-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mac codesigning and notarization #5
Comments
FWIW, I can confirm this isn't working out of the box, at least following the instructions as I understood them. Tried with secret vars for an app developer account+PW (as described); but at minimum an app specific PW was needed (https://support.apple.com/en-us/HT204397). Using that cashed out with another problem though:
Last I signed an OS X app for distribution outside of the App Store I think I needed a profile on the system from which I requested the signing, or at least an locally installed cert of some kind... but it's been a minute. |
Got it working but there's a laundry list... As mentioned, the user's dev account password should be an app-specific password. This'll need generated per (https://support.apple.com/en-us/HT204397) if they haven't done so. User will need to create a 'Developer ID application' cert from Apple's developer tools site, The password needs to go in the repository secret The That plist should probably look something like:
The The config for
Also, the user's In
not
And.... I think "that's it". |
Thanks so much for this, that's super helpful! Will work on folding as much as I can into the template and the rest into the instructions :) |
I'm working on this right now! The default suggested workflow is going to be one that uses Fastlane to automatically manage certificate generation on GitHub Actions (i.e. you don't need your own Mac hardware to do the CSR dance), but I am going to include manual instructions that look a lot like this guidance. @IanBellomy if it's okay with you, I'll ping you when that's ready to get a second set of eyes on my instructions :) |
Sure thing, though I'm the opposite of an expert on this stuff :| Also, it looks like improvements to notarization have been announced at the current ongoing wwdc: https://developer.apple.com/videos/play/wwdc2021/10261/ |
Ah, thanks for that, I hadn't seen the changes! For better or for worse they won't affect this tool for now (I'm entirely relying on upstream tools to provide automated notarization, so I'll just be waiting for those tools to update to the new CLI tool/workflow), but awesome to know. |
I've updated the README with instructions for notarization! @IanBellomy LMK if this seems to vastly differ from your experience (although I was able to successfully run through that flow myself) Splitting out #30 and #31 as the two remaining tasks here, and closing this issue for now. |
I have a valid dev account, just need to make time to test this. This will likely shake out issues with login flow -- e.g. how do we handle 2FA keys?
The text was updated successfully, but these errors were encountered: