Notarizing App Distributed Out of App Store
I don't have an Apple Developer ID and I have an installer and app, neither signed nor notarized. Apple now blocks the App in Catalina and even the Open
option won't work. Rather than I seek information to authenticate these.
What is the process to register and notarize for macOS?
Update: I'm asking from the developer's perspective .. not as a user.
Solution 1:
Limited Options
As a developer wanting to distribute unsigned and unnotarized applications, your options are increasingly limited on macOS. You would not be alone disliking this trend.
If your users are technical, the advice from Apple can be referenced in your documentation. This will help a few potential users but will dramatically limit your audience.
Apple's Advice to Users
Apple provide Safely open apps on your Mac for users wishing to open unsigned and unnotarized applications on the latest versions of macOS.
Alternative Certificate Authority
In theory, you could code sign your application using another certificate authority that has an appropriate root certificate pre-installed in macOS. This assumes you wish to avoid dealing with Apple, rather than wishing to avoid code signing.
Is an Apple Developer Account Mandatory?
I suspect an Apple Developer Account is not mandatory, but not having an account will make some tasks difficult.
Given you have a code signing certificate from Comodo (Sectigo), you could try using codesign
with it.
The manual for codesign
does not obviously state a requirement for an Apple issued certificate. A code signing certificate with a trusted root certificate in macOS should be useable.
You will need to create a new Keychain containing the certificate and private key. Then pass the absolute path of the keychain file to codesign
via --keychain
.
One possible problem you may run into is macOS's spctl
, aka Gatekeeper. spctl
's rules may state the signing certificate must have a root Apple certificate. Investigate the spctl
tool on macOS.
I recommending trying codesign
with your certificate and then ask more questions as specific problems arise.