This is an update to my 2018 article How to notarize your software on macOS.
I have been using
altool to notarize my Mac apps for some years. However Apple, being Apple, have deprecated
altool in favour of the new
altool will stop working at some point in 2023. And Apple, being Apple, have made little attempt to keep consistency between the two.
I didn’t find anything online to tell me how arguments between the two tools related. Consequently I spent a while trying to guess which arguments mapped to which. I got locked out for a while for trying to wrong combination too many times. In the end I went from this:
xcrun altool -t osx -f <mydmg>.dmg --primary-bundle-id <com.company.product> --notarize-app --username <apple-account-email> --password <password> ... wait for approval email ... xcrun altool --username <apple-account-email> --password <password> --notarization-info <RequestUUID>
xcrun notarytool submit <mydmg>.dmg --apple-id <apple-account-email> --team-id <teamid> --password <password> --verbose --wait
On the plus side the
--wait option doesn’t exit until the notarization is complete, which means you can easily do you whole build, sign and notarize process in a single script. Hoorah.
Note that you still need to run the ‘stapling’ step after notarization:
xcrun stapler staple -v <mydmg>.dmg
More details on notarytool arguments at: