xcodemacoscode-signingsoftware-distributionnotarize

How to notarize an app bundle containing helpers embedded in it?


Does anyone know how to send a Mac application bundle containing embedded helper app bundles to be notarized by Apple? When I try to archive a simple application, everything goes smoothly. The app is archived properly, and I can upload the archive and my app gets notarized in a question of minutes.

However, when I try to archive an app bundle containing helper app bundles in it, using script phases and try to automatically sign and notarize my application bundle via the normal, automatic workflow of creating an archive, I am unable to upload the app bundle for notarization. So, what should I do?

Any help is appreciated.


Solution

  • Thanks to the new documentation by Apple produced during WWDC 2019, I was finally able to solve this problem, which was not possible before, even after having used a DTS ticket. Basically, if you have a complex bundle and you need to build it automatically using scripts, you CANNOT use the automatic workflow via Archive and then upload the app bundle via the Organizer in Xcode.

    So, for those having this problem now and in the future, here is what solved my problem:

    1) Go to the project navigation panel and click on your project

    2) Go to each of your targets by clicking on Build settings and make the following modifications (enter the word "signing" in the search box, as that narrows down the build settings that show up):

    3) To build your app for distribution, do the following:

    4) To notarize the app bundle you just created and signed properly, and with a valid secure timestamp, then you have several options:

    5) Upload the disk image or zip file by using this in Terminal: xcrun altool --notarize-app --primary-bundle-id "your-primary-bundle-id-here" --username "*your-username*" --password "*your-app-specific-password-here*" --file *your-path-here*. You need to go to your appleid.apple.com account to generate an app-specific password for the altool app. This is a security measure, so that you do not send your Apple ID password in the clear. You can do that in the Security panel of your Apple ID management account. Do not do anything until you get the confirmation that the upload was successful.

    6) To request the notarization history status, run this in the Terminal: xcrun altool --notarization-history 0 -u "*your-account*" -p "*your-app-specific-password-here*". You should see a list of uploads and their respective dates and RequestUUID's. The latest upload is usually the first on the list.

    7) To request the notarization status, including access to the notarization log file run this in Terminal: xcrun altool --notarization-info RequestUUID -u "*your-account*"

    8) If you get the status that your app bundle was approved, then you can staple that approval by running this in Terminal: xcrun stapler staple *path-to-your-app-bundle*.