Last active
September 4, 2025 22:45
-
-
Save joshtynjala/b93cf8733ad58be583c40c26fe02c427 to your computer and use it in GitHub Desktop.
Adobe AIR macOS sign and notarize for distribution outside of the App Store
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # how to sign an Adobe AIR app with captive runtime on macOS for distribution outside of App Store (Developer ID application) | |
| # you should have already run adt from the AIR SDK | |
| # Entitlements.plist is included below in this Gist | |
| /usr/bin/codesign -f -v -s "Developer ID Application: My Company (XXXXXXXXXX)" --deep --options runtime --entitlements Entitlements.plist MyApp.app | |
| # verifies that the code signing of .app file is valid | |
| /usr/sbin/spctl --assess --verbose --type execute MyApp.app |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # create and sign a macOS .pkg installer file for distribution | |
| # .pkg files should use a Developer ID Installer certificate | |
| /usr/bin/productbuild --component MyApp.app "/Applications" --version 1.0.0 --sign "Developer ID Installer: My Company (XXXXXXXXXX)" MyApp.pkg |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # submit the .pkg installer file to Apple for notarization | |
| /usr/bin/xcrun notarytool submit MyApp.pkg --apple-id [email protected] --password xxxx-xxxx-xxxx-xxxx --team-id XXXXXXXXXX --wait | |
| # staple the notarization to the .pkg | |
| /usr/bin/xcrun stapler staple MyApp.pkg | |
| # then, verify that the code signing of .pkg file is valid | |
| /usr/sbin/spctl --assess --verbose --type install MyApp.pkg |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>com.apple.security.cs.allow-jit</key> | |
| <true/> | |
| <key>com.apple.security.cs.allow-unsigned-executable-memory</key> | |
| <true/> | |
| </dict> | |
| </plist> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I added the commands above to the Ant build script that I use to build an Adobe AIR app. These are snippets only, and I have not included the
mxmlcandadtcommands necessary to compile and package the Adobe AIR app. These Ant commands create a .pkg file for macOS, including signing and notarization. The resulting .pkg file is meant to be downloadable from a website only. The steps required to distribute an Adobe AIR app in the macOS App Store are likely different, and I cannot give advice about that because I always distribute my apps outside the App Store.It should be fairly simple to convert each the
<exec>sections above into actual commands that you can run directly in a terminal, if you prefer not to use Ant. I just threw this Gist together quickly with a little copying and pasting from my build.xml file, and this is not intended as a comprehensive tutorial.For more information, you might also want to read airsdk.dev: Creating macOS PKG installers.