Lisp HUG Maillist Archive

Apple requirements to sign and notarize

Hello guys,

I'm thinking about moving to MacOS and have lispworks there. What puzzles me is requirement of apple to Sign and Notarize apps before distribution. https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution

from v 10.15 all applications has to be notarized. How can one achieve this in Lispworks, as it is not using Xcode to my knowledge?

Cheers 

la-ci

Re: Apple requirements to sign and notarize

Ladislav Koščo <laci.kosco@gmail.com> writes:

> Hello guys,I&#39;m thinking about moving to MacOS and have lispworks
> there. What puzzles me is requirement of apple to Sign and Notarize
> apps before
> distribution. https://developer.apple.com/documentation/security/notarizing_your_app_before_distributionfrom
> v 10.15 all applications has to be notarized. How can one achieve this
> in Lispworks, as it is not using Xcode to my knowledge?Cheers la-ci

Hi!

I haven't looked into notarizing yet, since I haven't distributed a
MacOS binary for almost 3 years. But back then, signing a LispWorks app
was no problem. I just added this at the end of my build script:

  (system:run-shell-command (format nil "codesign -v -s \"Developer ID
Application: My Company Name here\" ~~/my-path/~a.app/" my-app
name-here)))

-- 
  (espen)

_______________________________________________
Lisp Hug - the mailing list for LispWorks users
lisp-hug@lispworks.com
http://www.lispworks.com/support/lisp-hug.html

Re: Apple requirements to sign and notarize

Hi Ladislav
We have two versions of our app (ScoreCloud Studio). One is distributed in Mac App Store and the other is distributed on our web site. Both versions are sandboxed and code signed with the hardened runtime (--options runtime).

NOTE:
Notarization and stapling is not meant for distribution in Mac App Store since Apple re-signs all App Store apps before they're made available to customers. Notarization is intended to strengthen the security Gatekeeper offers for Developer ID-signed apps.

Therefore only the version distributed on our web site is notarized and stapled and we do it manually after building and code signing.
Here is how we do it:

# Since Apple has started using two-factor login for Apple IDs, you may need to get an app-specific password (see https://support.apple.com/en-us/HT204397) when running the commands below.
# You can get app-specific passwords here: https://appleid.apple.com/account/manage.
xcrun altool --notarize-app -f <path to dmg file> --primary-bundle-id <primary bundle id> -u <apple id>
# Wait for RequestUUID and use it below
xcrun altool --notarization-info <RequestUUID> -u <apple id>
# When finished and everything was ok, do this
xcrun stapler staple <path to dmg file>

Hope this helps!
Best,
Sven





10 sep. 2019 kl. 13:58 skrev Ladislav Koščo <laci.kosco@gmail.com>:

Hello guys,

I'm thinking about moving to MacOS and have lispworks there. What puzzles me is requirement of apple to Sign and Notarize apps before distribution. https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution

from v 10.15 all applications has to be notarized. How can one achieve this in Lispworks, as it is not using Xcode to my knowledge?

Cheers 

la-ci

Updated at: 2020-12-10 08:29 UTC