AW: Another (macOS) Code signing guidance question...
Paul Dupuis
paul at researchware.com
Tue Oct 10 17:16:46 EDT 2023
Under macOS 14.0 Sonoma on a M1 macBook Air, I have set up the Command
Line Tools for XCode 15.0 and have successfully signed, notarized, and
stapled a Livecode Standalone using the new Apple notarization command
that goes into effect on November 1, 2023
Effect 1-NOV-2023, the notarization command changes from "xcrun altool
..." to "xcrun notarytool ..." and instead of getting an email when
Notarization is done, the terminal command now waits and tells you when
the process if "accepted" (i.e. done)
Thanks to Matthias Rebbe's excellent documentation at
https://lessons.livecode.com/m/4071/l/1653720-code-signing-and-notarizing-your-lc-standalone-for-distribution-outside-the-mac-appstore-with-xcode-13-and-up
the actual notarization part was easy.
The hardest part was getting the correct Certificates into the Keychain
on the macBook Air. When code signing I kept getting an "identity not
found" (or something like that) that meant I didn't have the "right"
certificate or the certificate installed where it was needed.
I had downloaded the SAME cert that I current use to code sign under
Mojave from the Apple Developer site to the macBook Ait and double
clicked it. This initially kept generating an error could that the cert
could not be used. This was because I had not selected the "Login"
keychain in the keychain tool. After selecting the Login keychain and
drag and dropping teh download cert file it installed without error and
said it was a valid certificate. Still, the command line to code sign
would not work, reporting "identify not found"
Comparing the Keychain on Mojave to the Keychain on Sonoma, I could see
2 things (1) The downloaded signing cert was only showing up under the
"Certificates" tab on Sonoma and under BOTH the "Certificates" tab and
the "My Certificates" tabs under Mojave and (2) the Mojave keychain had
2 additional certs installed in both tabs - one an Apple developer cert
and one with a long string of hex and dashed that i think was a reissued
Apple Intermediate cert.
I ultimately had to delete the downloaded code signing cert on Sonoma,
export the SAME developer code signing cert and the 2 other apple ones
from Mojave, move them to Sonoma, and import them into the Sonoma
keychain and then code signing work as documented.
I thought I would tell this tale just in case it helps someone else.
More information about the use-livecode
mailing list