5 Replies
      Latest reply on Apr 18, 2019 8:59 AM by precursor
      lennydeveloper Level 1 Level 1 (0 points)

        I develop in Xcode these days but I also have some clients that require automation with AppleScript, for which I use the fabulous ScriptDebugger IDE. As of Mojave I now have to codesign my apps which mean I can't really debug and save a simple change on the customer's machine - I have to bring it back to my own save it, then send it back. With the new 10-14-5 I am now told that I will have to send these apps to Apple to be notarized as well.

         

        These are simple scripts that load data into a database on a launchd schedule, move documents here and there, do some backiing up, and so on. Does Apple really want to take the time to notarize these? If someone swaps out a hard drive will I have to wait a few days afer changing the script to get it back from the notarization bureau? Does Apple just wants to kill off automation entirely?

         

        TIA, Lenny

        • Re: Notarization and AppleScript apps
          eskimo Apple Staff Apple Staff (11,035 points)

          Does Apple really want to take the time to notarize these?

          If someone swaps out a hard drive will I have to wait a few days afer changing the script to get it back from the notarization bureau?

          These questions make me think that you’re confusing notarisation and App Review.  Notarisation is an entirely mechanical process.  If it takes “a few days” then something has gone horribly wrong at our end.  In my experience, notarising a small app takes a few minutes.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: Notarization and AppleScript apps
              hhas01 Level 1 Level 1 (20 points)

              For OP’s benefit:

               

              developer [dot] apple [dot] com/documentation/security/notarizing_your_app_before_distribution

               

              App Notarization is akin to the customs inspector asking you to confirm you packed your own luggage before performing a cursory search.

               

              I don’t imagine AN can prevent apps burying malicious code under encryption/obfuscation, or freely downloading and executing it at runtime. But at least it provides a direct paper trail back to the original developer that should allow Apple to revoke that developer’s ID and update Gatekeeper to block all their apps from running once that malfeasance is publicly noticed and reported.

              • Re: Notarization and AppleScript apps
                precursor Level 1 Level 1 (0 points)

                How did you notarize your app?

                 

                I have not been able to successfully complete the notarization process because stapling the notariztion always fails.

                 

                That is to say, following instructions on DerFlounder for automator apps I:

                - successully code signed the app

                - successfully notarized the app and received the email form Apple that I could begin distributing

                 

                However, when I try to staple the valid notariztion to the app I get an error 65:

                 

                e.g.

                xcrun stapler staple “/Volumes/HardDrive/MyApp.app”

                Processing: /Volumes/HardDrive/MyApp.app

                CloudKit query for MyApp.app (2/936578f9cf6dff6314bdebeba427cac9dab3f7e8) failed due to “record not found”.

                Could not find base64 encoded ticket in response for 2/936578f9cf6dff6314bdebeba427cac9dab3f7e8

                The staple and validate action failed! Error 65.

                 

                I filed a bug report with Apple a few days ago but haven't heard anything back as yet.

                  • Re: Notarization and AppleScript apps
                    precursor Level 1 Level 1 (0 points)

                    To answer my own question:

                     

                    Instead of submitting a .zip to get notarized it is necessary to upload a signed .dmg

                    (doesn't have to be a hardened signing).

                     

                    Then you can staple the successfuly notarized DMG.

                     

                    I am guessing this is becuase you are notarizing the delivery method and signing the actual app.

                • Re: Notarization and AppleScript apps
                  john daniel Level 3 Level 3 (350 points)

                  If you were making these changes directly on the customer's machine, then you should be able to continue to do that. The changes coming for 10.14.5 only apply to publicly distributed apps that are downloaded from the internet. If you create an app on a customers machine, then you will not be setting the quarantine flags, and Gatekeeper will ignore it. Therefore, you do not have to notarize or even sign these apps.