1077 Views 3 Replies
      Latest reply on Mar 6, 2019 3:56 AM by simran21
      simran21 Level 1 Level 1 (0 points)
      simran21 Feb 5, 2019 10:29 PM

        Hello,

         

        Our product is integrated in dmg which contains pkg, apps, kext's, frameworks, plugins and other extensions like dylib, configuration files etc. Can we send dmg for notarization?

        (Reference: https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution)

         

        “While you can notarize a ZIP archive, you can’t staple to it directly. Instead, run stapler against each individual item that you originally added to the archive. Then create a new ZIP file containing the stapled items for distribution.”

         

        Above point is applicable for dmg also?

         

        Thanks,

        Simran

        • Re: Notarize dmg queries
          haikeeba Apple Staff Apple Staff (0 points)
          haikeeba Feb 11, 2019 11:49 PM (in response to simran21)

          You can upload a disk image for notarization and staple a ticket to it. The ticket covers all the contents of the dmg. You can't currently staple a ticket to a zip file.

           

          Someone else is looking into answering the questions about SDK version and unsigned kexts.

          • Re: Notarize dmg queries
            Setag Apple Staff Apple Staff (0 points)
            Setag Feb 13, 2019 12:48 PM (in response to simran21)

            Currently, due to changes in macOS 10.8.3 (see bottom), you'll need to distribute two installers, one for macOS 10.8.2 and earlier that contains the unsigned kext as unsigned kexts cannot be notarize and one that is notarized that contains the signed kext for macOS 10.8.3 and later.

             

            The kext installer for macOS 10.8.3 or later that is meant to be notarized will also need to be linked against the macOS 10.9 SDK or later, although you can set the deployment target to macOS 10.8 to get compatibility for macOS 10.8.3.

             

            Alternatively, you can separate them into an unnotarized macOS 10.7.5 to macOS 10.8.5 installer and one notarized installer for macOS 10.9 and later, if it's easier to demarcate the downloads that way.