Skip to content

Instantly share code, notes, and snippets.

@nmoinvaz

nmoinvaz/cxosxnotarize.md

Last active Aug 7, 2020
Embed
What would you like to do?
Cross-Platform macOS Notarization

Cross-Platform macOS Notarization

Requires cross-platform iTMSTransporter tool written in Java. The Transporter command line utility uploads app binaries to iTunes Connect. It uses third-party delivery methods called Signiant and Aspera.

https://itunesconnect.apple.com/transporter/1.9.8/iTMSTransporterToolInstaller_1.9.8.exe https://help.apple.com/itc/transporteruserguide/#/apdAbeb95d60

iTMSTransporter contains several jar files that can be run with Java. They have a self-update mechanism that will update to the latest version of iTMSTransporter.

  1. Create an iTunes Music Store Package (.itmsp directory)
  2. Copy files to upload to .itmsp directory
  3. Generate metadata.xml with correct hashes
<?xml version="1.0" encoding="UTF-8"?>
<package version="software5.9" xmlns="http://apple.com/itunes/importer">
    <software_assets
        app_platform="osx"
        primary_bundle_identifier="com.xyzco.app">
        <asset type="developer-id-package">
            <data_file>
                <file_name>xyz.dmg</file_name>
                <checksum type="md5">1d6de88ace92f22c815cc9663d902609</checksum>
                <size>2299183</size>
            </data_file>
        </asset>
    </software_assets>
</package>
  1. Use the Transporter to upload the package
java iTMSTransporter.jar -m upload -u [Apple ID e-mail] -p [Apple App-ID Token] -f [Directory of .itmsp]
// Possibly use -json argument to get json response easily
  1. Parse response to get upload_id

  2. Check status of upload until the service is finished processing

    1. JSON-RPC request to generateAppleConnectToken
    2. JSON-RPC request to developerIDPlusInfoForPackageWithArguments with upload_id (reponse contains DevIDPlus)
  3. Request ticket from https://api.apple-cloudkit.com/database/1/com.apple.gk.ticket-delivery/production/public/records/lookup using POST

{"records":[{"recordName":"2/2/4dca04a3465b95866423323d7f3e1e31ad3ac0ef"}]}
4dca04a3465b95866423323d7f3e1e31ad3ac0ef = cd hash of software
  1. Response returns signedTicket with base64 encoded asn1 signed ticket

  2. Add signed ticket info into code sign blob of software. Code sign blob is a super blob, signed ticket is added to the super blob as a blob wrapper.

Additional Resources

  1. https://itunespartner.apple.com/en/movies/faq/Transporter_Getting%20Set%20Up
  2. https://help.apple.com/itc/transporteruserguide/
  3. https://developer.apple.com/videos/play/wwdc2015/304/
  4. https://discussions.apple.com/thread/4960669
  5. https://derflounder.wordpress.com/2019/04/10/notarizing-automator-applications/
  6. https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/customizing_the_notarization_workflow
  7. https://asperasoft.com/
  8. https://www.signiant.com/
  9. https://github.com/pingwinator/ipa2itc/
  10. https://stackoverflow.com/questions/16582119/how-to-use-itmstransporter
@qq5000521

This comment has been minimized.

Copy link

@qq5000521 qq5000521 commented Aug 7, 2020

Support on windows, apple has been hidden.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment