Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
cmd/link: keep MacOS binaries compatible with Apple Notary #31918
Review this before each release, as the required SDK value will eventually change.
The minimum SDK is given by a pair of constant expressions, last seen at:
Originally raised in #30488
referenced this issue
May 8, 2019
My team used this basic fix, to change the constants as cited, with a binary that was later submitted to Apple Notary and it worked with flying colors. The Certification is officially stapled to our application. I believe this should satisfy the "NeedsInvestigation" portion of this issue.
@randall77 are you asking me? Do you mean what action should you take to ensure binaries can be Notary-certified?
I'm asking anyone who might know.
Actually getting something notarized would certainly be a good test. That seems hard though. You need to sign a binary, have a valid Apple developer ID, etc.
I'm wondering about the simpler problem of this issue - how will we know when Apple changes the minimum version from 10.9 to something larger? Is there a canonical reference we can check?
You need to be enrolled as an Apple Developer to be able to notarize your app. Additionally, there is quite a bit of setup needed to get notarization up and running.
The notarization process is also rather tricky as it's an async thing. You need to submit your app after building to the notarization service. You then need to poll for the status to see if it gets notarized or not (which takes anywhere from seconds to several minutes). If the notarization fails, you need to parse the output, download a log, parse that again to figure out what is wrong.
My guess is that checking if the required SDK version is 10.9 should be what needs to be checked.
I'm not sure if this minimum requirement is going to change anytime soon though.