So, I paid my apple developer fee ($99)
I want to code sign my device - simply so that it shows as a legitimate software app - able to install it without any of the roadblocks for when an app is not code-signed. I have search the forum. I even ready somewhere that don’t even need to pay the $99 unless I wanted to sell it on the Appstore (which I don’t right now).
I can make the DMG using the disk utility. I just need the basic steps to code sign (and notarize it). I tried using DMG canvas, but for some reason, it can’t see my created certificates. I am programming it in 2019.r1 and on High Sierra. This is in Parallels. This all runs on Mac Sonoma using Opencore Legacy patcher on a 2013 iMac 27 inch. This Sonoma version doesn’t seem to have keychain access anywhere on the computer - is this now obsolete (though high Sierra does). These periphery problems are not really necessary to answer. What i need is… do this, then this, then that and you’re code-signed! Cheers, This forum is about a million times more helpful than copilot!
It does but Apple hid it. It’s down under /System/Library somewhere. Just go to that directory and search for “keychain access.app”.
This may cause you some grief. Apple has changed code signing and notarization quite a bit over the last few years. I find that installing the latest version of Xcode that I can get and using the code signing tools that come with that to be the easiest success.
For signing,
-
Create an application identifier in your Apple account and put that in Xojo where it asks for it. It’s in reverse domain order like
com.example.myapp
but should reflect your domain. -
Create a developer ID certificate in your Apple dev account. This is what you’ll use for signing your app.
-
Create an application token in your Apple ID account for notarization.
-
If you need an installer, you’ll also need to create an Installer certificate in your Apple dev account.
From here, there are a few possibilities.
- Recent versions of xojo as of 2022 can sign your app for you and really recent versions 2024r4+ can notarize.
- AppWrapper can sign and notarize just about any version of xojo.
- DMGCanvas for creating
dmg
images of your app for distribution. - Packages app for creating full installers.
You can of course do this all manually but I can’t remember all the steps at 6 in the morning.
Codesiging on anything older than Big Sur is not going to work. I read about someone trying Catalina but this was sketchy. I had to update from my beloved and working High Sierra to $%&/ Big Sur only for this reason.
IMHO it’s not correct.
You always need an Apple developer account to distribute your app.
No need to notarize for selling on the AppStore but you need to notarize if distributed out of the AppStore for the latest macOS versions.
AIUI you need to notarise if you distribute via a website. I do this and the IDE will do codesigning and notarisation if asked.
On your Developer account, you will need an “app specific password”, to share with the app that is to do the notarizing. Note that this is “per app”; in my case I have separate ones for AppWrapper and DMGCanvas–per machine.
Not on developer account. You get this by logging into your account at https://account.apple.com
Also not true. You can certainly have a single “app specific password” for all notarization. App refers to the thing that needs access, not to the thing you are notarization. Just name it “Notarize”.
By “per app”, I meant the app doing the notarizing, not the app being notarized. In my experience I needed separate ones for AppWrapper and DMGCanvas. I later found I needed separate ones for those apps on my Intel and M1 machines. I may still be mistaken (or perhaps things have changed), but I want it clear that I didn’t mean an app-specific password for every project.
Thanks for clarifying the URL one needs to review/generate the app-specific password. I had not seen the concept even come up in the thread, which was my main point.
I use the same app-specific-password for notarising three different apps for both Intel and ARM.
So, I have Xcode for the Sonoma side installed. As for keychain access, I read the earlier posts about it being in the system library while searching. It’s not anywhere on my Sonoma computer (spotlight). I tried something naughty like copying key chain from sierra and running it but, although I could create a certificate, dmgcanvas in Sonoma wasn’t seeing it.
So, I have got the built version in sierra, and it runs well in Sonoma. The biggest hurdle is that for it sell, it need to be safe to download and install.
They’re the main software installer dog and also smaller update versions from time to time.
If anyone has any ideas on how to use code sign for this (I even thougt about downloading using an small unzip app to download a zip file containing the app files and install them that way right under gatekeepers nose… I haven’t tried it yet)
So, using Xcode, how would I use that to create a safe to install dmg file?
I do know how to:
Create a dmg file using disk utility’s image creation feature.
So do I (and more.) The app-specificity, as I said, has to do with the app “doing” the notarizing.
That would imply that your certificate(s) is/are not properly installed. They are visible in Keychain Access. If you see them but you don’t see a disclosure triangle, then they’re borked because the private key is missing. Since you have XCode, you can use it to install the certificates.
I don’t know why you don’t see Keychain Access. Yes, it is being deprecated for Passwords, but it should still be around.
So, here are 2 screenshots… You can see my dummy certificate… and me trying to get dmgcanvas to “See” it. I can almost hear the groaning at the idiot who can code sign his product
As DMG Canvas is telling you, you need a “Developer ID Application (your name)” certificate. This will literally be the name of your certificate. You may install this from Xcode’s Settings, when Xcode is logged in to your Apple account.
It is. Spotlight doesn’t index the /System directory. Just go to /System/Library and do a regular Finder search.
I’ve got about 3 certificates I made - none of them are showing up here - is this dropdown menu supposed to show the certificates and then you can choose one?
Yes—were any eligible ones installed. Self signed ones don’t count here.
You want the Apple ID Application certificate.
FWIW, the path to Keychain Access on Sequoia is:
/System/Library/CoreServices/Applications/Keychain Access.app
It did come up in Spotlight for me, but I also launched it all the time from Spotlight prior to downgrading to Sequoia.