Signing and Notarization FAQ

From Lazarus wiki

English (en)

Questions and Answers

Question: Official Mac page (which assumes Xcode) says one must bind to 10.9 SDK but can deploy/target older macOS releases for hardening/notarization:

So has anyone here tried? If I target 10.9 instead of 10.8 (which I currently do to avoid some compilation problems when targeting older) I believe I will hinder my software in running on old macOS versions.

Answer: I don't have any idea about the necessity in terms of notarisation, but it's perfectly possible to link against a newer SDK (-XR) while targeting an older macOS version (-WM). The two have been decoupled by Apple since quite a while now.


Question: Is notarization/hardening necessary at present in Catalina?

Answer: You can still open non-codesigned/non-notarized applications on Catalina in exactly the same way as on older macOS versions: via right-click or control-click -> Open. The main difference in Catalina is that codesigning is basically useless now without notarization, because it will still result in a warning and the requirement for the right-click/control-click workaround.


Question: Code signing fails with errSecInternalComponent. What's wrong?

Answer: If you are using an ssh session to the Apple computer, this occurs when the login keychain is locked. Before attempting code signing, unlock the login keychain with this command:

 $ security unlock-keychain login.keychain

See also