Sorry to create another subject but I don’t reach to sign my application.
I just paid my AppleDevelopper ID.
I read the Xojo doc: Signing your macOS application.
As I didn’t understand what fill where, I restart my Keychain app from French to English but I still don’t understand.
I created 2 passwords for 2 of my application (I have 13 applications to sign):
I downloaded a file “development.cer” from the Apple web page and then double-clicked it. I don’t know why my "Apple Development MyEmail ()MyCode) certification is not trusted.
In the Xojo’Cell “Password” I pasted the password generated from the Apple webpage for my application.
I don’t know if Xojo’s cell “Team ID:” need my real name (Organisation) or the code in Organisational Unit, and if Xojo’s cell “Apple ID:” need my email, my name, of code User ID.
For distribution i use the “Developer ID Application”-certificate, not the “Apple Development”-certificate. And Apple-ID is the ID you use for example to login into icloud.com, i think.
Yes I want only distribute from my website, not from AppStore (maybe I will try later).
Then I unchecked “Hardened Runtime” and “Notarization” as it is for distribute thru AppStore as far as I understand. I still have error when I build.
In the Cell Developper ID I entered the number between the (), I didn’t find the “Developer ID Application”-certificate as mentioned Thomas Kaltschmidt.
I set to “Always Thrust” in order to remove the red line “Apple Development MyEmail ()MyCode) certification is not trusted.”
I searched on the web and I found someone who wrote he removed his certificate, readded and restarted his Mac. What I did without success.
I’m under Sonoma 14.7.2 (23H311).
You can check in Xcode under Settings/Accounts/Manage Certificates, if there is a “Developer ID Application”-Certificate and also can add one there, if needed.
Tim, I leave them checked and Xojo show me the progress window while building during half a hour then I force it to quit. I unchecked those checkbox and I did what indicated Thomas_Kaltschmidt and Xojo build in a few seconds as usual.
Could you please download my game and tell me if it launch telling you I am an authentified developper? ToroMind.zip
I noticed, the Notarization-Setup is checked immediately, if you close the Setup-Dialog. If you don’t get an error after close, it should be all ok. Maybe there are problems sending the zipped app to Apple? (So it can be notarized)
Thank you for your help. I don’t understand all those technicals terms. Xojo.app itself is only signed or notarized? I want my apps to be as Xojo. Should I check “Hardened Runtime” and “Notarization”. Are there persons here who distribute their application from their website and not from the AppStore? Could you post a screencapture of your settings?
Thanks again.
I distribute only from a website. So far I have used AppWrapper but maybe with the new Xojo facilities that won’t be needed. Once your certificate is properly installed, perhaps with @Thomas_Kaltschmidt 's suggestion for Xcode, then Xojo IDE can get your app code-signed during the build process. This will mean that macOS can know that the app is from a known developer.
For notarisation, you will need to have an app-specific password, which you get from your Apple Developer account. This will allow Xojo to get your app notarised. Notarisation means your app is sent to Apple by Xojo and they check it for viruses and make sure you are not doing bad things in the app. Then they log your p/w and discard your app.
Here is my setup in the Sign section of the Build Settings:
* It should be said that for “App Specific Password” the “App” in question is Xojo, not your app. You do not need an individual password for each of your apps, you just need one for Xojo as a whole.
Ah, now this is interesting. What you say matches my experience (I have four apps I distribute via a website, and use the same app-specific p/w for them all). But that leaves me puzzled. Why do I not need a different one for each app? I would have expected that when a newly-installed app first runs, GateKeeper sends the app-specific p/w to Apple, who check that an app with this p/w has been notarised. If so, then all is well and the app is allowed to open. But if the p/w is the same for several apps, then what checking is, in fact, being done?
And suppose I now write another app, not using Xojo, but using say, Swift and Xcode. Does that need a different p/w? If so, why would Apple care whether I use Xojo or Xcode or something else to write my apps?
Because it’s app access to your Apple ID account. It’s used by Xojo to say to Apple “Hey this is Tim, Please notarize my code signed app, here it is by the way.” via command line tools.
Right, right, OK - that makes sense. So, what record is Apple keeping that a particular build of a particular code-signed app has been notarised, so that GateKeeper can ask about it?