Do Mac OS apps stop working if your Mac Developer ID Application cert expires?

Mark Waddingham mark at livecode.com
Fri Jan 24 13:30:28 EST 2020


On 2020-01-24 17:41, Tony Trivia via use-livecode wrote:
> Thanks to all who replied. The scope of my concern is strictly for 
> MacOS
> standalone builds that are distributed outside of the App Store.
> Such builds are blissfully simple compared to mobile device builds. For
> years, I've been able to sign such apps without any provisioning certs.
> (Since Apple has virtually no role in the distribution, it is not 
> involved
> in the beta testing or updating of the app.) All I've needed to build
> releases is the standard Developer ID Application cert, and those are
> typically good for five year spans.  But, eventually I won't be here to
> renew the thing and I'd like any apps I make to carry on. So I hope 
> JLG's
> prediction is correct!

I believe that as long as you sign, notarize and then staple the results
of the notarization to your app (or DMG - if you distribute using that
method) then expiry of your developer id / certificate (should that 
occur)
will have no effect on them.

Just signing is no longer sufficient for the OS to verify an app on 
Catalina
(and it seems, to a certain degree, on recent versions of Mojave!).

Notarizing but not stapling means the OS will always do a 'callback' to
Apple's servers to check integrity.

Stapling after notarization means the app is verifiable as it is.

At least that is my interpretation of the recent changes...

Warmest Regards,

Mark.

-- 
Mark Waddingham ~ mark at livecode.com ~ http://www.livecode.com/
LiveCode: Everyone can create apps




More information about the use-livecode mailing list