Geek Answers Handbook

Mac Developer Code Signing Issues

I have a few questions about signing a Mac app with a developer id:

First of all, I am working on a project using GateKeeper. So I have to (?) Sign my application with the developer identifier.

  • Do I need a provisioning profile for signing with a developer identifier? On the Build Settings tab, the Developer Identity Certificate is identified as Identities without Provisioning Profiles . Looking back at the Mac Provision Portal, I did not find a place to create a provisioning profile to match the developer ID certificate, not the presentation certificates. So, do I need a provisioning profile for signing with a developer identifier?

  • After archiving my application, when I selected the Developer Developer ID application signed in the organizer, my developer ID certificate is marked with a yellow warning icon. But I can still choose a certificate and sign it. Everything is good?

  • After signing up my application, I used sudo spctl -a -v MyApp.app to test my application with sudo spctl --master-enable , which had been running before. The result is as follows:

     EIM.app: rejected source=Developer ID

Is this deviation related to the warning in question 2?

This is my first Mac App distribution with Developer ID, thanks for any help.

+6
source share
1 answer

Re: Provisioning and DeveloperID profiles - they are not needed. You must accept your DeveloperID in the automatic section Signing the identifier of the code Build Settings . If you cannot, your key may be missing or there may be something else wrong with the database containing this information.

First go to Keychain Access and make sure that your DeveloperID certificate has a private key associated with it (this will be visible under the disclosure triangle). If this is not the case, then you need to go through a check to make sure that you saved the key associated with this certificate anywhere, because if you cannot find and reimport it (for example, from a developer profile exported from Xcode), You will need to revoke and reissue the certificate, as there is no way to sign it.

Secondly, in 4.6.1 there is a known error that can ruin a cached database containing information from the developer's portal. There is no specific indication that this behavior may be caused by this problem, but you can try before proceeding to the next step. Basically, you will need to exit Xcode, set aside (or delete) ~/Library/Developer/Xcode/connect1.apple.com 4.6.1.db (yes, there is a place in this file name), restart Xcode, go to Organizer and Renew your profiles and certificates.

If this does not work, you may want to cancel your developer id.

WARNING If you have successfully distributed the code with the certificate, do not cancel it until you have visited the Apple website ( https://developer.apple.com/support/technical/certificates/ ) and fully understand the implications for the code sent to revoke the developer ID. In particular, this software will continue to work, but users will not be able to install / reinstall binary files signed with the original certificate.

If you have never successfully distributed the code with the certificate (or if your key is irretrievably lost), you can go to the portal and revoke and then reissue the developer ID certificate. After you canceled it, you can create a new certificate by requesting a new certificate.

+3
source

More articles:


All Articles