Mac Code Signing and Notarization
Curtis Wensley edited this page Jul 21, 2021
·
2 revisions
In order for you to distribute your Mac applications, you need to code sign and notarize them. More information about this can be found here. Code signing and notarization require Xcode tools, so this can only be done on a Mac.
Eto.Forms provides msbuild targets that will automatically code sign and notarize your software during the build process. These are the steps to follow to get it going:
- Get an Apple developer account.
- Import your code signing and notarization certificates. For GitHub Actions,
apple-actions/import-codesign-certshas been used with success. - (Optional) create an app-specific password for your apple developer account here to use for notarization
- Store your apple notarization credentials in the keychain using altool with the name AC_PASSWORD (replace the ${{ secrets.* }} with the appropriate values, or add the secrets to your GitHub Actions project or organization):
xcrun altool --store-password-in-keychain-item "AC_PASSWORD" -u "${{ secrets.AC_USERNAME }}" -p "${{ secrets.AC_PASSWORD }}" - Set these properties on your .csproj:
<PropertyGroup Condition="$([MSBuild]::IsOsPlatform(OSX)) AND $(Configuration) == 'Release'"> <EnableCodeSigning>True</EnableCodeSigning> <EnableNotarization>True</EnableNotarization> <EnableDmgBuild>True</EnableDmgBuild> </PropertyGroup> - Build:
dotnet build -c Release MyProject.Mac/MyProject.Mac.csproj
Note that notarization can take a while to get results for stapling the .dmg. If your app is not stapled it will still run on users machines when connected to the internet. You can disable stapling by setting the EnableNotarizationStapler property. E.g. <EnableNotarizationStapler>False</EnableNotarizationStapler>