Moving from altool to notarytool for Mac notarization

This is an update to my 2018 article How to notarize your software on macOS.

I have been using altool to notarize my Mac apps for some years. However Apple, being Apple, have deprecated altool in favour of the new notarytool. altool will stop working at some point in 2023. And Apple, being Apple, have made little attempt to keep consistency between the two.

I didn’t find anything online to tell me how arguments between the two tools related. Consequently I spent a while trying to guess which arguments mapped to which. I got locked out for a while for trying to wrong combination too many times. In the end I went from this:

xcrun altool -t osx -f <mydmg>.dmg --primary-bundle-id <com.company.product> --notarize-app --username <apple-account-email> --password <password>

... wait for approval email ...

xcrun altool --username <apple-account-email> --password <password> --notarization-info <RequestUUID>

To this:

xcrun notarytool submit <mydmg>.dmg --apple-id <apple-account-email> --team-id <teamid> --password <password> --verbose --wait

On the plus side the --wait option doesn’t exit until the notarization is complete, which means you can easily do you whole build, sign and notarize process in a single script. Hoorah.

Note that you still need to run the ‘stapling’ step after notarization:

xcrun stapler staple -v <mydmg>.dmg

More details on notarytool arguments at:

https://keith.github.io/xcode-man-pages/notarytool.1.html

2 thoughts on “Moving from altool to notarytool for Mac notarization

  1. Leo

    Yes, finally Apple came up with an acceptable and more or less human-oriented notarization tool.

    When Apple introduced “notarization” several years ago, it was a total disaster and an incredible waste of time for countless Mac developers.

    Instead of providing a single tool like this “notarytool”, Apple dropped on us an IKEA-style do-it-yourself bag of disjointed pieces.

    And the notarization manual… oh man. It was worse than worthless. Endless pages of barely coherent and often misleading instructions that had little to do with real-world workflows.

    Just one example: the entire Apple user guide didn’t contain the words “dmg” and “disk image” even ONCE. And that’s while dmg is THE most prevalent way of distributing Mac apps. To understand how to notarize dmgs I had to gather pieces of info that were, thankfully, posted by other developers who managed to figure it out.

    Well I guess I still can’t stop ranting about it…

    P.S. Thanks Andy, I’ve been enjoying reading your website for years.

Comments are closed.