Currently, an .app/
folder can't be submitted for notarization and must be packaged first. On the other hand, a ticket can't be stapled to a .zip
after notarization is successful. Apple Documentation
This creates a process as below:
.app/
.zip
for notarization.zip
.app/
.app/
for distributionOur specific use case is that our application will initially be installed by users from a .dmg
while subsequent updates are downloaded through .zip
. Notarizing the .dmg
is very straightforward. Zipped contents are another story.
Is there a more efficient method than the steps above?
No Dan, you've got it. Your use case is similar to mine and that's how I do it. In my case I'm distributing a .pkg that comprises an app, an uninstaller, a couple of kernel extensions, but the concept is the same for just an app. By the way, like your dmg, I'm distributing the pkg for downloads but then zipping that pkg for Sparkle updates.
The process only seems bizarre until you think of the zip file as a way of packaging and submitting the app bundle. You want to notarize the app and staple the resulting notarization to the app bundle. You do it like this:
For more convenience: if you do this in a makefile, the make can automatically wait for the notarizations before stapling. I do it like this:
notarizationRequestID=$(shell xcrun altool --notarize-app \
--primary-bundle-id com.mycompany.appID \
--username $(DEV_USERNAME)
--password $(DEV_PASSWORD)
--asc-provider $(DEV_PROVIDER) \
--file myApp.app.zip \
| awk '/RequestUUID/ { print $$NF; }') ;\
while ! xcrun altool --notarization-info $$notarizationRequestID \
--username $(DEV_USERNAME)
--password $(DEV_PASSWORD)
--asc-provider $(DEV_PROVIDER) \
--output-format xml \
| grep -q 'https://osxapps-ssl.itunes.apple.com/itunes-assets' ;\
do sleep 5 ;\
echo "." ;\
done ;\
If you're distributing an update via Sparkle, you'll also need to gather the app cast metadata so you can paste it into your app cast.xml. At the end of the makefile:
@echo "——————————————————————————————————"
@echo " Results for Sparkle Update XML "
@echo "——————————————————————————————————"
@echo
@echo "version: " `defaults read myApp.app/Contents/Info CFBundleVersion`
@echo "shortVersionString:" `defaults read myApp.app/Contents/Info CFBundleShortVersionString`
@echo "dsaSignature: " `$MyAppSource/Libraries/Sparkle/bin/sign_update myAppInstaller.pkg.zip $MyAppSource/Resources/UpdateSigningKeys/dsa_priv.pem`
@echo "length: " `stat -f%z "myApp.pkg`