Is a DMG Required to be notarised to pass Gatekeeper on Catalina

1
votes

I updated my Mac OS to Catalina beta version and got gatekeeper warning on unmounting DMG by Gatekeeker as "MyApp.app cannot be opened because apple cannot check it for maicious content".But this was not the case after Catalina beta 3 release.The DMG was able to mount without any warning.But can't just rely on this observation as I had made a gatekeeper reset for fixing it before updating to beta 3.

Is DMG required to be notarised by apple or just notarising the app and then creating DMG from the same will do?

2
macoscocoaxcode10

2 Answers

1
votes

"Required"? – based solely on the "documentation", to be so definitive might be challenging... However a process which has been found to work is:

  1. Notarise the app, you can do this from Xcode
  2. Build a DMG containing the notarised app. This DMG must be signed, depending on how you build your DMG your tool might directly support this or you may need to do it as an extra step at the command line with codesign.
  3. Use the command line xcrun altool to upload, notarise, and staple your DMG. For this process read Customizing the Notarization Workflow.

The resultant DMG should pass all GateKeeper checks.

HTH

0
votes

You must choose between a dmg or a zip file. There was a third option, but was deprecated by Apple. If you try to upload the app directly, you will surely get an error.

Use of a disk image (.dmg) is the preferred way as you can sign it and staple it with the result of the notarization process, while you cannot do that directly to a zip file. For further information go here.