Code signing Processing sketches

Does anyone have experience in code signing Processing sketches and getting them notarized by Apple for distribution?
With the new macOS, Catalina, it’s getting harder to give people compiled copies of sketches without their macs complaining about insecure software when they try to run them.

1 Like

I have not done it (and not yet on Catalina) but I believe that you need to enroll in the $99 / yr Mac developer program to get an ID

Then do code signing by generating a signing certificate with your ID, and use that certificate to create a signed Info.plist that you place in your .app package – you could do this using XCode or the codesign command-line tool:

…and the tricky part is notarizing, which I think (?) must be done through XCode, even without an XCode build, using xcrun altool . I’m hoping to learn more about this soon. Overview on

Mac apps, installer packages, and kernel extensions that are signed with Developer ID must also be notarized by Apple in order to run on macOS Catalina.

Submitting with Xcode

Unpublished Software. It’s easy to get unpublished software notarized with the Export process or xcodebuild. Custom build workflows are supported by the xcrun altool command line tool for uploading, and you can use xcrun stapler to attach the ticket to the package.

Published Software. To submit software you’ve already published, upload it using the xcrun altool command line tool. Several file types are supported, including .zip, .pkg, and .dmg, so you can upload the same package you already distribute to users.

Thanks for your help!
I have a developer account, so I generated a signing cert through the keychain access app. Good.
The package generated by Processing already has an Info.plist file inside which looks like it has everything necessary. Also good.
But when I run codesign and point it at either the bundle or the binary, I get this:
“resource fork, Finder information, or similar detritus not allowed”

To be honest, I’m also not sure what “identity” in the codesign command should look like. I fed it the string on the cert, but that may not be right. This signing stuff is all new to me.

Any thoughts?
Again, thanks

For that error: