Closed hohonuuli closed 1 year ago
# You need a Developer ID Application cert from developer.apple.com. A fake id used below
export MAC_CODE_SIGNER="Developer ID Application: blah blah blah (ABC123456)"
cd vars-annotation
# The build will correctly sign everything if your MAC_CODE_SIGNER is correct
./gradlew clean jpackage --info
cd org.mbari.vars.ui/build/jpackage
# App must be packaged/zipped to be notarized
ditto -c -k --keepParent "VARS Annotation.app" "VARS Annotation.zip"
xcrun notarytool submit "VARS Annotation.zip" \
--wait \
--team-id ABC123456 \ # Found in your Developer ID cert name
--apple-id <your apple login> \ # Your email you log in to developer.apple.com with
--password "<your app specific password>" # You have to use an app password for your account from appleid.apple.com
# We staple to the original app, NOT the zip
xcrun stapler staple "VARS Annotation.app"
# Remove the old zip file
rm "VARS Annotation.zip"
# Rezip the app and use that zip to distribute it.
ditto -c -k --keepParent "VARS Annotation.app" "VARS Annotation.zip"
If the notarization fails you can review the logs. Here's an example:
> xcrun notarytool submit "VARS Annotation.zip" --wait --team-id ABC123456 --apple-id <your apple login> --password "<your app specific password>"
Conducting pre-submission checks for VARS Annotation.zip and initiating connection to the Apple notary service...
Submission ID received
id: 0523c04e-355d-4a59-8a3f-ff595b7b87c9
Upload progress: 100.00% (88.4 MB of 88.4 MB)
Successfully uploaded file
id: 0523c04e-355d-4a59-8a3f-ff595b7b87c9
path: /Users/brian/workspace/M3/vars-annotation/org.mbari.vars.ui/build/jpackage/VARS Annotation.zip
Waiting for processing to complete.
Current status: Invalid..................
Processing complete
id: 0523c04e-355d-4a59-8a3f-ff595b7b87c9
status: Invalid
xcrun notarytool log 0523c04e-355d-4a59-8a3f-ff595b7b87c9 --team-id ABC123456 --apple-id <your apple login> --password "<your app specific password>"
{
"logFormatVersion": 1,
"jobId": "0523c04e-355d-4a59-8a3f-ff595b7b87c9",
"status": "Invalid",
"statusSummary": "Archive contains critical validation errors",
"statusCode": 4000,
"archiveFilename": "VARS Annotation.zip",
"uploadDate": "2023-01-19T19:56:01.550Z",
"sha256": "9df9955482b474b63fc8b588fdcf65ed746f56e06e019eb50ed4684faca33632",
"ticketContents": null,
"issues": [
{
"severity": "error",
"code": null,
"path": "VARS Annotation.zip/VARS Annotation.app/Contents/runtime/Contents/Home/lib/server/libjvm.dylib",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "arm64"
},
{
"severity": "error",
"code": null,
"path": "VARS Annotation.zip/VARS Annotation.app/Contents/runtime/Contents/Home/lib/server/libjvm.dylib",
"message": "The signature does not include a secure timestamp.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733",
"architecture": "arm64"
},
{
"severity": "error",
"code": null,
"path": "VARS Annotation.zip/VARS Annotation.app/Contents/runtime/Contents/Home/lib/server/libjsig.dylib",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "arm64"
},
{
"severity": "error",
"code": null,
"path": "VARS Annotation.zip/VARS Annotation.app/Contents/runtime/Contents/Home/lib/server/libjsig.dylib",
"message": "The signature does not include a secure timestamp.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733",
"architecture": "arm64"
},
{
"severity": "error",
"code": null,
"path": "VARS Annotation.zip/VARS Annotation.app/Contents/runtime/Contents/MacOS/libjli.dylib",
"message": "The signature of the binary is invalid.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735",
"architecture": "arm64"
},
{
"severity": "error",
"code": null,
"path": "VARS Annotation.zip/VARS Annotation.app/Contents/runtime/Contents/MacOS/libjli.dylib",
"message": "The signature does not include a secure timestamp.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733",
"architecture": "arm64"
}
]
}
With Ventura, Apple has made it extremely difficult to run unsigned apps. Time to get VARS signed.