Recent

Author Topic: Apple will start requiring having apps notarized  (Read 2327 times)

MISV

  • Hero Member
  • *****
  • Posts: 772
Apple will start requiring having apps notarized
« on: October 21, 2018, 12:21:02 pm »
Does anyone here fully understand the requirements? I know it is optionally for now, but in an year it will be a requirement?

I am already signing my apps.

My current Info.plist

Code: Pascal  [Select][+][-]
  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  3. <plist version="1.0">
  4. <dict>
  5.         <key>CFBundleDevelopmentRegion</key>
  6.         <string>English</string>
  7.         <key>CFBundleExecutable</key>
  8.         <string>XXXXXX</string>
  9.         <key>CFBundleName</key>
  10.         <string>XXX</string>
  11.         <key>LSApplicationCategoryType</key>
  12.         <string></string>
  13.         <key>CFBundleIdentifier</key>
  14.         <string>com.example.XXXXXX</string>
  15.         <key>CFBundleInfoDictionaryVersion</key>
  16.         <string>6.0</string>
  17.         <key>CFBundlePackageType</key>
  18.         <string>APPL</string>
  19.         <key>CFBundleSignature</key>
  20.         <string>XXX</string>
  21.         <key>CFBundleShortVersionString</key>
  22.         <string>1.0</string>
  23.         <key>CFBundleVersion</key>
  24.         <string>1</string>
  25.         <key>CFBundleIconFile</key>
  26.         <string>XXXXXX.icns</string>
  27.         <key>CSResourcesFileMapped</key>
  28.         <true/>
  29.         <key>NSAllowsArbitraryLoads</key>
  30.         <true/>
  31.         <key>CFBundleDocumentTypes</key>
  32.         <array>
  33.                 <dict>
  34.                         <key>CFBundleTypeRole</key>
  35.                         <string>Viewer</string>
  36.                         <key>CFBundleTypeExtensions</key>
  37.                         <array>
  38.                                 <string>*</string>
  39.                         </array>
  40.                         <key>CFBundleTypeOSTypes</key>
  41.                         <array>
  42.                                 <string>fold</string>
  43.                                 <string>disk</string>
  44.                                 <string>****</string>
  45.                         </array>
  46.                 </dict>
  47.         </array>
  48.         <key>NSHighResolutionCapable</key>
  49.         <true/>
  50. </dict>
  51. </plist>
  52.  


  • I need to allow users to make both http and https requests to any website
  • I need to allow users to save their data to non-user locations (albeit app defaults to MacOS designated applicable user paths)

Hansaplast

  • Hero Member
  • *****
  • Posts: 674
  • Tweaking4All.com
    • Tweaking4All
Re: Apple will start requiring having apps notarized
« Reply #1 on: October 21, 2018, 02:26:12 pm »
Not sure if this even still works, but there used to be this trick for the plist:


Code: [Select]
<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>example.com</key>
    <dict>
      <!--Include to allow subdomains-->
      <key>NSIncludesSubdomains</key>
      <true/>
      <!--Include to allow HTTP requests-->
      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <!--Include to specify minimum TLS version-->
      <key>NSTemporaryExceptionMinimumTLSVersion</key>
      <string>TLSv1.1</string>
    </dict>
  </dict>
</dict>


(source)


On that note, I was looking in the Notarizing process as well (thanks Apple for yet another hurdle) and am curious about the steps to take to do this with an application developed with Lazarus Pascal. This is what I found what Xojo users seem to be succesfull with, but may not fully applicable for Lazarus apps - I have not tested this yet.


Quote
1. Open the Application Loader developer tool in Xcode. Log in to your developer account and check the box to remember the login so a keychain entry is created. This allows you to skip entering your password in subsequent steps.


2. Code sign your app with the hardened runtime option (you may need entitlements if you are accessing any protected resources). For example:
$ codesign --force --options runtime --deep --sign "Developer ID Application: COMPANYNAME" MYAPP.app


3. Bundle the app into a signed DMG for distribution. Steps omitted.


4. Upload the signed DMG for notarization:
$ xcrun altool --notarize-app -f MYAPP.dmg --primary-bundle-id MYBUNDLEID -u MYAPPLEID -p @keychain:"Application Loader: MYAPPLEID"


5. A RequestUUID is returned. Periodically check the status of the notarization until it has completed:
$ xcrun altool --notarization-info REQUESTUUID -u MYAPPLEID -p @keychain:"Application Loader: MYAPPLEID"


6. When the notarization is complete, staple the ticket to the DMG:
$ xcrun stapler staple -v MYAPP.dmg


7. After installing your app, verify that it is notarized:
$ spctl -a -v /Applications/MYAPP.app
MYAPP.app: accepted
source=Notarized Developer ID

 

TinyPortal © 2005-2018