Signing and Notarization FAQ
English (en) │
Questions and Answers
Question: Official Mac page (which assumes Xcode) says one must bind to 10.9 SDK but can deploy/target older macOS releases for hardening/notarization: https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution
So has anyone here tried? If I target 10.9 instead of 10.8 (which I currently do to avoid some compilation problems when targeting older) I believe I will hinder my software in running on old macOS versions.
Answer: I don't have any idea about the necessity in terms of notarisation, but it's perfectly possible to link against a newer SDK (-XR) while targeting an older macOS version (-WM). The two have been decoupled by Apple since quite a while now.
Question: Is notarization/hardening necessary at present in Catalina?
Answer: You can still open non-codesigned/non-notarized applications on Catalina in exactly the same way as on older macOS versions: via right-click or control-click -> Open. The main difference in Catalina is that codesigning is basically useless now without notarization, because it will still result in a warning and the requirement for the right-click/control-click workaround.
Question: Code signing fails with errSecInternalComponent. What's wrong?
Answer: If you are using an ssh session to the Apple computer, this occurs when the login keychain is locked. Before attempting code signing, unlock the login keychain with this command:
$ security unlock-keychain login.keychain