Updated List of macOS 10.14.5 – 10.15 Notarization Links & Info

Updated: 09/04/19 – 54 Links

By now you have most likely heard about Apple’s new Notarization system. If you haven’t you can read Apple’s Developer Documentation explaining the change starting in 10.14.5. Below I will keep an updated list of macOS 10.14.5 – 10.15 notarization links.

As a MacAdmin it’s hard to keep up, I will help.

When Apple announces a new security feature on macOS it takes time to get a handle on how it will affect your deployment workflow. Most likely you are busy streamlining the last change! You end up searching google for links so you can get up to speed as soon as possible. This time around I will attempt to make this easier on you. I will be collecting the most important Notarization links and will add them to this article. Some of the links I will be posting will be from Apple, MacAdmins, 3rd Party Vendors and Security Researchers. A lot of hard work and research was put into some of the articles below. Let’s get started!

Be sure to drop me a line if you would like to see a link added to the list.

Notarization Table of Contents

1. Important Notarization Dates
2. Apple Developer
3. MacAdmin Blogs
4. 3rd Party Vendors
5. GitHub Links
6. Slack #Notarization Channel
7. Misc. Links

1. Important Notarization Dates

• 10.14.5 = April 7, 2019 – ONLY Kexts have to be Notarized after this date. All pkg, dmg, installer’s will install just fine if they are not Notarized.
• 10.15 Beta 1 = Jun 1st 2019 – All pkg, dmg, installer and Kext’s need to be Notarized after this date to install.

2. Apple Developer Links

• Signing Mac Software with Developer ID
• Give users even more confidence in your software by submitting it to Apple to be notarized. The service automatically scans your Developer ID-signed software and performs security checks.

• Notarizing Your Applications Before Distribution
• Give users even more confidence in your software by submitting it to Apple for notarization.

• Customizing the Notarization Workflow
• Notarize your app from the command line to handle special distribution cases.

• Resolving Common Notarization Issues
• Handle common problems reported in the notarization log file, or that arise during ticket stapling.

• Hardened Runtime Entitlements
• Manage security protections and resource access for your macOS apps.

• Customizing the Xcode Archive Process
• Archive, export, and notarize your app in one step using Xcode post-action build scripts.

• App Sandbox Entitlements
• Manage access to system resources and user data in macOS apps to contain damage if an app becomes compromised.

• altoola – Transporter command line tool Network Requirements
• To incorporate notarization into a custom workflow, your build server needs access to certain network resources.

• Apple Developer Forum – App Distribution
• Apple Developer Forums / Distribution / Mac Apps

• Safely open apps on your Mac
• macOS includes a technology called Gatekeeper, that’s designed to ensure that only trusted software runs on your Mac.

• Upcoming Changes for Mac Software Signed with Developer ID
• 1st bulletin – December 3rd 2018 – changes coming in Spring 2019

• New Notarization Requirements – Developer Email
• 2nd Bulletin – April 10th 2019 – We’re working with developers to create a safer Mac user experience through a process where all software, whether distributed on the App Store or outside of it, is signed or notarized by Apple.

• What is Transporter?
• Transporter is Apple’s Java-based command-line tool for large catalog deliveries. You can use Transporter to deliver your pre-generated content, in a Store Package, to the iTunes Store, Apple Books, and App Store.

• Updated Notarization Requirements 09/03/19 until January 2020
• https://developer.apple.com/news/?id=09032019a

3. MacAdmin Blogs

Howard Oakley – eclecticlight.co – @howardnoakley

• 1. Theres More to Notarization than that – 04/24/19
• 2. Apple’s Notary Service: ten months experience – 04/22/19
• 3. Last Week on My Mac: The hard road to macOS 10.15 – 04/14/19
• 4. How does notarization affect your own apps and scripts? – 04/12/19
• 5. Macs move closer to compulsory notarization – 04/10/19
• 6. Entitlements: how apps get back what they’ve given up – 02/26/19
• 7. Where do Apple’s recent security updates leave macOS? – 12/14/18
• 8. Launching apps in Mojave: how it has changed – 10/03/18
• 9. Has that app been notarized, what are the benefits to the user? – 9/24/18
• 10. Notarization: a big step forward for users and developers – 08/02/18

Tom Bridge – tombridge.com – @tbridge77

• 1. Mac Admins Talk: The Loyal Order of Notaries – 7/11/19
• 2 macOS 10.14.5 beta 4 & Notarization Update – 04/20/19
• 3. macOS 10.14.5 beta 2: Kernel Extension Notarization, UAMDM, Whitelisting & You – 04/19/19
• 4. macOS 10.14.5 beta, Notarization and Stapling Review – 04/18/19
• 5. Apple Updates Notarization Requirements – 09/03/19
• 6. Manipulating the System Policy Database with Configuration Profiles – 09/04/19

Jeff Johnson – lapcatsoftware.com – @lapcatsoftware

• The true and false security benefits of Mac app notarization – 04/21/19
• Mac app notarization and customer privacy – 12/06/18
• Hardened Runtime and Sandboxing – 11/16/18
• Debugging on Mojave – 06/11/18

Michael Tsai – mjtsai.com – @mjtsai 

• macOS 10.14.5 Requires New Developers to Notarize
• Mac App Notarization and Customer Privacy
• Hardened Runtime and Sandboxing
• WWDC 2018 Links
  

Tim Perfitt – twocanoes.com – @tperfitt

• Apple Ramps Up Fight against Malware with Notarization, Stapling, and Hardening – 04/17/19
• Adding Notarization to Xcode Builds – 04/12/19

Charles Edge – krypted.com – @cedge318

• Adding App Notarization For Macs To Your Build Train – 04/11/19

Rich Trouton – derflounder.wordpress.com – @rtrouton

• Notarizing Automator applications – 04/10/19

Gus Mueller – shapeof.com – @ccgus

• MacOS Notarization – 01/25/19

Latenightsw.com – Shane Stanley

• SD NOTARY: NOTARIZING MADE EASY

Successfulsoftware.net

• How to notarize your software on macOS

Hackernews

• Huge forum thread on Notarization – https://news.ycombinator.com/item?id=19609653

4. 3rd Party Vendors

• Fleetsmith.com – Fleetsmith automates device setup, intelligence, patching, and security for your company’s Macs, iPhones, iPads, and Apple TVs.
• App Notarization: A Quick Primer – 04/22/19

• Sophos.com – Advanced Endpoint Protection with EDR and Artificial Intelligence, Next Gen Firewall with Synchronized Security and Business-Grade Security for Home Users.
• Sophos Support for MacOS 10.14.5 Notarized Kernel Extensions – 04/26/19

• Symantec.com – Symantec provides security products and solutions to protect small, medium, and enterprise businesses from advanced threats, malware.
• Endpoint Protection 14.2 RU1 and kext notarization for macOS 10.14.5

• zeplin.io Connected space for product teams. Handoff designs and styleguides with accurate specs, assets, code snippets—automatically.
• Dev Journal — Automate notarizing macOS apps – 01/09/19

5. GitHub Links

• https://github.com/zeplin/fastlane-plugin-notarize
• fastlane plugin to notarize a macOS app

• https://github.com/igeekjsc/notarizedCheck.sh
• Rudimentary shell script to find notarization status of apps and KEXTs

• https://github.com/macmade/Notarize
• Notarization status monitoring tool for macOS, supporting multiple developer accounts. https://xs-labs.com

5. Slack #Notarization Channel

• http://macadmins.slack.com