[Interest] OSX codesign question

Andy asmaloney at gmail.com
Wed Apr 8 14:16:12 CEST 2020


The certificate needs to be added to your Keychain, then you use the name
for it in the codesign command. I think if you double-click the cert in the
Finder it will add it to "My Certificates" properly.

As Nuno pointed out, the name should look like this:

"Developer ID Application: ACME_INC (TEAM_IDENTIFER) )”

Where ACME_INC is the name of the organization you registered with Apple,
and TEAM_IDENTIFER is a random string.

When generating a cert on the Apple site there are a few choices that sound
similar - frankly the whole process is confusing - but the cert must must
read "Developer ID Application" to do what you want.

---
Andy Maloney  //  https://asmaloney.com
twitter ~ @asmaloney <https://twitter.com/asmaloney>



On Wed, Apr 8, 2020 at 4:08 AM Alexander Carôt <Alexander_Carot at gmx.net>
wrote:

> Hi Andy and Nuno,
>
>
>
> thanks for your answers - looks like being on a good track now.
>
>
>
> I think the very last problem for me to fix is choosing the correct file -
> so far I have used the certificate I downloaded from the developer account
> like this:
>
>
>
> codesign --deep ./myApp -s development.cer
>
>
>
> but this give me:
>
>
>
> development.cer: no identity found
>
>
>
> Do you know how to fix this ? Do I probably use the wrong file or is there
> anything else to be changed ?
>
>
>
> Thanks again,
>
> best
>
>
>
> Alex
>
>
>
> --
>
> http://www.carot.de
> <https://service.gmx.net/de/cgi/derefer?TYPE=3&DEST=http%3A%2F%2Fwww.carot.de>
> Email : Alexander at Carot.de
> <https://service.gmx.net/de/cgi/g.fcgi/mail/new?CUSTOMERNO=3660908&t=de61720084.1316506814.edd64584&to=Alexander%40carot.de>
> Tel.: +49 (0)177 5719797
>
>
>
>
>
> *Von: *Andy <asmaloney at gmail.com>
> *Datum: *Montag, 6. April 2020 um 13:34
> *An: *Nuno Santos <nunosantos at imaginando.pt>
> *Cc: *Alexander Carôt <alexander_carot at gmx.net>, qt qt <
> interest at qt-project.org>
> *Betreff: *Re: [Interest] OSX codesign question
>
>
>
> I just did this yesterday. I could not get macdeployqt to work either, so
> I do it using the command line in my build process.
>
>
>
> Here's the command line I'm using:
>
>
>
>   codesign --deep --force --verify --verbose --timestamp --options runtime
> --sign "${CODE_SIGNING_ID}" "${APP_PATH}"
>
>
>
> Which signing ID you use depends on where you are releasing your
> application. Nuno gave the command line tool to list them - you can also
> see them under "My Certificates" in the Keychain Access application. To
> distribute a macOS application outside the Apple Store, you want the
> "Developer ID Application" one as Nuno showed.
>
>
>
> Two good sources of info for codesign are "man codesign" and this page:
>
>
>
>  https://developer.apple.com/library/archive/technotes/tn2206/_index.html
>
>
>
> Once your application is signed, you can use this command to verify it:
>
>
>
>   codesign --verify --deep --strict --verbose=2 "${APP_PATH}"
>
>
>
> Note that you can sign DMGs and ZIP files as well.
>
>
>
> Good luck!
>
>
>
> ---
> Andy Maloney  //  https://asmaloney.com
>
> twitter ~ @asmaloney <https://twitter.com/asmaloney>
>
>
>
>
>
>
>
> On Mon, Apr 6, 2020 at 6:39 AM Nuno Santos <nunosantos at imaginando.pt>
> wrote:
>
> Alexander,
>
> I don’t use macdeployqt for signing.
>
> I call the codesign command manually in the POST LINK phase.
>
> You need to pass to the code sign the string representing your team. You
> can list the available signing entities with the following command:
>
> > security find-identity -v -p codesigning
>
> Then you need to do something like this:
>
> codesign --deep PATH_TO_BUNDLE -s "Developer ID Application: ACME_INC
> (TEAM_IDENTIFER) )”
>
> Hope it helps!
>
> Best,
>
> Nuno
>
> > On 6 Apr 2020, at 10:32, Alexander Carôt <alexander_carot at gmx.net>
> wrote:
> >
> > Hello all,
> >
> > I want to sign my OSX code in order to have it running on a client's
> machine without the need to right-click and open it.
> >
> > I signed at https://developer.apple.com/ and received my valid
> certificate called "developer.cer".
> >
> > Then I exectued
> >
> > macdeployqt myApp.app -dmg -codesign=developer.cer
> >
> > but I got this error:
> >
> > ERROR: "developer.cer: no identity found\n"
> > ERROR: Codesign signing error:
> > ERROR: "developer.cer: no identity found\n"
> > ERROR: codesign verification error:
> > ERROR: "soundjack.app: code object is not signed at all\nIn
> architecture: x86_64\n"
> >
> > Does anyone know what to do ? Is there probably a different/better way
> to sign it ?
> >
> > Thanks a lot in advance,
> > best
> >
> > Alex
> >
> > --
> > http://www.carot.de
> > Email : Alexander at Carot.de
> > Tel.: +49 (0)177 5719797
> >
> > _______________________________________________
> > Interest mailing list
> > Interest at qt-project.org
> > https://lists.qt-project.org/listinfo/interest
>
> _______________________________________________
> Interest mailing list
> Interest at qt-project.org
> https://lists.qt-project.org/listinfo/interest
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20200408/35cdd099/attachment-0001.html>


More information about the Interest mailing list