5

I have successfully notarized a plugin via command line for a Mac application i'm developing plugins for. This plugin is intended for distribution outside of Mac appstore.

xcrun altool --notarize-app --primary-bundle-id "com.demo.bundle.id" --username "email@abc.com" --password "xxx-x-xxxx-xx" --file Plugin.zip

Got an email that it has been successfully notarized and the email has instructions on how to export for distribution. However, it's an instruction for XCode UI but I did the notarization via command line so the instructions doesn't apply for me. Is there a commandline to download the notarized file(Plugin.zip) or else how do I get the Plugin.zip file from Apple to distribute it on my website?

UPDATE:

Turns out you can notarize a .zip file but you can't staple it. So I decided to create a .pkg to distribute my plugin instead of distributing via a zip file.

Here's the steps I followed to successfully notarize and staple my plugin, lets say my plugin name is FileConvertor.PluginExtension

  1. Code sign your binaries to be included in your installer. codesign --sign "Developer ID Application: Developer Name" --verbose=4 --deep --force --strict FileConvertor.PluginExtension
  2. Create your installer (.pkg) adding the above code signed .PluginExtension
  3. Now sign your installer with the installer certificate. productsign --sign "Developer ID Installer: Developer Name" ./FileConvertor.pkg ./FileConvertorSigned.pkg
  4. Send the signed installer for notarization xcrun altool --notarize-app --primary-bundle-id "com.demo.plugin" --username xyz@abc.com" --password "xxxx-xxxx-xxxx-xxxx" --file FileConvertorSigned.pkg
  5. If sucessfully notarized, staple your installer xcrun stapler staple FileConvertorSigned.pkg
  6. Distribute your installer on the web
joke4me
  • 812
  • 1
  • 10
  • 29

2 Answers2

3

You don't download your plugin.zip from Apple - just work with the same archive you originally uploaded to them. You are the one that actually staples the notarization ticket to whatever you are notarizing.

I haven't tried it myself with a .zip, but this is the process pieced together from the documentation.

Notarizing Your App Before Distribution says:

Notarize Your Preexisting Software

[...]

  1. Upload your software to the Apple notary service, as described in Upload Your App to the Notarization Service.

You've already done this step.

  1. Staple the returned ticket to your existing software, as described in Staple the Ticket to Your Distribution.

You have to attach the notarization ticket to whatever you're distributing, so Gatekeeper can find it even without a network connection. Normally you use the stapler tool to do this:

xcrun stapler staple MyApp.app

However, stapler doesn't support zip files. Customizing the Notarization Workflow says:

While you can notarize a ZIP archive, you can’t staple to it directly. Instead, run stapler against each individual item that you originally added to the archive. Then create a new ZIP file containing the stapled items for distribution.

So; expand your .zip and run stapler staple {filename} against each item contained inside. Then create a new .zip archive of the stapled contents.

TheNextman
  • 12,428
  • 2
  • 36
  • 75
2

Apple do not return anything from Notarization. Your signed file has a unique ID, in the signature, that Apple have stored. Once notarized, the signed file is accepted if downloaded.

yogita mule
  • 33
  • 6