AW: notarizing DMG fails

toolbook at kestner.de toolbook at kestner.de
Tue May 4 12:00:25 EDT 2021 

Hi Matthias,

still struggeling ...

I have two developer certificates in my keychain:
Developer ID Installer : <my ID>
Developer ID Application: <my ID>

Using the Application certificate on the app and pkg and dmg, all codesigning is fine, even when verifying it, but I get the "The binary is not signed" error in the notarization log, when notarizing the dmg ???
Using the Installer certificate on the pkg, I get already the error when codesigning the pkg "this identity cannot be used for signing code" ???

All errors are the same, either using the tool "Packages" or creating the package on command line by pkgbuild
(productbuild is only for builing appStore apps, as far as I see it)

I must be missing something obvious

Any other ideas?
Tiemo


-----Ursprüngliche Nachricht-----
Von: use-livecode <use-livecode-bounces at lists.runrev.com> Im Auftrag von matthias rebbe via use-livecode
Gesendet: Dienstag, 4. Mai 2021 13:49
An: How to use LiveCode <use-livecode at lists.runrev.com>
Cc: matthias_livecode_150811 at m-r-d.de
Betreff: Re: notarizing DMG fails

Tiemo,

you can create 2 different installer certificates in you Apple developer account.
One is called 'Mac Installer Distribution' and is used for code signing installers for the Mac App Store.
The other one is called 'Developer ID Installer' and is used to code sign your  Installer Package for distribution outside of the Mac App Store

Which one did you use for signing the packager?

And another question, how did you build the package? Did you use a 3rd party tool or did you use 'productbuild' in Terminal?
If you used a 3rd party tool, then could you please try to create the package installer using terminal command?

productbuild --sign <Developer ID Installer signing identity> --component <path_to_your_App> /Applications <path_of_the_packager>

example
productbuild --sign "Developer ID Installer: Matthias Rebbe (xxxxxxxxxxxxx)" --component "/users/matthias/LC/builts/test/test.app"  /Applications "/users/matthias/downloads/MyPackager.pkg"


But maybe it was just the wrong installer certificate

Regards
Matthias


-
Matthias Rebbe
Life Is Too Short For Boring Code

> Am 04.05.2021 um 12:08 schrieb Tiemo via use-livecode <use-livecode at lists.runrev.com>:
> 
> Hi Matthias,
> 
> thank you for your ideas. I tried both.
> 
> When using just signed, but not notarized apps, packing, signing the 
> pkg, wrapping into dmg, signing the dmg, I get the same error when 
> notarizing the dmg "The binary is not signed"
> 
> When trying to notarize the signed pkg via terminal I get the error:
> "unable to  notarize app"
> "Upload succeeded but did not receive a RequestedUUID. Unable to 
> upload your app for notarization (-1018)"
> 
> I also tried to use the "Installer" certificate instead of the "Application"
> certificate, but trying this with codesigning the package, I get the 
> error "this identitiy cannot be used"
> (actually I don't know for what purposes you can use the Installer
> certificate)
> 
> 
> Codesigning and notarizing the apps works fine ...
> 
> Perhaps I'll look for another packager and go testing with another packager.
> 
> Any other ideas?
> Tiemo
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: use-livecode <use-livecode-bounces at lists.runrev.com> Im Auftrag 
> von matthias rebbe via use-livecode
> Gesendet: Dienstag, 4. Mai 2021 10:34
> An: How to use LiveCode <use-livecode at lists.runrev.com>
> Cc: matthias_livecode_150811 at m-r-d.de
> Betreff: Re: notarizing DMG fails
> 
> Hi Tiemo,
> 
> but you did not create a .pkg from the a notarized app, did you?
> 
> You have to create and code sign a .pkg from the code signed, but not 
> notarized, .app  and then you have to notarize only the .pkg or the 
> code signed .dmg, if you want to distribute as .dmg.
> So the steps are
> 
> 1. code sign your .app - do not notarize it!
> 2. create a .pkg from the .app and code sign it 3. if you want to 
> distribute as dmg, create .dmg with the .pkg and code sign the .dmg 4. 
> notarize the .pkg (or the .dmg)
> 
> The staple process then writes the needed information to the .dmg, to 
> the containing .pkg and the .app.
> 
> If these are the steps you've done already, then could you please try 
> the following using the helper stack
> 
> 1. code sign .app
> 2. notarize the .app using the '.zip method'
> 
> Is this successful? Then the problem does not rely on your .app. 
> In this case please repeat and code sign the .app using the helper 
> stack and use the .dmg method
> 
> Is this successful? If so, then also the .dmg is fine
> 
> Repeat now manually, as .pkg is not supported by the helper stack.
> 
> 1. code sign .app
> 2. create .pkg
> 3. code sign .pkg
> 4. notarize .pkg
> 
> Is this successful?
> 
> Regards,
> 
> Matthias
> 
> 
> 
> 
> 
> 
> -
> Matthias Rebbe
> Life Is Too Short For Boring Code
> 
>> Am 04.05.2021 um 09:47 schrieb Tiemo via use-livecode
> <use-livecode at lists.runrev.com>:
>> 
>> Hello,
>> 
>> 
>> 
>> I have signed and notarized several apps with Matthias tool - 
>> successful
>> 
>> Then I packaged theses apps with Packages and signed the package via 
>> terminal - successful
>> 
>> Then I  put the pkg into a dmg via DMG canvas and signed the dmg via 
>> terminal - successful
>> 
>> Then I uploaded the dmg for notarization via terminal. The upload was 
>> successful, but the email from apple told me, that the upload was not 
>> notarized and the logfile tells me:
>> 
>> 
>> 
>> Severity: Error
>> 
>> Path: "DGSlern_Update_1.0.0.4.dmg/DGS Lernprogramm 1.0.0.4 Update .pkg"
>> 
>> Message: The binary is not signed
>> 
>> 
>> 
>> This is a bit irritating. Has anybody anytime encountered such 
>> conflicting messages?
>> 
>> Any idea, where to look for?
>> 
>> Thanks
>> 
>> Tiemo
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
> 
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your 
> subscription
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
> 
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
use-livecode at lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

More information about the use-livecode mailing list