问题
I'm trying to codesign my macOS screensaver project to get rid of the "unidentified developer" warning message. Both Apple's documentation and this person on Apple's forums say that you should use the "Developer ID Application" signing certificate to do it. But that doesn't appear to work for me.
When I follow Apple's instructions on how to test for proper signatures the response I get is as follows:
Screensaver.saver: rejected (the code is valid but does not seem to be an app)
My signing settings look like this:
I'm not sure what else I should try at this point. Mostly I'm worried about the rumor future mac apps will have to be signed/notarized and what does that means for screensavers?
回答1:
Here are additional notarization notes:
You can’t notarize the .saver directly, but you can in a round-about-way notarize a ZIP file, which is how I distribute my screen saver. Here are the steps I use for my simple saver, your mileage will undoubtably vary:
- /usr/bin/codesign -f -o runtime --timestamp --sign “insert Developer ID Installer certificate identifier here” XYZZY.saver
- compress the code signed .saver e.g. XYZZY.saver.zip
- /usr/bin/xcrun altool --verbose --notarize-app --primary-bundle-id “insert identifier here" -u “xyzzy@plugh.com" -p “insert app-specific PW for your Apple ID here" -t osx -f XYZZY.saver.zip
- Aside: store the App-specific password in your keychain and
reference it from the command line like this:
- /usr/bin/xcrun altool --store-password-in-keychain-item "AC_PASSWORD" -u xyzzy@plugh.com -p “insert App-specific PW from Apple here”
- wait for notarization, check status like this:
- /usr/bin/xcrun altool --notarization-history 0 -u “xyzzy@plugh.com" -p "@keychain:AC_PASSWORD”
- While you can notarize a ZIP archive, you can’t staple the
notarization ticket to it directly. Instead, run stapler against
each individual item that you originally added to the archive. Then
create a new ZIP file containing the stapled items for distribution.
- /usr/bin/xcrun stapler staple XYZZY.saver
- Re-zip the saver and distribute
回答2:
Just in case someone else stumbles in here...
For now I've realized that a good way around this is to create an installer package and then sign that following Apple's instructions.
I ended up using some free software called Packages to create the installer. After building the installer, I copied it to another folder and used the following command to sign it.
/usr/bin/productsign --sign "<Name of Developer ID Installer Cert in Keychain>" source.pkg destination-signed.pkg
Hope this helps someone out there. As far as I can tell this gets around the unidentified developer warning.
来源:https://stackoverflow.com/questions/56307714/how-to-properly-codesign-macos-screensaver