Can SD Notary sign a shortcut?

I want to deploy a shortcut with my applet. I expect the shortcut to be in the “Resources” folder of my applet’s bundle. It seems that SDN does not currently sign shortcuts. Can SDN be changed to sign shortcuts if they are present ?

There is the “shortcuts sign” sub-command but, that doesn’t seem to use a developer’s ID. I’ve tested it anyway but “codesign -d” reports the output shortcut is not signed - perhaps because “codesign” is outdated but, that makes it difficult to check signing.


Can you tell me where? It’s not in my version, as far s I can see.

Shortcuts don’t contain code, so there’s no reason they’d need to be codesigned notarized.

Apple have provided a [very] little detail here:

In Terminal I got the help info:

 ~ % shortcuts sign -h
OVERVIEW: Sign a shortcut file.

You can use this command to sign a shortcut file. It also supports signing a shortcut in the old format.

USAGE: shortcuts sign [--mode <mode>] --input <input> --output <output>

  -m, --mode <mode>       The signing mode. (default: people-who-know-me)
  -i, --input <input>     The shortcut file to sign.
  -o, --output <output>   Output path for the signed shortcut file.
  -h, --help              Show help information.

From what I can see, an exported shortcuts file is binary data. Opening one in TextEdit I found that it is signed with an Apple certificate:

This certificate is to be used exclusively for functions internal to Apple Products and/or Apple processes.0
Apple Root CA - G31&0$
Apple Certification Authority

I hope to distribute a shortcut with my applet rather than require users to download from iCloud. One impediment is I can’t find a method of version control. An exported shortcut has no version and once installed is no longer a file but is part of a database.

Oddly, in the Shortcuts app, if a user chooses “File => Add to Dock” an exported copy of the shortcut is saved in ~/Applications/. But the exported copy is not deleted if the user removes the shortcut from the Dock. So, an uninstaller would have to check for its presence. Also, at present, the Shortcuts AS dictionary has no command for deleting shortcuts, only for running and getting properties.

I guess Shortcuts on the Mac are a work in progress.

My mistake above – I meant they don’t need to be notarized, not codesigned.

Also, Apple say this about exported shortcuts for “Anyone” to use:

Anyone can run your shortcut. Apple will receive a copy of your shortcut for validation (to prevent unauthorised tampering when you share it).

So, they are quite tightly controlled even though they are outside the App Store.


The WWDC video was more specific:

I’m surprised they use the word notarized. But it’s certainly a different process.

A bit inscrutable to me. They also say in the video that the “shortcut sign” command signs with the developer ID, which it does not – well, I haven’t found a way yet.

BTW, the copy of the shortcut exported and saved into ~/Applications/ is an ad-hoc signed bundle. Unlike a normal export, it has a version.plist. The resources folder has an icns file and a ShortcutMetadata.plist file. The executable is “ShortcutDroplet”. Double-clicking works.

I tried to sign the bundle with “shortcut sign” and got this error:

The file couldn’t be opened because it isn’t in the correct format.

I admire your persistence, but I can’t help feeling you’re making yourself a bit of a support headache.

Yes. I might use a shortcut when I’m the applet user but, not distribute with the applet until Apple provide more infrastructure. Maybe a chapter in my user guide on how to import the Service into Shortcuts.

The shortcut does seem faster and smoother than the Service and can be called from many places. But, until shortcuts are reliable and has basic functions are exposed to AS, I’ll hold off.

I did lodge an item in Feedback Assistant about the Add to Dock function. It’s liable to cause support grief for many app developers and confusion for users.