What I Wish I’d Known Before Starting Notarize
Unlike sandboxing, notarization should not have any detrimental effects for most Mac apps.
As always the real trouble starts when you are trying to inject Notarization into the tangled web of modern Mac software development: entitlements, certificates, automated Xcode build chains, build settings, etc..
[…]
In this context, it would have saved me a lot of time if I had known how to find out whether a product has in fact been signed with a secure timestamp. Executing “codesign –verify –deep –strict –verbose=4 –display -r- /path/to/my/product” will display loads of things. If there is a line with “Signed Time” among it, that means that you did not sign with a secure timestamp. If you have a line with “Timestamp” in it, it means you do have a secure timestamp.
[…]
For most of my products, Sparkle is the only framework that I bundle, so I blame it for the entire dreaded complexity and wasted time of framework signing.. which is a lot of blame. Signing frameworks is hell.. or used to be hell.. and now is hell again.
Previously:
- Notarizing Command-Line Tools for macOS 10.15
- Security & Privacy in macOS 10.15 Beta
- macOS 10.14.5 Requires New Developers to Notarize
Update (2019-07-26): Rosyna Keller:
This [timestamp issue] is covered on the searchable “Resolving Common Notarization Issues” page.
2 Comments RSS · Twitter
It seems like making an application for macOS is akin to rocket science, requiring a lot of hardwork before actually getting to the app making part.
