Adobe AIR / macOS 10.14.5 requires developers create Developer ID certificate

Report · Apr 13, 2019

I've received this email for Mac OS Applications. Does this include all Adobe AIR Desktop Apps to run on the latest MacOS?

Dear Developer,

We’re working with developers to create a safer Mac user experience through a process where all software, whether distributed on the App Store or outside of it, is signed or notarized by Apple. With the public release of macOS 10.14.5, we require that all developers creating a Developer ID certificate for the first time notarize their apps, and that all new and updated kernel extensions be notarized as well. This will help give users more confidence that the software they download and run, no matter where they get it from, is not malware by showing a more streamlined Gatekeeper interface. In addition, we’ve made the following enhancements to the notarization process.

Legacy code is fully supported, even if it contains unsigned binaries. While new software and updates require proper signatures in order to be notarized, you can upload your existing software as-is.
Apps with plugin ecosystems are better supported.
Stapler supports all types of bundles and plugins.
Xcode 10.2 adds secure timestamps and other code signing options required by the notary service.

Related documentation has also been improved. We encourage you to take look at Notarizing Your Apps Before Distribution and Hardened Runtime Entitlements.

If you have any questions, contact us.

Best regards,

Apple Developer Relations

I wonder if we update our Adobe AIR Apps for Mac (Desktop), would we need to use the Apple Certificates?

Do Only Apps distributed on Desktop App Store need to be signed?... or All Apps (even if outside App Store)? If so, it is mandatory to Sign all Apps (in & out of Mac App Store)... how do we go about doing so?

Report · Jun 20, 2019

Sorry, I use poor English.

macOS 10.15 Catalina require apps to support 64 bit and be notarized.
You need to handle regardless of where you are selling.
Adobe AIR developers need to use altool(CLI).

Please see here for details
https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/customizi...

Simply put, We upload a app(probably signed with "codesign" command) to Apple.
Apple will automatically check and notarize.

Report · Aug 18, 2019

As KR-san said, all apps need to be notarized. Has anyone gotten an AIR app notarized? I thought I was almost through and right before the stapling, I got errors about unsigned binaries, insecure timestamps, and not having a hardened runtime. I did use --deep --force for recursively signing binaries, I used to --options runtime in the xcrun altool for hardened runtime, and I don't know what I could do for the timestamps, but my certificates are current.

I emailed Apple, especially since they say you can notarize an app even with unsigned binaries, but I don't know what they will help with regarding the other issues.

-jonathan

Report · Nov 12, 2019

Need help Notarization our AIR Captivate package installer in Mac OS, error: Apple cannot check it

So we have compiled our application to a dmg using the command utilities and everything is well.

Now we wanted to package it for distribution so we used the commands:

productbuild --component /Users/sean/Desktop/Mac/StudioProMac/src/StudioProMac.app /Applications/ ~/StudioProMac.pkg
productsign --sign "Developer ID Installer: Abc Inc (NH59LQ8XXX)" --keychain ~/Library/Keychains/login.keychain-db ~/StudioProMac.pkg ~/StudioProMacSigned.pkg

and all is well, we created a .pkg installer.

However if a user double clicks on it install our captivate AIR (dmg) app, they receive an error of:

StudioProMacSigned.pkg can't be opened because Apple cannot check it for malicious software dialog.

I believe we maybe need to Notorize it?

Any help is appreciated,

Sean

Report · Jun 10, 2020

Hello all

I just developed Air application and packaged as captive runtime bundle .app for Mac distribution outside of app store. Works up to Mojave, Catalina complains of unidentified developer. Need help figuring out how to sign with apple developer id. Is notarizing really required step ? How long does it take ?

Can somebody share success story of packaging Air app for latest Mac OS ? Any advice greatly appreciated.

Thanks

Dennis V.

Report · Jun 11, 2020

Yes you must now notarize your app if you are sef-distributing and want to run on Catalina.

This is an Apple requirement and affects not only AIR apps but native, electron etc etc.

See here for single scripts to correctly package, sign, notarize, validate etc either an App Store or Self Distributed Notarized App (aka Developer ID Application) pkg.

https://github.com/tuarua/WebViewANE/tree/master/mac_installer