Apple Notarisation - Notarytool (altool depracated)
Is anyone using notarytool yet? Altool will be deprecated tomorrow. If anyone can share an example if so that would be very helpful!
Notarizing macOS software before distribution | Apple Developer Documentation
Give users even more confidence in your macOS software by submitting it to Apple for notarization.
Apple Developer Documentation (
This is the command I use for the new notarytool:
xcrun notarytool submit "MyPluginInstaller.pkg" --keychain-profile "Mykeychain" --wait
Yeah I've been using it for a long while, works just fine. My script is a bit complicated to share as it downloads my project from github, compiles it, codesigns it, builds an installer, notarizes, and then checks for the confirmation.
@bendurso thanks! How do you define the keychain?
@d-healey could just take the notarisation line?
@DanH said in Apple Notarisation - Notarytool (altool depracated):
could just take the notarisation line?
It's more than a line :)
echo "Notarizing" response=$(xcrun notarytool submit --apple-id "$apple_id" --password "$app_specific_password" --team-id "$team_id_for_notarization" "$output/$project_name Installer $version.pkg" --wait); # Get notarization ID job_id_line=$(grep -m 1 ' id:' < <(echo -e "${response}")) job_id=$(echo "${job_id_line}" | cut -d ":" -s -f 2 | cut -d " " -f 2) # Get the notarization status from the response status_line=$(grep -m 1 ' status:' < <(echo -e "${response}")) status_result=$(echo "${status_line}" | cut -d ":" -s -f 2 | cut -d " " -f 2) echo "${response}" if [[ ${status_result} != "Accepted" ]]; then exit 1 fi # Staple the notarization result echo "Adding notarization to $project_name Installer $version.pkg" success=$(xcrun stapler staple "$output/$project_name Installer $version.pkg") if [[ -z "${success}" ]]; then echo "[ERROR] Could not staple notarization to app" exit 1 fi # Confirm stapling echo "Checking notarization to $project_name Installer $version.pkg " spctl --assess -vvv --type install "$output/$project_name Installer $version.pkg"
@DanH Mm I don't remember how I created that keychain. But I think you can make it with your app specific password and team ID, like this:
you are best reading this:
TN3147: Migrating to the latest notarization tool | Apple Developer Documentation
Migrate your notarization workflows to from the deprecated .
Apple Developer Documentation (
--which I see you posted at the thread start -- hang on I will be on the mac in about an hour so I will post an example...
@Lindon ok here a bit quicker than I thought
So the "keychain" option is really a short cut but if you havent been using it before then ..lets go with the standard replacement notarytool command
to submit something:
xcrun notarytool submit --apple-id "<your apple id>" --password "<your altool password>" --team-id "<your team ID>" "<path to your zip or pkg>" --wait
your old altool cammand for notarization should give you everything you need - except perhaps your teamID - but its in there is like a string like this. "7734UZ9PFG". - or its available in your apple developer account...
adding --wait at the end will make the process not complete until it gets a final status, this is useful as apple will no longer be emailing you with the results....instead in the command window once you've started this command you should see a percentage for the upload, then probably a status of "In Progress..." and eventually(if all goes well): "Accepted"
@Lindon amazing - really appreciate that thank you!