Hi, I use SD Notary to notarize an app, and use RB Checker Lite to check the app before and after notarization. Attached are the Before & After results:
It shows “The application is sandboxed” before, and “The application is not sandboxed” after. Any idea?
Btw, I’m notarizing .app (not .dmg or .zip). I can’t find how to notarize .app using xcrun altool. Obviously SD Notary is able to do it, but how?
I’d imagine it’s because the app is being re-signed, and with a different identity, but I’m not sure.
If you’re sandboxing in Xcode, you should probably also notarize there.
Apple documents it all on-line – it comes up as the first item in a Google search.
The app was not created in Xcode and that’s the reason I can’t use it to notarize. The app is signed using the same developer cert, so I don’t understand why SD Notary changes the sandbox setting.
The Apple docs on xcrun altool says:
“Because you can’t upload the .app bundle directly to the notary service, you’ll need to create a compressed archive containing the app”
That’s what I was referring to - to notarize .app, which seems impossible unless it is zipped or turned into a dmg. Is that how SD Notary works, by compressing first?
That’s not what your screenshot says. IAC, SD Notary will re-sign, which will presumably break sandboxing.
It signs with the hardened runtime, then uploads a
.zip archive of it, yes.
Is there some reason you want sandboxing and the hardened runtime?