@Sean_Clancy

I want to code sign

Have you looked at Apple’s Create Certificates?

Here is a list of Apple Certificates.

You need a Developer ID Application, as others pointed out.

I tried using DMG canvas, but for some reason, it can’t see my created certificates.

To get DMG Canvas to sign and notarize, make sure that:

1. A Developer ID Certificate is installed in the Keychain Access application.
2. You specify the Developer ID Application identifier in DMG Canvas ➜ Settings.

Your screenshot shows that you do not have a Developer ID Certificate; instead, you show a self-signed certificate (see annotation #1).

Note the wording “self-signed certificate”.

image1972×502 92.7 KB

Here’s what DMG Canvas Settings should look like (see annotation #2).

I blurred out my Developer ID Application identifier, which is used to locate my certificate in the Keychain Access application.

Note the message about a Developer ID Application requirement highlighted in yellow.

image1522×1208 111 KB

Does this help clarify what you need to do?

Using:
macOS 15.3
DMG Canvas 4.1.1 (401001)

That’s great - I’ll try it out tomorrow!

I couldn’t wait. I followed the steps… Made the certificate using Xcode, exported to the desktop. Double clicked on it - keychain access magically opened. Created a new file in DMGCanvas, the code signing and notifcation worked. added my xojo app, applications folder, a background graphic. Built it and the Build failed.

17CB79285BFD5A05136E0F44CD5E1F079FD47E84: no identity found

I don’t understand this. Did you not login to your Apple Developer Account, create a certificate there and download it from there?

To be fair - I did delete as many of the old trial certificates I had made - but the popup in DmgCanvas does not refresh like keychain access or Xocde - so It lists 3, What do I need to do to just have 1 certificate. Uninstall and reinstall DMGCanvas?

I like to remind people that there’s also the free “SD Notary 2” for signing and notarizing apps for the Mac, and I find it straight-forward to use. Won’t have all the customization options that App Wrapper offers, though.

Hard to say as I’ve never used DMGCanvas (don’t know what it is, actually). I’ve not been able to find a reliable path to download a cert, install it, and have the tools be happy that it’s valid. Every time I do it, I fiddle about and eventually it works. What did I do? Who knows.

I was using AppWarapper to codesign my app, then using Disk Utility to make a .dmg containing the app and some doccy, and then using AppWrapper again to notarise the .dmg. Now that the IDE can do it all, I’m having it do the codesigning of the app, and notarising it (all done at build time). Then I’m making a dmg with Disk Utility just as before, and bunging that on the website from which users can download it.

Wait… whose steps said this? After you download the correct certificate in Xcode, it’s done. It’s on your Keychain at that point.

You might export it to install it on another machine, but that’s about it.

What do I need to do to just have 1 certificate. Uninstall and reinstall DMGCanvas?

If you’re leaving DMG Canvas running through all this, I doubt the view will refresh. Try quitting and relaunching it. But seeing multiple certificates doesn’t matter, as long as you’ve picked the right one.

I’m missing something here. As I understand it, DMG Canvas will only sign/notarize the .dmg. You need to sign your app bundle before creating the disk image. This can be done directly in newer versions of Xojo. Otherwise you need your command line skills, or a tool like AppWrapper–which I personally recommend in any case.

Personal note: many years ago, I was working on a code signing utility of my own, with some success. Then I tried AppWrapper, and just said “that’s it” and threw up my hands. That was even before things like “hardened runtime” were a thing, let alone notarization.

Created a new file in DMGCanvas, the code signing and notifcation worked. added my xojo app, applications folder, a background graphic. Built it and the Build failed.

17CB79285BFD5A05136E0F44CD5E1F079FD47E84: no identity found

If I’m reading you right, you’re signing/notarizing the dmg, THEN adding the content. If so, you have it backwards. Modifications will break your existing signature–which is rather the point of certificates.

I don’t quite understand the error message, but in DMG Canvas Settings, make sure that your Apple ID AND Team ID are there.

I just bought the latest DMGCanvas and appwrapper. No luck - I can notarize and code sign - but neither of these completes the final steps and fails. DMGcanvas fails because of

Uploading for notarization failed.

and appwrapper shows me this:
(i) Submission Account required for Notarization
Please enter or enter a submission account on the :packing" pane for this application
and a red error (I imagine)
DMG Canvas Template invalid
The path to a DMG canvas template is invalid. Please correct on the packing Pane. Template Path “”.

That when I wrap, pack and notarize. When I simply check it, there’s about 4 major errors that pop up.

AppWrapper needs to be privy to the app-specific password that you (presumably) set up in your Apple Account. Note that it cannot be the same one that you created for DMG Canvas (that’s the “app-specific” part.) Note also that, now that you have AppWrapper, DMG Canvas need not be involved with signing/notarization anyway. You can turn that off in your template. AW can do the whole job.

This means what it says. You have not set a path. You need link your AppWrapper job to the specific .dmgcanvas file.

Here is a partial screenshot of my Packing pane. Your setup should look something like this.

Screenshot 2025-02-02 at 8.57.24 AM1120×740 335 KB

I cropped it out, but AppWrapper can also make .pkg installers (and zips) without a third-party utility. It can even do architecture-specific installers from your single Universal build. For this you’ll also need the Developer ID Installer certificate.

At this point you can also reach out to Sam at Ohanaware. Just understand that they’re in Taiwan, so depending on where you are, be patient

So I got appwrapper to the point where the checks were all green!
However, when I put it on my server (the generated DMGcanvas dmg file),
I tried to download it in chrome - when clicked the link it didn’t download, I had to right click and save link as… Chrome then had a popup “insecure download block” along with the keep so I clicked that.
Then when I had downloaded it and clicked on it, I got this beauty

GSRTFailed260×263 18.2 KB

So, all of this I want to avoid - that’s why I bought an apple dev license, dmgcanvas and appwrapper. It seems none of that is going to make people happy to install my app.
Am I doing something wrong?

My bet is that the DMG is not Notarized.

For DMGcanvas, I could never get it to not fail when building.
the codesigning and notarizing were good - but there’s nowhere to add an app specific password and that why it seems to fail when I build it. If i could get it actually build, I wouldn’t need to use appwrapper. Then there’s the download issue with Chrome.

You need to get two things done:

1. The app bundle needs to be properly signed and Notarized (I understand that AppWrapper is doing that ok)
2. The DMG itself needs to be notarized. (I don’t know if AppWrapper is doing that too; if not, you need to do that from the Command Line).

When notarisation fails you get an error message. Where does DMGCanvas fail?

Edit: Notarisation is only done once at the very end of everything. This is handled by AppWrapper.

• Uploading the disk image for notarization…

/usr/bin/xcrun notarytool submit --apple-id sean_clancy@yahoo.com --password XXXXXXXX --team-id AMVGX6T5G8 --output-format json --wait --no-progress “/Users/sean/Desktop/Source Folders/Disk Image.dmg”

Error: HTTP status code: 401. Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct.

`notarytool` command status: 1
notarytool returned no output at all.
Error output:
>	
>	 Error: HTTP status code: 401. Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct.
>	 
>	

Uploading for notarization failed.

===============================================================================
== Build Result

Build Failed

This needs to be done in AppWrapper:

Screenshot 2025-02-04 at 11.31.351602×1614 371 KB

Getting notarisation right is absolutely obnoxious. I suggest that you try a simple app first. Make a “Hello world” app and drop it into AppWrapper. Get the notarisation working. THEN try with a finished dmg. THEN try to make the dmg with AppWrapper. I think you are doing too much at once. Instead get a feel of how that s.h.i.t works first and then get to the more complicated steps.

Are you providing the password and apple-id between quotes? (you should). That password must be the App-Specific password created at appleid.apple.com using the same Apple ID (Sean_clancy@yahoo.com)… always that is the same ID you are using to login into developer.apple.com too!

I mean: Sean_clancy@yahoo.com is the same email you are using both to access developer.apple. com and to access appleid.apple.com in order to create the app-specific password used by notarytool.

Are you saying that in addition to having the IDE sign/notarise an app (if that is what one is doing), if that app is then included in a dmg, then the dmg also needs to be notarised?

AppWrapper will notarise a dmg if you ask it too, and in doing so, you need to select the appropriate app-specific password in AppWrapper.

For both code-signing and notarisation I was just dropping the app on AppWrapper for code-signing, then building the dmg, then dropping the dmg on AppWrapper.