Mac Desktop Code Signing Ad Hoc

I need to code sign a Mac desktop app that will only be delivered to a few users. It will never go to the App Store. Searching around the forum I found this recent topic.

https://forum.xojo.com/41228-mac-developer-code-signing-certificate/0#p335539

Excellent discussion, lots of info. Most of the discussion involves App Wrapper and the App Store. No App Store involved here.

I just did this for Windows using K Software’s ksign and it’s easy. Just load the cert, select the files, and done. It doesn’t seem so easy on Mac. Do I need App Wrapper for this? Or can I do this with Xcode?

Thanks.

You’re dead right about it not being as easy on a Mac. You can do it using commands in terminal. The commands are available various places. But if you’re smart (and, like me, look for the easiest way) you’ll use App Wrapper. It handles all of the various formats with which you’ll need to deal without you spending hours trying to figure out what the code should be.

Just in case that you want to do it all yourself:
Here is an example Post Build Script: CodeSign and DMG creation

Thanks Roger, that confirms it.

That’s pretty damn cool, pretty damn cool. Thanks!

You still need to sign up as an Apple Developer and pay your $100 a year for a Developer ID signing certificate, only Apple’s certificates are approved for use on Apple products.

But on Windows you also needed to get a certificate which validates. So you probably paid also?

On Mac you can sign up as App Developer with Apple for $99/year and get Developer ID certificate.
Than use an app like App Wrapper to package it with signing.

Best way I have found to sort out the certificates needed is to use Xcode to do it.
But, you need to be a developer, as mentioned above.
Then App Wrapper is a trivial expense after that, and worth the money to help automate it for you.

Xojo’s code-signing guide at http://developer.xojo.com/mac-code-signing might be enough. It depends on the complexity of your app.

Yes, I did that.

[quote=359451:@Christian Schmitz]But on Windows you also needed to get a certificate which validates. So you probably paid also?

On Mac you can sign up as App Developer with Apple for $99/year and get Developer ID certificate.
Than use an app like App Wrapper to package it with signing.[/quote]
Yes I did get the cert from Comodo by way of K Software. Except for Comodo it was a very smooth experience. K Software solved some Comodo issues for me. Working with Comodo was more complicated than making a North Korean border crossing. Crazy run around. Can’t thank K Software enough.

That’s where I’m at now. I joined the Apple Dev Program, downloaded a cert to Keychain. Now I want to code sign the app and hopefully the handful of users won’t have to bother with the security issues.

I’m not familiar with Xcode. Not sure where the features are to code sign a Xojo app from within Xcode. I’m working on that now.

Wow. It can’t be that simple can it? That looks very good for my needs at this time. Gonna check this out.

I’ve written a couple of AppleScripts lately and it’s easy to code sign them using Script Editor.

First rule: stay calm. Second rule: alternate between cursing and praying. Signing on the Mac is awful.

It either works or fails in subtle ways because you prayed to the wrong god, you put the wrong foot on the wrong side of the bed when you got up. Or something similarly bad. The forum has quite a few stories about this.

It really depends. The best advice I can offer is that before you attempt to codesign your Xojo app that you get it working in Xcode first. Confirm it’s working there before proceeding because if it isn’t working there, it sure isn’t going to work anywhere else.

Codesigning is much more pleasant than it was, say, five years ago. Xcode does most of this stuff in an automated fashion nowadays, sorting out certificates etc. Years ago, this was all done manually.

If it’s working in Xcode but you can’t get it to work outside of Xcode in a reasonable time, then figure out how much your time is worth and Sam’s App Wrapper product is surely the way to go.

@Gavin Smith @Christian Schmitz …

Guys since you have more experience then me in signing app for Mac/iOS world question which is also related to this topic.

If I have my own PKI system (Root CA, Issuer CA and complete PKI infrastructure used in company) - Can I use certificates published and made by my own PKI CA authority and sign projects and make app distribution Ad Hoc and eventually to MAS?

Since if that is a case, then it would be a just make nice certificate template which should be used to issue certificate which later will be used for code signing.

Thanks.

[quote=359508:@Bogdan Pavlovic]@Gavin Smith @Christian Schmitz …

Guys since you have more experience then me in signing app for Mac/iOS world question which is also related to this topic.

If I have my own PKI system (Root CA, Issuer CA and complete PKI infrastructure used in company) - Can I use certificates published and made by my own PKI CA authority and sign projects and make app distribution Ad Hoc and eventually to MAS?[/quote]
I’m afraid not, you have to use certs issued and recognized by Apple.

You can contact Apple to request inclusion of your authority: https://www.apple.com/certificateauthority/ca_program.html

This isn’t relevant to the App Stores. Apple will not let you use your own certs for signing apps.

I’m a little confused as to which type of certificate I need? Are all these different certs for different purposes? Let’s say I have a simple desktop app “Hello Certified World”. It starts, displays a window or message box, and then can be quit. I’m going to give it to a couple of users. No App Store involved. What do I need for the app and for development? Here’s the options that seem to me to be relevant:

  1. Mac Development - because I’ll have development versions of the app.
  2. Developer ID - for distribution and I’m not using the App Store.

So I need two certs. Here’s the choices:

In that case, you’d need the Developer ID.

OK, that worked. I chose Developer ID Application.

The only use of XCode is to download these certs.