Hey there,
I've been trying to build and distribute a simple internal CLI tool. I am building with SwiftPM
swift build -c release --product mytoolcli --arch arm64 --arch x86_64
And then code signing,
xcrun codesign -s ${CODESIGN_IDENTITY} \
--options=runtime \
--timestamp \
${BINARY}
Then package the CLI in a DMG together with a simple Bash Script INSTALL
that copies the file to /usr/local/bin
.
hdiutil create -volname "mytoolcli" -srcfolder "${PKG_DIR}" -ov -format UDZO "${PKG_DMG}"
xcrun codesign -s ${CODESIGN_IDENTITY} "${PKG_DMG}"
The I upload for notarization:
xcrun altool --notarize-app \
--primary-bundle-id ${BUNDLE_ID} \
--username "${USERNAME}" \
--password "@keychain:${PASSWORD_ID}" \
--asc-provider ${ASC_PROVIDER} \
--file "${PKG_DMG}"
And once the notarization is successful, I staple it on the DMG
xcrun stapler staple "${SIGNED_PKG}"
But, when I send the DMG to a coworker and she tries to open the INSTALL
script in the DMG (or the cli executable), she gets the infamous "macOS cannot verify the developer".
Am I missing something obvious?
$ spctl -a -t install -vvv /path/to/mytoolcli.dmg
/path/to/mytoolcli.dmg: accepted
source=Notarized Developer ID
origin=Developer ID Application: Name (IDXXXX)
When I try running
$ spctl -a -t exec -vvv /Volumes/mytoolcli/mytoolcli
on the executable in the mounted disk image, I get
/Volumes/mytoolcli/mytoolcli: rejected (the code is valid but does not seem to be an app)
origin=Developer ID Application: Name (IDXXXX)
So, I guess my question is: how can I package a swift executable built with swift
for distribution on macOS?
Thanks!
Tobias