Back to the Mac: How to Notarize Disk Images for Distribution Outside the Mac App Store

Distributing macOS apps as ZIP archives has been quaint since Sierra. Today’s macOS packaging requirements mandates notarization, otherwise it would say that your app is suspicious. This often means distributing apps within disk images since this container format can be signed, notarized, and stapled.

Notarizing Disk Images for Developer ID Distribution

Do you distribute your macOS apps as .zip files? That has been quaint since Sierra. You should package your apps as signed and notarized disk images instead. Otherwise Catalina would say that your package is suspicious. However creating disk images is a rather involved process. Read on to find out more.

Distributing macOS apps within .zip files nowadays is no longer a good idea. One issue is app translocation. Another issue is the mandatory notarization starting from macOS 10.15 Catalina.

App translocation goes into effect when the user downloads a .zip file containing an application, extracts it, and runs it directly without moving it anywhere using the Finder. The operating system would run your app from a temporary read-only disk image created just for the purpose of launching your app. This has an unfortunate side effect of Sparkle being unable to update your app – which prevents you from delivering updates and bug fixes seamlessly to your user.

Notarization is the method to register your software packages to Apple when you distribute outside the App Store. The problem with packaging software inside a .zip file comes from the inability to attach the notarization result on to the archive. Therefore your user’s system would need to be online to check whether your software package has been notarized. Otherwise it would prompt a “macOS can not validate…” warning to the user, possibly causing suspicion to your package. However when the notarization result is stapled to your package, macOS can validate it without making a network connection to Apple.

Thus disk images is probably the best way to distribute application bundles outside the Mac App Store. Disk images can be signed, notarized, and stapled. When you distribute apps using disk images and Sparkle, your users would find it straightforwardly effortless to install, use, and update.

But creating disk images is an involved task for the developer. There are so many tasks involved to package an application into a disk image ready for the user. This includes:

  1. Creating a blank read/write disk image for scratch-pad purposes.
  2. Copying the application bundle inside the disk image.
  3. Creating a symbolic link inside the disk image to the /Applications folder.
  4. Setting a background image for the disk image’s Finder window to instruct the user to install the application bundle.
  5. Use the Finder to carefully arrange the icons of the application bundle and the symbolic link to the /Applications folder to the background image, as well as any other additional content in the disk image.
  6. Convert the scratch-pad disk image into a compressed read-only disk image.
  7. Sign the disk image.
  8. Upload the disk image for notarization.
  9. Wait for notarization to complete.
  10. Staple the notarization ticket on to the disk image.

That’s a lot of steps to do manually on each release. Thankfully all of those steps can be automated and added to your continuous integration environment. Hence you can automatically get a finished disk image on every release. Even if you don’t have a build server, integrating this to your Xcode build would be a snap. Read on to learn how to do this.