[Interest] OSX codesign question

Nuno Santos nunosantos at imaginando.pt
Wed Apr 8 10:11:45 CEST 2020 

Alex,

As far as I know, you don’t specify the certificate file. 

That certificate must be double clicked and installed on your Mac. You also need to have the private key for it on the same machine. Lets assume you have generated that certificate on that very same machine and therefore you have the private key installed).

Then, you need to do what I have told you in my last email. 

1) list the available identities:

>> security find-identity -v -p codesigning

2) sign with one the available identities (results from last command)

>> codesign --deep PATH_TO_BUNDLE -s "Developer ID Application: ACME_INC (TEAM_IDENTIFER) )”


I think I cannot be more clear than this. 

Regards,

Nuno

> On 8 Apr 2020, at 09:07, Alexander Carôt <Alexander_Carot at gmx.net> wrote:
> 
> Hi Andy and Nuno,
>  
> thanks for your answers - looks like being on a good track now.
>  
> I think the very last problem for me to fix is choosing the correct file - so far I have used the certificate I downloaded from the developer account like this:
>  
> codesign --deep ./myApp -s development.cer
>  
> but this give me:
>  
> development.cer: no identity found
>  
> Do you know how to fix this ? Do I probably use the wrong file or is there anything else to be changed ?
>  
> Thanks again,
> best
>  
> Alex
>  
> -- 
> http://www.carot.de <https://service.gmx.net/de/cgi/derefer?TYPE=3&DEST=http%3A%2F%2Fwww.carot.de>
> Email : Alexander at Carot.de <https://service.gmx.net/de/cgi/g.fcgi/mail/new?CUSTOMERNO=3660908&t=de61720084.1316506814.edd64584&to=Alexander%40carot.de>
> Tel.: +49 (0)177 5719797
>  
>  
> Von: Andy <asmaloney at gmail.com <mailto:asmaloney at gmail.com>>
> Datum: Montag, 6. April 2020 um 13:34
> An: Nuno Santos <nunosantos at imaginando.pt <mailto:nunosantos at imaginando.pt>>
> Cc: Alexander Carôt <alexander_carot at gmx.net <mailto:alexander_carot at gmx.net>>, qt qt <interest at qt-project.org <mailto:interest at qt-project.org>>
> Betreff: Re: [Interest] OSX codesign question
>  
> I just did this yesterday. I could not get macdeployqt to work either, so I do it using the command line in my build process.
>  
> Here's the command line I'm using:
>  
>   codesign --deep --force --verify --verbose --timestamp --options runtime --sign "${CODE_SIGNING_ID}" "${APP_PATH}"
>  
> Which signing ID you use depends on where you are releasing your application. Nuno gave the command line tool to list them - you can also see them under "My Certificates" in the Keychain Access application. To distribute a macOS application outside the Apple Store, you want the "Developer ID Application" one as Nuno showed.
>  
> Two good sources of info for codesign are "man codesign" and this page:
>  
>  https://developer.apple.com/library/archive/technotes/tn2206/_index.html <https://developer.apple.com/library/archive/technotes/tn2206/_index.html>
>  
> Once your application is signed, you can use this command to verify it:
>  
>   codesign --verify --deep --strict --verbose=2 "${APP_PATH}"
>  
> Note that you can sign DMGs and ZIP files as well.
>  
> Good luck!
>  
> ---
> Andy Maloney  //  https://asmaloney.com <https://asmaloney.com/>
> twitter ~ @asmaloney <https://twitter.com/asmaloney>
>  
>  
>  
> On Mon, Apr 6, 2020 at 6:39 AM Nuno Santos <nunosantos at imaginando.pt <mailto:nunosantos at imaginando.pt>> wrote:
>> Alexander,
>> 
>> I don’t use macdeployqt for signing. 
>> 
>> I call the codesign command manually in the POST LINK phase.
>> 
>> You need to pass to the code sign the string representing your team. You can list the available signing entities with the following command:
>> 
>> > security find-identity -v -p codesigning
>> 
>> Then you need to do something like this:
>> 
>> codesign --deep PATH_TO_BUNDLE -s "Developer ID Application: ACME_INC (TEAM_IDENTIFER) )”
>> 
>> Hope it helps!
>> 
>> Best,
>> 
>> Nuno
>> 
>> > On 6 Apr 2020, at 10:32, Alexander Carôt <alexander_carot at gmx.net <mailto:alexander_carot at gmx.net>> wrote:
>> > 
>> > Hello all,
>> > 
>> > I want to sign my OSX code in order to have it running on a client's machine without the need to right-click and open it.
>> > 
>> > I signed at https://developer.apple.com/ <https://developer.apple.com/> and received my valid certificate called "developer.cer".
>> > 
>> > Then I exectued
>> > 
>> > macdeployqt myApp.app -dmg -codesign=developer.cer
>> > 
>> > but I got this error:
>> > 
>> > ERROR: "developer.cer: no identity found\n"
>> > ERROR: Codesign signing error:
>> > ERROR: "developer.cer: no identity found\n"
>> > ERROR: codesign verification error:
>> > ERROR: "soundjack.app: code object is not signed at all\nIn architecture: x86_64\n"
>> > 
>> > Does anyone know what to do ? Is there probably a different/better way to sign it ?
>> > 
>> > Thanks a lot in advance,
>> > best
>> > 
>> > Alex
>> > 
>> > --
>> > http://www.carot.de <http://www.carot.de/>
>> > Email : Alexander at Carot.de <mailto:Alexander at Carot.de>
>> > Tel.: +49 (0)177 5719797
>> > 
>> > _______________________________________________
>> > Interest mailing list
>> > Interest at qt-project.org <mailto:Interest at qt-project.org>
>> > https://lists.qt-project.org/listinfo/interest <https://lists.qt-project.org/listinfo/interest>
>> 
>> _______________________________________________
>> Interest mailing list
>> Interest at qt-project.org <mailto:Interest at qt-project.org>
>> https://lists.qt-project.org/listinfo/interest <https://lists.qt-project.org/listinfo/interest>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20200408/04f94cfc/attachment-0001.html>

More information about the Interest mailing list