notarizing DMG fails

matthias_livecode_150811 at m-r-d.de matthias_livecode_150811 at m-r-d.de
Wed May 5 03:35:32 EDT 2021


Timo, 

.app -> Developer ID Application
.pkg -> Developer ID Installer
.dmg -> Developer ID Application



-
Matthias Rebbe
Life Is Too Short For Boring Code

> Am 05.05.2021 um 08:56 schrieb Tiemo via use-livecode <use-livecode at lists.runrev.com>:
> 
> Hi Panos,
> thanks for jumping in
> 
> I am on macOS 11.2.3 and created the certificates pretty freshly two weeks ago.
> Xcode-select -p doesn't returns any version# at all, it just returns a path: "/Applications/Xcode.app/Content/Developer/
> Xcodebuild -version shows Xcode 12.5 build 12E262
> I now (re-?)installed the command line tools by xcode-select -- install
> But xcode-select -p still doesn't shows any version# ???
> I now downloaded the Apple Worldwide Developer Relations Intermediate Certificate. Actually I am not sure, if it was there before (I didn't checked it before)
> 
> I will later test again from the scratch
> 
> But I am still unsure if I may use the " Developer ID Application" certificate also for the pkg and dmg or if I have to use the "Developer ID Installer" certificate for the pkg and dmg?
> 
> Thanks
> 
> Tiemo
> 
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: use-livecode <use-livecode-bounces at lists.runrev.com> Im Auftrag von panagiotis merakos via use-livecode
> Gesendet: Dienstag, 4. Mai 2021 18:19
> An: How to use LiveCode <use-livecode at lists.runrev.com>
> Cc: panagiotis merakos <merakosp at gmail.com>
> Betreff: Re: notarizing DMG fails
> 
> Hello Tiemo,
> 
> When did you create these certificates? And what is your MacOS version, and the Xcode version returned if you type "xcode-select -p" in a Terminal? I am wondering if you need to install the new Apple Worldwide Developer Relations Intermediate Certificate:
> 
> https://developer.apple.com/support/wwdr-intermediate-certificate/
> 
> You can find it here:
> 
> https://developer.apple.com/support/expiration/
> 
> Kind regards,
> Panos
> --
> 
> On Tue, 4 May 2021 at 19:02, Tiemo via use-livecode < use-livecode at lists.runrev.com> wrote:
> 
>> Hi Matthias,
>> 
>> still struggeling ...
>> 
>> I have two developer certificates in my keychain:
>> Developer ID Installer : <my ID>
>> Developer ID Application: <my ID>
>> 
>> Using the Application certificate on the app and pkg and dmg, all 
>> codesigning is fine, even when verifying it, but I get the "The binary 
>> is not signed" error in the notarization log, when notarizing the dmg ???
>> Using the Installer certificate on the pkg, I get already the error 
>> when codesigning the pkg "this identity cannot be used for signing code" ???
>> 
>> All errors are the same, either using the tool "Packages" or creating 
>> the package on command line by pkgbuild (productbuild is only for 
>> builing appStore apps, as far as I see it)
>> 
>> I must be missing something obvious
>> 
>> Any other ideas?
>> Tiemo
>> 
>> 
>> -----Ursprüngliche Nachricht-----
>> Von: use-livecode <use-livecode-bounces at lists.runrev.com> Im Auftrag 
>> von matthias rebbe via use-livecode
>> Gesendet: Dienstag, 4. Mai 2021 13:49
>> An: How to use LiveCode <use-livecode at lists.runrev.com>
>> Cc: matthias_livecode_150811 at m-r-d.de
>> Betreff: Re: notarizing DMG fails
>> 
>> Tiemo,
>> 
>> you can create 2 different installer certificates in you Apple 
>> developer account.
>> One is called 'Mac Installer Distribution' and is used for code 
>> signing installers for the Mac App Store.
>> The other one is called 'Developer ID Installer' and is used to code 
>> sign your  Installer Package for distribution outside of the Mac App 
>> Store
>> 
>> Which one did you use for signing the packager?
>> 
>> And another question, how did you build the package? Did you use a 3rd 
>> party tool or did you use 'productbuild' in Terminal?
>> If you used a 3rd party tool, then could you please try to create the 
>> package installer using terminal command?
>> 
>> productbuild --sign <Developer ID Installer signing identity> 
>> --component <path_to_your_App> /Applications <path_of_the_packager>
>> 
>> example
>> productbuild --sign "Developer ID Installer: Matthias Rebbe 
>> (xxxxxxxxxxxxx)" --component "/users/matthias/LC/builts/test/test.app"
>> /Applications "/users/matthias/downloads/MyPackager.pkg"
>> 
>> 
>> But maybe it was just the wrong installer certificate
>> 
>> Regards
>> Matthias
>> 
>> 
>> -
>> Matthias Rebbe
>> Life Is Too Short For Boring Code
>> 
>>> Am 04.05.2021 um 12:08 schrieb Tiemo via use-livecode <
>> use-livecode at lists.runrev.com>:
>>> 
>>> Hi Matthias,
>>> 
>>> thank you for your ideas. I tried both.
>>> 
>>> When using just signed, but not notarized apps, packing, signing the 
>>> pkg, wrapping into dmg, signing the dmg, I get the same error when 
>>> notarizing the dmg "The binary is not signed"
>>> 
>>> When trying to notarize the signed pkg via terminal I get the error:
>>> "unable to  notarize app"
>>> "Upload succeeded but did not receive a RequestedUUID. Unable to 
>>> upload your app for notarization (-1018)"
>>> 
>>> I also tried to use the "Installer" certificate instead of the
>> "Application"
>>> certificate, but trying this with codesigning the package, I get the 
>>> error "this identitiy cannot be used"
>>> (actually I don't know for what purposes you can use the Installer
>>> certificate)
>>> 
>>> 
>>> Codesigning and notarizing the apps works fine ...
>>> 
>>> Perhaps I'll look for another packager and go testing with another
>> packager.
>>> 
>>> Any other ideas?
>>> Tiemo
>>> 
>>> 
>>> -----Ursprüngliche Nachricht-----
>>> Von: use-livecode <use-livecode-bounces at lists.runrev.com> Im Auftrag 
>>> von matthias rebbe via use-livecode
>>> Gesendet: Dienstag, 4. Mai 2021 10:34
>>> An: How to use LiveCode <use-livecode at lists.runrev.com>
>>> Cc: matthias_livecode_150811 at m-r-d.de
>>> Betreff: Re: notarizing DMG fails
>>> 
>>> Hi Tiemo,
>>> 
>>> but you did not create a .pkg from the a notarized app, did you?
>>> 
>>> You have to create and code sign a .pkg from the code signed, but 
>>> not notarized, .app  and then you have to notarize only the .pkg or 
>>> the code signed .dmg, if you want to distribute as .dmg.
>>> So the steps are
>>> 
>>> 1. code sign your .app - do not notarize it!
>>> 2. create a .pkg from the .app and code sign it 3. if you want to 
>>> distribute as dmg, create .dmg with the .pkg and code sign the .dmg 4.
>>> notarize the .pkg (or the .dmg)
>>> 
>>> The staple process then writes the needed information to the .dmg, 
>>> to the containing .pkg and the .app.
>>> 
>>> If these are the steps you've done already, then could you please 
>>> try the following using the helper stack
>>> 
>>> 1. code sign .app
>>> 2. notarize the .app using the '.zip method'
>>> 
>>> Is this successful? Then the problem does not rely on your .app.
>>> In this case please repeat and code sign the .app using the helper 
>>> stack and use the .dmg method
>>> 
>>> Is this successful? If so, then also the .dmg is fine
>>> 
>>> Repeat now manually, as .pkg is not supported by the helper stack.
>>> 
>>> 1. code sign .app
>>> 2. create .pkg
>>> 3. code sign .pkg
>>> 4. notarize .pkg
>>> 
>>> Is this successful?
>>> 
>>> Regards,
>>> 
>>> Matthias
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> -
>>> Matthias Rebbe
>>> Life Is Too Short For Boring Code
>>> 
>>>> Am 04.05.2021 um 09:47 schrieb Tiemo via use-livecode
>>> <use-livecode at lists.runrev.com>:
>>>> 
>>>> Hello,
>>>> 
>>>> 
>>>> 
>>>> I have signed and notarized several apps with Matthias tool - 
>>>> successful
>>>> 
>>>> Then I packaged theses apps with Packages and signed the package 
>>>> via terminal - successful
>>>> 
>>>> Then I  put the pkg into a dmg via DMG canvas and signed the dmg 
>>>> via terminal - successful
>>>> 
>>>> Then I uploaded the dmg for notarization via terminal. The upload 
>>>> was successful, but the email from apple told me, that the upload 
>>>> was not notarized and the logfile tells me:
>>>> 
>>>> 
>>>> 
>>>> Severity: Error
>>>> 
>>>> Path: "DGSlern_Update_1.0.0.4.dmg/DGS Lernprogramm 1.0.0.4 Update .pkg"
>>>> 
>>>> Message: The binary is not signed
>>>> 
>>>> 
>>>> 
>>>> This is a bit irritating. Has anybody anytime encountered such 
>>>> conflicting messages?
>>>> 
>>>> Any idea, where to look for?
>>>> 
>>>> Thanks
>>>> 
>>>> Tiemo
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> use-livecode mailing list
>>>> use-livecode at lists.runrev.com
>>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>> 
>>> 
>>> _______________________________________________
>>> use-livecode mailing list
>>> use-livecode at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your 
>>> subscription
>>> preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>> 
>>> 
>>> _______________________________________________
>>> use-livecode mailing list
>>> use-livecode at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>> 
>> 
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your 
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>> 
>> 
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your 
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
> 
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode





More information about the use-livecode mailing list