By default, Xcode Server signs binaries using a development certificate, not a distribution one. Unfortunately there is no built-in option to make it use a Developer ID certificate. What’s the solution?
Notarization is a fully automated process, unlike going through the App Store which involves manual human review. At least it’s automated in Apple’s side. However it could consume a non-negligible amount of brain bandwidth in your side. How about automating it?
Continuous testing is paramount to ship serous software. Yet continuously running tests is a pensive productivity plight. Is it possible to automate testing? Yes you can.
Xcode 13 brought a new notarization tool. What is it and how much better compared to the old one?
“I want a REST API for notarization since it’s impossible to parse text coming from the notarization tool reliably.” What if I say that the command line API is the best method for integration with build pipelines? Read on to find out more.
Notarization may take just a few clicks in Xcode, but this takes time and a security risk. You include notarization as part of your continuous delivery pipeline. Here’s how.
Distributing binaries for macOS outside the App Store requires registering it with Apple beforehand—notarizing it. But do you know what can be submitted for notarization?
A popular image processing library has a vulnerability that can cause denial of service by a maliciously-crafted file causing the application to consume too much memory. Should you upgrade or is there another solution?
Including passwords into the source tree is a big security breach. Similarly including passwords into build jobs would be insecure. Learn how to securely provide Apple ID credentials into notarization jobs.
The App Store Small Business Program offers lowered commission cost with one big caveat: no app transfer. But apps graduating from a “hobby” into a “small business” would definitely involve transferring ownership. Read how to transfer apps without engaging in the app transfer process and losing out on the program’s benefits.
Compiled code can conclude the instruction set through conditional compilation. But what about processor-independent scripts? Finding out the current native processor architecture and emulation status thereof would be very useful in build systems that doesn’t support cross-compilations. Find out how a shell script can find out whether it is running under Apple’s processor, Intel, or emulated.
Being in the “bleeding edge” has its drawbacks in addition to benefits. Blazing a fresh trail means it’s more rough and plenty of unknowns. Similarly in open source software, support for the ARM architecture is slim and even slimmer on the Mac. But there is a way to run “legacy” Intel-only command line apps on the Mac.
Distributing macOS apps as ZIP archives has been quaint since Sierra. Today’s macOS packaging requirements mandates notarization, otherwise it would say that your app is suspicious. This often means distributing apps within disk images since this container format can be signed, notarized, and stapled.
Publishing similar apps is considered spamming. Yet there are valid reasons to develop multiple apps from the same code base. Here is what you need to know to avoid being labeled as spammer by app reviewers.