Re: Code signing issues
Re: Code signing issues
- Subject: Re: Code signing issues
- From: Graham Cox <email@hidden>
- Date: Tue, 18 Oct 2011 11:40:10 +1100
On 18/10/2011, at 11:19 AM, Gideon King wrote:
> OK, not sure why have three certs if only one ever shows up, but if always using the '3rd Party Mac Developer Application' for all your builds works for you, I'll try the same.
You sign the app itself (the executable) with the 'Application' cert and the installer package with the 'Installer' cert. I'm unclear what the WWDR cert is for, but it needs to be in the keychain.
>>> 2. When I do a build using my "Mac Developer" cert, it doesn't give any errors when signing, but the Store seems to think that the app is not signed. What do I do about this?
>>
>> At what stage does the Store "think" it isn't signed? I do "Archive" (in Xcode 3.x this was "Build & Archive"), then in the Organiser I click 'Validate'. The Organizer should package the app and sign the package using the '3rd Party Mac Developer Installer' cert. If you click 'Share' you can see this cert in the 'Identity' pop-up. Using this, you can create the signed package on disk and test the installation without having to attempt a submission to the Store.
>
> I haven't got my head around the whole archive thing yet (or the Organizer for that matter). Perhaps this is something I need to look into next - I started looking at the documentation before but just got confused as to the purpose of the organizer and the build and archive options. I have just been building using Command+R and running the app from the Finder. So when I do that, the first time it tries to run, it finds that there is no receipt, and launch services (or whatever it is that handles this behind the scenes) must ask the store for a receipt, but it says it can't do so because the app is not signed.
To actually submit an app to the App Store, it needs to be made into a signed installer package. The Organizer performs this packaging and signing task.
For running in the Finder for testing, you don't need to bother with it. However, in my case I have not added code for verifying the receipt, so I've not run into the issue you have.
Perhaps your verification code is using the wrong certificate? Once you return 173 to the Finder, presumably that will act as if the whole thing came from the App Store, so may be looking for certain things to be in place, such as a signed installer receipt, etc, which of course you don't have, as you haven't built a signed installer. But that shouldn't matter - your code which checks the app receipt doesn't require that, so it should not be erroneously returning 173 in the first place. What you have shown is that if the verification fails, the Finder will attempt to resolve it, it's just that you don't have the pieces in place to allow it to do that. That's OK, by the time your app is reviewed and available on the App Store, it will be correct by definition and so that will work on a users machine. What you need to do is ensure that the receipt verification you have succeeds!
> Also, I'm worried about the CFBundleShortVersionString that is used for validation of the receipt. As every update will have a different version string, but the receipt will presumably have been created for the version that the user initially purchased, will this still work? Will they get an updated receipt when they download a new version of the app from the store?
Yes, it works. Every new version you submit to the store is signed using the same certificate, and the app's identity is tracked using the bundle identifier. The certificate is tied to that identifier, not to a specific version. The user will get an updated receipt for each update, since the actual digital signature will change for each version, because the executable code will be slightly different (presumably an update will have different code!), but the signing certificate doesn't change.
--Graham
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden