Setting automatic code signing to Off and "Code Sign style" = Manual just means
you have control over the certificate, developer team, etc. not that Xcode
won't sign your product. There used to be a "Don't Code Sign" option which did
as advertised but it hasn't been an option in a Xcode release or two.
-Dave
On 5/4/20, 2:34 AM, "João Varela via Cocoa-dev" <cocoa-dev@lists.apple.com>
wrote:
> On 3 May 2020, at 21:31, Gabriel Zachmann <z...@cs.uni-bremen.de> wrote:
>
> Thanks a million to everybody for responding to my question!
>
>
> I have been following Joao's instructions at
>
>
https://stackoverflow.com/questions/53101626/how-to-notarize-an-app-bundle-containing-helpers-embedded-in-it/56799591#56799591
<https://stackoverflow.com/questions/53101626/how-to-notarize-an-app-bundle-containing-helpers-embedded-in-it/56799591#56799591>
> and those at:
>
> https://forums.developer.apple.com/message/338167#338167
<https://forums.developer.apple.com/message/338167#338167>
>
> Notarization of my screen saver seems to work now.
>
> However, I am still confused, but I prefer to understand what is going.
> So, I'd appreciate it very much if you could enlighten me.
>
>
> First of all, in the build settings I have "Code Signing style" = Manual.
> (And in the Signing & Capabilities section, "Automatically manage
signing" is OFF.)
> Now, when I build my screen saver, Xcode still opens a dialog saying
"code sign wants to access key "Mac Developer ID Application...".
> THat's fine with me, I am just confused: I thought, when automatic code
signing is OFF, then Xcode doesn't code sign the screen saver at all.
That should not happen. Are you sure you did the second step and changed
"Mac Developer" to "Developer ID Application” on your keychain in the Code
Signing Identity?
>
> Could some kind soul please shed some light on this?
>
>
> Next, when I try to verify the signature like this:
>
> codesign -vvvv -R="anchor apple" /tmp/Release/ArtSaver.saver
>
> I get this output:
>
> /tmp/Release/ArtSaver.saver: valid on disk
> /tmp/Release/ArtSaver.saver: satisfies its Designated Requirement
> test-requirement: code failed to satisfy specified code requirement(s)
>
Perhaps this is linked to the fact that you are not using the proper
certificate. You must use Developer ID Application certificate on your keychain
to be able to deploy your screen saver in machines other than the development
one you are using.
Another problem that can cause it is if you do not set your TeamIdentifier
properly.
Try this in Terminal and see what you get:
codesign --display --requirements - --verbose=4 /tmp/Release/ArtSaver.saver
May be it will explain to you what is going wrong.
> The last line concerns my a little - should I worry about it?
> What does it mean?
> (Naturally, in Xcode there is no entitlements section since this is a
screen saver.)
Yes, you need to worry about it and you need to fix this error.
>
>
> Other than that, however, the signing and notarization seems to work.
> At least, the response email from Apple says so.
>
>
>
> Another question is with regards to build settings.
> Xcode now issues the warning "Update to recommended settings",
> and the details say:
> "Target ... - Switch to Development Signing. This will set the
CODE_SIGN_IDENTITY setting to "Apple Development" ... "
> I guess I should not let Xcode change that to the "recommended settings"
> (see Joao's instructions) - am I correct?
Yes, you are correct. You need to disregard this warning. Just uncheck
those warning checkboxes and go your merry way. Every new version of Xcode will
always try to make you use the automated version of signing, which you can’t.
> But I am still wondering:
> 1. What do the different options in the "Code Signing Identity"
(CODE_SIGN_IDENTITY) mean? Naturally, I googled about it, and read the docs at
https://help.apple.com/xcode/mac/current/#/dev154b28f09
<https://help.apple.com/xcode/mac/current/#/dev154b28f09> , but I am still in
the dark)
That’s the certificate you should use. For debugging, Mac Developer
certificate is OK and is recommended, but for a release version you must use
Developer ID Application certificate to release it outside the Mac App Store.
> 2. Can I tell Xcode that the current setting is fine and it should not
issue a warning about it?
>
See my comments above.
HTH,
João
_______________________________________________
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/david.stjohn%40xerox.com
This email sent to david.stj...@xerox.com
_______________________________________________
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
