+- Hot Door CORE Forum (http://hotdoorcore.com/forum)
+-- Forum: All forums (http://hotdoorcore.com/forum/forumdisplay.php?fid=1)
+--- Forum: Announcements (http://hotdoorcore.com/forum/forumdisplay.php?fid=8)
+--- Thread: Notarization for macOS Catalina (10.15) (/showthread.php?tid=223)
Notarization for macOS Catalina (10.15) - garrett - 11-05-2019
Here are some notes with sample commands for getting notarization working for macOS Catalina (10.15). This is necessary for Illustrator 23 or 24 to be able to load your plugin (in our testing we had troubles getting any previous version of Illustrator to work at all with Catalina).
Apple's documentation for this is generally good and can be found here.
You will need Xcode 10 or greater, running on Mojave or greater, to perform these notarization steps. We have not yet tested Xcode 11 ourselves, nor is it required for notarization or Ai 24 compatibility (so we recommend Xcode 10 at this time).
You will also need an Apple Developer account, so sign up for one here if you haven't already.
In your plugin's Xcode project, for any release targets, be sure to add your "Team" (i.e. Apple Developer account) under General > Signing. In the same section also be sure to add a Signing Certificate for Mac distribution. Under Build Settings > Signing, ensure that the signing style is set to Automatic and we strongly recommend that under Other Code Signing Flags you add "--timestamp"
In order to perform notarization via the following terminal commands, you must have an app-specific password associated with your Apple Developer account ID and stored in your keychain. You can read more about how to create an app-specific password from Apple here.
Once you have your app-specific password, run the following command (only once per machine) to add it to your keychain, and subsequently enter your app-specific password when prompted:
Code:
security add-generic-password -a 'your_apple_id@email.com' -s 'altool' -wAfter Xcode finishes building your release target, you will need to run the following commands before distributing your plugin to third-parties (so these commands, unlike all previous ones in this post, will be run each time you want to notarize).
This command creates a zip file on your desktop in the proper format for submission to Apple's notarization servers:
Code:
ditto -c -k --keepParent /Path/To/Your/Plugin.aip ~/Desktop/Plugin.zipThis command submits the zip file to Apple's notarization servers for processing:
Code:
xcrun altool --notarize-app --primary-bundle-id 'com.yourcompany.plugin' --username 'your_apple_id@email.com' --password '@keychain:altool' --file ~/Desktop/Plugin.zipThe ID "com.yourcompany.plugin" can be filled in with anything you want that helps you keep track of a notarization submission (but as far as I know it must be formatted like that reverse-URL style). The command will output a UUID that is unique to your submission, and you will use it to check back with Apple to see if the notarization process has completed. Do that with this command:
Code:
xcrun altool --notarization-info $YOUR_UUID_HERE -u 'your_apple_id@email.com' -p '@keychain:altool'If that command reports back that notarization has been completed, you must "staple" a notarization ticket from Apple to your plugin with the following command:
Code:
xcrun stapler staple '/Path/To/Your/Plugin.aip'I think it goes without saying that the plugin file you attempt to staple MUST be the same as the one you compressed and submitted to Apple earlier.
After all that, you're done! You can now distribute your plugin to any Mac running Catalina.