│English (en) │
- XCode command line tools for 10.14. Hi, xcode-select -install fails to install command line tools while running Mojave beta + XCode 10 beta. MacOS Asked by devraj Copy to clipboard. Copied to Clipboard. Reply to this question Post marked as unsolved Up vote post of.
- Use command-line text editors in Terminal on Mac. To edit a plain text file in Terminal, you can use a command-line text editor. For general-purpose work, it’s easiest to use one of the text editors included with macOS. If you want to use a graphical text editor, use TextEdit (in Launchpad).
Qrcp is a command line tool to transfer files from a desktop to a mobile device (and the other way around) over Wi-Fi, by scanning a QR code. It's available for Microsoft Windows, macOS and Linux. The application binds a web server to the address of your Wi-Fi network interface on a random port (though the port can be specified if you want). Install Command Line Tools Open your terminal to begin the process of installing command-line tools on macOS Catalina. With your terminal opened, type the command below into the prompt and press the return key to execute it. After executing the command below a pop-up.
This article applies to macOS only.
See also: Multiplatform Programming Guide
- 3Notarization requirements
- 4Notarizing an application
- 6Troubleshooting
Overview
Beginning with macOS 10.14.5 (Mojave), software signed with a new Apple developer certificate and all new or updated kernel extensions must be notarized to run. Beginning in macOS 10.15 (Catalina), all software built after June 1, 2019, and code signed with an Apple developer certificate must be notarized. Notarization is not required for software distributed through the Apple App Store because the App Store submission process already includes equivalent security checks.
Notarization is designed by Apple to give users more confidence that Apple developer-signed software has been checked by Apple for malicious components. Notarization is not an App Review. The Apple notary service is an automated system that scans software for malicious content, checks for code-signing issues, and returns the results. If there are no issues, the notary service generates a ticket to staple to the software; the notary service also publishes that ticket online where Gatekeeper can find it.
When the user first installs or runs software, the presence of a ticket (either online or attached to the executable) tells Gatekeeper that Apple notarized the software. Gatekeeper then places descriptive information in the initial launch dialog to help the user make an informed choice about whether to launch the app.
Note:Even if an application has not been notarized, it can still be run by control-clicking on the app, or right clicking for the context menu, and choosing Open - see the Gatekeeper 'bypass' dialog in the gallery below.
Code signing an application without also notarizing it is now a totally pointless exercise unless you are only distributing your application via the App Store.
Gatekeeper dialogs
- Gatekeeper Dialog before Catalina where an app that is not notarized is first opened (Mojave macOS 10.14 dialog)
- Gatekeeper dialog where an app which is signed and notarized is first opened (Catalina macOS 10.15.1 dialog)
- Gatekeeper dialog where an app is not signed nor notarized is first opened (Catalina macOS 10.15.1 dialog)
- The Gatekeeper 'bypass' dialog, accessed by control-clicking on the app (Catalina macOS 10.15.3 dialog)
Notarization requirements
Notarization requires the Xcode command line tools from Xcode 10 or later. Building a new app for notarization requires macOS 10.13.6 or later. Stapling an app requires macOS 10.12 or later.
Apple's notary service requires you to:
- Enable code-signing for all of the executables you distribute.
- Enable the Hardened Runtime capability for your application and command line targets.
- Use a “Developer ID” application, kernel extension, or installer certificate for your code-signing signature.
- Include a secure timestamp with your code-signing signature (include the --timestamp option when running the codesign tool).
- Don’t include the com.apple.security.get-task-allow entitlement with the value set to any variation of true. If your software hosts third-party plug-ins and needs this entitlement to debug the plug-in in the context of a host executable, see Avoid the Get-Task-Allow Entitlement.
- Link against the macOS 10.9 or later SDK.
On 3 September 2019 Apple announced that until January 2020 developers could get new versions of applications notarized even though they were not hardened or fully compliant with the normal requirements. That deadline was later extended to 3 February 2020. The above notarization requirements are now in full effect.
Apple Statement 23 December 2019
In June, we announced that all Mac software distributed outside the Mac App Store must be notarized by Apple in order to run by default on macOS Catalina. In September, we temporarily adjusted the notarization prerequisites to make this transition easier and to protect users on macOS Catalina who continue to use older versions of software. Starting February 3, 2020, all submitted software must meet the original notarization prerequisites.
If you haven’t yet done so, upload your software to the notary service and review the developer log for warnings. These warnings will become errors starting February 3 and must be fixed in order to have your software notarized. Software notarized before February 3 will continue to run by default on macOS Catalina.
As a reminder, all installer packages must be signed since they may contain executable code. Disk images do not need to be signed, although signing them can help your users verify their contents.
Notarizing an application
These instructions assume you have completed the other preparatory steps: code signed the application, implemented the hardened runtime capability, code signed the installer pkg (if you have one) etc.
You can't upload the .app bundle directly to the notary service, you need to create a compressed archive containing the application or you can put applications, kernel extensions, and other software in a container, like a disk image, and notarize the container. The notary service accepts disk images (UDIF format), signed flat installer packages, and ZIP archives. It processes nested containers as well, like packages inside a disk image.
Step 1 - Create disk image
Create a disk image by opening a Terminal and running the following command:
Step 2 - Code sign the disk image
Code sign the disk image by opening a Terminal and running the following command:
Step 3 - Generate an app-specific password
To generate an app-specific password, refer to this Apple Support article. Note: this is a password that will be specific to the notarization application (xcrun altool) and not to the application being notarized. You therefore only need to do this once, but make sure you copy the generated password and save it somewhere.
Tip: Save the password to your keychain with:
and then you can use
xcrun altool -u '<your email>' -p '<app-specific pwd>' --store-password-in-keychain-item '<name for pwd>'
and then you can use
'@keychain:<name for pwd>'
instead of '<app-specific pwd>'
in the following commands.Step 4 - Upload the disk image to the notary service
Note: When you notarize the container disk image, altool also notarizes the application inside, so you can skip the step of notarizing the application itself.
Upload the disk image file to the Apple notary service by opening a Terminal and running the following command:
The primary-bundle-id helps you keep track of automated correspondence from the notarization service. The value you give doesn’t need to match the bundle identifier of the submitted app or have any particular value. It only needs to make sense to you. The notarization service includes the value whenever it emails you regarding the given
altool
submission.If the upload is successful you should receive output similar to the following:
Step 5 - Check the notarization process
The notarization process generally takes less than an hour, so you may want to check its progress from time to time by opening a Terminal and running the following command:
When the notarization process completes successfully the above command will return information similar to the following:
You should also receive an email from Apple similar to the following for a successful notarization:
Step 6 - Staple the ticket to the disk image
Command Line Tools (macos 10.14) For Xcode 10
The notarization process produces a ticket that tells Gatekeeper that your application is notarized. After notarization completes successfully, the next time any user attempts to run your application on macOS 10.14 or later, Gatekeeper will find the ticket online. This includes users who downloaded your application before notarization.
After step 5 receives the 'Package Approved' status message, you should also attach the ticket to the disk image file using the stapler tool, so that future distributions include the ticket. This ensures that Gatekeeper can find the ticket even when a network connection is not available.
To staple the ticket to the disk image file, open a Terminal and run the following command:
If the command completes successfully, the output should be similar to:
Step 7 - Verify notarization of the disk image
To verify the notarization of the disk image, open a Terminal and run the following command:
A successful verification of the notarization process should produce output similar to the following:
Step 8 - Verify notarization of the application
To verify the notarization of the application, install the application, open a Terminal and run the following command:
A successful verification of the notarization process should produce output similar to the following:
Important: test the application by putting it in the Applications directory. It's treated differently by the Gatekeeper when in the 'installed' location.
Notarizing a command line tool
See: Notarizing Command Line Tools for an explanation of doing this for a Free Pascal command line tool (a handy script is provided to automate the process).
Troubleshooting
Notarization upload process
If the notarisation upload process does not go well, you should be able to find a compressed log file in your temporary directory which may shed some light on what happened. You can view it by opening a Terminal and running the following commands (substitute the name of your log file which includes your application bundle-id):
which, for a successful notarization upload, should look similar to:
Notarization process failures
If the when you check you find that the notarization process has failed. For example:
You can retrieve the URL for the notarization log file with the command:
which should yield information similar to the following:
You can then cut and paste the LogFileURL into your web browser and retrieve the notarization process log file which will look something like this:
In the above failure case, it was because the executable had not been hardened.
It is also worthwhile mentioning that it is always worth retrieving the notarization log file to check for warnings which are not yet errors so that you can fix them before they do become errors which prevent successful notarization.
Here is an example of a notarization process log from a successful notarization:
Notarization check failures
If the notarization process succeeds, but when you check whether your application is properly notarized and it does not pass the notarization check successfully, you can use the
Console.app
to inspect the log files for information about the rejection (after trying to launch the blocked application). Be aware you should open the Console.app
before trying to open your blocked application, otherwise not all messages may be logged. You should choose your device in the left sidebar of the Console.app
and check for the process XprotectService in the logs.See also
External links
Retrieved from 'https://wiki.freepascal.org/index.php?title=Notarization_for_macOS_10.14.5%2B&oldid=137093'
Mac users with macOS Mojave and macOS Catalina, and new operating systems in place can now install Command Line Tools from the Xcode IDE without needing to install the entire Xcode package, or opening an Apple developers account.
In this article, we cover how you can install this optional and highly useful Command Line Tools package.
X code 11. Credit: developerinsider
What is the Xcode Command Line Tools package?
For Mac power users — we wouldn't recommend downloading this unless you are comfortable with Terminal — the Xcode Command Line Tools package gives you a complete Unix toolkit accessible through Terminal. No developer account needed and you don't need to download the entire — and quite large Xcode package of executables.
Within the Xcode Command Line toolkit, Mac users gain access to numerous useful tools, utilities, and compilers, including make, GCC, clang, perl, svn, git, size, strip, strings, libtool, cpp, and many others. All of these commands are a default part of Linux systems and programs.
We recommend following these steps for those with the following operating systems running on a Mac: macOS 10.13 High Sierra, macOS 10.14 Mojave, and macOS 10.15 Catalia onward. It isn't always possible to download these Xcode Command Line Tools, following these steps, on Mac’s running older operating systems. Other ways to install command tools and gcc (without needing Xcode) is available through the Apple Developer website.
Here is how you install Xcode Command Line Tools.
How to install Xcode Command Line Tools?
- Go to Terminal in /Applications/Utilities/.
- Input the following command string in Terminal:
xcode-select —install
- In the same way when you are downloading new software and apps, a popup update window will appear asking you: “The xcode-select command requires the command line developer tools. Would you like to install the tools now?”
- Select confirm by clicking Install.
- Wait for the Xcode Command Line Tools package to install. It is around 130 MB and usually installs fairly quickly; although it depends on your connection.
- Once everything is installed, the installer goes away and you should be able to any of the new commands that you’ve now got access to. Enjoy using your new Unix command line tools!
With this new download, you should have access to 61 Unix command line tools. For example, one of the advantages of having these tools is you can install new apps and software directly from the source code instead of needing to go through the package manager and usual download route.
To access or view everything you've now got, go to the following directory:
/Library/Developer/CommandLineTools/
Please note, this is the root /Library of your macOS/OS X, not the ~/Library directory.
Macos Command Line Tools
All of these tools can also be found in:
/Library/Developer/CommandLineTools/usr/bin/
What happens if I encounter problems downloading these?
If you get an error message that says “Can’t install the software because it is not currently available from the Software Update server”, it means you've already got the Xcode package on your Mac. Mac OS X 10.9 onward, Xcode was already installed, which is why you aren't able to download these tools. However, what you can do is uninstall the entire Xcode app if you'd prefer to only access these tools and not a whole load of software that isn’t going to be of much use.
Watch out for Xcode junk
The Xcode junk is one of those types of clutter that is keeps accumulating in remote places on your Mac. It could take up a few gigs of your space. The only app that seems to address this problem is CleanMyMac X by MacPaw. It’s loved by many Mac developers because it collects those specific types of development junk, like Xcode or outdated libraries.
Once you launch the app, click on System Junk > Scan. Then, click “Review Details”
CleanMyMac X is a powerful Mac performance improvement app. It makes your Mac as good as new. Let it scan your system and clear out any unwanted Xcode, development and system junk that is taking up too much space and cluttering up your Mac. In a few clicks, your Mac could be running smoother, quicker and more efficiently.