Skip to main content

sign-macos-binary.sh - Apple Code Signing and Notarization Script

This script handles the complete macOS code signing workflow:

  1. Sign binary with Developer ID certificate (hardened runtime)
  2. Submit to Apple notarization service
  3. Staple notarization ticket to binary
  4. Verify signature Usage: ./sign-macos-binary.sh [options] Options: -d, --developer-id Developer ID (default: from APPLE_DEVELOPER_ID env) -p, --profile Keychain profile (default: notarization-profile) -n, --notarize Submit for notarization (default: yes) -s, --skip-staple Skip stapling (for notarize-only) -v, --verify Verify after signing -h, --help Show this help Environment Variables: APPLE_DEVELOPER_ID Developer ID certificate name APPLE_TEAM_ID Apple Developer Team ID APPLE_ID Apple ID email (for notarization) APPLE_PASSWORD App-specific password (for notarization) KEYCHAIN_PROFILE Stored keychain profile name Exit Codes: 0 - Success 1 - Signing failed 2 - Notarization failed 3 - Stapling failed 4 - Verification failed 5 - Missing requirements

File: sign-macos-binary.sh

Type: Shell Script

Usage

bash sign-macos-binary.sh
# or
./sign-macos-binary.sh