Notarize it!

Apple’s notarization service allows Apple to verify apps distributed outside of the App Store system. If you make your own apps to distribute to customers, clients, family or friends then you will have to notarize them by submitting them to Apple. This avoids painful dialog boxes in macOS 10.15 Catalina that prevent your app from launching by default.

NotarizeYourApps-Apple-Oct2019

Notarization The Hard Way

I’d been putting off notarizing my apps created for my clients for three reasons,

1)  it isn’t a strict necessity because most users are on macOS 10.14 Mojave,

2) I use Munki to distribute and install software which bypasses the requirements, and

3) I’m lazy

But it is only a matter of time before this would be a strict requirement and necessity. Also the relaxed requirements for notarization of apps was about to change again in February 2020 and I said this is the moment to do something. What now? Check with Rich Trouton and his blog Der Flounder.

codesign –force –options runtime –deep –sign “Developer ID Application: Name (#H7373736)” “/Applications/Cool-App.app/”

Rich Trouton is the modern major general of documentation and a super awesome dude. His blog Der Flounder has documented this process and now it was time to revisit this. Step by step recipes well explained with comments. What’s not to love?! Well, I didn’t get far because I missed some ingredients. Signing the app failed. I couldn’t notarize it without signing it. Hmm…

error: The specified item could not be found in the keychain.

It didn’t work the hard way, so let’s try it another way.

Notarization Made Easy

A very awesome app from Late Night Software called SD Notary can help make this process go smoothly. Their app detects if you have the right cert to run this process. Something which I thought I had, but did not.

Certificates, Identifiers & Profiles

It’s no accident I got tripped up in the same place with the cli and with the SD Notary app to notarize my app. I was missing the correct certificate. When I tried to codesign as a first step that’s when I got an error that I puzzled over for a minute.

The SD Notary app stopped me also at the first step because it said it couldn’t find a Developer Signing ID. And that with the command line error finally made me realize I’d missed something. And here I thought creating the app specific password was the hard part. (It wasn’t hard, but you have to look in the right place!).

A quick run back to the Apple developer site and a trip to the “certs identifier and profiles” section to create a new “Developer ID Application” cert (I had the installer one previously) solved that. I also had some trouble creating an app specific password, mostly because I was looking in the wrong place (in my dev account, not my apple ID account) but that got sorted.

Notarize-Apple-CreateNewCertificate

The “Developer ID Application” is what I needed.. Of course to get this I need to generate a cert signing request. There’s always a few steps. But once these are done then you’re good to go.

Once the proper Application type cert is in place, and the app specific password then you’re able to notarize via cli or an app like SD Notary. I tested this in Terminal:

xcrun altool --notarize-app --primary-bundle-id "com.apple.automator.Cool-App" --username "memyself@email.com" --password "really-cool-passw0rd" --file "/Applications/Cool-App.app.zip" 

No errors uploading '/Applications/Cool-App.app.zip'.
RequestUUID = 12345f-567e-476f-a229-6789cef906b

And in less than 3 minutes I received an email declaring it done. “Your Mac software was successfully notarized.

Then I went back to SD Notary and tried again. It was also successful and after selecting the app the entire process of signing, zipping, submitting to Apple, then stapling was done seamlessly.

SDNotary-Stapling

Hope that makes sense to someone. And the next time I notarize an app I will be able to do it seamlessly thanks to the help of everyone who has provided documentation and cool apps. Cheers.

References:

SD Notary app — Notarizing made easy

Rich Trouton’s Der Flounder blog

Apple dev docs

Howard Oakley’s Eclectic blog

FCP7 to FCPX

If you used classic Final Cut Pro 7 for years then eventually moved to FCPX now what do you do when you want to restore an old project? Read on…

FCP7 to FCPX

In the beginning we set up an older iMac that had been sitting around and already had macOS 10.12 and Final Cut Pro 7 (and even an early version of FCPX). We used this iMac to open up old FCP7 projects from our projects archive which were restored from LTO tape archive created by Archiware P5.

This process of restoring from tape archive back to the SAN then copying to an external drive to attach to this older iMac to convert worked but was cumbersome and not convenient. Opening old projects in FCP7 and then exporting out the XML was easy. Using SendToX to convert to FCPX XML was also easy. But getting the project to this old Mac off the main network was a drag.

Retroactive app

Use Retroactive app to install Final Cut Pro 7

Then one day I heard of this project that allowed to install iTunes on macOS 10.15 (Catalina) which only had the new Music app. Weird flex, but OK. Reading further it also allowed FCP7 to be installed on macOS 10.14 (Mojave)! Now this was a useful revelation. The app is called Retroactive and it would be very useful to us. Now FCP7 could be installed on the same Mac as FCPX. It would then have access to the network and the SAN where do all our editing and where we restore archive from LTO archive. Awesome.

The best part was that we moved from a dedicated old iMac running macOS 10.12 to a newer iMac Pro with macOS 10.14 on the Xsan and can run FCP7 thanks to that new app that makes it work. And then FCP7 to XML to sendtoX to FCPX is not too bad.

We also used Kyno to drill down into all the restored projects to identify en masse all the restored footage that it incompatible with FCPX. Renamed and then reconverted. All is well again for now. Archive restored, FCP7 projects converted to FCPX. Yeah, happy times.

Kyno batch rename dialog box

Kyno batch rename

Kyno FCPX incompatible files reanaming converting

Kyno convert and transcode

We had one minor snag in the process. Some of the restored projects didn’t use FCP7 they used early versions of FCPX with their events and projects folders separated (not the current library structure). Latest version of FCPX 10.4 did not know what to do with these projects that were also some times stored on sparse disk images (oh how the Xsan did not like these projects at the time). There was a menu for a while to convert these projects but it was now gone. What to do?

Back to the old iMac and we used FCPX 10.2.3 to convert these projects from 10.0 version to 10.2.3 library which can then be converted to the latest FCPX 10.4 format. Almost easier to convert FCP7 to FCPX in one shot but it worked and we were happily editing old projects in the latest version of FCPX.

fcpx 10.2.3 dialog box to update projects

fcpx 10.23. update projects and events dialog

Editing old projects in new FCPX

We have a way to restore old projects from LTO tape thanks to Archiware P5, a way to identify, rename and bulk convert old footage in an easy fashion thanks to Kyno and now also a way to convert FCP7 with SendToX and Retroactive to make it more seamless.

Hope this helps anyone else if want to do the same thing good luck.

Backup and Archive setups for media professionals

I recently did an online presentation on my Archiware P5 backups and archive workflows for media professionals.  

I use Archiware P5 to backup and archive media productions to tape. In this workflow I describe how original material, work in progress and conpleted projects are backed up daily and archived as needed.

This presentation goes into some detail of what two different storage setups look like and what similarities exist in my Xsan (fibre channel) and Jellyfish (10GbE) backup and archive workflows.

Despite the storage differences, the common workflow is that they all use the P5 Archive App to allow the Final Cut Pro X editors to archive completed projects. The simple way to do this is by right-clicking in the Finder and they will go to tape and get replaced by stub files (small files with the same name and negligible file size). When the project or any of the footage or assets needs to be restored it is another right click to restore. No IT people need to be involved. It’s magic. Almost.

Useful resources:

– Case Study: WorkSafe BC

Using P5 and the P5 Archive App

https://p5.archiware.com/solutions/worksafe-bc-hs-video-production

– The P5 Desktop Edition

Aimed at small teams and single users: P5 Archive and P5 Backup to a single LTO tape drive.

https://p5.archiware.com/desktop-edition

– P5 and Xsan

https://p5.archiware.com/solutions/xsan

– P5 and Lumaforge Jellyfish

https://p5.archiware.com/solutions/lumaforge

– Watchman Monitoring

https://www.watchmanmonitoring.com

– MunkiReport

https://github.com/munkireport/

– MacAdmins Slack:

https://macadmins.herokuapp.com

– MacDevOps:YVR Conference

https://mdoyvr.com