Re: AW: Another (macOS) Code signing guidance question...
On 10/10/2023 8:23 PM, panagiotis merakos via use-livecode wrote: Hello all, Just downloading the certificate from your account in the apple dev website, and using it in a different machine from the one it was created will not work (you get identity not found), because you need the private key as well. This is why you have to export the certificate from the old machine, because exporting the certificate exports the private key that is associated with it as well. Kind regards, Panos Thank you Panos. If you or Matthias ever come across (or write) a goo step by step for getting Apple Certs to a new machine (new cert from Apple to a new machine, existing cert from Apple to a new machine, existing cert from one machine to another I think are the 3 possibilities) you should link to it or add it to the code signing and notarization lesson. We only do this rarely. For example I have a Apple Code signing cert that was created in 2021 and good until 2026. That was a replacement for an earlier one. I put than on a Mojave system that I have used to code sign since 2021. In 2 years time I have not touch the certs and would not have until 2026 if Apple did change the notarization command and make me move to a newer macOS. So I forget how its done. I even forget where I filed my own documentation on how to do it. So it's like trying to do it from scratch each time. I try to do all the code signing (mac and win) and notarization (mac) by command line even though there are GUI tools (Matthias's excellent stack and AppWrapper and on and on) so that I at least know the steps in the process and id something goes wrong (because the vendor changes something) I know what step blew up. Any way, thank you again. ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: Another (macOS) Code signing guidance question...
Panos, > Am 11.10.2023 um 02:23 schrieb panagiotis merakos via use-livecode > : > > Hello all, > > Just downloading the certificate from your account in the apple dev > website, and using it in a different machine from the one it was created > will not work (you get identity not found), because you need the private > key as well. > But this is not case when the key chain is saved to iCloud and the other machine is also using the same iCloud account, isn't it. At least i had never problems to download the certificates to an other computer which had also access to the same key chain in iCloud. Regards, Matthias > This is why you have to export the certificate from the old machine, > because exporting the certificate exports the private key that is > associated with it as well. > > Kind regards, > Panos > > On Wed, 11 Oct 2023, 01:08 J. Landman Gay via use-livecode, < > use-livecode@lists.runrev.com> wrote: > >> On 10/10/23 4:16 PM, Paul Dupuis via use-livecode wrote: >>> The hardest part was getting the correct Certificates into the Keychain >> on the macBook Air. >>> When code signing I kept getting an "identity not found" (or something >> like that) that meant I >>> didn't have the "right" certificate or the certificate installed where >> it was needed. >> >> Thanks for this. That was the error I was getting too. Apparently both of >> us have identity >> crises (ref: Doc Hawk. The smartalec.) >> >> Guess I need to dig around in Keychain. >> >> -- >> Jacqueline Landman Gay | jac...@hyperactivesw.com >> HyperActive Software | http://www.hyperactivesw.com >> >> >> ___ >> use-livecode mailing list >> use-livecode@lists.runrev.com >> Please visit this url to subscribe, unsubscribe and manage your >> subscription preferences: >> http://lists.runrev.com/mailman/listinfo/use-livecode >> > ___ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: AW: Another (macOS) Code signing guidance question...
On 10/10/23 7:23 PM, panagiotis merakos via use-livecode wrote: Just downloading the certificate from your account in the apple dev website, and using it in a different machine from the one it was created will not work (you get identity not found), I wish the error message would be more informative. If I'd known the error was related to the certificate I'd have saved myself a lot of time. Thanks for this. -- Jacqueline Landman Gay | jac...@hyperactivesw.com HyperActive Software | http://www.hyperactivesw.com ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: Another (macOS) Code signing guidance question...
I haven't tried the API/web service for notarizing apps. But there appears to be a way and it might be simpler in the long run. Still need the (right) keys:) https://developer.apple.com/documentation/notaryapi/submitting_software_for_notarization_over_the_web On Oct 10, 2023, at 5:07 PM, J. Landman Gay via use-livecode wrote: On 10/10/23 4:16 PM, Paul Dupuis via use-livecode wrote: > The hardest part was getting the correct Certificates into the Keychain on > the macBook Air. When code signing I kept getting an "identity not found" (or > something like that) that meant I didn't have the "right" certificate or the > certificate installed where it was needed. Thanks for this. That was the error I was getting too. Apparently both of us have identity crises (ref: Doc Hawk. The smartalec.) Guess I need to dig around in Keychain. -- Jacqueline Landman Gay | jac...@hyperactivesw.com HyperActive Software | http://www.hyperactivesw.com ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: AW: Another (macOS) Code signing guidance question...
Hello all, Just downloading the certificate from your account in the apple dev website, and using it in a different machine from the one it was created will not work (you get identity not found), because you need the private key as well. This is why you have to export the certificate from the old machine, because exporting the certificate exports the private key that is associated with it as well. Kind regards, Panos On Wed, 11 Oct 2023, 01:08 J. Landman Gay via use-livecode, < use-livecode@lists.runrev.com> wrote: > On 10/10/23 4:16 PM, Paul Dupuis via use-livecode wrote: > > The hardest part was getting the correct Certificates into the Keychain > on the macBook Air. > > When code signing I kept getting an "identity not found" (or something > like that) that meant I > > didn't have the "right" certificate or the certificate installed where > it was needed. > > Thanks for this. That was the error I was getting too. Apparently both of > us have identity > crises (ref: Doc Hawk. The smartalec.) > > Guess I need to dig around in Keychain. > > -- > Jacqueline Landman Gay | jac...@hyperactivesw.com > HyperActive Software | http://www.hyperactivesw.com > > > ___ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: AW: Another (macOS) Code signing guidance question...
On 10/10/23 4:16 PM, Paul Dupuis via use-livecode wrote: The hardest part was getting the correct Certificates into the Keychain on the macBook Air. When code signing I kept getting an "identity not found" (or something like that) that meant I didn't have the "right" certificate or the certificate installed where it was needed. Thanks for this. That was the error I was getting too. Apparently both of us have identity crises (ref: Doc Hawk. The smartalec.) Guess I need to dig around in Keychain. -- Jacqueline Landman Gay | jac...@hyperactivesw.com HyperActive Software | http://www.hyperactivesw.com ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
AW: Another (macOS) Code signing guidance question...
Under macOS 14.0 Sonoma on a M1 macBook Air, I have set up the Command Line Tools for XCode 15.0 and have successfully signed, notarized, and stapled a Livecode Standalone using the new Apple notarization command that goes into effect on November 1, 2023 Effect 1-NOV-2023, the notarization command changes from "xcrun altool ..." to "xcrun notarytool ..." and instead of getting an email when Notarization is done, the terminal command now waits and tells you when the process if "accepted" (i.e. done) Thanks to Matthias Rebbe's excellent documentation at https://lessons.livecode.com/m/4071/l/1653720-code-signing-and-notarizing-your-lc-standalone-for-distribution-outside-the-mac-appstore-with-xcode-13-and-up the actual notarization part was easy. The hardest part was getting the correct Certificates into the Keychain on the macBook Air. When code signing I kept getting an "identity not found" (or something like that) that meant I didn't have the "right" certificate or the certificate installed where it was needed. I had downloaded the SAME cert that I current use to code sign under Mojave from the Apple Developer site to the macBook Ait and double clicked it. This initially kept generating an error could that the cert could not be used. This was because I had not selected the "Login" keychain in the keychain tool. After selecting the Login keychain and drag and dropping teh download cert file it installed without error and said it was a valid certificate. Still, the command line to code sign would not work, reporting "identify not found" Comparing the Keychain on Mojave to the Keychain on Sonoma, I could see 2 things (1) The downloaded signing cert was only showing up under the "Certificates" tab on Sonoma and under BOTH the "Certificates" tab and the "My Certificates" tabs under Mojave and (2) the Mojave keychain had 2 additional certs installed in both tabs - one an Apple developer cert and one with a long string of hex and dashed that i think was a reissued Apple Intermediate cert. I ultimately had to delete the downloaded code signing cert on Sonoma, export the SAME developer code signing cert and the 2 other apple ones from Mojave, move them to Sonoma, and import them into the Sonoma keychain and then code signing work as documented. I thought I would tell this tale just in case it helps someone else. ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: Another (macOS) Code signing guidance question...
Paul, you should be able to download and "install" the Apple certificates directly in Xcode. To do so, open settings in Xcode and select "accounts" icon. There you should see a window which allows you to manage your certificates which also includes to install them. Matthias > Am 10.10.2023 um 18:48 schrieb Paul Dupuis via use-livecode > : > > On 10/10/2023 12:36 PM, J. Landman Gay via use-livecode wrote: >> I got that far at least. I couldn't notarize on Monterey but my client on >> Sonoma had no problem using mrSignNotarizeHelper on Sonoma with Xcode 15. My >> issues happened after that. So I think you're safe using the tool on Sonoma. >> > > Thank you for the encouraging information! > > Currently, I am struggling with get a signing cert into the keychain on the > macBook Air with Sonoma. The cert I downloaded and double-click to add to the > keychain on Mojave, generates an error trying to do the same on Sonoma (to > bad as it was good until 2026!) > > Not sure why it gives an error and would load into the keychain on Sonoma. > > ___ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: Another (macOS) Code signing guidance question...
On 10/10/2023 12:36 PM, J. Landman Gay via use-livecode wrote: I got that far at least. I couldn't notarize on Monterey but my client on Sonoma had no problem using mrSignNotarizeHelper on Sonoma with Xcode 15. My issues happened after that. So I think you're safe using the tool on Sonoma. Thank you for the encouraging information! Currently, I am struggling with get a signing cert into the keychain on the macBook Air with Sonoma. The cert I downloaded and double-click to add to the keychain on Mojave, generates an error trying to do the same on Sonoma (to bad as it was good until 2026!) Not sure why it gives an error and would load into the keychain on Sonoma. ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: Another (macOS) Code signing guidance question...
I got that far at least. I couldn't notarize on Monterey but my client on Sonoma had no problem using mrSignNotarizeHelper on Sonoma with Xcode 15. My issues happened after that. So I think you're safe using the tool on Sonoma. -- Jacqueline Landman Gay | jac...@hyperactivesw.com HyperActive Software | http://www.hyperactivesw.com On October 10, 2023 10:45:37 AM Paul Dupuis via use-livecode wrote: I am looking at https://developer.apple.com/support/xcode To meet Apple's Nov 1 deadline of switch from the old Notarization tool (which I current use on Mojave) to the new one, I need to get set up on macOS 14 Sonoma. To me, from the Apple page, it look like I need xcode 15 (deployment targets of macOS 10.13-14) BUT I am concerned that the Livecode lesson by Matthias and his mrSignNotarizeHelper tool recommend Xcode 13 or 14 (I don't see Xcode 15 mentioned). I may have (or probably did) miss something! The Apple Developer page suggest that Xcode 14.3.1 has a minim OS requirement of macOS Ventura 13 which suggest it can run on macOS 14 Sonoma? I only have a single macBook Air with Sonoma available to get sup up for the new notarization method. I really don't want to try to downgrade the macOS (I don't even know how to do that). ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: Another (macOS) Code signing guidance question...
On 10/10/2023 11:43 AM, Paul Dupuis via use-livecode wrote: I am looking at https://developer.apple.com/support/xcode To meet Apple's Nov 1 deadline of switch from the old Notarization tool (which I current use on Mojave) to the new one, I need to get set up on macOS 14 Sonoma. To me, from the Apple page, it look like I need xcode 15 (deployment targets of macOS 10.13-14) BUT I am concerned that the Livecode lesson by Matthias and his mrSignNotarizeHelper tool recommend Xcode 13 or 14 (I don't see Xcode 15 mentioned). I may have (or probably did) miss something! The Apple Developer page suggest that Xcode 14.3.1 has a minim OS requirement of macOS Ventura 13 which suggest it can run on macOS 14 Sonoma? I only have a single macBook Air with Sonoma available to get sup up for the new notarization method. I really don't want to try to downgrade the macOS (I don't even know how to do that). Ok, I may have answered one of my questions. I downloaded the XCode 14.3.1 Command Line Tools from https://developer.apple.com/download/all/ and tried to install them on Sonoma and the installer will not let me stating the "OS is too new". I guess Xcode 15 is the minimum for Sonoma. Now I will try the "Command Line Tools for Xcode 15" from the same Apple download page. ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: Another (macOS) Code signing guidance question...
There’s this: https://support.apple.com/en-us/HT204904 I’m fairly certain that it will install the most recent version of MacOS however. To install the original MacOS, there’s this: https://support.apple.com/guide/mac-help/erase-and-reinstall-macos-mh27903/mac Bob S > On Oct 10, 2023, at 8:43 AM, Paul Dupuis via use-livecode > wrote: > > I only have a single macBook Air with Sonoma available to get sup up for the > new notarization method. I really don't want to try to downgrade the macOS (I > don't even know how to do that). ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: Another (macOS) Code signing guidance question...
I’ve been using AppWrapper for a few years and just deployed an upgrade for Sonoma compatibility. I don’t use the app store - just sell from my own web site. It’s a paid app but has a free trial: https://ohanaware.com/appwrapper/ --- Marty Knapp > On Oct 10, 2023, at 8:43 AM, Paul Dupuis via use-livecode > wrote: > > I am looking at https://developer.apple.com/support/xcode > > To meet Apple's Nov 1 deadline of switch from the old Notarization tool > (which I current use on Mojave) to the new one, I need to get set up on macOS > 14 Sonoma. > > To me, from the Apple page, it look like I need xcode 15 (deployment targets > of macOS 10.13-14) BUT I am concerned that the Livecode lesson by Matthias > and his mrSignNotarizeHelper tool recommend Xcode 13 or 14 (I don't see Xcode > 15 mentioned). I may have (or probably did) miss something! > > The Apple Developer page suggest that Xcode 14.3.1 has a minim OS requirement > of macOS Ventura 13 which suggest it can run on macOS 14 Sonoma? > > I only have a single macBook Air with Sonoma available to get sup up for the > new notarization method. I really don't want to try to downgrade the macOS (I > don't even know how to do that). > ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Another (macOS) Code signing guidance question...
I am looking at https://developer.apple.com/support/xcode To meet Apple's Nov 1 deadline of switch from the old Notarization tool (which I current use on Mojave) to the new one, I need to get set up on macOS 14 Sonoma. To me, from the Apple page, it look like I need xcode 15 (deployment targets of macOS 10.13-14) BUT I am concerned that the Livecode lesson by Matthias and his mrSignNotarizeHelper tool recommend Xcode 13 or 14 (I don't see Xcode 15 mentioned). I may have (or probably did) miss something! The Apple Developer page suggest that Xcode 14.3.1 has a minim OS requirement of macOS Ventura 13 which suggest it can run on macOS 14 Sonoma? I only have a single macBook Air with Sonoma available to get sup up for the new notarization method. I really don't want to try to downgrade the macOS (I don't even know how to do that). ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
