Code signing, OS versions, and an older Macbook Pro

1. If I sign-up as an Apple Developer and pay the fee will this 2013 Macbook Pro still be able to sign DMG files

Yes.

However, your real question is whether you’ll be able to sign code and disk images that are accepted by Gatekeeper, and that’s trickier to answer. macOS 11 is relatively old and Apple does change our code signing infrastructure from time to time. I’m not aware of any significant change since macOS 11, but something might have slipped my mind.

IMPORTANT To pass Gatekeeper you must notarise your product. Apple recently dropped support for our old notarisation infrastructure, which means that you must use Xcode 13 or later to notarise (well, in your case that’s the notarytool that’s bundled in said Xcode). Xcode 13 runs on macOS 11, so I think you’ll be OK.

• that will work on the latest MacOS - after the end-of-support in December 2023?

I’m not sure what you mean by “end-of-support in December 2023”. It sounds like you’re talking about customer support, and that’s a very different issue from the developer tools we’re discussing here.

At a user level, macOS works hard to maintain binary compatibility for very old apps. Sometimes that breaks — for example, back in macOS 10.15 we stopped supporting 32-bit apps — but, in general, binary compatibility goes back a long way.

The story for developer tools is very different. We expect developers to use reasonably up-to-date tools. For App Store apps that’s quite strict. Right now, for example, iOS apps must be built with Xcode 14.1, which is only about a year old. Things are less strict for directly distributed Mac products but, even there, there are ongoing requirements like the notarisation stuff I mentioned above.

While I can’t predict the future, I find it informative to look at the past. Could you use ten-year-old tools to build and ship a Mac product today? Probably not. Ten years ago the new hotness was macOS 10.9. You might be able to build and ship a Mac product with 10.9-era tools, but it’d be a serious challenge.

2. For a updater: Should both the main application and separate updater both be signed?

Yes. All code that you ship to users must be signed in order to pass Gatekeeper.

3. I'm old and have setup this Open Source project and web site so that it can be passed-off to others when I stop, one way or another. Can the developer account or certificate credentials be transferred to someone else at that time?

That’s not a question I can answer. Apple has the concept of legacy contacts — see How to add a Legacy Contact for your Apple ID — but I’m not sure how it intersects with the developer programme. I recommend that you discuss this with Developer Program Support. Contact them via Apple > Developer > Contact Us.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thank you for the great information. Just installed the Xcode CommandLineTools.

The signing and notarization raises another question: If done with Xcode 14 tools is the result backward compatible with older macOS versions? Or will I need to produce different builds for different eras of macOS? As mentioned I am supporting older systems deliberately due to the nature of this application.

Have discovered a potential combination. Test on this macOS 11, and sign and notarize here for as long as that's supported. When the tech changes beyond macOS 11 use a free account on Amazon AWS EC2 that offers the latest macOS, e.g. Sonoma 14. Test and do the signing and notarization there. Do not want to buy a Mac to give away free software.

The "after the end-of-support in December 2023" comment shows my lack of familiarity with Apple. Updates for macOS 11 end in Dec. '23, next month. Didn't know if that would invalidate anything signed and notarized on this box.

Thanks again for your time.