Notarization sh script for automate whole process. Script is created based on several examples found on the web. Links to these examples can be found bellow (mostly thanks to Logcg.com blog).
Notarize DMG file
#!/bin/sh APPLICATION_PATH=$1 UNDLE_ID="___BUNDLE_ID____" APPLE_USER="___APPLE_USER____" APPLE_PASSWORD="___APLE_APPSPECIFIC_PASSWORD___" echo "Running notarize-app command for file $APPLICATION_PATH" xcrun altool --notarize-app -t osx -f "$APPLICATION_PATH" --primary-bundle-id=$BUNDLE_ID -u $APPLE_USER -p $APPLE_PASSWORD &> notarize-status.txt echo "Notarize-app complete. Result: " cat notarize-status.txt uuid=`cat notarize-status.txt | grep -Eo '\w{8}-(\w{4}-){3}\w{12}$'` echo "Request UUID is $uuid" while true; do echo "checking for notarization..." xcrun altool --notarization-info "$uuid" --username $APPLE_USER --password $APPLE_PASSWORD &> notarize-response.txt echo "Response:" cat notarize-response.txt t=`cat notarize-response.txt | grep "success"` f=`cat notarize-response.txt | grep "invalid"` if [[ "$t" != "" ]]; then echo "notarization done! Stampling application $APPLICATION_PATH" xcrun stapler staple "$APPLICATION_PATH" echo "stapler done!" break fi if [[ "$f" != "" ]]; then echo "$r" return 1 fi echo "not finish yet, sleep 30sec then check again..." sleep 30 done
Notarize .app / .zip
#!/bin/sh APPLICATION_PATH=$1 ZIP_PATH=./application-to-notarize.zip BUNDLE_ID="___BUNDLE_ID____" APPLE_USER="___APPLE_USER____" APPLE_PASSWORD="___APLE_APPSPECIFIC_PASSWORD___" echo "Packing app $APPLICATION_PATH to zip file $ZIP_PATH" ditto -ck --rsrc --sequesterRsrc $APPLICATION_PATH $ZIP_PATH echo "Running notarize-app command for file $ZIP_PATH" xcrun altool --notarize-app -t osx -f "$ZIP_PATH" --primary-bundle-id=$BUNDLE_ID -u $APPLE_USER -p $APPLE_PASSWORD &> notarize-status.txt echo "Notarize-app complete. Result: " cat notarize-status.txt uuid=`cat notarize-status.txt | grep -Eo '\w{8}-(\w{4}-){3}\w{12}$'` echo "Request UUID is $uuid" while true; do echo "checking for notarization..." xcrun altool --notarization-info "$uuid" --username $APPLE_USER --password $APPLE_PASSWORD &> notarize-response.txt echo "Response:" cat notarize-response.txt t=`cat notarize-response.txt | grep "success"` f=`cat notarize-response.txt | grep "invalid"` if [[ "$t" != "" ]]; then echo "notarization done! Stampling application $APPLICATION_PATH" xcrun stapler staple "$APPLICATION_PATH" echo "stapler done!" break fi if [[ "$f" != "" ]]; then echo "$r" return 1 fi echo "not finish yet, sleep 30sec then check again..." sleep 30 done
Useful links:
- commands to notarize app
- https://skyronic.com/app-notarization-for-qt-applications/
- https://successfulsoftware.net/2018/11/16/how-to-notarize-your-software-on-macos/
- https://developer.apple.com/documentation/xcode/notarizing_your_app_before_distribution/customizing_the_notarization_workflow
- https://developer.apple.com/documentation/xcode/notarizing_your_app_before_distribution/customizing_the_notarization_workflow
- Automating the process:
- how to generate app-specific password:
https://support.apple.com/en-ca/HT204397 - what is hardened runtime:
https://developer.apple.com/documentation/security/hardened_runtime_entitlements - altool cannot be found:
https://forums.developer.apple.com/thread/118045