Code signing Processing sketches

dtidgwell · October 10, 2019, 10:03pm

Does anyone have experience in code signing Processing sketches and getting them notarized by Apple for distribution?
With the new macOS, Catalina, it’s getting harder to give people compiled copies of sketches without their macs complaining about insecure software when they try to run them.

jeremydouglass · October 13, 2019, 4:40pm

I have not done it (and not yet on Catalina) but I believe that you need to enroll in the $99 / yr Mac developer program to get an ID

Then do code signing by generating a signing certificate with your ID, and use that certificate to create a signed Info.plist that you place in your .app package – you could do this using XCode or the codesign command-line tool:

…and the tricky part is notarizing, which I think (?) must be done through XCode, even without an XCode build, using xcrun altool . I’m hoping to learn more about this soon. Overview on Signing Mac Software with Developer ID - Apple Developer

Mac apps, installer packages, and kernel extensions that are signed with Developer ID must also be notarized by Apple in order to run on macOS Catalina.

Submitting with Xcode

Unpublished Software. It’s easy to get unpublished software notarized with the Export process or xcodebuild. Custom build workflows are supported by the xcrun altool command line tool for uploading, and you can use xcrun stapler to attach the ticket to the package.

Published Software. To submit software you’ve already published, upload it using the xcrun altool command line tool. Several file types are supported, including .zip, .pkg, and .dmg, so you can upload the same package you already distribute to users.

dtidgwell · October 13, 2019, 9:05pm

Thanks for your help!
I have a developer account, so I generated a signing cert through the keychain access app. Good.
The package generated by Processing already has an Info.plist file inside which looks like it has everything necessary. Also good.
But when I run codesign and point it at either the bundle or the binary, I get this:
“resource fork, Finder information, or similar detritus not allowed”

To be honest, I’m also not sure what “identity” in the codesign command should look like. I fed it the string on the cert, but that may not be right. This signing stuff is all new to me.

Any thoughts?
Again, thanks

jeremydouglass · October 14, 2019, 5:00am

For that error:

Topic		Replies	Views
Building a Processing release pipeline for MacOS Development	1	542	October 19, 2019
Code-signing/notarising exported Processing App Processing	3	131	December 12, 2022
Notarizing exported application on macOS 10.15 (Catalina) Processing	1	463	August 17, 2020
“Processing.app” can’t be opened because Apple cannot check it for malicious software Processing	4	595	July 25, 2022
Distribute for Mac? Development	5	477	May 13, 2020

Code signing Processing sketches

Related Topics