Just wanted to let any other developers that might be in this situation that using screen sharing to code sign Mac and Windows apps with a hardware token works.
We have 4 developers that need to build and code sign apps from in the office and when out of the office.
The problem is the hardware (USB drive) that needs to be inserted into the computer you are going to do Window code signing. We would have to pass this around whenever someone needed to post an update to one of our apps. And if we needed to post an update remotely (out of the office), it was a real problem because taking the USB drive out of the office meant protecting it from damage or loss.
Our solution was to setup an iMac to do our building and code signing and leave the USB drive permanently installed in the iMac. Any of our developers can now build and code sign apps from in the office or remotely. We were a little concerned about speed when doing this remotely, but no problems there.
Greg - I guess I don’t see how this works around the limitations of a physical device that contains the code signing certificate vs a signing certificate provided in a “file” format?
It works because you don’t have to expose your signing capability to all of the developers. The way it is now, any one of your developers could create a release and push it out or possibly sign another app entirely without your consent.
In a CI/CD system, you control how the product is built and you’re sure that it’s built exactly the same way every time (for better or for worse).
Thanks for the info Greg. Not really worried about the developers publishing their own apps. We have an application that does the code signing and publishes to our website. Without that, none of us could just publish an app and the setup process in that application is pretty extensive so there would be a track record if someone tried to do that.