Notarisation for dummies
-
@d-healey no error because nothing happens that is the problem. I have checked multiple times to see if I was wrong, but I do not think so.
-
@yall Post a video so we can see what you're doing and what messages you get (blur out your credentials of course).
-
@d-healey ok I will do that tomorrow, thank you;)
-
Here are my precise steps for signing. (The notarization fails because I think my plugin is not signed correctly you will understand later)
Step 0> plugin export wise> myplugin.component
Step 1> I place the myplugin on the desktop
Step 3> I open Keychain and I create a certificate request from a competent authority. I save "CertificateSigningRequest.certSigningRequest" on my desktop.
Step 4> I log into my apple developer space and create a Developer ID Application certificate, so I import the "CertificateSigningRequest.certSigningRequest" file.
I create a certificates also a pkg distribution certificate…;
Step 5> I download the certificates and install them, I see them appear in KeychainStep 6> I want to sign my myplugin.component so I proceed this way from the terminal>
Step 6.1 codesign -s "Developer ID Application: myname (mycode)" "/Users/macmini/Desktop/myplugin.component" --timestamp> here nothing is happening in particular so I decide to check to start step 6.1 again. the terminal tells me that the myplugin.component. is already signed
Step7> I really want to be sure that myplugin.component is signed so this time, from the terminal, I enter this formula>
codesign -vvv /Users/macmini/Desktop/myplugin.component
I get this>. /Users/macmini/Desktop/myplugin.component: valid on disk
/Users/macmini/Desktop/myplugin.component: does not satisfy its designated RequirementThis sentence "does not satisfy its designated Requirement" appeals to me but I try anyway (you never know ^^)
Step 8> I create a raw PKG or I integrate myplugin.component and then I transform it into a distribution. I affix the certificate from the "project" tab.
Step 9> I therefore want to sign my PKG and for that I use the following formula from the terminal>
codesign -s "Developer ID Application: myname (mycode)" "/Users/macmini/Desktop/myplugin.pkg" --timestampStep 10: I check by entering the same command again. The terminal tells me myplugin.pkg is already signed (same step as 6.1)
Again I really want to be sure so I enter this command> codesign -vvv /Users/macmini/Desktop/myplugin.pkg I get exactly the same as in step 7. "valid on disk" and "does not meet its designated requirement"
Step 11> I'm trying to be a notarize but I already know the result…. I am using this command
xcrun altool --notarize-app -f "/Users/macmini/Desktop/myplugin.pkg" --primary-bundle-id en.myname.pkg.myplugin --username "my email address" --password "my password altool pass "
Step 12> I drink a coffee
Step 13> I wash my cup of coffee!
Step 14> I receive an email from apple (I'm happy, I have friends ^^). In this mail I get this> the Mac software you downloaded has not been notarized, please check the notarization log with Xcode or altool, fix the issues it presents and download your software again.I think concretely that the problem comes from the signature of the component and the pkg.
I could not make videos my mac paddles too much
My Mac config> High Sierra 10.13.6. and x code 10.1
-
steps 3,4 and 5 are pretty redundant I think - I never do these.
-
@Lindon Are there any steps that I missed or did I get the wrong certificates? there is nothing to modify in the certificates? I'm almost there, I'm only missing this phase ^^
-
@yall you dont need any certificates to codesign your plugins.
You need a Developer install certificate for whitebox packages to allow the install to happen correctly.
-
@yall said in Notarisation for dummies:
codesign -s "Developer ID Application: myname (mycode)" "/Users/macmini/Desktop/myplugin.component" --timestamp
this looks slightly odd from my perspective:
codesign -s "Developer ID Application: myname (mycode)" "/Users/macmini/Desktop/myplugin.component" --timestamp
I always uses a specific user so not "/Users/macmini/Desktop"
but "<username>/Desktop" etc..
-
@Lindon said in Notarisation for dummies:
@yall you dont need any certificates to codesign your plugins.
Pretty sure you do. But you only need to install it into the keyring once and then never touch it again.
-
-
I just tried something. I have re-exported a new plugin and followed my steps. the plugin is now signed, the pkg too. but the notarization failed again.
-
-
@d-healey I cannot record the screen in video with my mac I do not have video editing software here.
I have no error in the terminal but simply an email from apple telling me, your application has not been notarized.I went back to the pakage application (whitebox) to affix the certificate to try, but it said to me: There is no private key associated with the certificate.
frankly I really don't understand anything and it's not that simple -
@yall You can screen record with Quicktime fyi
-
@DanH I can't because I have to blur some information you understand ^^
-
@yall - re whitebox, are you attempting to attach the correct certificate type? You need a Developer installer certicficate - once its attached to whitebox (and your whitebox project) you will see a certificate emblem in your interface (top right - black badge)
-
@Lindon yes I had already noticed the small label which somehow validates. but strangely, it is impossible for me to affix a certificate. I have the following response from whitebox>
The "Developer ID Installer: myname (7 *********)" certificate available in the keychain cannot be used to sign a package or a distribution. There is no private key associated with the certificate .
-
-
@yall you probably need to staple it first
-