I do not own apple products at all, nor do I typically develop on Apple platforms. I have an open source CLI application that I distribute to Windows, Linux, and OSX. The distribution itself is just a single, self-contained executable. I noticed that OSX users were getting "crashes" / untrusted modals when they try to run my application, which they download from a release page on Github. Looking into this, it seemed like running codesign is the answer. At first blush it looked like this required the $99 apple developer membership. I read that there are free ways to get developer ID certificates but I was not able to find any instruction on how to obtain those, and I did not see an option to create certificates at developer.apple.com until I paid for a membership. In my Github Workflow which builds my application, I also run codesign using the cert I got from the apple developer cert page. I had a user with MacOS v12 run my program and it worked fine on the CLI without any further steps needed. So here's my question: I read about this thing called the "gatekeeper" and that it requires notarization starting with macOS v10, but I did not notarize my dotnet application and it worked fine. I do not plan to distribute my program on Apple store or anything like that. I also am trying to avoid purchasing apple hardware just to distribute my app. Is codesigning all I need? If so, why am I reading that notarization is required? Is a paid apple developer membership required for me just to codesign my open source application?

When I run notarytool submit in my github workflow, I get what appears to be some kind of segmentation fault. Here's a direct link to the exception output: https://github.com/recyclarr/recyclarr/actions/runs/6594346352/job/17918152266#step:6:43 My project is open source, so you can also view the shell script I use in the workflow itself: https://github.com/recyclarr/recyclarr/blob/update-notary-tool/ci/notarize.sh The script above contains this: #!/usr/bin/env bash set -xe user="$1" pass="$2" teamId="$3" archivePath="$4" function submit() { xcrun notarytool submit --wait \ --apple-id "$user" \ --password "$pass" \ --team-id "$teamId" \ recyclarr.zip | \ awk '/id: / { print $2;exit; }' } function log() { xcrun notarytool log \ --apple-id "$user" \ --password "$pass" \ --team-id "$teamId" \ "$1" } tar -cvf recyclarr.tar "$archivePath" zip recyclarr.zip recyclarr.tar submissionId="$(submit)" rm recyclarr.zip recyclarr.tar if [[ -z "$submissionId" ]]; then exit 1 fi echo "Submission ID: $submissionId" until log "$submissionId" do sleep 2 done The error (from the workflow run) is: 2023-10-21 01:24:18.817 notarytool[4894:25434] *** Terminating app due to uncaught exception 'NSFileHandleOperationException', reason: '*** -[_NSStdIOFileHandle writeData:]: Broken pipe' *** First throw call stack: ( 0 CoreFoundation 0x00007ff8106c4773 __exceptionPreprocess + 242 1 libobjc.A.dylib 0x00007ff810424bc3 objc_exception_throw + 48 2 Foundation 0x00007ff8115b5962 -[NSConcreteFileHandle readDataUpToLength:error:] + 0 3 Foundation 0x00007ff811497590 -[NSConcreteFileHandle writeData:] + 263 4 notarytool 0x000000010bcff026 notarytool + 462886 5 notarytool 0x000000010bcb780d notarytool + 169997 6 notarytool 0x000000010bcd37c6 notarytool + 284614 7 notarytool 0x000000010bcea719 notarytool + 378649 8 notarytool 0x000000010bcd3d19 notarytool + 285977 9 notarytool 0x000000010bcd2a4e notarytool + 281166 10 notarytool 0x000000010bcd5009 notarytool + 290825 11 notarytool 0x000000010bc8fe66 notarytool + 7782 12 dyld 0x000000011781b52e start + 462 ) libc++abi: terminating with uncaught exception of type NSException I do not get this error when I run this script directly on my 2023 MBP. It only appears to happen in my github workflow. Is this a bug in notarytool? Notarization appears to still complete, and I also get a submission ID I can use for the notarytool log command I run after.