Twitter | Search | |
Rosyna Keller Dec 23
I won’t be back from Japan until Jan 20th. So, developers must make sure there are zero warnings in their notarization logs by February 3rd. On Feb 3rd, all warnings become hard errors that prevent Notarization tickets from being granted.
Reply Retweet Like
Christopher P. Atlan Jan 30
Replying to @rosyna
Here's a fun puzzle: An app I work on has an optional Mail plugin that deploys back to 10.13. The app and plugin are distributed via an installer package. The plugin isn’t signed, because on systems earlier than 10.15, Mail doesn’t load signed bundles for some reason.
Reply Retweet Like
Jason Harris Jan 30
Replying to @catlan @rosyna
Two installers, one notarized, one not. Wrap them both in a meta installer that uses a script to look at the OS version and hand off to the appropriate sub-installer. (Yes, gross)
Reply Retweet Like
Christopher P. Atlan Jan 30
Replying to @smeger @rosyna
Then the meta installer wouldn’t get notarized, would it?
Reply Retweet Like
Scott Morrison Jan 30
Replying to @catlan @smeger @rosyna
I know it is a pain but why not have two installers (pre 10.14 and 10.15 up) Or have one installer that is notarized and downloads the mailbundle and installs. (This is what we do)
Reply Retweet Like
Rosyna Keller
Yes, that’s the recommended path. It’s the same if you ship a kext for 10.7 or earlier (which can’t be signed) and 10.8 and later (which *must* be signed). You can put both installers on one disk image if you don’t notarize the disk image, if you find that easier for users.
Reply Retweet Like More
Ryder Mackay Jan 30
Replying to @rosyna @smorr and 2 others
I haven’t actually been able to get a signed mailbundle to load on 10.15, so I’ll probably sign it so I can still notarize the installer after Feb 3, then remove the signature post install
Reply Retweet Like
Ryder Mackay Jan 30
Replying to @rosyna @smorr and 2 others
(Thanks for forwarding my question)
Reply Retweet Like