Can Apple Silicon apps be signed with a self-signed certificate when distributing them outside the App Store?

Question

I'm distributing my macOS app outside the App Store and so far I've never code-signed it. My app targets advanced users who know how to configure macOS to allow the app to run.

With the arrival of the Apple M1 computers, however, things have changed as code-signing seems to be mandatory now for native Apple Silicon apps. That's why I'd like to ask: Is it sufficient to sign my app using a self-signed certificate when distributing it outside the App Store? Will it be possible for users who download an app that was signed using a self-signed certificate to run that app?

I'd expect that Gatekeeper will probably block such an app first because it was signed using a self-signed certificate but will users be able to override Gatekeeper's veto in the security settings (as it was previously the case with non-signed apps)?

Or do all apps built for Apple Silicon have to be signed with an official Apple certificate? I'd like to avoid that because last time I checked this was $99 per year.

Answer 1

You can codesign with ad-hoc feature. codesign -s - -f /path/to/filename. This doesn't need certificate.