User Profile

This is the command I use, but must migrate, to notarize a macOS app: xcrun altool --notarize-app -f "$outputDmg" --primary-bundle-id "$notarizeBundleId" -u "$notarizeUser" -p "@keychain:AC_PASSWORD" The migration docs I read implied that the following should work: xcrun notarytool submit --apple-id "$notarizeUser" "--team-id" $notarizeTeam --password "@keychain:AC_PASSWORD" "$outputDmg" But it doesn't. I can get it to work only if I put the password from the keychain on the command line. I cannot accept this. What can I do to make this work?

For years, we have been using the following four commands to sign our app and ensure that the signing has worked:codesign --force --verbose=0 --deep --sign $certIdentity $mntpointAppcodesign --verify --verbose=0 --deep $mntpointAppspctl --assess --verbose=4 --type install $mntpointAppspctl --assess --verbose=4 --type execute $mntpointAppOur build machine (macOS 10.13.6, Xcode 10.1) executes these commands without failure. My Mohave MBP did too before I upgraded it to Catalina and Xcode 11.After upgrading, the first spctl command fails like this (according to our gradle script's output):13:14:54.010 [INFO] [org.gradle.process.internal.DefaultExecHandle] Starting process 'command 'spctl''. Working directory: $HOME Command: spctl --assess --verbose=4 --type install $HOME/build/tmp/dmgMount/My.app13:14:54.010 [DEBUG] [org.gradle.process.internal.DefaultExecHandle] Changing state to: STARTING13:14:54.010 [DEBUG] [org.gradle.process.internal.DefaultExecHandle] Waiting until process started: command 'spctl'.13:14:54.014 [DEBUG] [org.gradle.process.internal.DefaultExecHandle] Changing state to: STARTED13:14:54.014 [DEBUG] [org.gradle.process.internal.ExecHandleRunner] waiting until streams are handled...13:14:54.014 [INFO] [org.gradle.process.internal.DefaultExecHandle] Successfully started process 'command 'spctl''13:14:54.238 [ERROR] [system.err] $HOME/build/tmp/dmgMount/My.app: rejected13:14:54.239 [ERROR] [system.err] source=Unnotarized Developer ID13:14:54.239 [DEBUG] [org.gradle.process.internal.DefaultExecHandle] Changing state to: FAILED13:14:54.239 [DEBUG] [org.gradle.process.internal.DefaultExecHandle] Process 'command 'spctl'' finished with exit value 3 (state: FAILED)I modified the above debug output to obfuscate a couple of names that I don't want to reveal.The doc that I've been reading, regarding how to notarize and staple is this: https://developer.apple.com/documentation/security/notarizing_your_app_before_distributionThe first bullet under the heading "Prepare Your Software for Notarization" says:Enable code-signing for all of the executables you distribute.I take this to mean "you have to sign your application".A couple of points below it says "Don't use a Mac Distribution or local development certificate". The certificate we are using is of the type "Developer ID Application".Unless spctl is given a erroneous error message, it looks like there is at least one constraint I haven't satisfied: getting the developer id notarized.Nowhere in the document does it describe that process as being a constraint nor how to accomplish that task.The other forum topics don't address this concept at all or are ambiguous.