[quote=441749:@Christoph De Vocht]Nou breekt men klomp !
I had added a bug report (with the new Apple Feedback tool) about this issue.
About 30 minutes (!) later it was closed with the comment ‘By design’.
Say what? ‘By design’. So I get an 2 words answer saying it it expected behaviour by design? WTF?
Does this mean it is not possible to notarise a dmg with a standard developer account? Although I received a mail I have notarized dmg successfully You can now distribute your Mac software mail.
Still, ‘by design’ it will be marked as ‘unidentified developer’.
I’m totally puzzled by this. I have added a new bug report with the same explanation including the reply I previously got.
Apple is loosing it …[/quote]
Apple has repeatedly said that they expect things like this to settle down by the time they get to their first public beta… about three weeks from now. Its entirely possible that the response you got is akin to yeah, we know and that theyre simply overwhelmed by the number of reports theyre getting about broken stuff.
Not yet; I am going to wait until the Public Beta. Then I will seriously spend some time debugging this. It could be a wide variety of things causing this issue. My initial thoughts are that this could very well be by design, as it’s possible for other apps to read/edit the items your app puts in the Keychain, so maybe they decided to simply lock all 3rd party apps from editing?
Which is why I started to think about the next step; even if this is simply a bug, there is zero guarantee that it will be fixed.[quote=441749:@Christoph De Vocht]Say what? ‘By design’. So I get an 2 words answer saying it it expected behaviour by design? WTF?[/quote]
Have you seen the thread about the person using their iPhone to report they can’t use the new “Feedback” tool on Catalina? Their report got closed with working as expected/by design.
It is important to note that these beta versions from Apple are not going to be pretty; there is still 3 months till they ship this version. So there is no need to worry significantly (yet). However I would advise everyone that if you find something not working in your application, report it and start thinking about a workaround. You don’t need to implement it right away, as Apple may change, but the sooner you’re prepared for the worst the better.
We can only comment on what we see. There is no “settling down” because a betas of macOS or Xojo are not a tuning fork. We need to make the dang stuff work by reporting bugs.
@Christoph de Vocht: That the dmgs are supposed to work that way is puzzling. At least you get a reaction on a bug report. My biggest bug (AppleScript on Mail not working at all) is fixed. But there was no reaction to my bug report.
I’ve tried to do the harding part myself. It seems to work fine with my script (based on Jürg’s script). I have added some debugging info with printing results 1 - 4. What I don’t understand is why I get the 4 msgboxes 2 times each. Any ideas? Xojo 2018r3 and latest beta on Catalina beta 2.
[code]dim appPath as string = currentBuildLocation + “/” + shellEncode(currentBuildAppName)
if right(appPath, 4) <> “.app” then appPath = appPath + “.app”
Dim isDebugBuild as boolean = right( currentBuildAppName, 6 ) = “.debug”
dim result, errors as string
result = doShellCommand("/usr/bin/touch -acm " + appPath)
result = doShellCommand("xattr -rc " + appPath)
If result <> “” then print result
dim DevID as String = “‘Developer ID Application: Beatrix Willius (72695Z3887)’”
result = DoShellCommand("/usr/bin/codesign --timestamp -f -s " + DevID + " " + appPath + “/Contents/MacOS/")
print “result 1: " + result
result = DoShellCommand(”/usr/bin/codesign --timestamp -f -s " + DevID + " " + appPath + "/Contents/Frameworks/”)
print “result 2: " + result
result = DoShellCommand(”/usr/bin/codesign --timestamp -f -s " + DevID + " " + appPath + “/Contents/Frameworks/vcomponents_x64”)
print “result 3: " + result
result = DoShellCommand(”/usr/bin/codesign --timestamp -f --options runtime --entitlements /Users/beatrixwillius/Desktop/entitlements.plist --deep -s " + DevID + " " + appPath)
print "result 4: " + result
// Helper functions used within this script, contents may vary from packaging
Function shellEncode( inValue as string ) as string
Dim rvalue as string = replaceAll( inValue, " ", "\ " )
rvalue = replaceAll( rvalue, “&”, “\&” )
rvalue = replaceAll( rvalue, “-”, “\-” )
rvalue = replaceAll( rvalue, “(”, “\(” )
rvalue = replaceAll( rvalue, “)”, “\)” )
return rvalue
End Function[/code]
Just in case anybody needs some help with this outside of AppWrapper, and you feel a bit adventurous, I have a bash script that packages my app up in a dmg and submits it for notarization. Singing the app is handled by the IDE’s build script though. https://github.com/thommcgrath/Beacon/blob/master/Installers/Mac/Build.sh
Would it be possible now the experts have thrashed this out to get a layman’s explanation of using DMG Canvas and App Wrapper to get an app ready to submit to MAS… new thread??
[quote=441325:@Jürg Otter]No, the parameter is most likely the <provider_shortname>. See this Thread on the Apple Developer Forums.
So it’s not the TeamID. One way to figure out what it is is explained by “Eskimo” in another Thread on the Apple Developer Forums.
If your company’s full name is: “My Company AG”, the “provider shortname” will most likely not contain spaces, e.g.: “MyCompanyAG”.[/quote]
Thanx Jürg.
I’ve tried the command line from Eskimo, using my AppleID as -u parameter and creating a file for the app password. I’ve got now 3 short names, including the one I need to notarize my apps.
Next step : waiting for @Sam Rowlands to update App Wrapper, now that I know what to use for the --asc-provider and the app password
Note: On the first attempt to Notarize it should prompt you to import older accounts. It now uses a newer internal “Apple Submission” account system. It still stores passwords in the Keychain, but should the Keychain issues persist with Catalina, I can flick it over to storing the passwords itself. The new design also allows more information to be stored with the account (such as iTunes Provider), and any further things that pop-up in the future. I’ve also added a “Manual extra” field, so that additional options can be specified without the need of having to wait for me to properly implement a nice GUI for it.
As usual this beta of App Wrapper was wrapped & notarized by itself.
First test, failed : “To use this application, you must first sign in to iTunes Connect and sign the relevant contracts.”.
Ok, I’ve updated contract info in App Store Connect (no more iTunes Connect )
Second test, failed :
“The binary is not signed.”
“The signature does not include a secure timestamp.”
“The executable does not have the hardened runtime enabled.”
I’ve wrapped the app with “hardened runtime” checked and then notarized the app. It’s just like if the notarizitation used the original file, not the wrapped file ?
[quote=442591:@Pascal PLUCHON]First test, failed : “To use this application, you must first sign in to iTunes Connect and sign the relevant contracts.”.
Ok, I’ve updated contract info in App Store Connect (no more iTunes Connect )[/quote]
When it completed wrapping, did you click on the “Notarize” button in the wrapping window?, or did you add the files to window manually?
This is most odd; I am sorry to have to ask this, but can you right click on the item in the Notarizer, select show log. Then copy the contents of the log, then select “e-mail support” from the “Help” menu. This will create an e-mail and include the wrapping log, then paste in the Notarizer log. Then send me the e-mail and I’ll go through it when I can.
Pascal; do you have “iCloud backup” enabled? I’ve just confirm with another customer that he recently enabled iCould Backup and now the macOS is moving all the App Wrapper created files into the Trash on his iCloud Drive.
No, but enabling iCloud Backup for Desktop and Documents and having the Xojo Projects in your Documents Folder, is like working in a Dropbox. Not recommended
[quote=442822:@Christoph De Vocht]As expected … the problem still persists with public beta 1.
Notarised DMG files gives the warning it is from a unidentified developer.[/quote]
FWIW, we have successfully notarized our dmg and do not get that warning.
We are finding that there is some sensitivity in what format the DMG is though. We had been using MakeHybrid and that caused some of the signatures to get stripped.
)[/quote]