5

How to notarize an MacOS command line tool created outside of XCode?

 1 year ago
source link: https://stackoverflow.com/questions/64652704/how-to-notarize-an-macos-command-line-tool-created-outside-of-xcode/64733472#64733472
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

How to notarize an MacOS command line tool created outside of XCode?

MacOS now requires that all applications are hardened, signed and notarized. How does one sign and notarize an application created outside of XCode with a tool like PyInstaller?

I've sorted out the signing and notarization for .app files created outside of XTools. There's a really helpful thread here that shows how to add an entitlements.plist which fulfills the hardening of PyInstaller .app files. I believe this also works on command line utilities as well, but could be missing something. Submitting a .dmg containing a .app for notarization using altool will pass the tests and be notarized by Apple.

Submitting a single command line utility using the same process will also pass Notarization, but does not appear signed or notarized to the GateKeeper function on other machines. I assume this has something to do with the fact that a valid Info.plist file is not included in the PyInstaller binary as detailed in this blog post about building and delivering command line tools for Catalina.

Checking the signature of a signed file using codesign -dvv indicates that the Info.plist is "not bound".

$ codesign -dvv ./dist/helloworld
Executable=/Users/aaronciuffo/Documents/src/toy/codesign/dist/helloworld
Identifier=helloworld
Format=Mach-O thin (x86_64)
CodeDirectory v=20500 size=72086 flags=0x10000(runtime) hashes=2244+5 location=embedded
Signature size=9054
Authority=Developer ID Application: Aaron Ciuffo (4H9P6Q65AM)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Nov 2, 2020 at 9:03:30 PM
Info.plist=not bound
TeamIdentifier=4H9P6Q65AM
Runtime Version=10.11.0
Sealed Resources=none
Internal requirements count=1 size=172

One suggested solution is using the Go gon package but gon does not cover adding the required Info.plist as far as I can tell.

Is there a workflow or application that can assist in this? How does one create an CL application outside of XCode and successfully sign it?


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK