Feature: Code-signing and notarization

[mpogue2]

I'm strongly thinking about using this tool: https://www.araelium.com/dmgcanvas

Yes, it costs money, so we would no longer have a full open-source release. However, the whole process of code-signing and notarization is daunting, and since I am the only Mac developer at this point, I think it's worth the savings in time.

Dan, if you disagree, and you want to try to automate code-signing and notarization (it seems possible, but it appears to be a PITA), I am for it.

[mpogue2]

OK, I bought the DMGCanvas3 tool, and it seems to make designing the DMG file pretty simple. After an hour of messing around with getting Apple certs, I was able to tell DMGCanvas3 to code-sign and notarize the DMG file.

I then got an email from Apple, like this: "Your Mac software has been notarized. You can now export this software and distribute it directly to users. Bundle Identifier: com.zenstarstudio.squaredesk etc..."

However, when I tried to verify that the DMG and app were signed, via the process described here: https://eclecticlight.co/2019/05/31/can-you-tell-whether-code-has-been-notarized/ it looks like the SquareDesk app inside the DMG is neither signed, nor notarized.

I have contacted the vendor to try to debug this. I did not see any failures in the log window, and Apple's email said I was good, but who knows...

[mpogue2]

I think I have to sign the app first, which I am doing with a script from the internet. Then, I have to use DMGCanvas3 to build, sign the DMG file, and notarize the DMG file. I'm not sure whether I have to notarize the app itself. But, I'm working on this.