How to properly codesign macOS Screensaver?

风格不统一 提交于 2020-05-28 03:30:59

问题


I'm trying to codesign my macOS screensaver project to get rid of the "unidentified developer" warning message. Both Apple's documentation and this person on Apple's forums say that you should use the "Developer ID Application" signing certificate to do it. But that doesn't appear to work for me.

When I follow Apple's instructions on how to test for proper signatures the response I get is as follows:

Screensaver.saver: rejected (the code is valid but does not seem to be an app)

My signing settings look like this:

I'm not sure what else I should try at this point. Mostly I'm worried about the rumor future mac apps will have to be signed/notarized and what does that means for screensavers?


回答1:


Here are additional notarization notes:

You can’t notarize the .saver directly, but you can in a round-about-way notarize a ZIP file, which is how I distribute my screen saver. Here are the steps I use for my simple saver, your mileage will undoubtably vary:

  1. /usr/bin/codesign -f -o runtime --timestamp --sign “insert Developer ID Installer certificate identifier here” XYZZY.saver
  2. compress the code signed .saver e.g. XYZZY.saver.zip
  3. /usr/bin/xcrun altool --verbose --notarize-app --primary-bundle-id “insert identifier here" -u “xyzzy@plugh.com" -p “insert app-specific PW for your Apple ID here" -t osx -f XYZZY.saver.zip
  4. Aside: store the App-specific password in your keychain and reference it from the command line like this:
    • /usr/bin/xcrun altool --store-password-in-keychain-item "AC_PASSWORD" -u xyzzy@plugh.com -p “insert App-specific PW from Apple here”
  5. wait for notarization, check status like this:
    • /usr/bin/xcrun altool --notarization-history 0 -u “xyzzy@plugh.com" -p "@keychain:AC_PASSWORD”
  6. While you can notarize a ZIP archive, you can’t staple the notarization ticket to it directly. Instead, run stapler against each individual item that you originally added to the archive. Then create a new ZIP file containing the stapled items for distribution.
    • /usr/bin/xcrun stapler staple XYZZY.saver
    • Re-zip the saver and distribute



回答2:


Just in case someone else stumbles in here...

For now I've realized that a good way around this is to create an installer package and then sign that following Apple's instructions.

I ended up using some free software called Packages to create the installer. After building the installer, I copied it to another folder and used the following command to sign it.

/usr/bin/productsign --sign "<Name of Developer ID Installer Cert in Keychain>" source.pkg destination-signed.pkg

Hope this helps someone out there. As far as I can tell this gets around the unidentified developer warning.



来源:https://stackoverflow.com/questions/56307714/how-to-properly-codesign-macos-screensaver

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!