Re: notarizing DMG fails - solved
> > Thank you Matthias! Your tools make my life SO much easier! You have > done a great service for this community. +100 ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: notarizing DMG fails - solved
Thanks Phil. @all I've updated the lesson at https://lessons.livecode.com/m/4071/l/1122100-codesigning-and-notarizing-your-lc-standalone-for-distribution-outside-the-mac-appstore now and added detailed information about package installers. So it now contains also information about how to create,sign and notarize package installers or package installers on dmg. It would be really awesome, if someone could check it. I needed to insert some additional steps and i really hope that i did not forget to adjust some references to internal steps. So please let me if you find any errors, typos or wrong information. Thanks. Matthias > Am 05.05.2021 um 19:49 schrieb Phil Davis via use-livecode > : > > Thank you Matthias! Your tools make my life SO much easier! You have > done a great service for this community. > > Phil Davis > > > On 5/5/21 2:20 AM, matthias rebbe via use-livecode wrote: >>> Am 05.05.2021 um 11:10 schrieb Tiemo via use-livecode >>> : >>> >>> Thank you all for helping my lost soul in Apples notarizing nirvana >>> >>> Tiemo >>> >>> P.S. >>> Matthias, perhaps you want to add this in your great helpfile - without >>> that it would have taken weeks for me! >>> >> I am currently working on it. ;) >> First i will just add a note, but later, when i have more free time i will >> enhance it to describe all more detailed. >> >> The Helper Stack will also get an update to support package installers. But >> it takes some time. >> >> >> >>> -Ursprüngliche Nachricht- >>> Von: use-livecode Im Auftrag von >>> matthias rebbe via use-livecode >>> Gesendet: Mittwoch, 5. Mai 2021 10:31 >>> An: How to use LiveCode >>> Cc: matthias_livecode_150...@m-r-d.de >>> Betreff: Re: notarizing DMG fails >>> >>> Tiemo, >>> >>> i think i found the solution. I tried here myself and did als get the error >>> "this identity cannot be used for signing code" when using the Developer ID >>> Installer certificate for signing the .pkg. >>> According to Apple (see point 2) >>> https://help.apple.com/xcode/mac/current/#/deve51ce7c3d >>> >>> you have to use the tool productsign to sign the package installer. >>> >>> So the syntax is like this >>> >>> productsign --sign >>> >>> >>> Example >>> productsign --sign "Developer ID Installer: Matthias Rebbe ()" >>> "/users/matthias/LC/builts/test/test.pkg" >>> "/users/matthias/LC/builts/test/test_signed.pkg" >>> >>> After successful signing i got this messages in Terminal >>> >>> productsign: using timestamp authority for signature >>> productsign: signing product with identity "Developer ID Installer: >>> Matthias Rebbe ()" from keychain >>> /Users/matthias/Library/Keychains/login.keychain-db >>> productsign: adding certificate "Developer ID Certification Authority" >>> productsign: adding certificate "Apple Root CA" >>> productsign: Wrote signed product archive to >>> /users/matthias/LC/builts/test/test_signed.pkg >>> >>> >>> Regards >>> >>> - >>> Matthias Rebbe >>> Life Is Too Short For Boring Code >> >> ___ >> use-livecode mailing list >> use-livecode@lists.runrev.com >> Please visit this url to subscribe, unsubscribe and manage your subscription >> preferences: >> http://lists.runrev.com/mailman/listinfo/use-livecode > > -- > Phil Davis > 503-307-4363 > > > ___ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: notarizing DMG fails - solved
Thank you Matthias! Your tools make my life SO much easier! You have done a great service for this community. Phil Davis On 5/5/21 2:20 AM, matthias rebbe via use-livecode wrote: >> Am 05.05.2021 um 11:10 schrieb Tiemo via use-livecode >> : >> >> Thank you all for helping my lost soul in Apples notarizing nirvana >> >> Tiemo >> >> P.S. >> Matthias, perhaps you want to add this in your great helpfile - without that >> it would have taken weeks for me! >> > I am currently working on it. ;) > First i will just add a note, but later, when i have more free time i will > enhance it to describe all more detailed. > > The Helper Stack will also get an update to support package installers. But > it takes some time. > > > >> -Ursprüngliche Nachricht- >> Von: use-livecode Im Auftrag von >> matthias rebbe via use-livecode >> Gesendet: Mittwoch, 5. Mai 2021 10:31 >> An: How to use LiveCode >> Cc: matthias_livecode_150...@m-r-d.de >> Betreff: Re: notarizing DMG fails >> >> Tiemo, >> >> i think i found the solution. I tried here myself and did als get the error >> "this identity cannot be used for signing code" when using the Developer ID >> Installer certificate for signing the .pkg. >> According to Apple (see point 2) >> https://help.apple.com/xcode/mac/current/#/deve51ce7c3d >> >> you have to use the tool productsign to sign the package installer. >> >> So the syntax is like this >> >> productsign --sign >> >> >> Example >> productsign --sign "Developer ID Installer: Matthias Rebbe ()" >> "/users/matthias/LC/builts/test/test.pkg" >> "/users/matthias/LC/builts/test/test_signed.pkg" >> >> After successful signing i got this messages in Terminal >> >> productsign: using timestamp authority for signature >> productsign: signing product with identity "Developer ID Installer: Matthias >> Rebbe ()" from keychain >> /Users/matthias/Library/Keychains/login.keychain-db >> productsign: adding certificate "Developer ID Certification Authority" >> productsign: adding certificate "Apple Root CA" >> productsign: Wrote signed product archive to >> /users/matthias/LC/builts/test/test_signed.pkg >> >> >> Regards >> >> - >> Matthias Rebbe >> Life Is Too Short For Boring Code > > ___ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode -- Phil Davis 503-307-4363 ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: notarizing DMG fails - solved
> Am 05.05.2021 um 11:10 schrieb Tiemo via use-livecode > : > > Thank you all for helping my lost soul in Apples notarizing nirvana > > Tiemo > > P.S. > Matthias, perhaps you want to add this in your great helpfile - without that > it would have taken weeks for me! > I am currently working on it. ;) First i will just add a note, but later, when i have more free time i will enhance it to describe all more detailed. The Helper Stack will also get an update to support package installers. But it takes some time. > > -Ursprüngliche Nachricht- > Von: use-livecode Im Auftrag von > matthias rebbe via use-livecode > Gesendet: Mittwoch, 5. Mai 2021 10:31 > An: How to use LiveCode > Cc: matthias_livecode_150...@m-r-d.de > Betreff: Re: notarizing DMG fails > > Tiemo, > > i think i found the solution. I tried here myself and did als get the error > "this identity cannot be used for signing code" when using the Developer ID > Installer certificate for signing the .pkg. > According to Apple (see point 2) > https://help.apple.com/xcode/mac/current/#/deve51ce7c3d > > you have to use the tool productsign to sign the package installer. > > So the syntax is like this > > productsign --sign > > > Example > productsign --sign "Developer ID Installer: Matthias Rebbe ()" > "/users/matthias/LC/builts/test/test.pkg" > "/users/matthias/LC/builts/test/test_signed.pkg" > > After successful signing i got this messages in Terminal > > productsign: using timestamp authority for signature > productsign: signing product with identity "Developer ID Installer: Matthias > Rebbe ()" from keychain > /Users/matthias/Library/Keychains/login.keychain-db > productsign: adding certificate "Developer ID Certification Authority" > productsign: adding certificate "Apple Root CA" > productsign: Wrote signed product archive to > /users/matthias/LC/builts/test/test_signed.pkg > > > Regards > > - > Matthias Rebbe > Life Is Too Short For Boring Code ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
AW: notarizing DMG fails - solved
exactly, that’s the culprit! to make matters worse you can use codesign also for packages and even verifying that codesign returns a valid codesign, but using codesign for packages ignores the content of the package and only looks for the envelope, what is useless. So two issues are vital when codesigning packages: Using the Developer Installer ID certificate And not using codesign, but productsign Thank you all for helping my lost soul in Apples notarizing nirvana Tiemo P.S. Matthias, perhaps you want to add this in your great helpfile - without that it would have taken weeks for me! -Ursprüngliche Nachricht- Von: use-livecode Im Auftrag von matthias rebbe via use-livecode Gesendet: Mittwoch, 5. Mai 2021 10:31 An: How to use LiveCode Cc: matthias_livecode_150...@m-r-d.de Betreff: Re: notarizing DMG fails Tiemo, i think i found the solution. I tried here myself and did als get the error "this identity cannot be used for signing code" when using the Developer ID Installer certificate for signing the .pkg. According to Apple (see point 2) https://help.apple.com/xcode/mac/current/#/deve51ce7c3d you have to use the tool productsign to sign the package installer. So the syntax is like this productsign --sign Example productsign --sign "Developer ID Installer: Matthias Rebbe ()" "/users/matthias/LC/builts/test/test.pkg" "/users/matthias/LC/builts/test/test_signed.pkg" After successful signing i got this messages in Terminal productsign: using timestamp authority for signature productsign: signing product with identity "Developer ID Installer: Matthias Rebbe ()" from keychain /Users/matthias/Library/Keychains/login.keychain-db productsign: adding certificate "Developer ID Certification Authority" productsign: adding certificate "Apple Root CA" productsign: Wrote signed product archive to /users/matthias/LC/builts/test/test_signed.pkg Regards - Matthias Rebbe Life Is Too Short For Boring Code > Am 05.05.2021 um 09:35 schrieb matthias rebbe via use-livecode > : > > Timo, > > .app -> Developer ID Application > .pkg -> Developer ID Installer > .dmg -> Developer ID Application > > > > - > Matthias Rebbe > Life Is Too Short For Boring Code > >> Am 05.05.2021 um 08:56 schrieb Tiemo via use-livecode >> : >> >> Hi Panos, >> thanks for jumping in >> >> I am on macOS 11.2.3 and created the certificates pretty freshly two weeks >> ago. >> Xcode-select -p doesn't returns any version# at all, it just returns >> a path: "/Applications/Xcode.app/Content/Developer/ >> Xcodebuild -version shows Xcode 12.5 build 12E262 I now >> (re-?)installed the command line tools by xcode-select -- install But >> xcode-select -p still doesn't shows any version# ??? >> I now downloaded the Apple Worldwide Developer Relations Intermediate >> Certificate. Actually I am not sure, if it was there before (I didn't >> checked it before) >> >> I will later test again from the scratch >> >> But I am still unsure if I may use the " Developer ID Application" >> certificate also for the pkg and dmg or if I have to use the "Developer ID >> Installer" certificate for the pkg and dmg? >> >> Thanks >> >> Tiemo >> >> >> >> -Ursprüngliche Nachricht- >> Von: use-livecode Im Auftrag >> von panagiotis merakos via use-livecode >> Gesendet: Dienstag, 4. Mai 2021 18:19 >> An: How to use LiveCode >> Cc: panagiotis merakos >> Betreff: Re: notarizing DMG fails >> >> Hello Tiemo, >> >> When did you create these certificates? And what is your MacOS version, and >> the Xcode version returned if you type "xcode-select -p" in a Terminal? I am >> wondering if you need to install the new Apple Worldwide Developer Relations >> Intermediate Certificate: >> >> https://developer.apple.com/support/wwdr-intermediate-certificate/ >> >> You can find it here: >> >> https://developer.apple.com/support/expiration/ >> >> Kind regards, >> Panos >> -- >> >> On Tue, 4 May 2021 at 19:02, Tiemo via use-livecode < >> use-livecode@lists.runrev.com> wrote: >> >>> Hi Matthias, >>> >>> still struggeling ... >>> >>> I have two developer certificates in my keychain: >>> Developer ID Installer : >>> Developer ID Application: >>> >>> Using the Application certificate on the app and pkg and dmg, all >>> codesigning is fine, even when verifying it, but I get the "The >>> binary is not signed" error in the notarization log, when notarizing the >>> dmg ??? >>> Using the Installer certificate on the pkg, I get already the error >>> when codesigning the pkg "this identity cannot be used for signing code" ??? >>> >>> All errors are the same, either using the tool "Packages" or >>> creating the package on command line by pkgbuild (productbuild is >>> only for builing appStore apps, as far as I see it) >>> >>> I must be missing something obvious >>> >>> Any other ideas? >>> Tiemo >>> >>> >>> -Ursprüngliche Nachricht- >>> Von: use-livecode Im Auftrag >>> von matthias rebbe via u
