• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Customizing the Notarization Workflow fails
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Customizing the Notarization Workflow fails

  • Subject: Re: Customizing the Notarization Workflow fails
  • From: "St John, David R via Cocoa-dev" <email@hidden>
  • Date: Mon, 4 May 2020 12:22:34 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=xerox.com; dmarc=pass action=none header.from=xerox.com; dkim=pass header.d=xerox.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zNi4rK/F2E3sRHCIrybEXSzTWjIPtwXzFPvqbnS+s8o=; b=gBo0eitK2AjxkSase2yY0qdk9bRqfBO0GE/8QH3/xXOkGEjTlITIWqvoWc9h589+cD+/YGACZPHMSFqJ9gIxm2PuUf3svE1FBgV+AQNLAp/WABzD8fWW5y5pqL1yE649tUuTv1Cq80YzzlvRmQeJ0E7BQ2ucnhH9cLP7Y1jQ6xHS59JMpfJacORFNi7m1VfSoDo9m+iqQgA9OzDJqpkXNHIlb8SIWzqyvBIyRBBtmcunPWnK8BNInS3v4EBOoptuY+0vqzpeK79NGHbJ9J/oHi0peRIWqZZkpKoMvXS/uixNPE9S+aGdZTCszof9iQo+MEw7TzMCnusGG0oIEA3yuQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=d/Mda27FdhOEEkn2QcnToBFs41Qo2DMw8bGQ+qr4fHJN123VYNUUm6sSOaImXTChyRRDjHAO7YS8v27pWKG6an7zkQ/+e34t88gMUJFMRU9e7sw9hrDLDnUnW55IhTlUvN197wJ+MW7ZWU8MchZzBoj+xhYMmw+2chwhEn9lQDzHZSlpEVrqzjpKJ9GBMPtsloiTWEJTTypBuE1bGPOvlDVHMrCQG7D/FIqVACQnWpAdGnHOVtugMK2MQKIZHj93aTo1+yCmB1Xg0ah4y+2kfW4xAN9AMkDby5ccVALdhjicWeEZlixr8hVrr2e+v5PHPee3YQ/qg0NsXIcGRkb4iQ==
  • Ironport-sdr: lEBpLGqM/7eijeVuORageB0r0aA7dPLkpYG/RCbchhxeGuMNCRyyIt7hlUcwCJjNkNBrPEPnZ0 wCfNMyRje7OANvRV6+Mqx1wL5vhNj3juae24dFDCShywwh7jlLBTJWZQXvzQ/bmsTwuvZcYws4 PNyrAC3EPoxpE9XxKs120txJaD15aUL5szn1Hwa4VbxwxtsGpynze9QOhW5+bXAiamTkUB3soL kBp1Z9gjU4DXChUitow2hlc/lUeqK6VUROxR6qbLiUHggqAAYaPmo6yXGDurEeDt+woail94k4 dfQ=
  • Thread-topic: Customizing the Notarization Workflow fails
Setting automatic code signing to Off and "Code Sign style" = Manual just means
you have control over the certificate, developer team, etc. not that Xcode
won't sign your product.  There used to be a "Don't Code Sign" option which did
as advertised but it hasn't been an option in a Xcode release or two.

-Dave

On 5/4/20, 2:34 AM, "João Varela via Cocoa-dev" <email@hidden>
wrote:



    > On 3 May 2020, at 21:31, Gabriel Zachmann <email@hidden> wrote:
    >
    > Thanks a million to everybody for responding to my question!
    >
    >
    > I have been following Joao's instructions at
    >
    >
https://stackoverflow.com/questions/53101626/how-to-notarize-an-app-bundle-containing-helpers-embedded-in-it/56799591#56799591

<https://stackoverflow.com/questions/53101626/how-to-notarize-an-app-bundle-containing-helpers-embedded-in-it/56799591#56799591>
    > and those at:
    >
    >   https://forums.developer.apple.com/message/338167#338167
<https://forums.developer.apple.com/message/338167#338167>
    >
    > Notarization of my screen saver seems to work now.
    >
    > However, I am still confused, but I prefer to understand what is going.
    > So, I'd appreciate it very much if you could enlighten me.
    >
    >
    > First of all, in the build settings I have "Code Signing style" = Manual.
    > (And in the Signing & Capabilities section, "Automatically manage
signing" is OFF.)
    > Now, when I build my screen saver, Xcode still opens a dialog saying
"code sign wants to access key "Mac Developer ID Application...".
    > THat's fine with me, I am just confused: I thought, when automatic code
signing is OFF, then Xcode doesn't code sign the screen saver at all.

    That should not happen. Are you sure you did the second step and changed
"Mac Developer" to "Developer ID Application” on your keychain in the Code
Signing Identity?

    >
    > Could some kind soul please shed some light on this?
    >
    >
    > Next, when I try to verify the signature like this:
    >
    >    codesign -vvvv -R="anchor apple" /tmp/Release/ArtSaver.saver
    >
    > I get this output:
    >
    > /tmp/Release/ArtSaver.saver: valid on disk
    > /tmp/Release/ArtSaver.saver: satisfies its Designated Requirement
    > test-requirement: code failed to satisfy specified code requirement(s)
    >

    Perhaps this is linked to the fact that you are not using the proper
certificate. You must use Developer ID Application certificate on your keychain
to be able to deploy your screen saver in machines other than the development
one you are using.

    Another problem that can cause it is if you do not set your TeamIdentifier
properly.

    Try this in Terminal and see what you get:

    codesign --display --requirements - --verbose=4 /tmp/Release/ArtSaver.saver

    May be it will explain to you what is going wrong.


    > The last line concerns my a little - should I worry about it?
    > What does it mean?
    > (Naturally, in Xcode there is no entitlements section since this is a
screen saver.)

    Yes, you need to worry about it and you need to fix this error.

    >
    >
    > Other than that, however, the signing and notarization seems to work.
    > At least, the response email from Apple says so.
    >
    >
    >
    > Another question is with regards to build settings.
    > Xcode now issues the warning "Update to recommended settings",
    > and the details say:
    > "Target ... - Switch to Development Signing. This will set the
CODE_SIGN_IDENTITY setting to "Apple Development" ... "
    > I guess I should not let Xcode change that to the "recommended settings"
    > (see Joao's instructions) - am I correct?

    Yes, you are correct. You need to disregard this warning. Just uncheck
those warning checkboxes and go your merry way. Every new version of Xcode will
always try to make you use the automated version of signing, which you can’t.


    > But I am still wondering:
    > 1. What do the different options in the "Code Signing Identity"
(CODE_SIGN_IDENTITY) mean? Naturally, I googled about it, and read the docs at
https://help.apple.com/xcode/mac/current/#/dev154b28f09
<https://help.apple.com/xcode/mac/current/#/dev154b28f09> , but I am still in
the dark)

    That’s the certificate you should use. For debugging, Mac Developer
certificate is OK and is recommended, but for a release version you must use
Developer ID Application certificate to release it outside the Mac App Store.


    > 2. Can I tell Xcode that the current setting is fine and it should not
issue a warning about it?
    >

    See my comments above.

    HTH,

    João

    _______________________________________________

    Cocoa-dev mailing list (email@hidden)

    Please do not post admin requests or moderator comments to the list.
    Contact the moderators at cocoa-dev-admins(at)lists.apple.com

    Help/Unsubscribe/Update your Subscription:

    This email sent to email@hidden

_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Re: Customizing the Notarization Workflow fails (From: Gabriel Zachmann via Cocoa-dev <email@hidden>)
 >Re: Customizing the Notarization Workflow fails (From: João Varela via Cocoa-dev <email@hidden>)

  • Prev by Date: Re: NSTimer +timerWithTimeInterval:
  • Next by Date: Re: Minimizing my app kills timer ?
  • Previous by thread: Re: Customizing the Notarization Workflow fails
  • Next by thread: Re: [OT] NSTimer +timerWithTimeInterval:
  • Index(es):
    • Date
    • Thread