1Password CLI & Apple Notarization Service

hugom

Hi there,

For now, a macOS application with embedded 1Password CLI (build v57001) can't be notarized.

Here, the log message error from the server:
{
"severity": "error",
"code": null,
"path": "My Application.app/Contents/Resources/1Password/op-57001",
"message": "The binary uses an SDK older than the 10.9 SDK.",
"docUrl": null,
"architecture": "x86_64"
}

As of the end of September, macOS Catalina will be rollout for everyone and will require to notarize application before distribution.

Is it planned to be compatible with Catalina?

Thank you 🙏
— Hugo

---

1Password Version: CLI v57001
Extension Version: Not Provided
OS Version: 10.14.6 (18G87)
Sync Type: Not Provided

cohix

@hugom we will be updating the CLI and we will make sure that it is compatible with Catalina before its release.

rudy

@hugom,

In addition to what @cohix said.

Its also worth noting that you should put the op binary in one of the folders in the App hierarchy that is designated for code, not non-code resources. the MacOS directory would be a better place for it. You'll want to look at Table 3-1 on https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html

Additionally I think you'll find that you'll probably also need to re-sign the op binary with your own certificate as part of the notarization process.

hugom

Hi, @cohix @rudy —

Thanks for your replies. Definitively agree, we offloaded the CLI from our app bundle so we are notarized now.
I keep an eye on the thread to get some news.

Regards,
Hugo

AGAlumB

:) :+1:

hugom

Hello @brenty and @cohix,

Did you have any news about the compatibility with Catalina (which has been released)?

Thank you :blush:
Hugo

cohix

@hugom we posted a notice about notarization here: https://discussions.agilebits.com/discussion/108129/notice-about-macos-catalina-and-op#latest