Esmeralda
Esmeralda (with Juan Rodriguez-Carvajal)
https://www.ill.eu/users/support-labs-infrastructure/software-scientific-tools/esmeralda
My procedure
I tried both the Xcode and command line way.
The notarization requires that both each binary has the "LC_VERSION_MIN" set and the binary hardening be activated.
*** NOT UP-TO-DATE *** the problem below is now solved
The Xcode way
- all the binaries
link all the binaries with: -mmacosx-version-min=10.9 <-- minimum supported OS version - signing and hardening the Xcode profile
- Xcode/Archives
- Select the last archive with ctrl-click
- Select "Show in Finder" (see screen capture 1)
- codesign with: --options runtime (see "Esmerala-profile.sh")
- Uploading to Apple's notarization service
- Distribute -> Developer ID
- Upload -> analyzing signature -> Developer ID certificate : Developer ID Application (see screen capture 2)
- Upload (this sends the application to Apple notary service
- Getting the notarized application
- Wait for the notification approval
- Download the notarized/stapled application (see screen capture)
(png - 13.46 Ki)Remaining problem
This does not work since it is supposed to allow for libraries with different Team IDs:
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
dyld: Library not loaded: /opt/X11/lib/libXt.6.dylib
Referenced from: /Applications/Esmeralda4Mac.app/Contents/Resources/Esmeralda
Reason: no suitable image found. Did find:
/opt/X11/lib/libXt.6.dylib: code signature in (/opt/X11/lib/libXt.6.dylib) not valid for use in process using Library Validation: mapping process and mapped file (non-platform) have different Team IDs
/opt/X11/lib/libXt.6.dylib: stat() failed with errno=1
/Applications/Esmeralda4Mac.app/Contents/Resources/launcher.sh: line 103: 4717 Abort trap: 6 "$LAUNCHCMD"