3 Replies
      Latest reply on Mar 4, 2019 3:41 PM by haikeeba
      kuutti Level 1 Level 1 (0 points)

        Hello all,

         

        Recently there has been some information about notarization being required in the future for apps.

         

        E.g., https://developer.apple.com/news/?id=10192018a says:

         

        "In an upcoming release of macOS, Gatekeeper will require Developer ID–signed software to be notarized by Apple."

         

        We develop some software that has its own installer on macOS. Can someone clarify what is the impact of this requirement?

         

        Does it mean all software with its own installer will need to be notarized? Is there some instruction on how to best integrate this into a (CI) build process?

         

        Is it possible to disable this feature for testing purposes? Mandatory notarization will make running tests and test builds quite inconvenient if not. How to do so (disable notarization for testing)?

         

        And is there any planned timeline when this notarization becomes mandatory?

         

        Just trying to plan a bit ahead so when the storm hits, I have hopes for something resembling a raincoat. Otherwise, duck and cover

         

        Cheers,

        Kuutti

        • Re: impact of notarization on dev
          john daniel Level 3 Level 3 (380 points)

          Apple has not provided a date for this requirement. Xcode does not apply the quarantine flags to executables that it builds, so they would be exempt from any Gatekeeper checks anyway. They don't even need to be signed, let alone notarized.

           

          I'm not sure what you mean by "own installer". If you are using a DMG or a package maker archive, then there are some instructions and forum knowledge about how to notarize those installers. If you have some kind of custom executable, then you would need to notarize that executable. I have seen some mention of command-line tools and integration into CI build processes, but I haven't paid attentiont to them. You can search the documentation and the forums.

          • Re: impact of notarization on dev
            eskimo Apple Staff Apple Staff (11,275 points)

            What john daniel said plus…

            And is there any planned timeline when this notarization becomes mandatory?

            There’s been no public announcement of such a timeline.

            I seem to have missed the memo here.  Sorry.  See haikeeba’s post below.

            Is there some instruction on how to best integrate this into a (CI) build process?

            There is indeed.  For an overview of this, I recommend that you watch WWDC 2018 Session 702 Your Apps and the Future of macOS Security.

            For written documentation, check out:

            These three documents cover most of the cases, but if you run into some other problem you can ask here for help (or open a DTS tech support incident for formal support).

            Share and Enjoy

            Quinn “The Eskimo!”
            Apple Developer Relations, Developer Technical Support, Core OS/Hardware
            let myEmail = "eskimo" + "1" + "@apple.com"