How to sign and notarize a macOS app with Conveyor
Pre-reqs On a mac (possibly not needed, but I didn't test on windows/linux) Want a notarized mac app (self-distribution, not on mac app store, although it may still work for mac app store, not sure) Need an apple dev account ($100 a year) Go to ~/Library/Preferences/Hydraulic/Conveyor/ Inside of that folder there will be apple.csr Source: https://conveyor.hydraulic.dev/17.0/running/#initial-setup-and-default-config Go to https://developer.apple.com/account/resources/certificates/add and click "Developer ID Application". The page will now show you two different certs. It seems like an "older" cert format is auto-selected, but the new one works and has a longer expiration. Apple will give you a .cer. Place it somewhere (I just put it in my Conveyor Prefs directory) Now you need an api key to use apple's notarization service. Go to https://appstoreconnect.apple.com/access/integrations/api and create it with the "Developer" role. Source: https://conveyor.hydraulic.dev/17.0/configs/keys-and-certificates/#configure-apple-notarization Your final defaults.conf: # Your private root key, from which all other generated keys are deterministically derived. app.signing-key = "keyring" # Credentials needed for the macOS app approval process. app.mac.notarization { issuer-id = abc-123-123-123-ABC123 key-id = ABC123123 private-key = /Users/cidle/Library/Preferences/Hydraulic/Conveyor/AuthKey_ABC123.p8 } app.mac.certificate = /Users/cidle/Library/Preferences/Hydraulic/Conveyor/cert_from_apple.cer Note: Even though the docs make it seem like you might need app.mac.signing-key, you do not. Note 2: app.mac.certificate can be a relative path (to the defaults.conf) it doesn't have to be absolute
Pre-reqs
- On a mac (possibly not needed, but I didn't test on windows/linux)
- Want a notarized mac app (self-distribution, not on mac app store, although it may still work for mac app store, not sure)
- Need an apple dev account ($100 a year)
- Go to
~/Library/Preferences/Hydraulic/Conveyor/Inside of that folder there will beapple.csr
Source: https://conveyor.hydraulic.dev/17.0/running/#initial-setup-and-default-config
- Go to https://developer.apple.com/account/resources/certificates/add and click "Developer ID Application". The page will now show you two different certs. It seems like an "older" cert format is auto-selected, but the new one works and has a longer expiration.
Apple will give you a
.cer. Place it somewhere (I just put it in my Conveyor Prefs directory)Now you need an api key to use apple's notarization service. Go to https://appstoreconnect.apple.com/access/integrations/api and create it with the "Developer" role.
Source: https://conveyor.hydraulic.dev/17.0/configs/keys-and-certificates/#configure-apple-notarization
Your final defaults.conf:
# Your private root key, from which all other generated keys are deterministically derived.
app.signing-key = "keyring"
# Credentials needed for the macOS app approval process.
app.mac.notarization {
issuer-id = abc-123-123-123-ABC123
key-id = ABC123123
private-key = /Users/cidle/Library/Preferences/Hydraulic/Conveyor/AuthKey_ABC123.p8
}
app.mac.certificate = /Users/cidle/Library/Preferences/Hydraulic/Conveyor/cert_from_apple.cer
Note: Even though the docs make it seem like you might need app.mac.signing-key, you do not.
Note 2: app.mac.certificate can be a relative path (to the defaults.conf) it doesn't have to be absolute
