macOS app script to automate notarize

According to Apple's official description,Since macOS 10.15 Start,All downloaded from the Internet were not notarize the app,Default will not be opened,So distributed outside the App Store app,The app must also be uploaded to Apple's servers for processing before release。

Use Xcode comes archive tool can be easily notarize,But this operation can not be automated process,In order to facilitate distribution,I pocketed input method macOS 2 We have made the process of distribution automation scripts,Now,Had submitted the script to add functionality to automate the。

Command tool

Apple officials actually provide cli command,First you need to run xcode-select --install To install support,Then we use $ xcrun altool --notarize-app --primary-bundle-id "" --username "" --password "" --file "" To upload the app to the Apple server;use $ xcrun altool --notarization-info -in "" Polls check processing (although the official said in an hour,But generally soon,A few minutes to get);Finally use $ xcrun stapler staple "" To seal to the document。

What documents should I submit?

First of all,We wants to understand what (a) file should be submitted to the server,such as,You have a this compilation results,Then you may also have a Great.pkg,For the user to install,At last,In order to facilitate the distribution,You may also put this in pkg file into Great.dmg,Such,We have three,Great.pkg,Great.dmg 。

Actually, is a directory,So,If you only distribute app,Then you need to be packaged into,And then upload it to Apple's servers notarize。

In short,If you're like me,There are three files contain such a mutually,[Only] then you need to upload can be nested up Great.dmg,Apple's server will automatically open your dmg file,Remove pkg,Then removed app,And for the [three] to complete notarize。

Such,When completed notarize,Although we do not have to upload app and pkg,But still can be done separately for these two staple documents。

Item Setting

Actually,When you use Xcode comes with the archive were notarize,It completed a lot of work for you,If we do use the command,The need for additional configuration,Open your Xcode project,Build Settings project in,Set the code signature contains a timestamp,This is a must notarize operation:

Increase the time stamp signature for all items



Remove the debug file,Do not remove under note debug mode or you can not debug the


Here are some points to note,Upload results to the first output tmp File Access and query id later,Note the use of &> rather than > ,The latter can not be placed in the contents of the output tmp

for -itc_provider "your team id" This parameter,If only one developer under your Apple ID account,It does not need this parameter the,If you're like me,Apple ID in addition to their developer account,Also he joined the others in the group,Then you have a number of " provider"I need to manually specify which is uploaded to,To see your provider ,To App Store Connect,After logging in the upper right-click menu,Select Edit account information,You can find one called "Team ID" field,Inside is the content;

for --primary-bundle-id "app bundle id" ,It is your app's bundle id,If you are uploading a,Then this parameter is not required;

There is a note --password "one-time-password" This parameter,To generate a one-time password。

Wait and complete

In short,After a successful upload,We'll get tmp The last line of file:

Rely on this UUID,We can use the command to check the status of realization wait notarize,Upon successful,You can staple up。

while true; do
echo “checking for notarization…”

xcrun altool –notarization-info “$uuid” –username “Apple ID” –password “one time password” &> tmp
r= cat tmp
t= echo "$r" | grep "success"
f= echo "$r" | grep "invalid"
if [[ “$t” != “” ]]; then
echo “notarization done!”
xcrun stapler staple “”
xcrun stapler staple “Great.dmg”
echo “stapler done!”
if [[ “$f” != “” ]]; then
echo “$r”
return 1
echo “not finish yet, sleep 2m then check again…”
sleep 120
In fact this is the content returned:

But we only detect the text contains success .,Once included,On the use of xcrun stapler staple "" To complete notarize。

Then,That is, the original operation,Generate sparkle update package,Upload Distribution。



Original article written by Gerber drop-off:R0uter's Blog » macOS app script to automate notarize

Reproduced Please keep the source and description link:

About the Author


The non-declaration,I have written articles are original,Reproduced, please indicate the link on this page and my name。


  1. I took a look at xcrun altool –notarize-app primary-bundle-id documentation for this command,A bit crying and laughing。

    Include the primary-bundle-id option — which is required — to specify an identifier that helps you keep track of automated correspondence from the notarization service. The value you give doesn’t need to match the bundle identifier of the submitted app or have any particular value, as long as it makes sense to you.

    I feel like when uploading pkg,Will this bundle ID be filled in casually?

Leave a Reply

Your email address will not be published. Required fields are marked *