Confusions with what can be notarized and what must be notarized

Hi folks,



We currently find the notarization process and requirements confusing.



Mostly due to those parts of the documentation :



https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution?language=objc



You can notarize several different types of software deliverables, including:

macOS apps

Non-app bundles, such as kernel extensions

Disk images (UDIF format)

Flat installer packages



Beginning in macOS 10.14.5, all new or updated kernel extensions and all software from developers new to distributing with Developer ID must be notarized in order to run. In a future version of macOS, notarization will be required by default for all software.



1. The notarization documentation doesn't refer to AudioServerPlugin bundles.


Do they need to be notarized in order to be loaded by coreaudiod ?


It says that we CAN notarize, not that we MUST... Sound confusing to us.


Moreover, this important notice is not clear either :


Our AudioServerPlugin is not a kernel extension BUT is a "non-app bundle", so what is the requirement here ?



2. "all software from developers new to distributing with Developer ID"


This part is also confusing.


We currently distribute and sign our app with a Developer ID for months.


Does this mean notarization is not a requirement for the current Developer ID, and will only be required when the certificate will be renewed ?


It is not clear what must be done to deliverables in order to run.



3. Testing


Will notarization be a requirement in order to run development builds ?


Will a QA team always have to test a notarized deliverable on macOS > 10.14.5 ?


Will a QA team have to disable GateKeeper in order to test a non notarized deliverable ?


We tried non notarized app and CoreAudioPlugin on 10.14.5 and everything runs fine.


So it's currently quite confusing to know which conditions will put our deliverables in a non runnable state :/




Thank you very much for your inputs regarding this topic and any help regarding our (mis)understanding of the notarization requirements



Best

Accepted Reply

First, they download dmg, open it and drag the app bundle to Applications.

The app bundle is sandboxed and signed with Developer ID.

When the user launch the app for the first time …

Ignoring your plug-in for the moment, I would expect these steps to fail if your app wasn’t notarised. Was that not the case?

It also embeds another Developer ID signed app bundle which serve as a LoginItem to have the main app bundle being launched on user session start.

OK. Assuming that this login item is placed correctly inside your app bundle (according to the rules in the Nested Code section of Technote 2206 macOS Code Signing In Depth), this will be signed as nested code within your main app and thus included in the main app’s notarisation.

By the way it seems the notarization process passed successfully on the main app bundle without rejecting or raise warning about the embeded pkg.

Notarisation will look inside embedded installer packages (and zips, and perhaps disk images as well, but I’ve not checked that last one). To get a feel for this I created a test command-line tool, then wrapped that in a

.pkg
, and then added the
.pkg
to a test app. After notarising the test app, here’s what I see for the ticket:
$ xcrun altool --notarization-info d20cb31b-17bf-414c-98b1-e3fe0415815e …
2019-05-16 10:10:44.009 altool[71556:8010082] No errors getting notarization info.

    …
    LogFileURL: https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma113/v4/0c/db/41/0cdb4120-af5b-c291-cb4b-45dae9b563a4/developer_log.json?accessKey=1558192243_4044532856288563968_Fv5rxzTKLscklsQrix8aJCdUcNRJbMWQ9LcW1y3NnZhVR7ccnaKs8uOUGAcYRAtq3QV1Nv7fSigehUIvboXjATtoIuk0xsTVB9h2g39Ezco3aNSaPyltx5w09hb3xeYEMPsrrM%2BrCHkevIvBBS%2BC2JTe0oUJzCzawHY%2BFJmaL6U%3D
    …
$ curl https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma113/v4/0c/db/41/0cdb4120-af5b-c291-cb4b-45dae9b563a4/developer_log.json?accessKey=1558192243_4044532856288563968_Fv5rxzTKLscklsQrix8aJCdUcNRJbMWQ9LcW1y3NnZhVR7ccnaKs8uOUGAcYRAtq3QV1Nv7fSigehUIvboXjATtoIuk0xsTVB9h2g39Ezco3aNSaPyltx5w09hb3xeYEMPsrrM%2BrCHkevIvBBS%2BC2JTe0oUJzCzawHY%2BFJmaL6U%3D
{
  …
  "ticketContents": [
    {
      "path": "Test116601.zip/Test116601.app",
      "digestAlgorithm": "SHA-256",
      "cdhash": "fcc9a5b91f9edea7fd57231ee49eb2c16a584b10",
      "arch": "x86_64"
    },
    {
      "path": "Test116601.zip/Test116601.app/Contents/MacOS/Test116601",
      "digestAlgorithm": "SHA-256",
      "cdhash": "fcc9a5b91f9edea7fd57231ee49eb2c16a584b10",
      "arch": "x86_64"
    },
    {
      "path": "Test116601.zip/Test116601.app/Contents/Resources/PrivilegedTool.pkg",
      "digestAlgorithm": "SHA-1",
      "cdhash": "1e98b21a32a4667db8b95fa36e619bbf83c06645"
    },
    {
      "path": "Test116601.zip/Test116601.app/Contents/Resources/PrivilegedTool.pkg/root.pkg Contents/Payload/usr/local/bin/PrivilegedTool",
      "digestAlgorithm": "SHA-256",
      "cdhash": "0e8518c6baf02074f056ba18f9d443d43e51dd07",
      "arch": "x86_64"
    }
  ],
  "issues": null
}

As you can see, the ticket covers:

  • The top-level app

  • The main executable within that app

  • The installer package

  • The helper tool within the installer package

Neat-o!

Please repeat these steps with your app to see what your ticket covers.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

[1] Notes to Future Quinn™:

  • Enabled the hardened runtime.

  • Add a secure timestamp.

  • Disable Code Signing Inject Base Entitlements (

    CODE_SIGN_INJECT_BASE_ENTITLEMENTS
    ) to prevent the
    get-task-allow
    being set automatically.
  • This:

    $ productbuild --sign "Developer ID Installer" --root root / PrivilegedTool.pkg

    .

Replies

Do they need to be notarized in order to be loaded by coreaudiod ?


What happens when you try to install one that isn't notarized?


It says that we CAN notarize, not that we MUST... Sound confusing to us.


Re: In a future version of macOS, notarization will be required by default for all software.


I'm confused about what you see confusing in that.


Our AudioServerPlugin is not a kernel extension BUT is a "non-app bundle", so what is the requirement here ?


What is an AudioServerPlugin? You say it is not a kernel extension. So what is it? A text file? A JSON file? Is it some kind of software?


In a future version of macOS, notarization will be required by default for all software.


Does this mean notarization is not a requirement for the current Developer ID, and will only be required when the certificate will be renewed ?


It is not clear what must be done to deliverables in order to run.


Has Apple said anything about certificates? Apple told all developers about this new requirement last October. As of the 10.14.5 release yesterday, it is has finally gone live. And you are asking about it today. It is actually crystal clear what must be done to deliverables in order to run - NOTARIZE THEM! What isn't clear about that?


Will notarization be a requirement in order to run development builds ?


I encourage you to read about the basic design and operation of Gatekeeper and other parts of macOS.


Will a QA team always have to test a notarized deliverable on macOS > 10.14.5 ?


Testing is strongly encouraged, but never required. Just have your customers test it instead. I'm sure they will do a thorough job.


Will a QA team have to disable GateKeeper in order to test a non notarized deliverable ?


No. But they are more than welcome to consider testing the software that will be shipped to users. Just sayin'.


We tried non notarized app and CoreAudioPlugin on 10.14.5 and everything runs fine.


OK. What does that mean for future builds? Judging by your questions and the timing of them, I'm guess that you haven't ever tested on a beta build. I strongly encourage you to start doing that.


So it's currently quite confusing to know which conditions will put our deliverables in a non runnable state


Here are some of those conditions: Not paying attention to important Apple security updates. Not testing on beta versions. Not reading documentation. Not testing. Not complying with Apple security requirements. In short, if you keep doing everything you have been doing so far, you will put your delvierables in a non-runnable state.

As things currently stand, notarisation and Gatekeeper are intimately tied together [1]. Notarisation is checked as part of the Gatekeeper process. So, if your product never saw Gatekeeper alerts on earlier systems, it’s likely that notarisation won’t affect it.

However, we still recommend that you notarise your software because things are changing rapidly in this space. And that brings me to your specific questions:

Do they need to be notarized in order to be loaded by coreaudiod ?

Obviously not, given the results of your test on 10.14.5. However, I strongly recommend that you notarise it because notarisation checks are only going to increase in the future.

Our AudioServerPlugin is not a kernel extension BUT is a "non-app bundle", so what is the requirement here ?

I don’t find that confusing at all. The documentation says “such as”, meaning that KEXTs are an example of a non-app bundle. There are other examples, and your product is one of those.

Does this mean notarization … will only be required when the certificate will be renewed?

No. You should integrate notarisation into your workflow as soon as possible. Notarisation has various affordances for legacy code but it’s best not to rely on them.

Will notarization be a requirement in order to run development builds ?

No. As I mentioned earlier, notarisation is currently tied to Gatekeeper, and locally built software is not checked by Gatekeeper. We recommend that you notarise products that you ship to a wide audience.

Will a QA team always have to test a notarized deliverable on macOS >10.14.5 ?

That depends on how big your QA team is (-:

Seriously though, if you’re distributing your pre-release builds to a wide audience, through a public beta programme perhaps, it would make sense to notarise them. However, if this is a small internal QA team then you should not.

Will a QA team have to disable GateKeeper in order to test a non notarized deliverable ?

No. As you’ve already discovered, your product is not being checked by Gatekeeper on current systems. Even if it were, it would make more sense for your QA team to follow the “locally built” path I mentioned above.

If the installation path used by your QA team results in quarantine attributes being set on your product, you may eventually need to tweak that process to either not set them or remove them. That would be better than, say, disabling Gatekeeper entirely.

How do end users install your product right now?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

[1] Except for with KEXTs, where are a whole different kettle of fish.

Thank you for your inputs.

What bothers us with notarization requirements is that there is no way to test it.

You know, testing is fail first, understand the why, then fix.

We did put our product on macOS 10.14.5 beta and public release, and we though we were be able to fail there, but we never experienced a failure to demonstrate that notarization helped us to fix it in order to have it run.

Implementing notarization in our context represents some kind of work, as we currently build and package our bundles with a build agent.

In order to prioritize the implementation of the notarization process in our automated build workflow, I have to explain the "why" to my product owner and my stakeholder.

Currently the "why" is only because Apple told us to do it, not because we are able to reproduce the failure on macOS beta software by not doing it.

If I follow you clearly on the "user testing" workflow you are suggesting, we will surely encounter a failure.

But that won't be a "testing failure" in the Gatekeeper/notarization context, it will be a "user experience" failure and potential user acquisition and revenue loss.

Thank you for you answers, it helped a lot to understand the implications.


Our users are installing our product in two steps.


First, they download dmg, open it and drag the app bundle to Applications.


The app bundle is sandboxed and signed with Developer ID.


When the user launch the app for the first time, they are invited to install the AudioServerPlugin component.


The AudioServerPlugin bundle is packaged in a Developer ID Installer signed pkg installer.


This pkg is embedded in the app bundle resources, and launched by the app at runtime as a separate process.


It also embeds another Developer ID signed app bundle which serve as a LoginItem to have the main app bundle being launched on user session start.


By the way it seems the notarization process passed successfully on the main app bundle without rejecting or raise warning about the embeded pkg.

First, they download dmg, open it and drag the app bundle to Applications.

The app bundle is sandboxed and signed with Developer ID.

When the user launch the app for the first time …

Ignoring your plug-in for the moment, I would expect these steps to fail if your app wasn’t notarised. Was that not the case?

It also embeds another Developer ID signed app bundle which serve as a LoginItem to have the main app bundle being launched on user session start.

OK. Assuming that this login item is placed correctly inside your app bundle (according to the rules in the Nested Code section of Technote 2206 macOS Code Signing In Depth), this will be signed as nested code within your main app and thus included in the main app’s notarisation.

By the way it seems the notarization process passed successfully on the main app bundle without rejecting or raise warning about the embeded pkg.

Notarisation will look inside embedded installer packages (and zips, and perhaps disk images as well, but I’ve not checked that last one). To get a feel for this I created a test command-line tool, then wrapped that in a

.pkg
, and then added the
.pkg
to a test app. After notarising the test app, here’s what I see for the ticket:
$ xcrun altool --notarization-info d20cb31b-17bf-414c-98b1-e3fe0415815e …
2019-05-16 10:10:44.009 altool[71556:8010082] No errors getting notarization info.

    …
    LogFileURL: https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma113/v4/0c/db/41/0cdb4120-af5b-c291-cb4b-45dae9b563a4/developer_log.json?accessKey=1558192243_4044532856288563968_Fv5rxzTKLscklsQrix8aJCdUcNRJbMWQ9LcW1y3NnZhVR7ccnaKs8uOUGAcYRAtq3QV1Nv7fSigehUIvboXjATtoIuk0xsTVB9h2g39Ezco3aNSaPyltx5w09hb3xeYEMPsrrM%2BrCHkevIvBBS%2BC2JTe0oUJzCzawHY%2BFJmaL6U%3D
    …
$ curl https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma113/v4/0c/db/41/0cdb4120-af5b-c291-cb4b-45dae9b563a4/developer_log.json?accessKey=1558192243_4044532856288563968_Fv5rxzTKLscklsQrix8aJCdUcNRJbMWQ9LcW1y3NnZhVR7ccnaKs8uOUGAcYRAtq3QV1Nv7fSigehUIvboXjATtoIuk0xsTVB9h2g39Ezco3aNSaPyltx5w09hb3xeYEMPsrrM%2BrCHkevIvBBS%2BC2JTe0oUJzCzawHY%2BFJmaL6U%3D
{
  …
  "ticketContents": [
    {
      "path": "Test116601.zip/Test116601.app",
      "digestAlgorithm": "SHA-256",
      "cdhash": "fcc9a5b91f9edea7fd57231ee49eb2c16a584b10",
      "arch": "x86_64"
    },
    {
      "path": "Test116601.zip/Test116601.app/Contents/MacOS/Test116601",
      "digestAlgorithm": "SHA-256",
      "cdhash": "fcc9a5b91f9edea7fd57231ee49eb2c16a584b10",
      "arch": "x86_64"
    },
    {
      "path": "Test116601.zip/Test116601.app/Contents/Resources/PrivilegedTool.pkg",
      "digestAlgorithm": "SHA-1",
      "cdhash": "1e98b21a32a4667db8b95fa36e619bbf83c06645"
    },
    {
      "path": "Test116601.zip/Test116601.app/Contents/Resources/PrivilegedTool.pkg/root.pkg Contents/Payload/usr/local/bin/PrivilegedTool",
      "digestAlgorithm": "SHA-256",
      "cdhash": "0e8518c6baf02074f056ba18f9d443d43e51dd07",
      "arch": "x86_64"
    }
  ],
  "issues": null
}

As you can see, the ticket covers:

  • The top-level app

  • The main executable within that app

  • The installer package

  • The helper tool within the installer package

Neat-o!

Please repeat these steps with your app to see what your ticket covers.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

[1] Notes to Future Quinn™:

  • Enabled the hardened runtime.

  • Add a secure timestamp.

  • Disable Code Signing Inject Base Entitlements (

    CODE_SIGN_INJECT_BASE_ENTITLEMENTS
    ) to prevent the
    get-task-allow
    being set automatically.
  • This:

    $ productbuild --sign "Developer ID Installer" --root root / PrivilegedTool.pkg

    .

I don’t understand what you mean about “failure”. You should not expect a test to fail. Tests should be run to ensure that the software is running correctly. In a situation like this, where the operating system and installers are concerned, you should be testing two use cases: 1) a fresh installation on a pristine system and 2) an updated installatiion on a system that has already installed an earlier, or current, version of the software. You can use either a virtual machine or APFS snapshots to easily restore a machine to pristine settings.


Apple is being very gentle with this change. They are only applying the Notarization requirement to new developers. I know why they are doing this. My app detects adware, among other things, and I’ve noticed a recent surge in signed adware. Notarization is essentially an antivirus scanner for the distribution side.


But since you were already signing your software, this new change in 10.14.5 doesn’t apply to you. You should not expect to see any breakage at this time. Essentially, you are getting another 6 month window to get your processes updated. It is reasonable to assume that Notarization will be required for all software in 10.15.


It sounds like your installation process is a bit convoluted. I suggest scapping all of that and just use a pkg installer. I also don’t suggest using the sandbox. I can see where certain processes like Notarization are useful and necessary for security. But sandboxing is not. That is just Apple corporate strategy to reshape macOS into the iOS style.

Well thanks for the sample test on your end.


You're right, it seems notatization is done deeply inside the pkg embedded in resources.


Here is the ticket for our app :


{
  "logFormatVersion": 1,
  "jobId": "...",
  "status": "Accepted",
  "statusSummary": "Ready for distribution",
  "statusCode": 0,
  "archiveFilename": "com.nahimic.nahimicapp.005.zip",
  "uploadDate": "2019-05-10T16:03:39Z",
  "sha256": "...",
  "ticketContents": [
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftFoundation.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "d11acf66e52f58ec591b1eef717bd06bb056ea09",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftos.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "def8e33c582c9995fafe658d240b5188eb6d5eec",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftCore.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "6c5e086768c19ce3d27cd28f40a492a100787668",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftDispatch.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "e9c4a93e8844ea290a97ec724f8580295f8d9879",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftAppKit.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "4d0544ee8f5e59a60c2a639ef12c9ea3064ee02a",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/CommonCrypto.framework/Versions/Current",
      "digestAlgorithm": "SHA-256",
      "cdhash": "0f8795addf986ce38ee154e551b9710ad1367f1f",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/DevMateKit.framework/Versions/Current",
      "digestAlgorithm": "SHA-256",
      "cdhash": "957e83c2e48aaa44a5e0083a35a1861ab95bd9c2",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/DevMateKit.framework/Versions/Current/Frameworks/DevMateIssuesReporter.framework/Versions/Current/Frameworks/CrashReporter.framework/Versions/Current",
      "digestAlgorithm": "SHA-256",
      "cdhash": "f3d3eb83a89ac88f061bb7b29529c58d03f77415",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftCoreLocation.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "e3418daedafb676af694542f6dcb3bc7caaceec1",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftCoreImage.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "81a879336764e3bbc9b3f732814d2b25840f5dc6",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftIOKit.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "6aacbc7fe35034ce7ec03e25d2c190c629616fbc",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/Common.framework/Versions/Current",
      "digestAlgorithm": "SHA-256",
      "cdhash": "5f23e5269b7ca6b70276d405c3054b71afb0ed2e",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftCoreGraphics.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "732e289585178c5b4c3bc25721b670b1bb7e8b92",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/Crypto.framework/Versions/Current",
      "digestAlgorithm": "SHA-256",
      "cdhash": "7734a3f6ac7fd8322b6aa7d9b76f2b28a3f15736",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftXPC.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "a5641c67190654dae5e24120c98601096b93b916",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/SwiftProtobuf.framework/Versions/Current",
      "digestAlgorithm": "SHA-256",
      "cdhash": "ce7431b7fe48cd9f47376eb27fd339e39dc31001",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftQuartzCore.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "b269f336f1b17dc645c12ae78744af72044c4d08",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftCoreData.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "3f98915bc21c11a8544de514a33170ab9c1682b9",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftDarwin.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "349dbb67799bd0a6a7351e80ae43672f29accca4",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftIOKit.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "6aacbc7fe35034ce7ec03e25d2c190c629616fbc",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftos.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "def8e33c582c9995fafe658d240b5188eb6d5eec",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/Alamofire.framework/Versions/Current",
      "digestAlgorithm": "SHA-256",
      "cdhash": "75323b325dcfda4bdd46ca35385b4ac24e7b6035",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/NahimicSentence.framework/Versions/Current",
      "digestAlgorithm": "SHA-256",
      "cdhash": "f41dd9e49cc1b3b7a3eae22ec29753baf0fbc769",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftCoreMedia.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "45eb7dbc0c1b2cb7a4c7b46c1450ac22dde692fb",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftCore.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "6c5e086768c19ce3d27cd28f40a492a100787668",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/RNCryptor.framework/Versions/Current",
      "digestAlgorithm": "SHA-256",
      "cdhash": "e09eb3fee4d72f54da7ccbf5816eeb1e2e6601ba",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app",
      "digestAlgorithm": "SHA-256",
      "cdhash": "12570ebee68d7708d192dd91fbb33cca794845df",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/SignalPrimitives.framework/Versions/Current",
      "digestAlgorithm": "SHA-256",
      "cdhash": "b11b6eafc74bf158a5430299610da50c423665f7",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftFoundation.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "d11acf66e52f58ec591b1eef717bd06bb056ea09",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftCoreAudio.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "576560b272c21f43f00683c2cd597a8117ec5c05",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftDarwin.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "349dbb67799bd0a6a7351e80ae43672f29accca4",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app",
      "digestAlgorithm": "SHA-256",
      "cdhash": "46890730e40d25f7597eda9f26f30a2527b09410",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/DevMateKit.framework/Versions/Current/Frameworks/DevMateIssuesReporter.framework/Versions/Current",
      "digestAlgorithm": "SHA-256",
      "cdhash": "5d96e87a0aa9f9fe31c9a2bef67589147452673f",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftCoreData.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "3f98915bc21c11a8544de514a33170ab9c1682b9",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftMetal.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "007e11b1af1c0e0950b0a2c9d3e6d4fb63c97af5",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftCoreFoundation.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "9244510392631333d656a4d69fb39c9faf0ef8cf",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftCoreFoundation.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "9244510392631333d656a4d69fb39c9faf0ef8cf",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftObjectiveC.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "bc32cc05c0b3dd024a6b9e102b1e4e85455a361d",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/DevMateKit.framework/Versions/Current/XPCServices/com.devmate.UpdateInstaller.xpc",
      "digestAlgorithm": "SHA-256",
      "cdhash": "73f0fe84e27a5a56313e36abd6427f428ea63471",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftCoreGraphics.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "732e289585178c5b4c3bc25721b670b1bb7e8b92",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftXPC.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "a5641c67190654dae5e24120c98601096b93b916",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftDispatch.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "e9c4a93e8844ea290a97ec724f8580295f8d9879",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftQuartzCore.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "b269f336f1b17dc645c12ae78744af72044c4d08",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftsimd.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "aab03ef968f1e74b3efd2948cf5c73a590011430",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftMetal.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "007e11b1af1c0e0950b0a2c9d3e6d4fb63c97af5",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/NahimicUIElements.framework/Versions/Current",
      "digestAlgorithm": "SHA-256",
      "cdhash": "9194c74b76f01eaef402dbacb4619c793d26a14a",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftCoreImage.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "81a879336764e3bbc9b3f732814d2b25840f5dc6",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/VHT2.framework/Versions/Current",
      "digestAlgorithm": "SHA-256",
      "cdhash": "7e6ac30b9fdb069fa766482c07e6616876f1de56",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftAppKit.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "4d0544ee8f5e59a60c2a639ef12c9ea3064ee02a",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftAVFoundation.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "0dc0aaac2d1b5a9cf4db46a12d8447ca74c113eb",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftObjectiveC.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "bc32cc05c0b3dd024a6b9e102b1e4e85455a361d",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/MacOS/Nahimic",
      "digestAlgorithm": "SHA-256",
      "cdhash": "46890730e40d25f7597eda9f26f30a2527b09410",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Resources/libswiftRemoteMirror.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "2f9645985263723e0d122bef45076c1ff7c6287d",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Resources/Nahimic.pkg",
      "digestAlgorithm": "SHA-1",
      "cdhash": "9e97e2dbdf9d3d40d1eb15d1dea93f01815c9f43"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Resources/Nahimic.pkg/Virtual_Audio_Device.pkg Contents/Payload/Library/Audio/Plug-Ins/HAL/NahimicDriver.driver",
      "digestAlgorithm": "SHA-256",
      "cdhash": "c90b572843e6f9a57718ea89217b95fc4eb01004",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftAppKit.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "4d0544ee8f5e59a60c2a639ef12c9ea3064ee02a",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftDarwin.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "349dbb67799bd0a6a7351e80ae43672f29accca4",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftCore.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "6c5e086768c19ce3d27cd28f40a492a100787668",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app",
      "digestAlgorithm": "SHA-256",
      "cdhash": "12570ebee68d7708d192dd91fbb33cca794845df",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftObjectiveC.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "bc32cc05c0b3dd024a6b9e102b1e4e85455a361d",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftXPC.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "a5641c67190654dae5e24120c98601096b93b916",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftFoundation.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "d11acf66e52f58ec591b1eef717bd06bb056ea09",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftCoreData.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "3f98915bc21c11a8544de514a33170ab9c1682b9",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftCoreImage.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "81a879336764e3bbc9b3f732814d2b25840f5dc6",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftDispatch.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "e9c4a93e8844ea290a97ec724f8580295f8d9879",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftIOKit.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "6aacbc7fe35034ce7ec03e25d2c190c629616fbc",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftCoreGraphics.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "732e289585178c5b4c3bc25721b670b1bb7e8b92",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftMetal.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "007e11b1af1c0e0950b0a2c9d3e6d4fb63c97af5",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftos.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "def8e33c582c9995fafe658d240b5188eb6d5eec",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftCoreFoundation.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "9244510392631333d656a4d69fb39c9faf0ef8cf",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftQuartzCore.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "b269f336f1b17dc645c12ae78744af72044c4d08",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/MacOS/nahimicLauncher",
      "digestAlgorithm": "SHA-256",
      "cdhash": "12570ebee68d7708d192dd91fbb33cca794845df",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Resources/libswiftRemoteMirror.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "2f9645985263723e0d122bef45076c1ff7c6287d",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftAppKit.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "4d0544ee8f5e59a60c2a639ef12c9ea3064ee02a",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftCoreImage.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "81a879336764e3bbc9b3f732814d2b25840f5dc6",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftObjectiveC.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "bc32cc05c0b3dd024a6b9e102b1e4e85455a361d",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftXPC.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "a5641c67190654dae5e24120c98601096b93b916",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftCore.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "6c5e086768c19ce3d27cd28f40a492a100787668",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftCoreGraphics.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "732e289585178c5b4c3bc25721b670b1bb7e8b92",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftMetal.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "007e11b1af1c0e0950b0a2c9d3e6d4fb63c97af5",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftCoreData.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "3f98915bc21c11a8544de514a33170ab9c1682b9",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftDispatch.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "e9c4a93e8844ea290a97ec724f8580295f8d9879",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftos.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "def8e33c582c9995fafe658d240b5188eb6d5eec",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftCoreFoundation.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "9244510392631333d656a4d69fb39c9faf0ef8cf",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftDarwin.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "349dbb67799bd0a6a7351e80ae43672f29accca4",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftQuartzCore.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "b269f336f1b17dc645c12ae78744af72044c4d08",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftIOKit.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "6aacbc7fe35034ce7ec03e25d2c190c629616fbc",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Library/LoginItems/nahimicLauncher.app/Contents/Frameworks/libswiftFoundation.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "d11acf66e52f58ec591b1eef717bd06bb056ea09",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftAppKit.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "4d0544ee8f5e59a60c2a639ef12c9ea3064ee02a",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftCoreImage.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "81a879336764e3bbc9b3f732814d2b25840f5dc6",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftObjectiveC.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "bc32cc05c0b3dd024a6b9e102b1e4e85455a361d",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftXPC.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "a5641c67190654dae5e24120c98601096b93b916",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftCore.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "6c5e086768c19ce3d27cd28f40a492a100787668",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftCoreGraphics.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "732e289585178c5b4c3bc25721b670b1bb7e8b92",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftMetal.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "007e11b1af1c0e0950b0a2c9d3e6d4fb63c97af5",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftCoreData.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "3f98915bc21c11a8544de514a33170ab9c1682b9",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftDispatch.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "e9c4a93e8844ea290a97ec724f8580295f8d9879",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftos.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "def8e33c582c9995fafe658d240b5188eb6d5eec",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftCoreFoundation.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "9244510392631333d656a4d69fb39c9faf0ef8cf",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftDarwin.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "349dbb67799bd0a6a7351e80ae43672f29accca4",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftQuartzCore.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "b269f336f1b17dc645c12ae78744af72044c4d08",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftIOKit.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "6aacbc7fe35034ce7ec03e25d2c190c629616fbc",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftCoreAudio.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "576560b272c21f43f00683c2cd597a8117ec5c05",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftAVFoundation.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "0dc0aaac2d1b5a9cf4db46a12d8447ca74c113eb",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftFoundation.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "d11acf66e52f58ec591b1eef717bd06bb056ea09",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftCoreMedia.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "45eb7dbc0c1b2cb7a4c7b46c1450ac22dde692fb",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftCoreLocation.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "e3418daedafb676af694542f6dcb3bc7caaceec1",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/libswiftsimd.dylib",
      "digestAlgorithm": "SHA-256",
      "cdhash": "aab03ef968f1e74b3efd2948cf5c73a590011430",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/SignalPrimitives.framework/Versions/A/SignalPrimitives",
      "digestAlgorithm": "SHA-256",
      "cdhash": "b11b6eafc74bf158a5430299610da50c423665f7",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/Crypto.framework/Versions/A/Crypto",
      "digestAlgorithm": "SHA-256",
      "cdhash": "7734a3f6ac7fd8322b6aa7d9b76f2b28a3f15736",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/Common.framework/Versions/A/Common",
      "digestAlgorithm": "SHA-256",
      "cdhash": "5f23e5269b7ca6b70276d405c3054b71afb0ed2e",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/CommonCrypto.framework/Versions/A/CommonCrypto",
      "digestAlgorithm": "SHA-256",
      "cdhash": "0f8795addf986ce38ee154e551b9710ad1367f1f",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/VHT2.framework/Versions/A/VHT2",
      "digestAlgorithm": "SHA-256",
      "cdhash": "7e6ac30b9fdb069fa766482c07e6616876f1de56",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/Alamofire.framework/Versions/A/Alamofire",
      "digestAlgorithm": "SHA-256",
      "cdhash": "75323b325dcfda4bdd46ca35385b4ac24e7b6035",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/RNCryptor.framework/Versions/A/RNCryptor",
      "digestAlgorithm": "SHA-256",
      "cdhash": "e09eb3fee4d72f54da7ccbf5816eeb1e2e6601ba",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/NahimicUIElements.framework/Versions/A/NahimicUIElements",
      "digestAlgorithm": "SHA-256",
      "cdhash": "9194c74b76f01eaef402dbacb4619c793d26a14a",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/SwiftProtobuf.framework/Versions/A/SwiftProtobuf",
      "digestAlgorithm": "SHA-256",
      "cdhash": "ce7431b7fe48cd9f47376eb27fd339e39dc31001",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/DevMateKit.framework/Versions/A/DevMateKit",
      "digestAlgorithm": "SHA-256",
      "cdhash": "957e83c2e48aaa44a5e0083a35a1861ab95bd9c2",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/DevMateKit.framework/Versions/A/Resources/Problem Reporter Sandboxed.app",
      "digestAlgorithm": "SHA-256",
      "cdhash": "a8c434d92c3c164564d8526284d295acaf77e861",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/DevMateKit.framework/Versions/A/Resources/Problem Reporter Sandboxed.app/Contents/MacOS/Problem Reporter Sandboxed",
      "digestAlgorithm": "SHA-256",
      "cdhash": "a8c434d92c3c164564d8526284d295acaf77e861",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/DevMateKit.framework/Versions/A/Resources/Problem Reporter.app",
      "digestAlgorithm": "SHA-256",
      "cdhash": "f4ad7e4a9daea7ee39da881cc848c97d2a14ebec",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/DevMateKit.framework/Versions/A/Resources/Problem Reporter.app/Contents/MacOS/Problem Reporter",
      "digestAlgorithm": "SHA-256",
      "cdhash": "f4ad7e4a9daea7ee39da881cc848c97d2a14ebec",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/DevMateKit.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop",
      "digestAlgorithm": "SHA-256",
      "cdhash": "e68fe933a08d19955d9fbb961236fcc83b29f7b2",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/DevMateKit.framework/Versions/A/Resources/Autoupdate.app",
      "digestAlgorithm": "SHA-256",
      "cdhash": "fc358fdaafd0f7b66212ac8605a8ae8967ec46d8",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/DevMateKit.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop",
      "digestAlgorithm": "SHA-256",
      "cdhash": "e68fe933a08d19955d9fbb961236fcc83b29f7b2",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/DevMateKit.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/Autoupdate",
      "digestAlgorithm": "SHA-256",
      "cdhash": "fc358fdaafd0f7b66212ac8605a8ae8967ec46d8",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/DevMateKit.framework/Versions/A/XPCServices/com.devmate.UpdateInstaller.xpc/Contents/MacOS/com.devmate.UpdateInstaller",
      "digestAlgorithm": "SHA-256",
      "cdhash": "73f0fe84e27a5a56313e36abd6427f428ea63471",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/DevMateKit.framework/Versions/A/Frameworks/DevMateIssuesReporter.framework/Versions/A/DevMateIssuesReporter",
      "digestAlgorithm": "SHA-256",
      "cdhash": "5d96e87a0aa9f9fe31c9a2bef67589147452673f",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/DevMateKit.framework/Versions/A/Frameworks/DevMateIssuesReporter.framework/Versions/A/Frameworks/CrashReporter.framework/Versions/A/CrashReporter",
      "digestAlgorithm": "SHA-256",
      "cdhash": "f3d3eb83a89ac88f061bb7b29529c58d03f77415",
      "arch": "x86_64"
    },
    {
      "path": "com.nahimic.nahimicapp.005.zip/Nahimic.app/Contents/Frameworks/NahimicSentence.framework/Versions/A/NahimicSentence",
      "digestAlgorithm": "SHA-256",
      "cdhash": "f41dd9e49cc1b3b7a3eae22ec29753baf0fbc769",
      "arch": "x86_64"
    }
  ],
  "issues": null
}

`Ignoring your plug-in for the moment, I would expect these steps to fail if your app wasn’t notarised. Was that not the case?`


I can assure you that our app bundle is currently running on macOS 10.14.5 without being notarized.


We notarized the 1.4.1 version of our app, without attaching it to the bundle, and now we have a 1.4.2 version running flawlessly on 10.14.5 without any notarization process done on it.


The only alert on first app launch is the "app was downloaded from a web url, do you want to open it ?"


Moreover we are on our way to upgrade to 10.14.6 and we will try on it too


Thanx

You said that you have been signing your app with your Developer ID for months, so that would exempt you from the new requirement in 10.14.5. Apple has not said when Notarization will be required for all apps. That seems likely to happen with 10.15, but it could happen at any time, even on the final 10.14.6 release build, which will likely not be available for beta testing.


When your app is Notarized, you will get a different alert on first launch. It will say it has been checked for malware and none was found.


From your previous description, your installation process looks pretty complex and unusual. That puts you at a higher risk of problems due to Notarization and other issues.

When you design tests, test must "fail", then you make them pass.

Said diferently, testing should test failure cases and success cases.

I assume you write perfect software and write test cases only to pass what has been emplemented then 😉

Testing notarization should be testing app launch success when notarized AND app launch failure when not notarized.

In our case, because we aren't new developers, our current testing workflow is app launch success when notarized AND app launch success when not notarized.

I'm glad you mentioned it again there, because that part where "new developers are only concerned" was one that confused us.

Who are "new developers" ?

No mindjacking there, but no details can be found about "what a new developer is" was mentioned like "if you created a Developer ID 01/01/2019 or later, you are considered as new developer and you app MUST be notarized" or "if you created a Developer ID 01/04/2019 or later, you are considered as new developer and you app MUST be notarized"

So it was difficult for us to define our current "app not notarized" test cases.

The purpose of the sandbox in our case is to prepare and unify the app behavior for a potential move to the Mac App Store distribution, so there will be no need to handle particular cases where non sandboxed app api usage will have to be reworked to be compliant (and I know a few).

Moreover with the project called "Marzipan", which seems to look forward macOS/iOS distribution unification, I'm not quite sure evolving out of sandboxing constraints will help us to follow this new opportunity to target more devices with a single product.

We did app install on pristine 10.14.5

Moreover moving from a "full pkg" install to a "drag'n'drop from dmg" install improved the download>install>usage rate in our case, so we won't move back.

Sorry, but no. There is a class of testing to that is designed to cover edge cases and failures, but that's different. There are also tests designed to cover new features that aren't yet implemented. I'm talking about regression tests. They are supposed to succeed. If they fail, then that's a problem. These regression tests are even more important if you are doing something funky - that is, something that 10 million other developers aren't doing. If 200 million apps stop working, that's Apple's problem to fix. If only your app fails, that's your problem.


To be clear, there is absolutely no need to test the failure of a non-notarized build. That's a test for Apple to perform, not you. In fact, it isn't even possible for you to test that.


I don't think Apple has clearly said what a "new developer" is. Judging from some of the other threads here on the developer forums, I think Apple has retroactively identified a past date and is reviewing even "recent" developers. As I mentioned before, my app does adware detection so I know what is going on here. There has been a recent spike in adware signed by people buying individual $99 developer accounts. When you are looking at developer signatures across a large population, like Apple can do and what I can do to some extent, these adware developers are easy to identify. So, Apple is somehow adding to Gatekeeper a check for the age of a developer account. As of 10.14.5, those new accounts are undergoing more scrutiny and Notarization is now required. I don't know if Apple is applying the policy to all accounts, or just individual accounts. Apple does sometimes revoke adware and scamware certificates for business accounts too. But Apple increased the required documentation for business accounts some time ago. I doubt that new business accounts are a big source of concern.


If you wanted to see what would happen with your app, you could purchase a new developer account in an individual's name. In theory, that would be a "new" account and subject to more stringent checking. Then you could build and sign (but not Notarize) your installer and test it on 10.14.5. It should fail to install. I don't know what good that would do for you. In my opinion, I think the complexity of your installation process poses a bigger risk than just the Notarization aspect. My suggestion is to proactively simplify that process. If not, then you should definitely have more stringent regression tests. The problem is that those are tedious to do. And if they do fail, then you have to scramble to find out what the problem is and fix it. That is why I suggest that you should just take the time you have right now, simply the process, add notarization, and you will greatly reduce your risk of unexpected failure in the future.

To finish answering...


Your sandboxing makes sense then. Whether your app architecture in general will meet Apple's current and future requirements is a different question. Good luck with that! And I mean that sincerely. With App Store, all you can do is try your best, cross your fingers, and hope.


My concern with Marzipan/iOS-ification, as far as your software goes, is not the installer or notarization, it is the existence of those plug-ins. How would your software run on iOS today? If it doesn't, then that might be a problem. It might still work, but this is uncharted territory where even Apple may not know what they plan to do yet.


Regarding your installer, if you don't want a full package, maybe consider a stand-alone app. Get rid of the DMG. You will still have a relatively complicated and risky installer, but you should have fewer problems with signing and notarization.