We distribute our macOS products as a PKG downloaded from our website. To simplify configuration for our customers, we create a PKG for each customer that contains identifying data for that customer. We are currently doing this by notarizing the PKG for each customer and uploading the result. Since we sometimes exceed the notarization limit of 75/day, we began investigating other ways of including the identifying data.
One avenue seemed to be the extended attribute com.apple.application-instance, but after experimentation it appears that this attribute does not persist through downloads. There are very few resources describing this attribute (TN2206) but a close reading seems to confirm that the attribute has to be set on the user’s machine.
Can you confirm that this is the case? Is there any other way for customizing an installer PKG that won’t run afoul of notarization limits?
Yeah, com.apple.application-instance is super obscure [1].
AFAIK Gatekeeper doesn’t do anything to strip this attribute on download. Consider this:
% xattr -w com.apple.application-instance BA37E947-C3B2-4787-8C7E-9ABCA521AD1E QProcessDock.app
% mkdir root
% mv QProcessDock.app root
% rm QProcessDock.zip
% ditto -c -k root QProcessDock.zip
I then downloaded the resulting zip archive in a way that quarantines it and unpacked it using the Finder. Here’s what I see:
% xattr -p com.apple.application-instance QProcessDock.app
BA37E947-C3B2-4787-8C7E-9ABCA521AD1E
And the app passes Gatekeeper just fine.
However, that’s using a zip archive and you’re using an installer package. An installer package complicates things because:
- You can’t put the attribute on content inside the installer package because that’d change the package, and hence require re-notarisation.
- Putting it outside the package is gonna be tricky because installer packages are a simple stream of bytes, and thus don’t preserve Mac metadata.
The obvious answer is to put the installer package within a container that preserves extended attributes, like a zip archive or disk image [2]. The drawback is that this changes the resulting user experience.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] It’s one of the few pieces of information in TN2206 that’s still relevant to the modern world but not cover anywhere in the modern docs.
[2] Probably not a .dmg because the .dmg format is not documented for third parties, and thus not something you can reasonably create on your download server. However, a raw image (these commonly use the .iso extension) should work.