I’m responding to your report of problems notarising your command-line tool. You wrote:
> However, there is obviously no "primary-bundle-id" because there are
> no `.app` bundles.
The notarisation system does not currently use this bundle ID for much. You can supply any value that’s meaningful to you, although I recommend that you choose a sensible bundle ID by combining a DNS name that you control and your product name (for example, `org.domain.great-cow-basic`).
Having said that, command-line tools /can/ support a bundle ID and I recommend that you apply the bundle to your command-line tool as follows:
* When you build your tool, embed an `Info.plist` containing your bundle ID in the executable using the `-sectcreate` option with the segment name being `__TEXT` / `__info_plist`. To learn more about this, follow the instructions I’ve included at the end of this response.
* When you sign your tool, set the code signing identifier to this bundle ID via the `-i` option to `codesign`.
* When you notarise your tool, pass this bundle ID to the notarisation system via the `--primary-bundle-id` option.
Share and Enjoy
--
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
<http://www.apple.com/developer/>
---------------------------------------------------------------------------
The best way to learn how to give a command-line tool an `Info.plist` is to copy what Xcode does:
1. Create a dummy command-line tool project in Xcode.
2. Add an `Info.plist` file to the project. If you’re not sure how to set this up, copy the file from a new, dummy Mac app project.
3. Configure it appropriately. If your `Info.plist` file references build settings, make sure those settings are configured in your target. Of specific note is the Product Bundle Identifier (`PRODUCT_BUNDLE_IDENTIFIER`) build setting.
4. Set the Info.plist File (`INFOPLIST_FILE`) and Create Info.plist Section in Binary (`CREATE_INFOPLIST_SECTION_IN_BINARY`) build settings.
5. Build the project.
6. Use `otool` to confirm that the section was created correctly.
$ otool -s __TEXT __info_plist -v Test715194488
Contents of (__TEXT,__info_plist) section
<?xml version="1.0" encoding="UTF-8"?>
…
<plist version="1.0">
<dict>
…
<key>CFBundleIdentifier</key>
<string>com.example.apple-samplecode.Test715194488</string>
…
</dict>
</plist>
7. Look at the build transcript to see how Xcode created it.
---------------------------------------------------------------------------
security find-identity -p codesigning
... the code signing information (code directory hash) is hung off the vnode within the kernel, and modifying the file behind that cache will cause problems. You need a new vnode, which means a new file, that is, a new inode. Documented in WWDC 2019 Session 703 All About Notarization