LiveCode LessonsLiveCode LessonsHow To - Step-By-Step Guides To Tasks In LiveCode Signing ApplicationsCodesigning and notarizing your LC standalone for distribution outside the Mac Appstore -

Codesigning and notarizing your LC standalone for distribution outside the Mac Appstore -

This tutorial describes the necessary tasks to get your app code signed and notarized for distribution outside the Mac Appstore.

- Codesigning your app (including some necessary preparations)

- creating and codesigning a DMG using DropDMG or hdiutil  (optional)

- Notarizing and stapling your app/dmg

Most is done with shell commands.

 

There´s also a Livecode stack available which should* does it automatically for you. See chapter 9.

*So far the author used the stack to  successfully notarize 6 different apps. 

It is strongly recommended that you read at least chapter 9 before using the stack.

1. Prerequisites

Please make sure that you fullfil the following requirements before you continue

1.1. Apple ID

If you do not already own an Apple ID, you can create one here:  https://appleid.apple.com

 

1.2. Enable two factor authentication for your Apple ID

You need to have 2 factor authentication (2FA) enabled for your Apple ID. You can do this in your Apple ID Account  at https://appleid.apple.com

 

1.3. App-specific password

 

You´ll need an app-specific password. You can create one at https://appleid.apple.com

There is a blue link Generate Password...

 

In my given examples below I will use tic-tac-toe in places of app-specific password.

 

1.4. Developer ID

You´ll need a Deverloper  ID. Therefore you´ll need to be a member in the Apple Developer Programm. Join here https://developer.apple.com

In my examples i use developer@mrd.de as Developer ID.

1.5. Create Developer ID Application certificate using Developer account

The certificate types for distribution outside the Apple "App Store” for Mac OS are:

- Developer ID Application   <- this is the one you need for this tutorial

This certificate is used to code sign your app for distribution outside of the Mac App Store.

- Developer ID Installer

This certificate is used to sign your app’s "Installer Package" for distribution outside of the Mac App Store.

 

Note: If you are not distributing “Installer Packages”, the only certificate you need is “Developer ID Application”

 

You can create the certificates either in your Apple Developer account, see screenshot.

After you´ve created the certificate you can download the certificate. You can now add it to your Keychain by double clicking on the downloaded file.

1.6. CreateDeveloper ID Application certificate using Xcode

or directly in Xcode -> Preferences -> Accounts

1. press Manage Certificates -> a window pops up

2. press + sign

3. select the certificate you want to create

The certificate will automatically added to the Keychain.

1.7. Xcode 10.2

For this tutorial Xcode 10.2.1 command line tools were used for code signing, notarzing and stapling.  Xcode 11 should work as well.

1.8. Standalone with correct bundle identifier

The bundle identifier is set in the standalone settings -> Mac tab

You should use the following form for the bundle identifier com.<YourCompany>.YourAppname

or if you own a domain use <YourDomain>.YourAppname e.g. tk.rebbe.dropuploadx

 

Note: In my given examples below I will use tk.rebbe.dropuploadx in places of bundle identifier.

 

2. Preparations for code signing

Before code signing an LC app, some changes must be done to the standalone (bundle)

2.1. Removing the extended attributes

Run the following command in terminal

sudo xattr -cr "<path_to_app_bundle>"

Replace <path_to_app_bundle> with the path to your standalone.

Put the path in quotes, this would avoid problems when the path contains spaces.

Or just drag and drop the standalone on terminal window. This will take care of spaces etc. as well

 

Example

sudo xattr -cr "/Users/matthias/Downloads/DropUpload/DropUpload.app"

To make sure all attributes are removed, run the following command in terminal

sudo xattr -lr "<path_to_app_bundle>"

Replace <path_to_app_bundle> with the path to your standalone.

Put the path in quotes, this would avoid problems when the path contains spaces.

Or just drag and drop the standalone on terminal window. This will take care of spaces etc. as well

 

Example

sudo xattr -lr "/Users/matthias/Downloads/DropUpload/DropUpload.app"

If you see your prompt and no other output, then all is fine and you can continue

 

 

2.2. Renaming the localization folders

Right click on your app bundle and select "show package content".

open the folder Contens/Resources

you'll see .lproj folders. The names of all .lproj folders have to be iso country codes. So

rename those folders that do not have the iso country code in their names.

For example rename German.lproj to de.lproj, Dutch.lproj to nl.lproj and so on.

2.3. changing permissions

To make sure that you are the owner of all externals and other stuff you´ve included in your app bundle we need to change the permissions.

Run the following command in terminal

sudo chmod -R u+rw "<path_to_standalone_app_bundle>"

Example

sudo chmod -R u+rw "/Users/matthias/Downloads/DropUpload/DropUpload.app"

 

Put the path in quotes, this would avoid problems when the path contains spaces.

Or just drag and drop standalone on terminal window. This will take care of spaces etc. as well

 

3. Codesigning standalone - get the exact name of your Developer ID for signing

To codesign your app and later the dmg  you´ll need the exact name of your Developer ID application.

Open Keychain Access

The name of the Developer ID begins with Developer ID Application: followed by your name and you your ID

3.1. Codesigning standalone - now codesign

Run the following command in Terminal

codesign --deep --force --verify --verbose --sign "<your_developer_ID>" --options runtime "<path_to_app_bundle>"

Replace <your_developer_id> with the name  you investigated in the previous step. Keep the quotes.

Replace <path_to_app_bundle> with the path to your standalone. Put the path in quotes, this would avoid problems when the path contains spaces. Or just drag and drop the standalone on terminal window. This will take care of spaces etc. as well

Example

codesign --deep --force --verify --verbose --sign "Developer ID Application: Matthias Rebbe (386687PEUL)" --options runtime "/Users/matthias/Downloads/DropUpload/DropUpload.app"

 

 

 

If code signing was successfull then you should see something like this

4. Verifiying the signed app (optional)

As the  command in the previous step returned  signed app bundle with Mach-0 universal (x86_64) [tk.rebbe.dropuploadx] there is no need to run this step. But you can, if you want. ;)

 

To verify we could enter the following command in Terminal

codesign --verify --verbose "<path_to_app_bundle>"

Replace <path_to_app_bundle> with the path to your standalone.

Put the path in quotes, this would avoid problems when the path contains spaces. Or just drag and drop the standalone on terminal window. This will take care of spaces etc. as well

 

Example

codesign --verify --verbose "/Users/matthias/Downloads/DropUpload/DropUpload.app"

 

This command is also usefull to find out if any app or DMG, not only yours, is codesigned or not.

It the app is code signed, then you should see something like this

5. Creating DMG (optional)

Run the following command in Terminal to create the DMG

hdiutil create -volname "<Name_of_Volume>" -srcfolder "<path_to_your_app>" -ov -format UDZO "<Name_of_the_DMG>"

Replace <Name_of_Volumes> with the name the DMG volume shall show up with, when mounted. Keep the quotes.

Replace <path_to_app_bundle> with the path to your standalone.

Put the path in quotes, this would avoid problems when the path contains spaces. Or just drag and drop the standalone on terminal window. This will take care of spaces etc. as well

Replace <Name_of_the_DMG> with the filename the DMG file shall have, for example DropUpload.dmg.  Keep the quotes

 

Example

hdiutil create -volname "DropUpload" -srcfolder "/Users/matthias/Downloads/DropUpload/DropUpload.app" -ov -format UDZO "DropUpload.dmg"

 

 

The above command would create a DMG  with the name DropUpload.dmg and the volumename DropUpload, so when the DMG is mounted the volume name would be DropUpload.

 

 

5.1. Codesigning the DMG

Run the following command in Terminal

codesign --deep --force --verify --verbose --sign "<your_developer_id>" --options runtime "<path_to_dmg>"

Replace <path_to_DMG> with the path of the newly created DMG.

Put the path in quotes, this would avoid problems when the path contains spaces. Or just drag and drop the DMG on terminal window. This will take care of spaces etc. as well

 

Example

codesign --deep --force --verify --verbose --sign "Developer ID Application: Matthias Rebbe (386687PEUL)" --options runtime "/users/matthias/name.dmg"

 

If code signing was successful, then you should see something like this

 

5.2. Verifying the codesigning (optional)

As the  command in the previous step returned "signed" there is no need to run this step.

 

However,if you want to check, if a DMG is code signed, run the following command in Terminal

codesign --verify --verbose "<path_to_dmg>"

Replace <path_to_DMG> with the path of the newly created DMG.

Put the path in quotes, this would avoid problems when the path contains spaces. Or just drag and drop the DMG on terminal window. This will take care of spaces etc. as well

 

Example

codesign --verify --verbose "/users/matthias/name.dmg"

 

 

6. Notarizing your App or DMG

To get our app notarized by Apple we need to upload it to Apple. Apple does not allow an app to be uploaded directly. Only zip files, DMGs or Installer packackages can be uploaded.

Please go to step 6.2 if you´ve created a signed DMG otherwise continue with step 6.1

6.1. Notarizing an app (zip method)

6.1.1. creating a zip file from app

Therefore we need to create a zip file from our app first.

The easiest way  to do this is to right click on our app and select compress. After the zip file was created we can upload it to Apple.

6.1.2. Uploading the zip file to Apple for Notarization / Analysis

Run the following command in Terminal

xcrun altool -type osx --notarize-app --primary-bundle-id "<primary-bundle-id>" --username "<your_AppleID>" --password "<yourAppSpecificPassword>" --file "<path_to_zip>" [--ascprovider "<ascProvider>"]

<primary-bundle-id> = specify an identifier that helps you keep track of automated correspondence from the notarization service. This is for your own use and does not have to be the bundle identifier.  In my example i am using the bundle-id tk.rebbe.dropuploadx . Please put the bundle identifier in quotes.

 <your_AppleID> = Your AppleID  you´ve used for registering your Apple deverloper account. Put the AppleID in quotes

 <yourAppSpecificPassword> = The password you´ve created at https://appleid.apple.com   For details see  chapter 1.3.  Put the password in quotes.

Note: See chapter 7 on how to reference to a password stored in Keychain Access instead of using your app specific password directly.

 <path_to_zip> = the path to the  zip. Put the path in quotes. This will avoid problems when the path contains spaces or any of the following characters \`!$

Or just drag and drop the zip file on terminal window. This will take care of spaces etc. as well

 

<ascProvider> = shortname of the TeamID (optional)

If you are a member of multiple development teams and your  e-mail adress is attached to more than one development team, then you´ll need to add the shortname of your team id, otherwise Apple´s notarization service does not know for which team you are doing the notarization or request. (see chapter 8)

 

Example

xcrun altool -type osx --notarize-app --primary-bundle-id "tk.rebbe.dropuploadx>" --username "<developer@mrd.de>" --password "tic-tac-toe" --file "/users/matthias/name.zip" 

 

If the upload was successful and the file was accepted for notariziation you should see something like the output in the screenshot below

*** Please make a record of the returned RequestUUID (either by copying it to the clipboard, making a screenshot or just by writing it down). You will need it later. ***

 

Apple is now analysing your uploaded file. If all is well, you´ll get an email from Apple confirming that your app is ready for distribution.

The analysis process could take a while. The fastest here was about 2 minutes, the longest so far 35 mintues.

If you don´t want to wait for the Apple confirmation e-mail  and want to check the notarization status see step 6.3.

 

 

6.1.3. Delete the zip file again

As the zip file was only needed to  upload the app for notarization we can now delete the zip file again. We do not need it anymore.

6.2. Notarizing app (DMG method)

To get our DMG and the app in it notarized by Apple we need to upload it to Apple.

6.2.1. Uploading the DMG to Apple for Notarization / Analysis

Run the following command in Terminal

xcrun altool -type osx --notarize-app --primary-bundle-id "<bundle-id>" --username "<your_AppleID>" --password "<yourAppSpecificPassword>" --file "<path_to_dmg>" [--ascprovider "<ascProvider>"]

<bundle-id> = specify an identifier that helps you keep track of automated correspondence from the notarization service. This is for your own use and does not have to be the bundle identifier.  In my example i am using the bundle-id tk.rebbe.dropuploadx . Please put the bundle identifier in quotes.

 

<your_AppleID> = Your AppleID  you´ve used for registering your Apple deverloper account. Please put it in quotes

 

 <yourAppSpecificPassword> = The password you´ve created at https://appleid.apple.com   For details see  chapter 1.3.  Put  the password in quotes.

Note: See chapter 7  on how to reference to a password stored in Keychain Access instead of using your app specific password directly.

 

<path_to_DMG> = the path to the  DMG.

Put the path in quotes. This will avoid problems when the path contains spaces or any of the following characters \`!$

Or just drag and drop the DMG on terminal window. This will take care of spaces etc. as well

 

<ascProvider> = shortname of the TeamID (optional)

If you are a member of multiple development teams and your  e-mail adress is attached to more than one development team, then you´ll need to add the shortname of your team id, otherwise Apple´s notarization service does not know for which team you are doing the notarization or request. (see chapter 8)

 

Example

xcrun altool -type osx --notarize-app --primary-bundle-id "tk.rebbe.dropuploadx>" --username "<developer@mrd.de>" --password "tic-tac-toe" --file "/users/matthias/name.dmg" 

 

If the upload was successful and the file was accepted for notariziation you should see something like the output in the screenshot below

*** Please make a record of the returned RequestUUID (either by copying it to the clipboard, making a screenshot or just by writing it down). You will need it later. ***

 

Apple is now analysing your uploaded file. If all is well, you´ll get an email from Apple confirming that your app is ready for distribution.

The analysis process could take a while. The fastest here was about 2 minutes, the longest so far 35 minutes.

If you don´t want to wait for the Apple confirmation e-mail  and want to check the notarization status see step 6.3.

 

 

6.3. Check the status of analysis

Run the following command in Terminal

xcrun altool --notarization-info <requestUUID> --username "<your_AppleID>" --password "<yourAppSpecificPassword>" [--ascProvider <"ascProvider>"]

<requestUUID> = the returned ID from step 8

<your_AppleID> = Your AppleID  you´ve used to join Apple´s deverloper program. Put your AppleID in quotes.

<yourAppSpecificPassword> = The password you´ve created at https://appleid.apple.com.  Put the password in quotes.

 <ascProvider> = shortname of the TeamID (optional)

If you are a member of multiple development teams and your  e-mail adress is attached to more than one development team, then you´ll need to add the shortname of your team id, otherwise Apple´s notarization service does not know for which team you are doing the notarization or request. (see chapter 8)

 

Example

xcrun altool --notarization-info 8a741234-12b4-1d34-12a4-74abcde2e93c --username "developer@mr-d.de" --password "tic-tac-toe"

 

6.3.1. Check the status of analysis - ...in progress

If the analysis process is not finished, then you see something like this

 

6.3.2. Check the status of analysis - ...Success

If the anaylsis process was successfull you should see something like this

with Status Message: Package Approved

6.3.3. Check the status of analysis - ...invalid

There might be other messages like Status: invalid

This could come up, if you´ve forgot to do the preparations listed step 2

6.4. confirmation e-mail from Apple

You will also receive an e-mail from Apple informing you about the result of the notarization/analysis.

Stapling means the notarization ticket is added to the app/DMG.

This step is  not mandatory, but recommended.  It ensures that Gatekeekper can find the notarization ticket even when a network connection isn't available.

Without this step every time an app or dmg is launched Gatekeeper has to check online if the DMG/App was notarized or not.

Stapling ensures that Gatekeeper can approve the notriazation  even when an internet connection isn't available.

To staple it run the following from Terminal

xcrun stapler staple -v "<path_to_app>"

Replace <path_to_app> with the path of the  standalone.

Put the path in quotes. This will avoid problems when the path contains spaces or any of the following characters \`!$

Or just drag and drop the app on terminal window. This will take care of spaces etc. as well

 

Examples  

xcrun stapler staple -v "/Users/matthias/Downloads/DropUpload/DropUpload.app"

If the staple was successfull then you should see The staple and validate action worked!

 

Instead of stapling the original standalone on the harddisk for distribution, you could just copy the app from the mounted DMG and use that for distribution as zip.

But at least i wanted to show that you also can staple the  app. ;)

 

 

 

To staple the DMG run the following from Terminal

xcrun stapler staple -v "<path_to_dmg>"

Replace <path_to_DMG> with the path of the  DMG.

Put the path in quotes. This will avoid problems when the path contains spaces or any of the following characters \`!$

Or just drag and drop the DMG on terminal window. This will take care of spaces etc. as well

 

Examples

xcrun stapler staple -v "/users/matthias/name.dmg"

 

If you see The staple and validate action worked!, then your DMG was successfully stapled and is ready for distribution.

 

7. Addendum 1 - reference to a password stored in keychain

Instead of using your  password directly in the Terminal commands you can use a reference to the saved password in keychain. Therefore you have to store your password in Keychain Access.

7.1. Use Terminal to store password in keychain.

Enter the following command in Terminal

security add-generic-password -a "<apple_id>" -w "<app_specific_password>"  -s "<keychain_item_name>"

Replace <apple_id> with the your Apple ID you´ve use to join the Apple Developer Program. Put it in quotes

Replace <app_specific_password> with the the app-specific password you´ve created at https://appleid.apple.com. (See chapter 1.3). Put it in quotes.

Replace <keychain_item_name> with the name you want the password be saved under in Keychain. This will be the Keychain Item Name.  Put it in quotes.

Example

security add-generic-password -a "developer@mrd.de" -w "tic-tac-toe"  -s "Notarizing"

The above example would add  the password tic-tac-toe for  account developer@mrd.de to Keychain and would name it Notarizing.

 

7.2. Use Keychain Access to store password in Keychain

 

- Select File->New Password Item (cmd+N)

- Enter the desired name example Notarizing in the field Keychain Item Name

- Enter your developer email example developer@mrd.de in the field Account Name

- Enter your app specific password example tiac-tac-toe in the field Password

 

 

The screenshot shows the German GUI of the Keychain Access.app. See red translations.

7.3. How to reference to a Keychain password?

 

In Step 8 the password parameter was

--password "<yourAppSpecificPassword>"

Example

--password "tic-tac-toe"

 

 

To reference to a password in keychain the parameter would be

--password "@keychain:<name_of_pw_in_keychain>"

Replace <name_of_pw_in_keychain> with the Keychain Item Name you´ve use when adding the password to the Keychain

Example

--password "@keychain:Notarizing"

 

Importan Note: The first time you run altool, you get a security confirmation dialog asking you whether to allow altool to read the password from the keychain. Enter your (Mac) user password and click on Always allow.

 

8. Addendum 2 - the asc provider

If you are a member of multiple development teams and your e-mail adress is attached to more than one development team, then you´ll need to add the shortname of your team id, otherwise Apple´s notarization service does not know for which team you are doing the notarization or request.

To get a list of all development teams (it seems Apple call them provider) your e-mailadress is attached to run this shell command in Terminal:

/Applications/Xcode.app/Contents/Applications/Application\ Loader.app/Contents/itms/bin/iTMSTransporter -m provider -u "<your_AppleID>" -p "<yourAppSpecificPassword>"

Note: iTMSTransporter only allows the password parameter as plain password . --password "<yourAppSpecificPassword>"

or as a reference to a file, which has your app-specific password stored. --password "@file:<pathToYourPasswordFile>"

for example   --password "@file:/users/matthias/documents/mr.txt". In this example the file mr.txt must contain the app-specific password.

You cannot use the parameter @keychain with the iTMSTransporter!

After running the above command you´ll should see a long output of information. At the end of the output you´ll should see something like this:

In the above screenshot the e-mailadress is attached to two teams (providers). We need the short name of the provider we want to do the notarization/request for.

Let´s say we want to do the request for Multitronic Vertrieb, then the password parameter for the altool commad would look like this

--ascprovider "Multitronic"

 

9. Addendum 3 - Livecode stack

Using author´s Livecode stack to automate the above steps .

 

9.1. The Livecode Stack

There´s  a Livecode stack available which does all the steps required for Notarization and Stapling.

For creating DMGs the stack uses hdiutil or the command line tool of DropDMG.

DropDMG is more powerful and allows to add layouts, licenses and much more to the DMG.

9.2. Overview

This chapter is just a quick overview. More detailed information about settings can be found in chapters 8.3 to 8.6

If you want, you can test right away following steps

1 - go to settings and enter fill out all fields with appropriate values.

2 - drag your app bundle you want to codesign&notarize to this fiedl

3 - enter the Primary bundle id.

According to Apple´s documentation you can enter what you want as the primary bundle id. Specify an identifier that helps you keep track of automated correspondence from the notarization service. The value you give doesn’t need to match the bundle identifier of the submitted app or have any particular value. It only needs to make sense to you. The notarization service includes the value whenever it emails you regarding the given altool submission. If you don´t enter a primary bundle id then the stack uses the bundle identifier of the app.

Allowed characters are a-z,A-z, 0-9 and the period (.)  

4 - Select the desired action

5 - Press START

6 - The status field shows  information including encountered errors during the codesigning and notarization process. If an error is detected then an answer dialog will popup and the process is aborted.

 

The image below shows a successful notarization.

9.3. The Main Window

1 - empty all fields

2 - go to settings

3 - drag your app bundle into this field

4 - enter Primary Bundle ID here

According to Apple´s docoumentation you can enter what you want as the primary bundle id. Specify an identifier that helps you keep track of automated correspondence from the notarization service. The value you give doesn’t need to match the bundle identifier of the submitted app or have any particular value. It only needs to make sense to you. The notarization service includes the value whenever it emails you regarding the given altool submission. If you don´t enter a primary bundle id then the stack uses the bundle identifier of the app. Allowed characters are a-z,A-z, 0-9 and the period (.)

5 - the RequestUUID which is returned after successful upload. This field will be automatically filled and is not editable.

6 - The status field shows  information including encountered errors during the codesigning and notarization process. If an error is detected then an answer dialog will popup and the process is aborted.

7 - enable this to just create the shell commands without executing them. This will option will be removed in future versions

8 - select the desired action. Currently you can decide between

- signing,creating and signing DMG, notarizing and stapling

- signing, notarizing and stapling App

- list all recent notarization requests  -> See chapter 5

9 - push this button to start the desired action

9.4. The Settings

9.4.1. General Settings

1 - Close the stack

2 - empty all fields

3 - enter your sudo password. This is needed for some tasks.

4 - Your AppleID - please enter the Apple ID you´ve used for the Apple Developer Membership

5 - Keychain item name of your app-specific password. Please see chapter 7 of the following livecode lesson:

6 - Mark if your Apple ID is attached to multiple iTunes providers

7 - press to retrieve from Apple a list of all iTunes providers your AppleID is attached to

8 - select the iTunes provider you want to use for your tasks

9 - Your Apple Developer ID Application.  This contains your name and a number. e.g Developer ID Application: Matthias Rebbe (123456GEUL)

10 - select if you have installed DropDMG and want use that tool for DMG creation

11 - select if you want to overwrite existing DMG - only visible if "Use DropDMG..." is not selected.

12 - press to open settings for using DropDMG command line tool - only visible if "Use DropDMG..." is selected.

13 - save settings

9.4.2. DropDMG settings

1 - Close the stack

2 - empty all fields

3 - save settings

4 - default path to DropDMG´s command line tool

5 - press to select an other path

6 - Configuration to be used for DMG creation.

7 - press to select DropDMG configurations.

8 - Layout to be used for DMG creation

9 - press to select a DropDMG Layout

10 - License to be add to the DMG

11 - press to select a DropDMG License

12 - check to overwrite existing DMG. Otherwise DropDMG adds a counter to the name e.g. MyDMG-1.dmg
this is automatically handled by DropDMG´s command line tool

13 - go back to general settings

9.5. Show all recent notarization requests  (sucessful, failed or in progress ones)

1 - close stack

2- Refresh the list

3 - empty the table

4 - Retrieves  information for the selected request from Apple´s Notarization service.

5 - Open the Logfile URL for the selected request.

Note: Fetching the list of all recent notarization requests from Apple´s servers may take some time, so please be patient.

9.5.1. Show detailed information for selected request

1 - close field

2 - information for a request looks like this

3 - this is the Logfile URL you can open directly using the the other option

Note: Fetching the detailed information from Apple´s servers may take some time (approx. 5-10 seconds).

9.5.2. Show logfile for selected request

The field shows the logfile content for the selected notarization request. The logfile is fetched from Apple servers.

Note: Fetching the logfile data from Apple´s servers may take some time (approx. 5-10 seconds).

 

 

The following screenshot shows the logfile content of a successful notarization

The following screenshot shows the logfile content of an unsuccessful notarization.

10. Troubleshooting

It can happen that your app will not be  approved and the notarization fails. This can have several reasons. But how do you get to know what the reason was?

You can either use the stack mentioned in chapter 9 to find out or you use the shell and run several command to find out.

 

 This chapter explains how to find out using shell commands.

10.1. How to get detailed information about a notarizatian request

10.1.1. Get a list of all recent requests

To list all recent notarization request run the following command in Terminal

xcrun altool --notarize-history 0 --username "<your_AppleID>" --password "<yourAppSpecificPassword>" [--asc-provider "<ascProvider>"]

<your_AppleID> = Your AppleID  you´ve used for registering your Apple deverloper account. Please put it in quotes

 <yourAppSpecificPassword> = The password you´ve created at https://appleid.apple.com   For details see  chapter 1.3.  Put  the password in quotes.

Note: See chapter 7  to see how to reference to a password stored in Keychain Access instead of using your plain app specific password

 

<ascProvider> = shortname of the TeamID (optional)

If you are a member of multiple development teams and your  e-mail adress is attached to more than one development team, then you´ll need to add the shortname of your team id, otherwise Apple´s notarization service does not know for which team you are doing the notarization or request. (see chapter 8)

 

The screenshot below is an example and shows a list of recent  notarization request i´ve done. The column status shows the status of the notarization requests. The latest requests are always

at the top of the list. So our failed request is the first one.  We need the requestUUID of that request. Copy the id to the clipboard. We need it in the next step.

10.1.2. Get information for a single request

In the previous step we´ve copied the requestUUID of the failed notarization to the clipboard.

Now run the following shell command in Terminal:

xcrun altool --notarization-info <requestUUID> -u "developer@mrd.de" -p "@keychain:Notarizing"

<requestUUID> = the requestUUID for which we want more information. In our case this is the id we´ve copied to the clipboard

 

The screenshot below shows the information for our failed notarization. But we still don´t see any reason, but a URL.

 

 

Copy the complete URL to your clipboard and open it then in your webbrowser.

You should see something like this.

 

In our example the reason for the failed notarization was that the binary used an SDK older than the 10.9 SDK. In this example the app i tried to notarize was created with on older version of Livecode. So creating the standalone using a current version of LC should solve the notarization problem.

 

 

1 Comments

Jerry Janson

This is an outstanding and very worked-out lesson with great detail. Thank you!

Add your comment

E-Mail me when someone replies to this comment