Latest release installed via homebrew is not verified, produces warning

[machawk1]

$ brew install wail

...installs the latest release v0.2019.05.21, which is very obsolete from the repo HEAD. On macOS 13.1 x86, after installing via homebrew and double-clicking on the app, a warning appears:

This is easily circumvented by right-clicking on the icon and selecting "open", again presented with a warning, but this first impression is not ideal.

I believe the application needs to be notarized (see notes in #446) or some other process of verification to prevent this warning.

• [ ] Verify that this is still the case when building from the current HEAD. If not, push a new release.
• [ ] Identify what process needs to be followed to prevent the initial warning from being displayed after installation via homebrew

[machawk1]

After modifying the binary file names from each of the version built and installed from homebrew as well as the version built from the current HEAD of the main branch (4e5556b2), the results are different:

% spctl --assess /Applications/WAIL_from_homebrew.app 
/Applications/WAIL_from_homebrew.app: rejected
% spctl --assess /Applications/WAIL_from_src.app     
/Applications/WAIL_from_src.app: invalid Info.plist (plist or signature have been modified)

I am not certain of whether any codesigning procedure is executed in the build process but the Info.plist is modified by the build script for file (e.g., WARC) association and more descriptive copyright information.

EDIT: Preventing the plist file from being replaced by the shell build script and retaining the original file generated from pyinstalled produces a rejection like the above:

% spctl --assess /Applications/WAIL.app 
/Applications/WAIL.app: rejected

[machawk1]

I disabled the Info.plist copy in the MAKEFILE and installed and signed via an Apple Developer certificate via modifying the build script to use:

pyinstaller -p bundledApps ./bundledApps/WAIL.py --codesign CJN5C23SY3 --onefile --windowed --clean --target-arch universal2 --icon="./build/icons/wail_blue.icns"

...with the certificate installed on the system. The error still seems to remain:

% spctl --assess /Applications/WAIL.app
/Applications/WAIL.app: rejected

[machawk1]

I re-enabled the Info.plist copy in the build script and am attempting to sign the app after building with pyinstaller. After getting my id to appear when using security find-identity -p basic -v, I ran:

codesign --deep --force --options=runtime --entitlements ~/Downloads/entitlements.plist --sign "THEIDWASHERE" --timestamp /Applications/WAIL.app

...and received the messages:

/Applications/WAIL.app: replacing existing signature
/Applications/WAIL.app: unsealed contents present in the bundle root

Re-running the validation script after the above:

% spctl --assess /Applications/WAIL.app                                                                                                                                       
/Applications/WAIL.app: invalid Info.plist (plist or signature have been modified)

When I repeated the above procedure with the Info.plist copy in the build script, the result was:

spctl --assess /Applications/WAIL.app                                                                                                                                       
/Applications/WAIL.app: rejected

[machawk1]

Per https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/customizing_the_notarization_workflow , the altool has been deprecated since November 2023. Look at this link for a newer notarization workflow.