The recent release of RAD Studio 10.3.2 includes being able to compile your apps for macOS 64-bit, and allows you to notarize your apps right from the IDE. In this article, I cover the notarization process from end to end.

What is Notarization?

Notarization is the process of “signing” your macOS application so that you can distribute it via means other than the Mac App Store. Starting from macOS 10.15 (Catalina), all apps that run on the Mac need to be notarized, or be distributed via the Mac App Store, otherwise they simply will not be allowed to run.

If you’re interested in more information about how notarization is applied, please watch this video from WWDC 2019. (runs approx 33 mins)

In order to notarize your macOS application, you need to have an Apple Developer Account so that you can obtain a Developer ID Certificate, and an application specific password.

Obtaining a Developer ID Certificate

Given that you have an Apple Developer Account, there are two ways to obtain a Developer ID Certificate. One is substantially more straightforward, especially if you have already set up your developer account in Xcode:

Via Xcode:

  1. Start Xcode, click on Preferences, and select the Accounts tab:
  2. Select the developer account you wish to create a Developer ID Certificate for
  3. Click Manage Certificates
  4. Click the “+” dropdown button in the bottom left
  5. Click Developer ID Certificate.

That’s it! Xcode generates the certificate for you, and adds it to the Keychain. If you open the Keychain Access app (in /Applications/Utilities), you should see the certificate there:

Via the Apple Developer website:

The alternative is to go to https://developer.apple.com and log in using your developer account Apple ID, select Certificates, IDs and Profiles, click the plus button:

..select the “Developer ID Application” option, and follow the instructions. I won’t go into any further detail for this process, as it is really much, much easier to do it via Xcode.

Obtaining an application specific password

Please follow the instructions for an application specific password, here.

The website to visit to create the password is here, using your developer account Apple ID to log in

Providing the notarization details in Project Options

  1. In Delphi, open your application, and bring up the Project Options
  2. In the list on the left, select Deployment -> Provisioning
  3. In the Target combobox, select macOS 64-bit for the highest configuration for which you wish to apply the settings e.g. “All configurations” if you wish to apply the settings to all configurations
  4. In the Build Type combobox, select: macOS 64-bit Developer ID
  5. Enter the Apple ID you used to create the application specific password in the Apple ID edit
  6. Enter the application specific password you created earlier (you did remember to save it somewhere, yes?) in the App-specific Password edit
  7. In the Developer ID Application Certificate edit, enter the full description for the Developer ID Certificate you created earlier, e.g: Developer ID Application: Joe Smith (JHF5SD7N)
  8. If you wish to have the process staple the notarization ticket to your app, check the “Attach a ticket…” checkbox. This is recommended, otherwise macOS needs to check-in with Apple servers to see if it’s okay to run, which requires an internet connection.
  9. In the list on the left, select Application -> Entitlement List
  10. As per step 3, select the applicable Target
  11. Check the “Allow unsigned executable memory” option. In later versions of Delphi, this will be set by default.

Notarizing the application

  1. Select the Developer ID build type in the Project Manager, e.g:
  2. Deploy the application:

Delphi will do all the necessary steps to notarize your application. The notarization step can take a couple of minutes, depending on how busy Apple’s servers are. It will take a further couple of minutes or so while the IDE waits for the notarization status to be updated.

If there are issues during the notarization process, it may be helpful to turn on the verbose setting in PAServer:

As it outputs all the commands and results, which may be helpful in diagnosing the problem(s).

I hope this helps clarify the notarization process, at least until more complete documentation is available on the RAD Studio docwiki.