Whoever will work on this I suggest to use small macOS utility app - Apparency. It allows to see and validate all aspects of signing/notarization. Perfect for "debugging" results of this process.

rclone today:

And here example of some other cmd utility fully signed and notarized:

Thank you @kapitainsky very useful. I'll ping you when I have binaries to try (not fort a couple of weeks though)

The plan is to sign the binaries as part of the build process. We'll probably sign all beta and full releases.

Will other OS be included in this process ? Thanks in advance

1. The subject of this issue is "signing for macOS" - on macOS lack of signature makes running binary difficult
2. Do other OS need/support any type of signing?
3. Please note that even today all released binaries have SHA256 file provided, PGP signed in case you want to verify them

2. Do other OS need/support any type of signing?

• Microsoft has SignTool in its SDK, once you get a code signing certificate : https://learn.microsoft.com/en-us/windows/win32/seccrypto/using-signtool-to-sign-a-file

• AFAIK Linux does have an IMA ("integrity measurement architecture" https://sourceforge.net/p/linux-ima/wiki/Home/) and later EVM("extended verification module"), for use with DigSig API (https://docs.kernel.org/security/digsig.html and https://github.com/digsig-ng) and the keyctl user-space tool.

PS : I have no experience with any of them.

@nipil I've had some issues with the past with unsigned binaries on Windows 11: qwerty-fr/qwerty-fr#63