized? Is there some instruction on how to best integrate this into a (CI) build process?


Is it possible to disable this feature for testing purposes? Mandatory notarization will make running tests and test builds quite inconvenient if not. How to do so (disable notarization for testing)?


And is there any planned timeline when this notarization becomes mandatory?


Just trying to plan a bit ahead so when the storm hits, I have hopes for something resembling a raincoat. Otherwise, duck and cover 🙂


Cheers,

Kuutti

Up vote post of kuutti Down vote post of kuutti
1.3k views
Posted by
kuutti
Reply
Add a Comment

Replies

Apple has not provided a date for this requirement. Xcode does not apply the quarantine flags to executables that it builds, so they would be exempt from any Gatekeeper checks anyway. They don't even need to be signed, let alone notarized.


I'm not sure what you mean by "own installer". If you are using a DMG or a package maker archive, then there are some instructions and forum knowledge about how to notarize those installers. If you have some kind of custom executable, then you would need to notarize that executable. I have seen some mention of command-line tools and integration into CI build processes, but I haven't paid attentiont to them. You can search the documentation and the forums.

Posted by
john daniel
Up vote reply of john daniel Down vote reply of john daniel
Add a Comment

What john daniel said plus…

And is there any planned timeline when this notarization becomes mandatory?

There’s been no public announcement of such a timeline.

I seem to have missed the memo here. Sorry. See haikeeba’s post below.

Is there some instruction on how to best integrate this into a (CI) build process?

There is indeed. For an overview of this, I recommend that you watch WWDC 2018 Session 702 Your Apps and the Future of macOS Security.

For written documentation, check out:

These three documents cover most of the cases, but if you run into some other problem you can ask here for help (or open a DTS tech support incident for formal support).

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Apple has announced that notarization will be required in the near future, and some changes are coming Spring 2019. We recommend you begin integrating this process and let us know if you have any problems.


"Starting spring of 2019, macOS Mojave will more prominently highlight notarization status. In an upcoming macOS release, Gatekeeper will require Developer ID–signed software to be notarized by Apple."


https://developer.apple.com/news/?id=11302018a

Posted by
haikeeba
Up vote reply of haikeeba Down vote reply of haikeeba
Add a Comment