notarizing DMG fails
matthias_livecode_150811 at m-r-d.de
matthias_livecode_150811 at m-r-d.de
Wed May 5 03:35:32 EDT 2021
Timo,
.app -> Developer ID Application
.pkg -> Developer ID Installer
.dmg -> Developer ID Application
-
Matthias Rebbe
Life Is Too Short For Boring Code
> Am 05.05.2021 um 08:56 schrieb Tiemo via use-livecode <use-livecode at lists.runrev.com>:
>
> Hi Panos,
> thanks for jumping in
>
> I am on macOS 11.2.3 and created the certificates pretty freshly two weeks ago.
> Xcode-select -p doesn't returns any version# at all, it just returns a path: "/Applications/Xcode.app/Content/Developer/
> Xcodebuild -version shows Xcode 12.5 build 12E262
> I now (re-?)installed the command line tools by xcode-select -- install
> But xcode-select -p still doesn't shows any version# ???
> I now downloaded the Apple Worldwide Developer Relations Intermediate Certificate. Actually I am not sure, if it was there before (I didn't checked it before)
>
> I will later test again from the scratch
>
> But I am still unsure if I may use the " Developer ID Application" certificate also for the pkg and dmg or if I have to use the "Developer ID Installer" certificate for the pkg and dmg?
>
> Thanks
>
> Tiemo
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: use-livecode <use-livecode-bounces at lists.runrev.com> Im Auftrag von panagiotis merakos via use-livecode
> Gesendet: Dienstag, 4. Mai 2021 18:19
> An: How to use LiveCode <use-livecode at lists.runrev.com>
> Cc: panagiotis merakos <merakosp at gmail.com>
> Betreff: Re: notarizing DMG fails
>
> Hello Tiemo,
>
> When did you create these certificates? And what is your MacOS version, and the Xcode version returned if you type "xcode-select -p" in a Terminal? I am wondering if you need to install the new Apple Worldwide Developer Relations Intermediate Certificate:
>
> https://developer.apple.com/support/wwdr-intermediate-certificate/
>
> You can find it here:
>
> https://developer.apple.com/support/expiration/
>
> Kind regards,
> Panos
> --
>
> On Tue, 4 May 2021 at 19:02, Tiemo via use-livecode < use-livecode at lists.runrev.com> wrote:
>
>> Hi Matthias,
>>
>> still struggeling ...
>>
>> I have two developer certificates in my keychain:
>> Developer ID Installer : <my ID>
>> Developer ID Application: <my ID>
>>
>> Using the Application certificate on the app and pkg and dmg, all
>> codesigning is fine, even when verifying it, but I get the "The binary
>> is not signed" error in the notarization log, when notarizing the dmg ???
>> Using the Installer certificate on the pkg, I get already the error
>> when codesigning the pkg "this identity cannot be used for signing code" ???
>>
>> All errors are the same, either using the tool "Packages" or creating
>> the package on command line by pkgbuild (productbuild is only for
>> builing appStore apps, as far as I see it)
>>
>> I must be missing something obvious
>>
>> Any other ideas?
>> Tiemo
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: use-livecode <use-livecode-bounces at lists.runrev.com> Im Auftrag
>> von matthias rebbe via use-livecode
>> Gesendet: Dienstag, 4. Mai 2021 13:49
>> An: How to use LiveCode <use-livecode at lists.runrev.com>
>> Cc: matthias_livecode_150811 at m-r-d.de
>> Betreff: Re: notarizing DMG fails
>>
>> Tiemo,
>>
>> you can create 2 different installer certificates in you Apple
>> developer account.
>> One is called 'Mac Installer Distribution' and is used for code
>> signing installers for the Mac App Store.
>> The other one is called 'Developer ID Installer' and is used to code
>> sign your Installer Package for distribution outside of the Mac App
>> Store
>>
>> Which one did you use for signing the packager?
>>
>> And another question, how did you build the package? Did you use a 3rd
>> party tool or did you use 'productbuild' in Terminal?
>> If you used a 3rd party tool, then could you please try to create the
>> package installer using terminal command?
>>
>> productbuild --sign <Developer ID Installer signing identity>
>> --component <path_to_your_App> /Applications <path_of_the_packager>
>>
>> example
>> productbuild --sign "Developer ID Installer: Matthias Rebbe
>> (xxxxxxxxxxxxx)" --component "/users/matthias/LC/builts/test/test.app"
>> /Applications "/users/matthias/downloads/MyPackager.pkg"
>>
>>
>> But maybe it was just the wrong installer certificate
>>
>> Regards
>> Matthias
>>
>>
>> -
>> Matthias Rebbe
>> Life Is Too Short For Boring Code
>>
>>> Am 04.05.2021 um 12:08 schrieb Tiemo via use-livecode <
>> use-livecode at lists.runrev.com>:
>>>
>>> Hi Matthias,
>>>
>>> thank you for your ideas. I tried both.
>>>
>>> When using just signed, but not notarized apps, packing, signing the
>>> pkg, wrapping into dmg, signing the dmg, I get the same error when
>>> notarizing the dmg "The binary is not signed"
>>>
>>> When trying to notarize the signed pkg via terminal I get the error:
>>> "unable to notarize app"
>>> "Upload succeeded but did not receive a RequestedUUID. Unable to
>>> upload your app for notarization (-1018)"
>>>
>>> I also tried to use the "Installer" certificate instead of the
>> "Application"
>>> certificate, but trying this with codesigning the package, I get the
>>> error "this identitiy cannot be used"
>>> (actually I don't know for what purposes you can use the Installer
>>> certificate)
>>>
>>>
>>> Codesigning and notarizing the apps works fine ...
>>>
>>> Perhaps I'll look for another packager and go testing with another
>> packager.
>>>
>>> Any other ideas?
>>> Tiemo
>>>
>>>
>>> -----Ursprüngliche Nachricht-----
>>> Von: use-livecode <use-livecode-bounces at lists.runrev.com> Im Auftrag
>>> von matthias rebbe via use-livecode
>>> Gesendet: Dienstag, 4. Mai 2021 10:34
>>> An: How to use LiveCode <use-livecode at lists.runrev.com>
>>> Cc: matthias_livecode_150811 at m-r-d.de
>>> Betreff: Re: notarizing DMG fails
>>>
>>> Hi Tiemo,
>>>
>>> but you did not create a .pkg from the a notarized app, did you?
>>>
>>> You have to create and code sign a .pkg from the code signed, but
>>> not notarized, .app and then you have to notarize only the .pkg or
>>> the code signed .dmg, if you want to distribute as .dmg.
>>> So the steps are
>>>
>>> 1. code sign your .app - do not notarize it!
>>> 2. create a .pkg from the .app and code sign it 3. if you want to
>>> distribute as dmg, create .dmg with the .pkg and code sign the .dmg 4.
>>> notarize the .pkg (or the .dmg)
>>>
>>> The staple process then writes the needed information to the .dmg,
>>> to the containing .pkg and the .app.
>>>
>>> If these are the steps you've done already, then could you please
>>> try the following using the helper stack
>>>
>>> 1. code sign .app
>>> 2. notarize the .app using the '.zip method'
>>>
>>> Is this successful? Then the problem does not rely on your .app.
>>> In this case please repeat and code sign the .app using the helper
>>> stack and use the .dmg method
>>>
>>> Is this successful? If so, then also the .dmg is fine
>>>
>>> Repeat now manually, as .pkg is not supported by the helper stack.
>>>
>>> 1. code sign .app
>>> 2. create .pkg
>>> 3. code sign .pkg
>>> 4. notarize .pkg
>>>
>>> Is this successful?
>>>
>>> Regards,
>>>
>>> Matthias
>>>
>>>
>>>
>>>
>>>
>>>
>>> -
>>> Matthias Rebbe
>>> Life Is Too Short For Boring Code
>>>
>>>> Am 04.05.2021 um 09:47 schrieb Tiemo via use-livecode
>>> <use-livecode at lists.runrev.com>:
>>>>
>>>> Hello,
>>>>
>>>>
>>>>
>>>> I have signed and notarized several apps with Matthias tool -
>>>> successful
>>>>
>>>> Then I packaged theses apps with Packages and signed the package
>>>> via terminal - successful
>>>>
>>>> Then I put the pkg into a dmg via DMG canvas and signed the dmg
>>>> via terminal - successful
>>>>
>>>> Then I uploaded the dmg for notarization via terminal. The upload
>>>> was successful, but the email from apple told me, that the upload
>>>> was not notarized and the logfile tells me:
>>>>
>>>>
>>>>
>>>> Severity: Error
>>>>
>>>> Path: "DGSlern_Update_1.0.0.4.dmg/DGS Lernprogramm 1.0.0.4 Update .pkg"
>>>>
>>>> Message: The binary is not signed
>>>>
>>>>
>>>>
>>>> This is a bit irritating. Has anybody anytime encountered such
>>>> conflicting messages?
>>>>
>>>> Any idea, where to look for?
>>>>
>>>> Thanks
>>>>
>>>> Tiemo
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> use-livecode mailing list
>>>> use-livecode at lists.runrev.com
>>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>
>>>
>>> _______________________________________________
>>> use-livecode mailing list
>>> use-livecode at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription
>>> preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>
>>>
>>> _______________________________________________
>>> use-livecode mailing list
>>> use-livecode at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>
>>
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>
>>
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
More information about the use-livecode
mailing list