[Interest] OSX codesign question
Alexander Carôt
Alexander_Carot at gmx.net
Wed Apr 8 10:07:39 CEST 2020
Hi Andy and Nuno,
thanks for your answers - looks like being on a good track now.
I think the very last problem for me to fix is choosing the correct file - so far I have used the certificate I downloaded from the developer account like this:
codesign --deep ./myApp -s development.cer
but this give me:
development.cer: no identity found
Do you know how to fix this ? Do I probably use the wrong file or is there anything else to be changed ?
Thanks again,
best
Alex
--
http://www.carot.de
Email : Alexander at Carot.de
Tel.: +49 (0)177 5719797
Von: Andy <asmaloney at gmail.com>
Datum: Montag, 6. April 2020 um 13:34
An: Nuno Santos <nunosantos at imaginando.pt>
Cc: Alexander Carôt <alexander_carot at gmx.net>, qt qt <interest at qt-project.org>
Betreff: Re: [Interest] OSX codesign question
I just did this yesterday. I could not get macdeployqt to work either, so I do it using the command line in my build process.
Here's the command line I'm using:
codesign --deep --force --verify --verbose --timestamp --options runtime --sign "${CODE_SIGNING_ID}" "${APP_PATH}"
Which signing ID you use depends on where you are releasing your application. Nuno gave the command line tool to list them - you can also see them under "My Certificates" in the Keychain Access application. To distribute a macOS application outside the Apple Store, you want the "Developer ID Application" one as Nuno showed.
Two good sources of info for codesign are "man codesign" and this page:
https://developer.apple.com/library/archive/technotes/tn2206/_index.html
Once your application is signed, you can use this command to verify it:
codesign --verify --deep --strict --verbose=2 "${APP_PATH}"
Note that you can sign DMGs and ZIP files as well.
Good luck!
---
Andy Maloney // https://asmaloney.com
twitter ~ @asmaloney
On Mon, Apr 6, 2020 at 6:39 AM Nuno Santos <nunosantos at imaginando.pt> wrote:
Alexander,
I don’t use macdeployqt for signing.
I call the codesign command manually in the POST LINK phase.
You need to pass to the code sign the string representing your team. You can list the available signing entities with the following command:
> security find-identity -v -p codesigning
Then you need to do something like this:
codesign --deep PATH_TO_BUNDLE -s "Developer ID Application: ACME_INC (TEAM_IDENTIFER) )”
Hope it helps!
Best,
Nuno
> On 6 Apr 2020, at 10:32, Alexander Carôt <alexander_carot at gmx.net> wrote:
>
> Hello all,
>
> I want to sign my OSX code in order to have it running on a client's machine without the need to right-click and open it.
>
> I signed at https://developer.apple.com/ and received my valid certificate called "developer.cer".
>
> Then I exectued
>
> macdeployqt myApp.app -dmg -codesign=developer.cer
>
> but I got this error:
>
> ERROR: "developer.cer: no identity found\n"
> ERROR: Codesign signing error:
> ERROR: "developer.cer: no identity found\n"
> ERROR: codesign verification error:
> ERROR: "soundjack.app: code object is not signed at all\nIn architecture: x86_64\n"
>
> Does anyone know what to do ? Is there probably a different/better way to sign it ?
>
> Thanks a lot in advance,
> best
>
> Alex
>
> --
> http://www.carot.de
> Email : Alexander at Carot.de
> Tel.: +49 (0)177 5719797
>
> _______________________________________________
> Interest mailing list
> Interest at qt-project.org
> https://lists.qt-project.org/listinfo/interest
_______________________________________________
Interest mailing list
Interest at qt-project.org
https://lists.qt-project.org/listinfo/interest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20200408/198bb462/attachment-0001.html>
More information about the Interest
mailing list