Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. Installation and Deployment
  4. How to 'notarize' Qt application on MacOS?
Forum Updated to NodeBB v4.3 + New Features

How to 'notarize' Qt application on MacOS?

Scheduled Pinned Locked Moved Unsolved Installation and Deployment
18 Posts 6 Posters 5.9k Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • SGaistS Offline
    SGaistS Offline
    SGaist
    Lifetime Qt Champion
    wrote on last edited by
    #2

    Hi,

    AFAIK, it's not yet supported and would likely rather be part of macdeployqt, I'd recommend checking the bug report system to see if there's anything related. If not, you should consider opening a feature request providing your findings.

    Interested in AI ? www.idiap.ch
    Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

    1 Reply Last reply
    1
    • AndyBriceA Offline
      AndyBriceA Offline
      AndyBrice
      wrote on last edited by AndyBrice
      #3

      According to:

      https://github.com/sparkle-project/Sparkle/issues/1266

      It might just be a case of adding:

      -o runtime

      To my codesign arguments. In which case it might be a bit out of scope for macdeployqt.

      1 Reply Last reply
      0
      • AndyBriceA Offline
        AndyBriceA Offline
        AndyBrice
        wrote on last edited by
        #4

        Also notarization is (weirdly) an asynchronous multi-step process.

        if I get it working I will write it up and post a link here.

        1 Reply Last reply
        1
        • SGaistS Offline
          SGaistS Offline
          SGaist
          Lifetime Qt Champion
          wrote on last edited by
          #5

          It's still something for macdeployqt as you can do the code signing through it.

          Interested in AI ? www.idiap.ch
          Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

          AndyBriceA 1 Reply Last reply
          0
          • SGaistS SGaist

            It's still something for macdeployqt as you can do the code signing through it.

            AndyBriceA Offline
            AndyBriceA Offline
            AndyBrice
            wrote on last edited by
            #6

            I didn't know that macdeployqt supported codesign. You learn something new every day!

            There is a request to support hardened runtimes in Qt:
            https://bugreports.qt.io/projects/QTBUG/issues/QTBUG-71291?filter=allissues

            1 Reply Last reply
            1
            • SGaistS Offline
              SGaistS Offline
              SGaist
              Lifetime Qt Champion
              wrote on last edited by
              #7

              You should add the links you provided here to the report, they have some useful information.

              Interested in AI ? www.idiap.ch
              Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

              1 Reply Last reply
              0
              • AndyBriceA Offline
                AndyBriceA Offline
                AndyBrice
                wrote on last edited by
                #8

                I did get it working. Adding "-o runtime" to codesign was the key. I will write it up into a blog post and link here and in the bug report.

                1 Reply Last reply
                0
                • AndyBriceA Offline
                  AndyBriceA Offline
                  AndyBrice
                  wrote on last edited by
                  #9

                  I wrote it up the whole process here:

                  https://successfulsoftware.net/2018/11/16/how-to-notarize-your-software-on-macos/

                  --
                  Andy Brice
                  https://www.hyperplan.com
                  https://www.perfecttableplan.com
                  https://www.successfulsoftware.net

                  M 1 Reply Last reply
                  5
                  • J Offline
                    J Offline
                    Juan Garcia
                    wrote on last edited by
                    #10

                    @AndyBrice thanks for the post, it helps a lot. Is there any way to automatize the process? I'm including notarizing process in my CI/CD and it is being a pain ...

                    M 1 Reply Last reply
                    0
                    • P Offline
                      P Offline
                      PSI_lbc
                      wrote on last edited by
                      #11

                      Does anyone have any thoughts on how the notariztion would work if your app bundle contains a helper app (.exe) that the app bundle .exe launches?

                      Example: The app bundle is named MyApp. In the /MacOS folder inside the app bundle is MyApp.exe. The helper app that gets launched as a Qt process is in the same folder and is named MyHelper.exe.

                      Does the helper app get notarized first or does it need to notarized at all?

                      M 1 Reply Last reply
                      1
                      • AndyBriceA AndyBrice

                        I wrote it up the whole process here:

                        https://successfulsoftware.net/2018/11/16/how-to-notarize-your-software-on-macos/

                        --
                        Andy Brice
                        https://www.hyperplan.com
                        https://www.perfecttableplan.com
                        https://www.successfulsoftware.net

                        M Offline
                        M Offline
                        Martin Delille - Lylo
                        wrote on last edited by
                        #12

                        @AndyBrice I followed your article and I thank you for that!

                        I'm developping an application that access the microphone but unfortunately since I added the -o runtime option to the codesigning process I don't have recording capabilities anymore (the pop up asking for microphone acces doesn't show up). Any idea how this option could affect the access to the device capabilities?

                        M 1 Reply Last reply
                        0
                        • P PSI_lbc

                          Does anyone have any thoughts on how the notariztion would work if your app bundle contains a helper app (.exe) that the app bundle .exe launches?

                          Example: The app bundle is named MyApp. In the /MacOS folder inside the app bundle is MyApp.exe. The helper app that gets launched as a Qt process is in the same folder and is named MyHelper.exe.

                          Does the helper app get notarized first or does it need to notarized at all?

                          M Offline
                          M Offline
                          Martin Delille - Lylo
                          wrote on last edited by Martin Delille - Lylo
                          #13
                          This post is deleted!
                          1 Reply Last reply
                          0
                          • M Martin Delille - Lylo

                            @AndyBrice I followed your article and I thank you for that!

                            I'm developping an application that access the microphone but unfortunately since I added the -o runtime option to the codesigning process I don't have recording capabilities anymore (the pop up asking for microphone acces doesn't show up). Any idea how this option could affect the access to the device capabilities?

                            M Offline
                            M Offline
                            Martin Delille - Lylo
                            wrote on last edited by Martin Delille - Lylo
                            #14

                            @Martin-Delille-Lylo Ok I found the solution to my problem: I needed to add the proper entitlement when codesigning: https://developer.apple.com/library/archive/documentation/Miscellaneous/Reference/EntitlementKeyReference/Chapters/EnablingAppSandbox.html

                            codesign --deep --force –verify --verbose \
                                     --sign “Developer ID Application: Phonations” \
                                     --options runtime \
                                     --entitlements myentitlements.plist \
                                     myApp.app
                            
                            1 Reply Last reply
                            0
                            • J Juan Garcia

                              @AndyBrice thanks for the post, it helps a lot. Is there any way to automatize the process? I'm including notarizing process in my CI/CD and it is being a pain ...

                              M Offline
                              M Offline
                              Martin Delille - Lylo
                              wrote on last edited by
                              #15

                              @Juan-Garcia The full process is totally automatic on my side. What do you lack in @AndyBrice article? Maybe this script https://github.com/create-dmg/create-dmg ?

                              dporobicD 1 Reply Last reply
                              0
                              • M Martin Delille - Lylo

                                @Juan-Garcia The full process is totally automatic on my side. What do you lack in @AndyBrice article? Maybe this script https://github.com/create-dmg/create-dmg ?

                                dporobicD Offline
                                dporobicD Offline
                                dporobic
                                wrote on last edited by
                                #16

                                @Martin-Delille-Lylo Would be nice if you could provide an example of your automated process. I'm trying to make this work on TravisCI.

                                https://github.com/ksnip/ksnip

                                dporobicD 1 Reply Last reply
                                0
                                • dporobicD dporobic

                                  @Martin-Delille-Lylo Would be nice if you could provide an example of your automated process. I'm trying to make this work on TravisCI.

                                  dporobicD Offline
                                  dporobicD Offline
                                  dporobic
                                  wrote on last edited by
                                  #17

                                  @Martin-Delille-Lylo how did you manage to staple the result to the dmg file? When my script gets to the staple part the notarization is not finished on the Apple side. Is there way to query the status?

                                  https://github.com/ksnip/ksnip

                                  dporobicD 1 Reply Last reply
                                  0
                                  • dporobicD dporobic

                                    @Martin-Delille-Lylo how did you manage to staple the result to the dmg file? When my script gets to the staple part the notarization is not finished on the Apple side. Is there way to query the status?

                                    dporobicD Offline
                                    dporobicD Offline
                                    dporobic
                                    wrote on last edited by
                                    #18

                                    Ok, got it fully automated running on Travis CI with the script below, might need some cleaning up but it seems to be working.

                                    ```
                                    macdeployqt ksnip.app -dmg -sign-for-notarization="${APPLE_DEV_IDENTITY}"
                                    mv ksnip.dmg ksnip-${VERSION}.dmg
                                    
                                    echo "--> Start Notarization process"
                                    response=$(xcrun altool -t osx -f ksnip-${VERSION}.dmg --primary-bundle-id org.ksnip.ksnip --notarize-app -u ${APPLE_DEV_USER} -p ${APPLE_DEV_PASS})
                                    requestUUID=$(echo "${response}" | tr ' ' '\n' | tail -1)
                                    
                                    while true; do
                                      echo "--> Checking notarization status"
                                    
                                      statusCheckResponse=$(xcrun altool --notarization-info ${requestUUID} -u ${APPLE_DEV_USER} -p ${APPLE_DEV_PASS})
                                    
                                      isSuccess=$(echo "${statusCheckResponse}" | grep "success")
                                      isFailure=$(echo "${statusCheckResponse}" | grep "invalid")
                                    
                                      if [[ "${isSuccess}" != "" ]]; then
                                          echo "Notarization done!"
                                          xcrun stapler staple -v ksnip-${VERSION}.dmg
                                          echo "Stapler done!"
                                          break
                                      fi
                                      if [[ "${isFailure}" != "" ]]; then
                                          echo "Notarization failed"
                                          return 1
                                      fi
                                      echo "Notarization not finished yet, sleep 2m then check again..."
                                      sleep 120
                                    done
                                    ```
                                    

                                    Useful links:
                                    https://successfulsoftware.net/2018/11/16/how-to-notarize-your-software-on-macos/
                                    https://www.logcg.com/en/archives/3222.html
                                    https://www.update.rocks/blog/osx-signing-with-travis/

                                    https://github.com/ksnip/ksnip

                                    1 Reply Last reply
                                    1

                                    • Login

                                    • Login or register to search.
                                    • First post
                                      Last post
                                    0
                                    • Categories
                                    • Recent
                                    • Tags
                                    • Popular
                                    • Users
                                    • Groups
                                    • Search
                                    • Get Qt Extensions
                                    • Unsolved