As of Max 8.1, we've taken the steps necessary to make Max compatible with Apple's new notarization standards. In our tests, things appear to be working well using Max 8.1 on Mac OS 10.15 beta. Despite these new complexities, Mac standalone developers should be able to distribute their applications if the the new Notarization guidelines are followed.
We understand first-hand how this change in Apple's security policy introduces inconvenience for the developer. We have worked hard to make it possible to build Max standalones that can run under the new Apple security polices, and appreciate any reports and examples where it does not work. Read more about Apple notarization requirements: https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution
In order to distribute a Max Standalone application that passes new Gatekeeper checks, these guidelines must be followed. However, Apple has stated that they are delaying some of these requirements until January 2020: https://developer.apple.com/news/?id=09032019a
The runtime application used in Max standalones is built with "Hardened Runtime" enabled, but developers of standalones will need to do the following in order to satisfy Apple's new requirements:
- Have an Apple Developer ID
- Install and make Xcode 10+ your active Xcode installation (use xcode-select if multiple versions are installed). Xcode 11 presumably works as well.
- Code Sign the standalone:
- use the '-f' flag to force re-signing (overwriting Cycling '74 code signing)
- use the '--deep' flag to sign the whole bundle (or sign each item individually)
- use a custom 'entitlements' file while signing, enabling whatever features the standalone may need (camera access, microphone access, etc): https://developer.apple.com/documentation/bundleresources/entitlements
- Terminal example: codesign -s [your developer ID] --options runtime --deep --entitlements [path/to/app.entitlements] -f [path/to/standalone.app]
- Upload your software to the Apple notary service using 'xcrun altool': https://developer.apple.com/documentation/xcode/notarizing_your_app_before_distribution/customizing_the_notarization_workflow#3087734
- Terminal example: xcrun altool --notarize-app -f [path/to/standalone.app] -t osx -u [Apple developer user name] -p [your password] -primary-bundle-id [com.yourcompany.yourapp] --asc-provider [your 'team' name]
- After successful notarization, 'staple' the returned ticket to your standalone using 'xcrun stapler': https://developer.apple.com/documentation/xcode/notarizing_your_app_before_distribution/customizing_the_notarization_workflow#3087720
- Terminal example: xcrun stapler staple -v [path/to/standalone.app]
It currently still is possible to notarize old standalones for use on Catalina by following similar instructions as above: https://developer.apple.com/documentation/xcode/notarizing_your_app_before_distribution#3087722
For those who simply wish to share standalone apps without going through the notarization, un-notarizized applications should be able to bypass Gatekeeper as before (ie right-clicking the app to open).
If you do run into issues, please do not hesitate to drop us a note. We understand how important this option is for those who want to distribute Max patches using the Standalone mechanism. As Apple's requirements change, we fully plan on making the adjustments needed to continue to allow users to do so, if possible.