This is an update to my 2018 article How to notarize your software on macOS.
I have been using altool
to notarize my Mac apps for some years. However Apple, being Apple, have deprecated altool
in favour of the new notarytool
. altool
will stop working at some point in 2023. And Apple, being Apple, have made little attempt to keep consistency between the two.
I didn’t find anything online to tell me how arguments between the two tools related. Consequently I spent a while trying to guess which arguments mapped to which. I got locked out for a while for trying to wrong combination too many times. In the end I went from this:
xcrun altool -t osx -f <mydmg>.dmg --primary-bundle-id <com.company.product> --notarize-app --username <apple-account-email> --password <password>
... wait for approval email ...
xcrun altool --username <apple-account-email> --password <password> --notarization-info <RequestUUID>
To this:
xcrun notarytool submit <mydmg>.dmg --apple-id <apple-account-email> --team-id <teamid> --password <password> --verbose --wait
On the plus side the --wait
option doesn’t exit until the notarization is complete, which means you can easily do you whole build, sign and notarize process in a single script. Hoorah.
Note that you still need to run the ‘stapling’ step after notarization:
xcrun stapler staple -v <mydmg>.dmg
More details on notarytool arguments at: