Publishing Mac apps

Umajin Editor supports producing MacOS standalone apps. The end result is a Mac .app that you can distribute normally. It does not have to be published on the Mac App Store. It is code signed and notarized as required by Apple.

Preparing to publish

Icons and Splash Screen

For Mac apps these are simply files you add to your project in a specific location:

Icon: manifest/osx/application.icns

Splash: manifest/osx/splash.png or splash.jpg

Native Libraries

If you have integrated native libraries (Dylibs) into your app then they should be placed in the standard location:

Dylibs: manifest/osx/bin/

Codesigning and notarizing requirements

In recent years, Apple has made it difficult to distribute software for Mac without “notarizing” it. Without notarization, Mac will refuse to run software by default. This can be worked around by right clicking and using Open, but it is not usually acceptable for end users.

This is a process similar to code-signing for other platforms.

Notarization is done by the Umajin publishing system, and requires actions from you:

  • Create an Apple developer account
    • This requires payment and a registered DUNS number
  • Create an App ID
    • In the Apple Developer portal select Identifiers
    • This is a bundle ID usually following the pattern com.<companyname>.<applicationname>
    • It is important to use something you are willing to keep permanently, as it will identify your application to Apple.
  • Create an app-specific password
    • This is a special purpose, extra password made in your AppleID account, not in the developer portal.
    • Do not enter your Apple account password. That will not work and should never be given to anyone else.
  • If you don’t already have one, create your Developer ID Application certificate, following the process below.
    • This process will make certificates and other files that will identify your company to Apple. Think carefully about the data you enter, and save all the generated files, passwords and emails.
    • The process for generating this is much easier if you have a Mac.
    • If you only have a Windows PC, the process to generate the Apple certificates is more complex.

Creating Developer ID Application on Mac

Use the same Mac for all the following processes, as certain pieces of data are stored silently and are difficult to transfer, such as private keys.

Open the Mac application Applications > Utilities > Keychain Access. Select Certificates in the sidebar.

Creating Certificate Signing Request CSR

In Keychain Access:

  • Menu: Certificate Assistant > Request a Certificate from a Certificate Authority.
  • Enter your email address and name for the certificate and select Saved to disk (this will mean the CA email is not required).
  • Click Continue.
  • Save the .csr file somewhere safe.

Creating Developer ID Application Certificate

Log into the Apple developer site and go to Certificates.

  • Click the + button to create a new certificate.
  • Select “Developer ID Application” and click Continue.
  • Upload your certificate signing request you made above and click Continue.
  • Download the new developerID_application.cer file.
  • Save the .cer file somewhere safe.

Loading and Exporting the Certificate

In Mac Finder:

  • Double click the .cer file to import it into Keychain.

Then in Keychain Access:

  • Find the “Developer ID Application: <your company>” certificate
  • Right click and select export
  • Select the File Format “Personal Information Exchange (.p12)”
    • If you do not have this option, Keychain Access does not have the private key you used in the CSR. Are you still on the same Mac?
  • Enter a password for the P12 file.
  • Save this password for entry into Umajin publishing system below.
  • Save the p12 file.

Creating Developer ID Application on Windows

Making Certificate Signing Request (CSR)

First, you need to generate a Private Key, and a Certificate Signing Request for your certificates, using the OpenSSL tool. You can download OpenSSL from the OpenSSL site.

When OpenSSL is installed, open a command prompt to the directory where you installed it and enter the following commands

openssl genrsa -out mac_private.key 2048
openssl req -new -key mac_private.key -out mac.csr -subj "/emailAddress=YOUREMAILADDRESS, CN=APPNAME, C=COUNTRYCODE"
Note: Replace the CAPITALIZED text above with relevant information for your app.

This will create a mac_private.key and mac.csr file which are needed below.

Creating Developer ID Application Certificate

Now you can log into the Apple developer site and go to Certificates. Click the + button to create a new certificate.

Select “Developer ID Application” and click Continue.

Upload your mac.csr certificate signing request you made above and click Continue.

Download the new developerID_application.cer file.

Exporting to P12 file

The final step is to export or package the .cer file into a .p12 file, by way of a .pem file. Enter the following commands:

openssl x509 -in developerID_application.cer -inform der -out developer.pem
openssl pkcs12 -export -in developer.pem -inkey mac_private.key -password pass:"New password" -out developer.p12

Publishing process

To begin, use Umajin Editor’s menu: File – Publish… and select Publish to Stores.

The settings in the Publish to App Stores screen are not used but currently required due to editor limitations.
  • Select any random image for iOS and Android icon.
  • Select any page for a Launch image
  • Select at least one page for a screen shot.

Once available, click Next. Wait while the editor processes and saves the project. Once complete, you will see the Publish images exported dialog. Click OK, and the process will continue in the cloud.

Cloud – Publish information

First, select the operating systems you want to target. In this case, select Apple MacOS, and click Next.

Cloud – Mac information

You will need to enter some details for Umajin to build your app.

  • Application name: this will be used for the exe name, for the Window title at startup, and for the embedded version resources.
  • Bundle ID: the ID you created above to identify your app to Apple.
  • Version: the version that will be embedded inside the app.

The remaining information is required for codesigning and notarizing:

  • Apple ID email: the email address of your apple developer account. If there is more than one person in the team, then this must be the email of the owner account.
  • App-specific password: The special password you created in the Apple ID portal above.
  • Developer ID Application certificate: the .p12 file you created above containing your Developer ID Application certificate.
  • Developer ID Application password: password for the .p12 file.
Security Note: Your Developer ID Application certificate and password will be stored on our cloud servers, encrypted with a key that only Umajin is able to decode internally.

Click Next to save the data you have entered.

Build process

Please contact Umajin to build the software after you have filled in the data above.

Packaging Output

Umajin will perform a basic packaging of your application into a zip file.

The zip file contains a functional .app folder, which you can drag to the Mac Applications folder, or run in place. The app is signed and notarized as required by Apple.  The files in the .app cannot be changed as this will break the code signing and notarization, and will prevent the app from running.

You may choose to wrap the contents up into a suitable branded installer. We use the Python dmgbuild script to produce a DMG file but there are other formats.