Codesigning and notarizing your LC standalone for distribution outside the Mac Appstore -
This tutorial describes the necessary tasks to get your app code signed and notarized for distribution outside the Mac Appstore.
- Codesigning your app (including some necessary preparations)
- creating and codesigning a DMG using DropDMG or hdiutil (optional)
- Notarizing and stapling your app/dmg
Most is done with shell commands.
There´s also a Livecode stack available which should does it automatically for you. See chapter 9.
It is strongly recommended that you read at least chapter 9 before using the stack.
1. Prerequisites
Please make sure that you fullfil the following requirements before you continue
1.1. Apple ID
If you do not already own an Apple ID, you can create one here: https://appleid.apple.com
1.2. Enable two factor authentication for your Apple ID
You need to have 2 factor authentication (2FA) enabled for your Apple ID. You can do this in your Apple ID Account at https://appleid.apple.com
1.3. App-specific password
You´ll need an app-specific password. You can create one at https://appleid.apple.com
There is a blue link Generate Password...
In my given examples below I will use tic-tac-toe in places of app-specific password.
1.4. Developer ID
You´ll need a Deverloper ID. Therefore you´ll need to be a member in the Apple Developer Programm. Join here https://developer.apple.com
In my examples i use developer@mrd.de as Developer ID.
1.5. Create Developer ID Application certificate using Developer account
The certificate types for distribution outside the Apple "App Store” for Mac OS are:
- Developer ID Application <- this is the one you need for this tutorial
This certificate is used to code sign your app for distribution outside of the Mac App Store.
- Developer ID Installer
This certificate is used to sign your app’s "Installer Package" for distribution outside of the Mac App Store.
Note: If you are not distributing “Installer Packages”, the only certificate you need is “Developer ID Application”
You can create the certificates either in your Apple Developer account, see screenshot.
After you´ve created the certificate you can download the certificate. You can now add it to your Keychain by double clicking on the downloaded file.
1.6. CreateDeveloper ID Application certificate using Xcode
or directly in Xcode -> Preferences -> Accounts
1. press Manage Certificates -> a window pops up
2. press + sign
3. select the certificate you want to create
The certificate will automatically added to the Keychain.
1.7. Xcode 10.2
For this tutorial Xcode 10.2.1 command line tools were used for code signing, notarzing and stapling. Xcode 11 should work as well.
1.8. Standalone with correct bundle identifier
The bundle identifier is set in the standalone settings -> Mac tab
You should use the following form for the bundle identifier com.<YourCompany>.YourAppname
or if you own a domain use <YourDomain>.YourAppname e.g. tk.rebbe.dropuploadx
Note: In my given examples below I will use tk.rebbe.dropuploadx in places of bundle identifier.
1.9. Some notes about how to add additional files or folders
It is important or better said mandatory that additional files and folders have to be copied to the standalone using the Copy Files tab in the standalone settings. Please do not add those files or folders to the app bundle manually after standalone creation.
You have to use the Copy Files tab in the standalone settings!
2. Preparations for code signing
Before code signing an LC app, some changes must be done to the standalone (bundle)
2.1. Removing the extended attributes
Run the following command in terminal
sudo xattr -cr "<path_to_app_bundle>"Replace <path_to_app_bundle> with the path to your standalone.
Put the path in quotes, this would avoid problems when the path contains spaces.
Or just drag and drop the standalone on terminal window. This will take care of spaces etc. as well
Example
sudo xattr -cr "/Users/matthias/Downloads/DropUpload/DropUpload.app"To make sure all attributes are removed, run the following command in terminal
sudo xattr -lr "<path_to_app_bundle>"Replace <path_to_app_bundle> with the path to your standalone.
Put the path in quotes, this would avoid problems when the path contains spaces.
Or just drag and drop the standalone on terminal window. This will take care of spaces etc. as well
Example
sudo xattr -lr "/Users/matthias/Downloads/DropUpload/DropUpload.app"If you see your prompt and no other output, then all is fine and you can continue
2.2. Renaming the localization folders
Right click on your app bundle and select "show package content".
open the folder Contens/Resources
you'll see .lproj folders. The names of all .lproj folders have to be iso country codes. So
rename those folders that do not have the iso country code in their names.
For example rename German.lproj to de.lproj, Dutch.lproj to nl.lproj and so on.
2.3. changing permissions
To make sure that you are the owner of all externals and other stuff you´ve included in your app bundle we need to change the permissions.
Run the following command in terminal
sudo chmod -R u+rw "<path_to_standalone_app_bundle>"Example
sudo chmod -R u+rw "/Users/matthias/Downloads/DropUpload/DropUpload.app"
Put the path in quotes, this would avoid problems when the path contains spaces.
Or just drag and drop standalone on terminal window. This will take care of spaces etc. as well
3. Codesigning standalone - get the exact name of your Developer ID for signing
To codesign your app and later the dmg you´ll need the exact name of your Developer ID application.
Open Keychain Access
The name of the Developer ID begins with Developer ID Application: followed by your name and you your ID
3.1. Codesigning standalone - now codesign
Run the following command in Terminal
codesign --deep --force --verify --verbose --sign "<your_developer_ID>" --options runtime "<path_to_app_bundle>"Replace <your_developer_id> with the name you investigated in the previous step. Keep the quotes.
Replace <path_to_app_bundle> with the path to your standalone. Put the path in quotes, this would avoid problems when the path contains spaces. Or just drag and drop the standalone on terminal window. This will take care of spaces etc. as well
Example
codesign --deep --force --verify --verbose --sign "Developer ID Application: Matthias Rebbe (386687PEUL)" --options runtime "/Users/matthias/Downloads/DropUpload/DropUpload.app"
If code signing was successfull then you should see something like this
A special note about entitlements
If you want to include an entitlements file, then please use this syntax
codesign --deep --force --verify --verbose --sign "<your_developer_ID>" --options runtime --entitlements "<path/to/entitlements.plist>" "<path_to_app_bundle>"Please see also lesson Entitlements for signed and notarized apps for more information
4. Verifiying the signed app (optional)
As the command in the previous step returned signed app bundle with Mach-0 universal (x86_64) [tk.rebbe.dropuploadx] there is no need to run this step. But you can, if you want. ;)
To verify we could enter the following command in Terminal
codesign --verify --verbose "<path_to_app_bundle>"Replace <path_to_app_bundle> with the path to your standalone.
Put the path in quotes, this would avoid problems when the path contains spaces. Or just drag and drop the standalone on terminal window. This will take care of spaces etc. as well
Example
codesign --verify --verbose "/Users/matthias/Downloads/DropUpload/DropUpload.app"
This command is also usefull to find out if any app or DMG, not only yours, is codesigned or not.
It the app is code signed, then you should see something like this
5. Creating DMG (optional)
Run the following command in Terminal to create the DMG
hdiutil create -volname "<Name_of_Volume>" -srcfolder "<path_to_your_app>" -ov -format UDZO "<Name_of_the_DMG>"Replace <Name_of_Volumes> with the name the DMG volume shall show up with, when mounted. Keep the quotes.
Replace <path_to_app_bundle> with the path to your standalone.
Put the path in quotes, this would avoid problems when the path contains spaces. Or just drag and drop the standalone on terminal window. This will take care of spaces etc. as well
Replace <Name_of_the_DMG> with the filename the DMG file shall have, for example DropUpload.dmg. Keep the quotes
Example
hdiutil create -volname "DropUpload" -srcfolder "/Users/matthias/Downloads/DropUpload/DropUpload.app" -ov -format UDZO "DropUpload.dmg"
The above command would create a DMG with the name DropUpload.dmg and the volumename DropUpload, so when the DMG is mounted the volume name would be DropUpload.
5.1. Codesigning the DMG
Run the following command in Terminal
codesign --deep --force --verify --verbose --sign "<your_developer_id>" --options runtime "<path_to_dmg>"Replace <path_to_DMG> with the path of the newly created DMG.
Put the path in quotes, this would avoid problems when the path contains spaces. Or just drag and drop the DMG on terminal window. This will take care of spaces etc. as well
Example
codesign --deep --force --verify --verbose --sign "Developer ID Application: Matthias Rebbe (386687PEUL)" --options runtime "/users/matthias/name.dmg"
If code signing was successful, then you should see something like this
5.2. Verifying the codesigning (optional)
As the command in the previous step returned "signed" there is no need to run this step.
However,if you want to check, if a DMG is code signed, run the following command in Terminal
codesign --verify --verbose "<path_to_dmg>"Replace <path_to_DMG> with the path of the newly created DMG.
Put the path in quotes, this would avoid problems when the path contains spaces. Or just drag and drop the DMG on terminal window. This will take care of spaces etc. as well
Example
codesign --verify --verbose "/users/matthias/name.dmg"
6. Notarizing your App or DMG
To get our app notarized by Apple we need to upload it to Apple. Apple does not allow an app to be uploaded directly. Only zip files, DMGs or Installer packackages can be uploaded.
Please go to step 6.2 if you´ve created a signed DMG otherwise continue with step 6.1
6.1. Notarizing an app (zip method)
6.1.1. creating a zip file from app
Therefore we need to create a zip file from our app first.
The easiest way to do this is to right click on our app and select compress. After the zip file was created we can upload it to Apple.
6.1.2. Uploading the zip file to Apple for Notarization / Analysis
Run the following command in Terminal
xcrun altool -type osx --notarize-app --primary-bundle-id "<primary-bundle-id>" --username "<your_AppleID>" --password "<yourAppSpecificPassword>" --file "<path_to_zip>" [--ascprovider "<ascProvider>"]<primary-bundle-id> = specify an identifier that helps you keep track of automated correspondence from the notarization service. This is for your own use and does not have to be the bundle identifier. In my example i am using the bundle-id tk.rebbe.dropuploadx . Please put the bundle identifier in quotes.
<your_AppleID> = Your AppleID you´ve used for registering your Apple deverloper account. Put the AppleID in quotes
<yourAppSpecificPassword> = The password you´ve created at https://appleid.apple.com For details see chapter 1.3. Put the password in quotes.
Note: See chapter 7 on how to reference to a password stored in Keychain Access instead of using your app specific password directly.
<path_to_zip> = the path to the zip. Put the path in quotes. This will avoid problems when the path contains spaces or any of the following characters \`!$
Or just drag and drop the zip file on terminal window. This will take care of spaces etc. as well
<ascProvider> = shortname of the TeamID (optional)
If you are a member of multiple development teams and your e-mail adress is attached to more than one development team, then you´ll need to add the shortname of your team id, otherwise Apple´s notarization service does not know for which team you are doing the notarization or request. (see chapter 8)
Example
xcrun altool -type osx --notarize-app --primary-bundle-id "tk.rebbe.dropuploadx>" --username "developer@mrd.de" --password "tic-tac-toe" --file "/users/matthias/name.zip"
If the upload was successful and the file was accepted for notariziation you should see something like the output in the screenshot below
*** Please make a record of the returned RequestUUID (either by copying it to the clipboard, making a screenshot or just by writing it down). You will need it later. ***
Apple is now analysing your uploaded file. If all is well, you´ll get an email from Apple confirming that your app is ready for distribution.
The analysis process could take a while. The fastest here was about 2 minutes, the longest so far 35 mintues.
If you don´t want to wait for the Apple confirmation e-mail and want to check the notarization status see step 6.3.
6.1.3. Delete the zip file again
As the zip file was only needed to upload the app for notarization we can now delete the zip file again. We do not need it anymore.
6.2. Notarizing app (DMG method)
To get our DMG and the app in it notarized by Apple we need to upload it to Apple.
6.2.1. Uploading the DMG to Apple for Notarization / Analysis
Run the following command in Terminal
xcrun altool -type osx --notarize-app --primary-bundle-id "<bundle-id>" --username "<your_AppleID>" --password "<yourAppSpecificPassword>" --file "<path_to_dmg>" [--ascprovider "<ascProvider>"]<bundle-id> = specify an identifier that helps you keep track of automated correspondence from the notarization service. This is for your own use and does not have to be the bundle identifier. In my example i am using the bundle-id tk.rebbe.dropuploadx . Please put the bundle identifier in quotes.
<your_AppleID> = Your AppleID you´ve used for registering your Apple deverloper account. Please put it in quotes
<yourAppSpecificPassword> = The password you´ve created at https://appleid.apple.com For details see chapter 1.3. Put the password in quotes.
Note: See chapter 7 on how to reference to a password stored in Keychain Access instead of using your app specific password directly.
<path_to_DMG> = the path to the DMG.
Put the path in quotes. This will avoid problems when the path contains spaces or any of the following characters \`!$
Or just drag and drop the DMG on terminal window. This will take care of spaces etc. as well
<ascProvider> = shortname of the TeamID (optional)
If you are a member of multiple development teams and your e-mail adress is attached to more than one development team, then you´ll need to add the shortname of your team id, otherwise Apple´s notarization service does not know for which team you are doing the notarization or request. (see chapter 8)
Example
xcrun altool -type osx --notarize-app --primary-bundle-id "tk.rebbe.dropuploadx" --username "developer@mrd.de" --password "tic-tac-toe" --file "/users/matthias/name.dmg"
If the upload was successful and the file was accepted for notariziation you should see something like the output in the screenshot below
*** Please make a record of the returned RequestUUID (either by copying it to the clipboard, making a screenshot or just by writing it down). You will need it later. ***
Apple is now analysing your uploaded file. If all is well, you´ll get an email from Apple confirming that your app is ready for distribution.
The analysis process could take a while. The fastest here was about 2 minutes, the longest so far 35 minutes.
If you don´t want to wait for the Apple confirmation e-mail and want to check the notarization status see step 6.3.
6.3. Check the status of analysis
Run the following command in Terminal
xcrun altool --notarization-info <requestUUID> --username "<your_AppleID>" --password "<yourAppSpecificPassword>" [--ascProvider <"ascProvider>"]<requestUUID> = the returned ID from step 8
<your_AppleID> = Your AppleID you´ve used to join Apple´s deverloper program. Put your AppleID in quotes.
<yourAppSpecificPassword> = The password you´ve created at https://appleid.apple.com. Put the password in quotes.
<ascProvider> = shortname of the TeamID (optional)
If you are a member of multiple development teams and your e-mail adress is attached to more than one development team, then you´ll need to add the shortname of your team id, otherwise Apple´s notarization service does not know for which team you are doing the notarization or request. (see chapter 8)
Example
xcrun altool --notarization-info 8a741234-12b4-1d34-12a4-74abcde2e93c --username "developer@mr-d.de" --password "tic-tac-toe"
6.3.1. Check the status of analysis - ...in progress
If the analysis process is not finished, then you see something like this
6.3.2. Check the status of analysis - ...Success
If the anaylsis process was successfull you should see something like this
with Status Message: Package Approved
6.3.3. Check the status of analysis - ...invalid
There might be other messages like Status: invalid
This could come up, if you´ve forgot to do the preparations listed step 2
6.4. confirmation e-mail from Apple
You will also receive an e-mail from Apple informing you about the result of the notarization/analysis.
6.5. staple the app or DMG. Optional, but recommended.
Stapling means the notarization ticket is added to the app/DMG.
This step is not mandatory, but recommended. It ensures that Gatekeekper can find the notarization ticket even when a network connection isn't available.
Without this step every time an app or dmg is launched Gatekeeper has to check online if the DMG/App was notarized or not.
Stapling ensures that Gatekeeper can approve the notriazation even when an internet connection isn't available.
6.5.1. staple the app. Optional, but recommended.
To staple it run the following from Terminal
xcrun stapler staple -v "<path_to_app>"Replace <path_to_app> with the path of the standalone.
Put the path in quotes. This will avoid problems when the path contains spaces or any of the following characters \`!$
Or just drag and drop the app on terminal window. This will take care of spaces etc. as well
Examples
xcrun stapler staple -v "/Users/matthias/Downloads/DropUpload/DropUpload.app"If the staple was successfull then you should see The staple and validate action worked!
Instead of stapling the original standalone on the harddisk for distribution, you could just copy the app from the mounted DMG and use that for distribution as zip.
But at least i wanted to show that you also can staple the app. ;)
6.5.2. staple the DMG. Optional, but recommended.
To staple the DMG run the following from Terminal
xcrun stapler staple -v "<path_to_dmg>"Replace <path_to_DMG> with the path of the DMG.
Put the path in quotes. This will avoid problems when the path contains spaces or any of the following characters \`!$
Or just drag and drop the DMG on terminal window. This will take care of spaces etc. as well
Examples
xcrun stapler staple -v "/users/matthias/name.dmg"
If you see The staple and validate action worked!, then your DMG was successfully stapled and is ready for distribution.
7. Addendum 1 - reference to a password stored in keychain
Instead of using your password directly in the Terminal commands you can use a reference to the saved password in keychain. Therefore you have to store your password in Keychain Access.
7.1. Use Terminal to store password in keychain.
Enter the following command in Terminal
security add-generic-password -a "<apple_id>" -w "<app_specific_password>" -s "<keychain_item_name>"Replace <apple_id> with the your Apple ID you´ve use to join the Apple Developer Program. Put it in quotes
Replace <app_specific_password> with the the app-specific password you´ve created at https://appleid.apple.com. (See chapter 1.3). Put it in quotes.
Replace <keychain_item_name> with the name you want the password be saved under in Keychain. This will be the Keychain Item Name. Put it in quotes.
Example
security add-generic-password -a "developer@mrd.de" -w "tic-tac-toe" -s "Notarizing"The above example would add the password tic-tac-toe for account developer@mrd.de to Keychain and would name it Notarizing.
7.2. Use Keychain Access to store password in Keychain
- Select File->New Password Item (cmd+N)
- Enter the desired name example Notarizing in the field Keychain Item Name
- Enter your developer email example developer@mrd.de in the field Account Name
- Enter your app specific password example tiac-tac-toe in the field Password
The screenshot shows the German GUI of the Keychain Access.app. See red translations.
7.3. How to reference to a Keychain password?
In Step 8 the password parameter was
--password "<yourAppSpecificPassword>"Example
--password "tic-tac-toe"
To reference to a password in keychain the parameter would be
--password "@keychain:<name_of_pw_in_keychain>"Replace <name_of_pw_in_keychain> with the Keychain Item Name you´ve use when adding the password to the Keychain
Example
--password "@keychain:Notarizing"
Importan Note: The first time you run altool, you get a security confirmation dialog asking you whether to allow altool to read the password from the keychain. Enter your (Mac) user password and click on Always allow.
8. Addendum 2 - the asc provider
If you are a member of multiple development teams and your e-mail adress is attached to more than one development team, then you´ll need to add the shortname of your team id, otherwise Apple´s notarization service does not know for which team you are doing the notarization or request.
To get a list of all development teams (it seems Apple call them provider) your e-mailadress is attached to run this shell command in Terminal:
For Xcode 10
/Applications/Xcode.app/Contents/Applications/Application\ Loader.app/Contents/itms/bin/iTMSTransporter -m provider -u "<your_AppleID>" -p "<yourAppSpecificPassword>"For Xcode 11
/Applications/Xcode.app/Contents/Developer/usr/bin/iTMSTransporter -m provider -u "<your_AppleID>" -p "<yourAppSpecificPassword>"Note: iTMSTransporter only allows the password parameter as plain password . --password "<yourAppSpecificPassword>"
or as a reference to a file, which has your app-specific password stored. --password "@file:<pathToYourPasswordFile>"
for example --password "@file:/users/matthias/documents/mr.txt". In this example the file mr.txt must contain the app-specific password.
You cannot use the parameter @keychain with the iTMSTransporter!
After running the above command you´ll should see a long output of information. At the end of the output you´ll should see something like this:
In the above screenshot the e-mailadress is attached to two teams (providers). We need the short name of the provider we want to do the notarization/request for.
Let´s say we want to do the request for Multitronic Vertrieb, then the password parameter for the altool commad would look like this
--ascprovider "Multitronic"
9. Addendum 3 - Livecode stack
Using author´s Livecode stack to automate the above steps .
9.1. The Livecode Stack
There´s a Livecode stack available which does all the steps required for Notarization and Stapling.
For creating DMGs the stack uses hdiutil or the command line tool of DropDMG.
DropDMG is more powerful and allows to add layouts, licenses and much more to the DMG.
9.2. Overview
This chapter is just a quick overview. More detailed information about settings can be found in chapters 8.3 to 8.6
If you want, you can test right away following steps
1 - go to settings and enter fill out all fields with appropriate values.
2 - drag your app bundle you want to codesign¬arize to this field
Note: If your standalone is currently stored in a folder which is synchronised with Dropbox, iCloud Drive or any other Cloud Drive, then please move the standalone to a folder that is not synchronised. There was feedback from users who encountered problems when trying to notarize a standalone which was stored on a folder which was synchronised.
3 - enter the Primary bundle id.
According to Apple´s documentation you can enter what you want as the primary bundle id. Specify an identifier that helps you keep track of automated correspondence from the notarization service. The value you give doesn’t need to match the bundle identifier of the submitted app or have any particular value. It only needs to make sense to you. The notarization service includes the value whenever it emails you regarding the given altool submission. If you don´t enter a primary bundle id then the stack uses the bundle identifier of the app.
Allowed characters are a-z,A-z, 0-9 and the period (.)
4 - Select the desired action
5 - Press START
6 - The status field shows information including encountered errors during the codesigning and notarization process. If an error is detected then an answer dialog will popup and the process is aborted.
The image below shows a successful notarization.
9.3. The Main Window
1 - empty all fields
2 - go to settings
3 - drag your app bundle into this field. The app bundle is your standalone you´ve created with Livecode.
Note: If your standalone is currently stored in a folder which is synchronised with Dropbox, iCloud Drive or any other Cloud Drive, then please move the standalone to a folder that is not synchronised. There was feedback from users who encountered problems when trying to notarize a standalone which was stored on a folder which was synchronised.
4 - enter Primary Bundle ID here
According to Apple´s docoumentation you can enter what you want as the primary bundle id. Specify an identifier that helps you keep track of automated correspondence from the notarization service. The value you give doesn’t need to match the bundle identifier of the submitted app or have any particular value. It only needs to make sense to you. The notarization service includes the value whenever it emails you regarding the given altool submission. If you don´t enter a primary bundle id then the stack uses the bundle identifier of the app. Allowed characters are a-z,A-z, 0-9 and the period (.)
5 - the RequestUUID which is returned after successful upload. This field will be automatically filled and is not editable.
6 - The status field shows information including encountered errors during the codesigning and notarization process. If an error is detected then an answer dialog will popup and the process is aborted.
7 - enable this to just create the shell commands without executing them. This will option will be removed in future versions
8 - select the desired action. Currently you can decide between
- signing,creating and signing DMG, notarizing and stapling
- signing, notarizing and stapling App
- list all recent notarization requests -> See chapter 5
9 - push this button to start the desired action
9.4. The Settings
9.4.1. General Settings
1 - Close settings stack
2 - empty all fields
3 - enter your sudo password. This is needed for some tasks. See https://support.apple.com/en-us/HT202035 for additional information about the sudo password.
4 - Your AppleID - please enter the Apple ID you´ve used for the Apple Developer Membership
5 - Keychain item name of your app-specific password. Please see chapter 7.
6 - Mark if your Apple ID is attached to multiple iTunes providers
7 - press to retrieve from Apple a list of all iTunes providers your AppleID is attached to
8 - select the iTunes provider you want to use for your tasks
9 - Your Apple Developer ID Application. This contains your name and a number. e.g Developer ID Application: Matthias Rebbe (123456GEUL)
10 - select if you have installed DropDMG and want use that tool for creating DMG
11 - click to open settings for DropDMG
12 - select if you want to overwrite existing DMG (this setting will be ignored if DropDMG is used)
13 - select if you want to include an entitlements file for code signing an app
14 - click to open entitlements settings
15 - save settings
9.4.2. DropDMG settings
1 - Close settings
2 - empty all fields
3 - save settings
4 - default path to DropDMG´s command line tool
5 - press to select an other path
6 - Configuration to be used for DMG creation.
7 - press to select DropDMG configurations.
8 - Layout to be used for DMG creation
9 - press to select a DropDMG Layout
10 - License to be add to the DMG
11 - press to select a DropDMG License
12 - check to overwrite existing DMG. Otherwise DropDMG adds a counter to the name e.g. MyDMG-1.dmg
this is automatically handled by DropDMG´s command line tool
13 - go back to general settings
9.4.3. Entitlements settings
1 - Close settings
2 - empty all fields
3 - save settings
4 - the available entitlements - press the ones you want to be included in the entitlements plist file
5 - press to select all entitlements
6 - press to unselect all entitlements
7 - go back to general settings
This dialog contains all the entitlements that Livecode uses. To allow some features of LiveCode to work correctly in signed and notarized apps you need to include the relevant entitlements in an entitlements file. The permissions are then incorporated into the code signature when you build the app.
Or according to lesson Entitlements for signed and notarized apps an option is to sign your app using all the entitlements that LiveCode uses. This will ensure that no features will break because the proper entitlement was not used.
9.5. Show all recent notarization requests (sucessful, failed or in progress ones)
1 - close stack
2- Refresh the list
3 - empty the table
4 - Retrieves information for the selected request from Apple´s Notarization service.
5 - Open the Logfile URL for the selected request.
Note: Fetching the list of all recent notarization requests from Apple´s servers may take some time, so please be patient.
9.5.1. Show detailed information for selected request
1 - close field
2 - information for a request looks like this
3 - this is the Logfile URL you can open directly using the the other option
Note: Fetching the detailed information from Apple´s servers may take some time (approx. 5-10 seconds).
9.5.2. Show logfile for selected request
The field shows the logfile content for the selected notarization request. The logfile is fetched from Apple servers.
Note: Fetching the logfile data from Apple´s servers may take some time (approx. 5-10 seconds).
The following screenshot shows the logfile content of a successful notarization
The following screenshot shows the logfile content of an unsuccessful notarization.
10. Troubleshooting
It can happen that your app will not be approved and the notarization fails. This can have several reasons. But how do you get to know what the reason was?
You can either use the stack mentioned in chapter 9 to find out or you use the shell and run several command to find out.
This chapter explains how to find out using shell commands.
10.1. How to get detailed information about a notarizatian request
10.1.1. Get a list of all recent requests
To list all recent notarization request run the following command in Terminal
xcrun altool --notarize-history 0 --username "<your_AppleID>" --password "<yourAppSpecificPassword>" [--asc-provider "<ascProvider>"]<your_AppleID> = Your AppleID you´ve used for registering your Apple deverloper account. Please put it in quotes
<yourAppSpecificPassword> = The password you´ve created at https://appleid.apple.com For details see chapter 1.3. Put the password in quotes.
Note: See chapter 7 to see how to reference to a password stored in Keychain Access instead of using your plain app specific password
<ascProvider> = shortname of the TeamID (optional)
If you are a member of multiple development teams and your e-mail adress is attached to more than one development team, then you´ll need to add the shortname of your team id, otherwise Apple´s notarization service does not know for which team you are doing the notarization or request. (see chapter 8)
The screenshot below is an example and shows a list of recent notarization request i´ve done. The column status shows the status of the notarization requests. The latest requests are always
at the top of the list. So our failed request is the first one. We need the requestUUID of that request. Copy the id to the clipboard. We need it in the next step.
10.1.2. Get information for a single request
In the previous step we´ve copied the requestUUID of the failed notarization to the clipboard.
Now run the following shell command in Terminal:
xcrun altool --notarization-info <requestUUID> -u "developer@mrd.de" -p "@keychain:Notarizing"<requestUUID> = the requestUUID for which we want more information. In our case this is the id we´ve copied to the clipboard
The screenshot below shows the information for our failed notarization. But we still don´t see any reason, but a URL.
Copy the complete URL to your clipboard and open it then in your webbrowser.
You should see something like this.
In our example the reason for the failed notarization was that the binary used an SDK older than the 10.9 SDK. In this example the app i tried to notarize was created with on older version of Livecode. So creating the standalone using a current version of LC should solve the notarization problem.
This is an outstanding and very worked-out lesson with great detail. Thank you!