Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. Installation and Deployment
  4. How to 'notarize' Qt application on MacOS?
Forum Updated to NodeBB v4.3 + New Features

How to 'notarize' Qt application on MacOS?

Scheduled Pinned Locked Moved Unsolved Installation and Deployment
18 Posts 6 Posters 5.9k Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A Offline
    A Offline
    AndyBrice
    wrote on 15 Nov 2018, 20:22 last edited by
    #1

    I am trying to get my Mac application 'notarized' on Mac. I followed the steps recommended on various sites:

    https://cycling74.com/forums/apple-notarizing-for-mojave-10-14-and-beyond
    https://www.mbsplugins.de/archive/2018-11-02/Notarize_apps_for_MacOS
    https://forum.xojo.com/50655-how-to-codesign-and-notarise-your-app-for-macos-10-14-and-highe
    https://forum.xojo.com/49408-10-14-hardened-runtime-and-app-notarization/11
    https://stackoverflow.com/questions/53112078/how-to-upload-dmg-file-for-notarization-in-xcode

    But got the message:

    "The executable does not have the hardened runtime enabled"

    I can only find instructions on how to enable hardened runtime using XCode. Any ideas on how to use it when building with QtCreator? Googling has not turned up much.

    1 Reply Last reply
    0
    • S Offline
      S Offline
      SGaist
      Lifetime Qt Champion
      wrote on 15 Nov 2018, 20:41 last edited by
      #2

      Hi,

      AFAIK, it's not yet supported and would likely rather be part of macdeployqt, I'd recommend checking the bug report system to see if there's anything related. If not, you should consider opening a feature request providing your findings.

      Interested in AI ? www.idiap.ch
      Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

      1 Reply Last reply
      1
      • A Offline
        A Offline
        AndyBrice
        wrote on 15 Nov 2018, 20:44 last edited by AndyBrice
        #3

        According to:

        https://github.com/sparkle-project/Sparkle/issues/1266

        It might just be a case of adding:

        -o runtime

        To my codesign arguments. In which case it might be a bit out of scope for macdeployqt.

        1 Reply Last reply
        0
        • A Offline
          A Offline
          AndyBrice
          wrote on 15 Nov 2018, 21:08 last edited by
          #4

          Also notarization is (weirdly) an asynchronous multi-step process.

          if I get it working I will write it up and post a link here.

          1 Reply Last reply
          1
          • S Offline
            S Offline
            SGaist
            Lifetime Qt Champion
            wrote on 15 Nov 2018, 21:35 last edited by
            #5

            It's still something for macdeployqt as you can do the code signing through it.

            Interested in AI ? www.idiap.ch
            Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

            A 1 Reply Last reply 15 Nov 2018, 21:52
            0
            • S SGaist
              15 Nov 2018, 21:35

              It's still something for macdeployqt as you can do the code signing through it.

              A Offline
              A Offline
              AndyBrice
              wrote on 15 Nov 2018, 21:52 last edited by
              #6

              I didn't know that macdeployqt supported codesign. You learn something new every day!

              There is a request to support hardened runtimes in Qt:
              https://bugreports.qt.io/projects/QTBUG/issues/QTBUG-71291?filter=allissues

              1 Reply Last reply
              1
              • S Offline
                S Offline
                SGaist
                Lifetime Qt Champion
                wrote on 15 Nov 2018, 21:54 last edited by
                #7

                You should add the links you provided here to the report, they have some useful information.

                Interested in AI ? www.idiap.ch
                Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                1 Reply Last reply
                0
                • A Offline
                  A Offline
                  AndyBrice
                  wrote on 16 Nov 2018, 12:31 last edited by
                  #8

                  I did get it working. Adding "-o runtime" to codesign was the key. I will write it up into a blog post and link here and in the bug report.

                  1 Reply Last reply
                  0
                  • A Offline
                    A Offline
                    AndyBrice
                    wrote on 16 Nov 2018, 15:51 last edited by
                    #9

                    I wrote it up the whole process here:

                    https://successfulsoftware.net/2018/11/16/how-to-notarize-your-software-on-macos/

                    --
                    Andy Brice
                    https://www.hyperplan.com
                    https://www.perfecttableplan.com
                    https://www.successfulsoftware.net

                    M 1 Reply Last reply 12 Aug 2020, 13:43
                    5
                    • J Offline
                      J Offline
                      Juan Garcia
                      wrote on 14 Jan 2020, 10:22 last edited by
                      #10

                      @AndyBrice thanks for the post, it helps a lot. Is there any way to automatize the process? I'm including notarizing process in my CI/CD and it is being a pain ...

                      M 1 Reply Last reply 12 Aug 2020, 16:15
                      0
                      • P Offline
                        P Offline
                        PSI_lbc
                        wrote on 21 Jan 2020, 23:07 last edited by
                        #11

                        Does anyone have any thoughts on how the notariztion would work if your app bundle contains a helper app (.exe) that the app bundle .exe launches?

                        Example: The app bundle is named MyApp. In the /MacOS folder inside the app bundle is MyApp.exe. The helper app that gets launched as a Qt process is in the same folder and is named MyHelper.exe.

                        Does the helper app get notarized first or does it need to notarized at all?

                        M 1 Reply Last reply 12 Aug 2020, 13:47
                        1
                        • A AndyBrice
                          16 Nov 2018, 15:51

                          I wrote it up the whole process here:

                          https://successfulsoftware.net/2018/11/16/how-to-notarize-your-software-on-macos/

                          --
                          Andy Brice
                          https://www.hyperplan.com
                          https://www.perfecttableplan.com
                          https://www.successfulsoftware.net

                          M Offline
                          M Offline
                          Martin Delille - Lylo
                          wrote on 12 Aug 2020, 13:43 last edited by
                          #12

                          @AndyBrice I followed your article and I thank you for that!

                          I'm developping an application that access the microphone but unfortunately since I added the -o runtime option to the codesigning process I don't have recording capabilities anymore (the pop up asking for microphone acces doesn't show up). Any idea how this option could affect the access to the device capabilities?

                          M 1 Reply Last reply 12 Aug 2020, 16:11
                          0
                          • P PSI_lbc
                            21 Jan 2020, 23:07

                            Does anyone have any thoughts on how the notariztion would work if your app bundle contains a helper app (.exe) that the app bundle .exe launches?

                            Example: The app bundle is named MyApp. In the /MacOS folder inside the app bundle is MyApp.exe. The helper app that gets launched as a Qt process is in the same folder and is named MyHelper.exe.

                            Does the helper app get notarized first or does it need to notarized at all?

                            M Offline
                            M Offline
                            Martin Delille - Lylo
                            wrote on 12 Aug 2020, 13:47 last edited by Martin Delille - Lylo 8 Dec 2020, 16:15
                            #13
                            This post is deleted!
                            1 Reply Last reply
                            0
                            • M Martin Delille - Lylo
                              12 Aug 2020, 13:43

                              @AndyBrice I followed your article and I thank you for that!

                              I'm developping an application that access the microphone but unfortunately since I added the -o runtime option to the codesigning process I don't have recording capabilities anymore (the pop up asking for microphone acces doesn't show up). Any idea how this option could affect the access to the device capabilities?

                              M Offline
                              M Offline
                              Martin Delille - Lylo
                              wrote on 12 Aug 2020, 16:11 last edited by Martin Delille - Lylo 8 Dec 2020, 16:13
                              #14

                              @Martin-Delille-Lylo Ok I found the solution to my problem: I needed to add the proper entitlement when codesigning: https://developer.apple.com/library/archive/documentation/Miscellaneous/Reference/EntitlementKeyReference/Chapters/EnablingAppSandbox.html

                              codesign --deep --force –verify --verbose \
                                       --sign “Developer ID Application: Phonations” \
                                       --options runtime \
                                       --entitlements myentitlements.plist \
                                       myApp.app
                              
                              1 Reply Last reply
                              0
                              • J Juan Garcia
                                14 Jan 2020, 10:22

                                @AndyBrice thanks for the post, it helps a lot. Is there any way to automatize the process? I'm including notarizing process in my CI/CD and it is being a pain ...

                                M Offline
                                M Offline
                                Martin Delille - Lylo
                                wrote on 12 Aug 2020, 16:15 last edited by
                                #15

                                @Juan-Garcia The full process is totally automatic on my side. What do you lack in @AndyBrice article? Maybe this script https://github.com/create-dmg/create-dmg ?

                                dporobicD 1 Reply Last reply 17 Dec 2020, 17:29
                                0
                                • M Martin Delille - Lylo
                                  12 Aug 2020, 16:15

                                  @Juan-Garcia The full process is totally automatic on my side. What do you lack in @AndyBrice article? Maybe this script https://github.com/create-dmg/create-dmg ?

                                  dporobicD Offline
                                  dporobicD Offline
                                  dporobic
                                  wrote on 17 Dec 2020, 17:29 last edited by
                                  #16

                                  @Martin-Delille-Lylo Would be nice if you could provide an example of your automated process. I'm trying to make this work on TravisCI.

                                  https://github.com/ksnip/ksnip

                                  dporobicD 1 Reply Last reply 21 Dec 2020, 19:59
                                  0
                                  • dporobicD dporobic
                                    17 Dec 2020, 17:29

                                    @Martin-Delille-Lylo Would be nice if you could provide an example of your automated process. I'm trying to make this work on TravisCI.

                                    dporobicD Offline
                                    dporobicD Offline
                                    dporobic
                                    wrote on 21 Dec 2020, 19:59 last edited by
                                    #17

                                    @Martin-Delille-Lylo how did you manage to staple the result to the dmg file? When my script gets to the staple part the notarization is not finished on the Apple side. Is there way to query the status?

                                    https://github.com/ksnip/ksnip

                                    dporobicD 1 Reply Last reply 21 Dec 2020, 22:07
                                    0
                                    • dporobicD dporobic
                                      21 Dec 2020, 19:59

                                      @Martin-Delille-Lylo how did you manage to staple the result to the dmg file? When my script gets to the staple part the notarization is not finished on the Apple side. Is there way to query the status?

                                      dporobicD Offline
                                      dporobicD Offline
                                      dporobic
                                      wrote on 21 Dec 2020, 22:07 last edited by
                                      #18

                                      Ok, got it fully automated running on Travis CI with the script below, might need some cleaning up but it seems to be working.

                                      ```
                                      macdeployqt ksnip.app -dmg -sign-for-notarization="${APPLE_DEV_IDENTITY}"
                                      mv ksnip.dmg ksnip-${VERSION}.dmg
                                      
                                      echo "--> Start Notarization process"
                                      response=$(xcrun altool -t osx -f ksnip-${VERSION}.dmg --primary-bundle-id org.ksnip.ksnip --notarize-app -u ${APPLE_DEV_USER} -p ${APPLE_DEV_PASS})
                                      requestUUID=$(echo "${response}" | tr ' ' '\n' | tail -1)
                                      
                                      while true; do
                                        echo "--> Checking notarization status"
                                      
                                        statusCheckResponse=$(xcrun altool --notarization-info ${requestUUID} -u ${APPLE_DEV_USER} -p ${APPLE_DEV_PASS})
                                      
                                        isSuccess=$(echo "${statusCheckResponse}" | grep "success")
                                        isFailure=$(echo "${statusCheckResponse}" | grep "invalid")
                                      
                                        if [[ "${isSuccess}" != "" ]]; then
                                            echo "Notarization done!"
                                            xcrun stapler staple -v ksnip-${VERSION}.dmg
                                            echo "Stapler done!"
                                            break
                                        fi
                                        if [[ "${isFailure}" != "" ]]; then
                                            echo "Notarization failed"
                                            return 1
                                        fi
                                        echo "Notarization not finished yet, sleep 2m then check again..."
                                        sleep 120
                                      done
                                      ```
                                      

                                      Useful links:
                                      https://successfulsoftware.net/2018/11/16/how-to-notarize-your-software-on-macos/
                                      https://www.logcg.com/en/archives/3222.html
                                      https://www.update.rocks/blog/osx-signing-with-travis/

                                      https://github.com/ksnip/ksnip

                                      1 Reply Last reply
                                      1

                                      • Login

                                      • Login or register to search.
                                      • First post
                                        Last post
                                      0
                                      • Categories
                                      • Recent
                                      • Tags
                                      • Popular
                                      • Users
                                      • Groups
                                      • Search
                                      • Get Qt Extensions
                                      • Unsolved