To review the apps and helpers that startup when you log in Launch System Preferences from the Apple menu and click on the Users & Groups pane. Click the padlock and type in your password. Then select your username in the left panel and click the Login Items tab. For enterprises, it is important to verify both that essential apps are not reliant on kexts before upgrading to the new OS, and to ensure all your key apps are compatible with Big Sur.
** Please note: WordPress keeps mangling my code examples by changing double dash to single dash. I tried to fix it. But it changed them all back again! If anyone knows how to get around this, please put something in the comments. **
Apple now wants you to ‘notarize’ your software. This is a process where you upload your software to Apple’s server so it can be scanned and certified malware free. This will probably become compulsory at some point, even (especially?) if your software isn’t in the Apple app store. Apple says:
Give users even more confidence in your software by submitting it to Apple to be notarized. The service automatically scans your Developer ID-signed software and performs security checks. When it’s ready to export for distribution, a ticket is attached to your software to let Gatekeeper know it’s been notarized.
…
When users on macOS Mojave first open a notarized app, installer package, or disk image, they’ll see a more streamlined Gatekeeper dialog and have confidence that it is not known malware.
Mac How To Uninstall App
…
Note that in an upcoming release of macOS, Gatekeeper will require Developer ID signed software to be notarized by Apple.
Documentation on notarization is a bit thin on the ground, especially if you want to notarize software that wasn’t built using XCode (I build my software using QtCreator). So I am writing up my experiences here.
First you need to ensure you have macOS 10.14 and XCode 10 installed (with command line tools) and you need a current Apple developer account.
Codesign your app with ‘hardened runtime’ using –options runtime :
codesign –deep –force –verify –verbose –sign “Developer ID Application:<developer id>” –options runtime <app file>
How To Verify An App On Mac Shortcut
E.g.:
codesign –deep –force –verify –verbose –sign “Developer ID Application: Acme Ltd” –options runtime myApp.app
A ‘hardened runtime’ limits the data and resourced an application can access. I’m not sure what the exact ramification of this are. But it doesn’t seem to have restrict my software from doing anything it could do previously.
You can check the signing with:
codesign –verify –verbose=4 <app file>
E.g.:
codesign –verify –verbose=4 myApp.app
Now package your app into a .dmg (e.g. using DropDMG). Then upload the .dmg to Apple’s servers:
xcrun altool -t osx -f <dmg file> –primary-bundle-id <bundle id> –notarize-app –username <username>
E.g.:
xcrun altool -t osx -f myApp.dmg –primary-bundle-id com.acme.myapp –notarize-app –username me@acme.com
You will be prompted for your Apple developer password (or you can include it on the command line).
Mac How To Delete App
You now have to wait a few minutes. If the upload is successful “No errors uploading ” will be shown and a unique ID will be returned. You then have to use this to request your upload be scanned:
xcrun altool –notarization-info <notarize ID> -u <username>
E.g.:
xcrun altool –notarization-info xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx -u me@acme.com
You will be prompted for your Apple developer password (or you can include it on the command line).
Hopefully you will see “Status Message: Package Approved”. If the notarization fails, you should be sent a link to an online log file describing the issue. If the notarization completes successfully you need to ‘staple’ the results to your .dmg:
xcrun stapler staple -v <dmg file>
E.g.:
xcrun stapler staple -v myApp.dmg
The stapler outputs a log including some odd phrases. Mine included: “Humanity must endure”, “Let’s see how that works out. “, “Adding 1 blobs to superblob. What about Blob?” and “Enjoy”. Weird. Hopefully it will end with “The staple and validate action worked!”.
Finally you can unpack your .dmg into a .app and verify it with:
spctl -a -v <app file>
E.g.
spctl -a -v /Applications/myApp.app
On macOS 10.14 (but not earlier OSs) it should say “source=Notarized Developer ID”. Your software should now run on 10.14 without a warning dialog. Congratulations!
It all seems rather clumsy. As you have to wait asynchronously for the unique ID to be returned from step 1 before you can complete step 2, it is not easy to fully automate in a script. This is a major pain the arse. If anyone works out a way to automate it the whole process, please let me know.
Here are some links to the various posts that I gleaned this information from:
https://cycling74.com/forums/apple-notarizing-for-mojave-10-14-and-beyond
https://www.mbsplugins.de/archive/2018-11-02/Notarize_apps_for_MacOS
https://forum.xojo.com/50655-how-to-codesign-and-notarise-your-app-for-macos-10-14-and-highe
https://forum.xojo.com/49408-10-14-hardened-runtime-and-app-notarization/11
https://stackoverflow.com/questions/53112078/how-to-upload-dmg-file-for-notarization-in-xcode
https://lapcatsoftware.com/articles/debugging-mojave.html
There’s nothing faster than launching a Speedtest straight from your Mac toolbar. Download the free Speedtest macOS app today for the quickest way to check your connectivity. Get a real-time check of your ISP’s performance and detect trends over time with data on:
- Download speed
- Upload speed
- Ping
- Jitter
- Packet loss
Available in 17 languages
Our mission at Speedtest by Ookla® is to make the internet faster by providing data and insights on real-world internet speeds. With billions of tests worldwide, we meet you where you are with apps for the devices you use most.