Open scj643 opened 1 year ago
This would fix #318
# Sign the app and enabled Hardened Runtime to allow notarization
codesign --timestamp --force --sign "Developer ID Application: (Apple Cert)" --options runtime OpenTTD.app
# Archive for submitting for notarization.
zip -r OpenTTD.app.zip OpenTTD.app
# Notarize the app
xcrun notarytool submit OpenTTD.app.zip --keychain-profile "{KEYCHAIN_PROFILE}" --wait
# Staple notarization to the app for distribution
xcrun stapler staple OpenTTD.app
We could also have a build that uses App Sandbox and the documents are actually in an app container. This has the added benefit of separating settings from other OpenTTD installs.
@JGRennison thoughts on this? Doing the regular codesigning without app sandbox would make it so that users don't have to migrate their files. Also we could possibly also add the get-task-allow entitlement to allow debugging.
Just noticed the CI/CD supports code signing but I wouldn't be comfortable giving my Apple ID and a signing cert out.
The current macOS app isn't notarized. I can help with code signing and notarizing the releases. I have a paid developer account that I can use to notarize and code sign the builds.