-
Notifications
You must be signed in to change notification settings - Fork 41
DevNotes_Processeses_Notarization
Notarization is an additional security step after code signing. Beginning from OSX 10.15 unnotarized apps are not approved by GateKeeper and users may not be able to open them unless they change they security settings. SasView notarization is currently performed on OSX 10.14 accesible from Jenkins: https://jenkins.esss.dk/sasview-beta/job/SasView-OSX1014-Release/. All the steps besides stapling are performed by jenkins and they involve following:
cp SasView5.0.app/Contents/MacOS/libz.1.dylib SasView5.0.app/Contents/Frameworks/ install_name_tool -change @rpath/libz.1.dylib @executable_path/../Frameworks/libz.1.dylib SasView5.0.app/Contents/MacOS/sasview
python ../../build_tools/code_sign_osx.py
codesign --verify --entitlements ../../build_tools/entitlements.plist --timestamp --options runtime --deep --verbose=4 --force --sign "Developer ID Application: European Spallation Source Eric (XXXXXXX)" SasView5.0.app
hdiutil create SasView5.dmg -srcfolder SasView5.0.app -ov -format UDZO
codesign -s "Developer ID Application: European Spallation Source Eric (XXXXXX)" SasView5.dmg
xcrun altool --notarize-app --primary-bundle-id "org.sasview.SasView5.0" --username "wxxxxx" --password "xxxxxx" --file SasView5.dmg
Once all above are done through jenkins you should receive email with the subject: "Your Mac software was successfully notarized".
Then one needs to login to machine and do the final stapling (requires credentials from esss.dk)
xcrun stapler staple "SasView5.dmg"
- View/Subscribe to the SasView Calendar
- Fortnightly developer's agenda/minutes
- Developer Guides
- Admin Processes and Procedure Notes
- Active Project Pages
- Historical Archive of Obsolete Pages
- Contributor e-Learning Course (free)
- Non Coding contribution needs/projects
- New functionality projects
- DRAFT for acknowledging contributions