If the application is packaged into the installer package and it is deployed, the installer package also need to support the Notarization Services.
This article explains that how to support Notarization Services for the installer.
Overview of How to make the installer
The installer of macOS is created with following 2 steps.
- Create the component package with
pkgbuild. - Create the deployment installer with
productbuild.
If the deployment file is disk image format, the step to create the dmg file with hdiutils will be followed.
And you will upload it to the Apple Notarization Services.
Prerequirements of the Notarization
In prerequirements of the notarization, following things are related to the installer.
- Code-sign with the Developer ID Application Certificate or the Developer ID Installer Certificate.
- Contains the secure-timestamp.
I have used Developer ID Installer Certificate. I don’t know the Developer ID Application can be used.
The Component Package and The Deployment Installer
The deployment installer consists with some of component packages.
The component package is created per selection of the custom install. The custom install is a function that the user can select to install or skip.
If the installer only have express install and doesn’t have a custom install, required component package is only one.
In general, the component package is created per the installation target directory. For example:
- Main Application
- Extensions such as a driver
- Additional module such as a plugin module
- Document files such as a reference, help, and so on
Notarize the installer
To notarize the installer, the both of the component package and the deployment installer satisfy the prerequirements.
Code-Signing of the Component Package
To code-sign the component package, add the --sign option and the --timestamp option to the pkgbuild argument.
For example:
pkgbuild --root root_dir \
--component-plist components.plist \
--identifier "com.example.app" \
--version "1.0.0" \
--install-location "/Applications" \
--sign "Developer ID Installer: Example" \
--timestamp \
com.example.app.pkg
Specify the certification with --sign option and contains the secure-timestamp with --timestamp option.
Code-Signing of the Deployment Installer
To code-sign the deployment installer, add the --sign option and the --timestamp option to the productbuild argument.
For example:
productbuild --distribution "distribution.xml" \
--package-path "./" \
--resources "Resources" \
--sign "Developer ID Installer: Example" \
--timestamp \
ExampleApp.pkg
Same as the pkgbuild argument. Specify the certification with --sign option and contains the secure-timestamp with --timestamp option.