appstore-notary-runnerlisted

# App Store Notary Runner Use for macOS apps distributed outside the App Store with Developer ID signing and Apple notarization. ## Preconditions - Xcode/CLT configured. - `asc auth login` or `ASC_*`. - Developer ID Application certificate in keychain. - App builds for macOS. ## Preflight ```bash security find-identity -v -p codesigning | grep "Developer ID Application" ``` If missing, create the cert in Apple Developer; ASC API cannot create Developer ID certs. For trust errors such as `Invalid trust settings` or `errSecInternalComponent`: ```bash security dump-trust-settings 2>&1 | grep -A1 "Developer ID" security find-certificate -c "Developer ID Application" -p ~/Library/Keychains/login.keychain-db > /tmp/devid-cert.pem security remove-trusted-cert /tmp/devid-cert.pem ``` Verify chain/timestamp after export: ```bash codesign -dvvv "/tmp/YourAppExport/YourApp.app" 2>&1 | grep -E "Authority|Timestamp" ``` ## Archive, Export, Submit ```bash xcodebuild archive -scheme "YourMacScheme" -configuration Release \ -archivePath /tmp/YourApp.xcarchive -destination "generic/platform=macOS" ``` ExportOptions must use `method=developer-id`, `signingStyle=automatic`, and your `teamID`. ```bash xcodebuild -exportArchive -archivePath /tmp/YourApp.xcarchive \ -exportPath /tmp/YourAppExport -exportOptionsPlist ExportOptions.plist ditto -c -k --keepParent "/tmp/YourAppExport/YourApp.app" "/tmp/YourAppExport/YourApp.zip" asc notarization submit --file "/tmp/YourAppExport/Your