I have a simple app named determinant_calculator.app that was created using Python 3.9 along with pyinstaller. It functions fine on my own Mac running OS 11.3.1. I want to share it with others outside the App Store. I have an Apple Developer account but I have no experience as a developer nor have I worked with XCode at all. I'm trying to follow the steps given at https://github.com/pyinstaller/pyinstaller/wiki/Recipe-OSX-Code-Signing
I went to the Apple Developer's website and created a certificate, developerID_application.cer, which I downloaded to my desktop. Within Keychain Access, I uploaded the certificate and see it under "My Certificates" as "Developer ID Application: PaulF (47A67S7RBW)"
The bundle contents of determinant_calculator.app contains the info.plist shown here:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>English</string>
<key>CFBundleDisplayName</key>
<string>determinant_calculator</string>
<key>CFBundleExecutable</key>
<string>determinant_calculator</string>
<key>CFBundleIconFile</key>
<string>PythonApplet.icns</string>
<key>CFBundleIdentifier</key>
<string>org.pythonmac.unspecified.determinant_calculator</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>determinant_calculator</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>0.0.0</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
<string>0.0.0</string>
<key>LSHasLocalizedDisplayName</key>
<false/>
<key>NSAppleScriptEnabled</key>
<false/>
<key>NSHumanReadableCopyright</key>
<string>Copyright not specified</string>
<key>NSMainNibFile</key>
<string>MainMenu</string>
<key>NSPrincipalClass</key>
<string>NSApplication</string>
<key>PyMainFileNames</key>
<array>
<string>__boot__</string>
</array>
<key>PyOptions</key>
<dict>
<key>alias</key>
<true/>
<key>argv_emulation</key>
<false/>
<key>emulate_shell_environment</key>
<false/>
<key>no_chdir</key>
<false/>
<key>prefer_ppc</key>
<false/>
<key>site_packages</key>
<false/>
<key>use_faulthandler</key>
<false/>
<key>use_pythonpath</key>
<false/>
<key>verbose</key>
<false/>
</dict>
<key>PyResourcePackages</key>
<array/>
<key>PyRuntimeLocations</key>
<array>
<string>@executable_path/../Frameworks/Python.framework/Versions/3.9/Python</string>
<string>/Library/Frameworks/Python.framework/Versions/3.9/Python</string>
</array>
<key>PythonInfoDict</key>
<dict>
<key>PythonExecutable</key>
<string>/Library/Frameworks/Python.framework/Versions/3.9/bin/python3</string>
<key>PythonLongVersion</key>
<string>3.9.2 (v3.9.2:1a79785e3e, Feb 19 2021, 09:06:10)
[Clang 6.0 (clang-600.0.57)]</string>
<key>PythonShortVersion</key>
<string>3.9</string>
<key>py2app</key>
<dict>
<key>alias</key>
<true/>
<key>template</key>
<string>app</string>
<key>version</key>
<string>0.24</string>
</dict>
</dict>
At the command line I then typed the following:
codesign -s "PaulF" determinant_calculator.app
I was asked for my keychain login and things seemed to work okay. (At least I didn't obtain any error messages.) Now within the determinant_calculator.app bundle contents, I see a new folder called _CodeSignature.
I shared the .app with a different computer via Dropbox after first compressing the file.
However, when I unzipped the file on the new computer and double-clicked it, I obtained the error message, "determinant_calculator" cannot be opened because the developer cannot be verified.
This is my first time attempting to notarize an application, and my Python script was quite simple, using only tkinter and numpy.
You not only need to codesign your app, you also need to notarize it (as a separate step). If your run the following command in the folder where your app is located, it will send the app to Apple to check. Apple will return a ticket ID. You can then check your notarization history after a few minutes to see if the notarization passed:
Notarization command:
xcrun altool --notarize-app --primary-bundle-id "com.yourname.yourappname" --username "[email protected]" --password "@keychain:Developer-altool" --file "helloworld.zip"
Notarization history check command:
xcrun altool --notarization-history 0 --username "[email protected]" --password "@keychain:Developer-altool"