Setting automatic code signing to Off and "Code Sign style" = Manual just means 
you have control over the certificate, developer team, etc. not that Xcode 
won't sign your product.  There used to be a "Don't Code Sign" option which did 
as advertised but it hasn't been an option in a Xcode release or two.

-Dave

On 5/4/20, 2:34 AM, "João Varela via Cocoa-dev" <cocoa-dev@lists.apple.com> 
wrote:



    > On 3 May 2020, at 21:31, Gabriel Zachmann <z...@cs.uni-bremen.de> wrote:
    > 
    > Thanks a million to everybody for responding to my question!
    > 
    > 
    > I have been following Joao's instructions at
    > 
    >   
https://stackoverflow.com/questions/53101626/how-to-notarize-an-app-bundle-containing-helpers-embedded-in-it/56799591#56799591
 
<https://stackoverflow.com/questions/53101626/how-to-notarize-an-app-bundle-containing-helpers-embedded-in-it/56799591#56799591>
    > and those at:
    > 
    >   https://forums.developer.apple.com/message/338167#338167 
<https://forums.developer.apple.com/message/338167#338167>
    > 
    > Notarization of my screen saver seems to work now.
    > 
    > However, I am still confused, but I prefer to understand what is going.
    > So, I'd appreciate it very much if you could enlighten me.
    > 
    > 
    > First of all, in the build settings I have "Code Signing style" = Manual.
    > (And in the Signing & Capabilities section, "Automatically manage 
signing" is OFF.)
    > Now, when I build my screen saver, Xcode still opens a dialog saying 
"code sign wants to access key "Mac Developer ID Application...".
    > THat's fine with me, I am just confused: I thought, when automatic code 
signing is OFF, then Xcode doesn't code sign the screen saver at all.

    That should not happen. Are you sure you did the second step and changed 
"Mac Developer" to "Developer ID Application” on your keychain in the Code 
Signing Identity?

    > 
    > Could some kind soul please shed some light on this?
    > 
    > 
    > Next, when I try to verify the signature like this:
    > 
    >    codesign -vvvv -R="anchor apple" /tmp/Release/ArtSaver.saver
    > 
    > I get this output:
    > 
    > /tmp/Release/ArtSaver.saver: valid on disk
    > /tmp/Release/ArtSaver.saver: satisfies its Designated Requirement
    > test-requirement: code failed to satisfy specified code requirement(s)
    > 

    Perhaps this is linked to the fact that you are not using the proper 
certificate. You must use Developer ID Application certificate on your keychain 
to be able to deploy your screen saver in machines other than the development 
one you are using.

    Another problem that can cause it is if you do not set your TeamIdentifier 
properly.

    Try this in Terminal and see what you get:

    codesign --display --requirements - --verbose=4 /tmp/Release/ArtSaver.saver

    May be it will explain to you what is going wrong.


    > The last line concerns my a little - should I worry about it?
    > What does it mean?
    > (Naturally, in Xcode there is no entitlements section since this is a 
screen saver.)

    Yes, you need to worry about it and you need to fix this error.

    > 
    > 
    > Other than that, however, the signing and notarization seems to work.
    > At least, the response email from Apple says so.
    > 
    > 
    > 
    > Another question is with regards to build settings.
    > Xcode now issues the warning "Update to recommended settings",
    > and the details say:
    > "Target ... - Switch to Development Signing. This will set the 
CODE_SIGN_IDENTITY setting to "Apple Development" ... "
    > I guess I should not let Xcode change that to the "recommended settings" 
    > (see Joao's instructions) - am I correct?

    Yes, you are correct. You need to disregard this warning. Just uncheck 
those warning checkboxes and go your merry way. Every new version of Xcode will 
always try to make you use the automated version of signing, which you can’t.


    > But I am still wondering:
    > 1. What do the different options in the "Code Signing Identity" 
(CODE_SIGN_IDENTITY) mean? Naturally, I googled about it, and read the docs at 
https://help.apple.com/xcode/mac/current/#/dev154b28f09 
<https://help.apple.com/xcode/mac/current/#/dev154b28f09> , but I am still in 
the dark)

    That’s the certificate you should use. For debugging, Mac Developer 
certificate is OK and is recommended, but for a release version you must use 
Developer ID Application certificate to release it outside the Mac App Store.


    > 2. Can I tell Xcode that the current setting is fine and it should not 
issue a warning about it?
    > 

    See my comments above.

    HTH,

    João

    _______________________________________________

    Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

    Please do not post admin requests or moderator comments to the list.
    Contact the moderators at cocoa-dev-admins(at)lists.apple.com

    Help/Unsubscribe/Update your Subscription:
    https://lists.apple.com/mailman/options/cocoa-dev/david.stjohn%40xerox.com

    This email sent to david.stj...@xerox.com

_______________________________________________

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Reply via email to