6 Replies
      Latest reply on Apr 12, 2019 2:39 AM by eskimo
      Taopix Level 1 Level 1 (0 points)



        I am trying to determine the best way that we can add App Notarization into our build / deployment workflow.


        We deploy using a disk image that contains our main app, two helper apps and a lot of content. The disk image can be in excess of 2GB.

        At this present time our build workflow code signs all three apps and then builds a disk image containing everything. The final stage involves code signing the disk image.


        To support notarization we have two options:

        1. Send the entire code signed disk image to the notarization service.

        2. Send the apps to the notarization service via a zip file, staple the apps, add the apps and the content to the disk image and then code sign the disk image.


        We know option 1 will work but this will involve a very lengthy upload to the notarization service and I imagine, a processing overhead due to the large disk image size.


        We would prefer to use option 2 due to it being much more efficient. We know we can notarize the apps by uploading a zip file so that isn't a problem. However, what isn't obvious from the documentation is if GateKeeper is happy to accept a code signed disk image that hasn't been processed by App Notarization but contains applications that have been.



        Any advice would be greatly appreciated.