Re: Customizing the Notarization Workflow fails
Re: Customizing the Notarization Workflow fails
- Subject: Re: Customizing the Notarization Workflow fails
- From: João Varela via Cocoa-dev <email@hidden>
- Date: Mon, 4 May 2020 07:33:25 +0100
> On 3 May 2020, at 21:31, Gabriel Zachmann <email@hidden> wrote:
>
> Thanks a million to everybody for responding to my question!
>
>
> I have been following Joao's instructions at
>
>
> https://stackoverflow.com/questions/53101626/how-to-notarize-an-app-bundle-containing-helpers-embedded-in-it/56799591#56799591
>
> <https://stackoverflow.com/questions/53101626/how-to-notarize-an-app-bundle-containing-helpers-embedded-in-it/56799591#56799591>
> and those at:
>
> https://forums.developer.apple.com/message/338167#338167
> <https://forums.developer.apple.com/message/338167#338167>
>
> Notarization of my screen saver seems to work now.
>
> However, I am still confused, but I prefer to understand what is going.
> So, I'd appreciate it very much if you could enlighten me.
>
>
> First of all, in the build settings I have "Code Signing style" = Manual.
> (And in the Signing & Capabilities section, "Automatically manage signing" is
> OFF.)
> Now, when I build my screen saver, Xcode still opens a dialog saying "code
> sign wants to access key "Mac Developer ID Application...".
> THat's fine with me, I am just confused: I thought, when automatic code
> signing is OFF, then Xcode doesn't code sign the screen saver at all.
That should not happen. Are you sure you did the second step and changed "Mac
Developer" to "Developer ID Application” on your keychain in the Code Signing
Identity?
>
> Could some kind soul please shed some light on this?
>
>
> Next, when I try to verify the signature like this:
>
> codesign -vvvv -R="anchor apple" /tmp/Release/ArtSaver.saver
>
> I get this output:
>
> /tmp/Release/ArtSaver.saver: valid on disk
> /tmp/Release/ArtSaver.saver: satisfies its Designated Requirement
> test-requirement: code failed to satisfy specified code requirement(s)
>
Perhaps this is linked to the fact that you are not using the proper
certificate. You must use Developer ID Application certificate on your keychain
to be able to deploy your screen saver in machines other than the development
one you are using.
Another problem that can cause it is if you do not set your TeamIdentifier
properly.
Try this in Terminal and see what you get:
codesign --display --requirements - --verbose=4 /tmp/Release/ArtSaver.saver
May be it will explain to you what is going wrong.
> The last line concerns my a little - should I worry about it?
> What does it mean?
> (Naturally, in Xcode there is no entitlements section since this is a screen
> saver.)
Yes, you need to worry about it and you need to fix this error.
>
>
> Other than that, however, the signing and notarization seems to work.
> At least, the response email from Apple says so.
>
>
>
> Another question is with regards to build settings.
> Xcode now issues the warning "Update to recommended settings",
> and the details say:
> "Target ... - Switch to Development Signing. This will set the
> CODE_SIGN_IDENTITY setting to "Apple Development" ... "
> I guess I should not let Xcode change that to the "recommended settings"
> (see Joao's instructions) - am I correct?
Yes, you are correct. You need to disregard this warning. Just uncheck those
warning checkboxes and go your merry way. Every new version of Xcode will
always try to make you use the automated version of signing, which you can’t.
> But I am still wondering:
> 1. What do the different options in the "Code Signing Identity"
> (CODE_SIGN_IDENTITY) mean? Naturally, I googled about it, and read the docs
> at https://help.apple.com/xcode/mac/current/#/dev154b28f09
> <https://help.apple.com/xcode/mac/current/#/dev154b28f09> , but I am still in
> the dark)
That’s the certificate you should use. For debugging, Mac Developer certificate
is OK and is recommended, but for a release version you must use Developer ID
Application certificate to release it outside the Mac App Store.
> 2. Can I tell Xcode that the current setting is fine and it should not issue
> a warning about it?
>
See my comments above.
HTH,
João
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden