Skip navigation

Help getting my App ready for GateKeeper.  Code signing and Package depolyment

3677 Views 24 Replies Latest reply: May 7, 2012 6:37 AM by TheSilverHammer RSS
1 2 Previous Next
TheSilverHammer Calculating status...
Currently Being Moderated
May 2, 2012 7:04 AM

So gate keeper is comming out for OSX 10.8 and I need to do some things so users can download and install my app without GateKeeper causing trouble.

 

I went here: https://developer.apple.com/certificates/index.action#maccertrequest and got a developer ID application and installer certificate.

 

I am using XCode 3.2.6 and Packagemaker 3.0.4.  I am sticking with these versions so that I can support PPC builds.

 

In package maker, how do I 'sign' the install package so that GateKeeper will not complain about it?  The documentation doesn't really tell me anything about this.

 

In XCode under the code signing section I pick the Code Signing Identity and have a drop-down box appears.  I pick the common name from the cert that I just got from Apple.  I do a build and it fails with "Command /usr/bin/codesign failed with exit code 1".

 

Not very descriptive.  I did notice under the key store it says the certificate was signed by an unknow authority.  Well it was signed by Apple, so why is it saying this and what can I do about it if anything.  Anyway, I am kind of stuck at the moment and any help would greatly be appricated.

  • etresoft Level 7 Level 7 (23,905 points)

    TheSilverHammer wrote:

     

    I am using XCode 3.2.6 and Packagemaker 3.0.4.  I am sticking with these versions so that I can support PPC builds.

    Don't be so sure of that. If you are still building PowerPC applications, you don't have to worry about Gatekeeper at all. If you are planning on using Xcode 3.2.6, you will have other issues to worry about. I don't know what they are though.

     

    In package maker, how do I 'sign' the install package so that GateKeeper will not complain about it?  The documentation doesn't really tell me anything about this.

    There is a flag on the command line version. In the GUI, use Project > Edit Certificate.

     

    In XCode under the code signing section I pick the Code Signing Identity and have a drop-down box appears.  I pick the common name from the cert that I just got from Apple.  I do a build and it fails with "Command /usr/bin/codesign failed with exit code 1".

    As with all such issues, no one will care until you try it on Xcode4 first. You are going to have to do a release on currently supported tools. When that builds succesfully, then you can try Xcode3.

     

    Not very descriptive.  I did notice under the key store it says the certificate was signed by an unknow authority.  Well it was signed by Apple, so why is it saying this and what can I do about it if anything.  Anyway, I am kind of stuck at the moment and any help would greatly be appricated.

    Apple may be acting under its own authority. I haven't gotten that far myself.

  • etresoft Level 7 Level 7 (23,905 points)

    TheSilverHammer wrote:

     

    Is there any web page I can go to that will explain everything I need to do, step by step to get read for GateKeeper?  I can't find any Apple GateKeeper for developers start page.

    Try the Mountain Lion forum.

     

    I think you may be stuck until building and installing with Xcode4. You should be able to use the Xcode4 PackageMaker (available as an other > other install) to install your Universal code. I strongly suggest getting it all working in Xcode4 and then building a separate installer for Xcode3. If you want to do the extra work to support PowerPC code, that't fine, but as the years progress, it will be come more and more work.

  • etresoft Level 7 Level 7 (23,905 points)

    TheSilverHammer wrote:

     

    This isn't my choice.  I am not a lone programmer who is just being bull-headed.  Management makes that decision, not me.  Ill discuss it with them.

     

     

    I understand that. But you also have a responsibility to have a deliverable. If you do everything in Xcode4, it should all work and you should have a deliverable package for everything that Xcode4 supports. Then you can tell management that you have 10.6 Intel (or whatever) ready to go but you are still working on the PowerPC part. That will also help them to see the actual cost in supporting old versions.

     

    If you are working with current, supported tools then when you ask someone what is going wrong, they will be able to help. If you are trying something funky, people are just going to throw up their hands.

     

    That is about all I can do right now. I haven't tried code signing myself yet. I will create a certificate and try it out later today. Then I can tell you what you should expect to see in Xcode4.

  • etresoft Level 7 Level 7 (23,905 points)

    According to the Developer ID Tutorial, developers are expected to do the entire process in Xcode4. If you are shipping a PackageMaker installer, Apple suggests using the productsign tool and your Developer ID. There is no indication if the GUI certificate method works or not. This might work out nicely for you. Create your DeveloperID in Xcode4. Then build your application and installer package with Xcode3. You should be able to sign it using the command line with your Developer ID.

  • etresoft Level 7 Level 7 (23,905 points)

    TheSilverHammer wrote:

     

    PS.  I just tried to go to that link you provided, and it didn't work for me.  When I get to the developer downloads I do not have a documents category.  I can download all sorts of OS's and tools, but I do not see any documents of any kind.

    Perhaps that is the problem. You need a paid Mac developer account.

     

    I just when through the process and signed one of my really old installers. I even had to blow away all of my old Developer account stuff in Keychain and Xcode because I've moved to Canada and needed a whole new set of accounts. So, I did it just now from a totally clean slate. I fired up Xcode, viewed my Provisioning Profiles, refreshed, got my Developer ID, and exported it. Then, I signed my old installer with my name and now I have a signed version. When I install it, it even has a little padlock in the upper right corner. No self-signed certificates.

     

    You can continue to use Xcode3 to build your software. But you will need Xcode4 and a paid Developer account to stay current.

1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.