Adobe AIR macOS sign and notarize for distribution outside of the App Store

1) macOS sign Adobe AIR app.sh

# how to sign an Adobe AIR app with captive runtime on macOS for distribution outside of App Store (Developer ID application)
# you should have already run adt from the AIR SDK
# Entitlements.plist is included below in this Gist
/usr/bin/codesign --force --verify --sign "Developer ID Application: My Company (XXXXXXXXXX)" --deep --options runtime --entitlements Entitlements.plist MyApp.app

# verifies that the code signing of .app file is valid
/usr/sbin/spctl --assess --verbose --type execute MyApp.app

2) macOS create and sign .pkg installer.sh

# create and sign a macOS .pkg installer file for distribution
# .pkg files should use a Developer ID Installer certificate
/usr/bin/productbuild --component MyApp.app "/Applications" --version 1.0.0 --sign "Developer ID Installer: My Company (XXXXXXXXXX)" MyApp.pkg

3) macOS notarize.sh

# submit the .pkg installer file to Apple for notarization
# requires an app-specific password: https://support.apple.com/en-us/102654
# see also: https://developer.apple.com/documentation/security/customizing-the-notarization-workflow
/usr/bin/xcrun notarytool submit MyApp.pkg --apple-id [email protected] --password xxxx-xxxx-xxxx-xxxx --team-id XXXXXXXXXX --wait

# staple the notarization to the .pkg
/usr/bin/xcrun stapler staple MyApp.pkg

# then, verify that the code signing of .pkg file is valid
/usr/sbin/spctl --assess --verbose --type install MyApp.pkg

Entitlements.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>com.apple.security.cs.allow-jit</key>
	<true/>
	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
	<true/>
</dict>
</plist>

I added the commands above to the build script that I use to package an Adobe AIR app. I have not included the mxmlc and adt commands necessary to compile the .swf file and package the macOS .app file. These commands create a .pkg file for macOS, including signing and notarization. The resulting .pkg file is meant to be downloadable from a website only, and not for the App Store. The steps required to distribute an Adobe AIR app in the App Store are likely different, and I cannot give advice about that because I always distribute my apps outside the App Store.

I just threw this Gist together quickly with a little copying and pasting, and this is not intended as a comprehensive tutorial. Your app may very well need some extra things that aren't covered here. For instance, if you prefer a .dmg file instead of a .pkg file, and that's going to be handled a bit differently (and I haven't done that before, so I can't give you any hints at this time).

For more information, you might also want to read airsdk.dev: Creating macOS PKG installers.

This older, archived article from Adobe might also be worth checking out: Adobe: Post Adobe AIR app to Mac app store