Zeplin Gazette: Automate notarizing MacOS apps

"With the release of macOS Mojave, Apple introduced a notary service to validate macOS apps that are not distributed through App Store. Although this process is currently optional, in a blog post published past October, Apple announced that Gatekeeper will require software to be notarized in an upcoming release."

I finally went through all the steps yesterday to get dev builds of Acorn notarized. I'm glad I held off on doing this till now, because previously Apple's notarization servers could take a long time- up to an hour to process things. I think yesterday the average wait time was about 3-4 minutes, which made the code/validate/fix cycle much faster than it would have been.

Acorn has a number of executables and frameworks in its app package, which made things a bit more complicated. And I was intent on making the notarization process an automated part of my build scripts. If your app is less complicated, it'll probably take less time for figuring out what needs to be done for your app.

And automating the notarization steps weren't as bad as I thought they would be. I wrote a Python script which calls out to the notarization tools with the addition of having the response format set to xml (and it was in the plist format, which was then easily fed into Foundation.NSDictionary). The script analyzed the current state of things and either waited a while before querying the notarization servers again to see if it's done, or stapled on the notarization bits if it was. Then a new build of Acorn makes its way to the internet.

Notarization adds a few minutes to the build time, but maybe it'll be worth it? I don't like having to depend on Apple's servers to put something up on mine. But if notariation prevents those "Foo.app is an app downloaded from the Internet. Are you sure you want to open it?" boxes from scaring customers unnecessarily, it will be worth the hassle. I can hope at any rate.