osx-sign icon indicating copy to clipboard operation
osx-sign copied to clipboard
verified publisher icon electron

Apple Distribution certificate support

Open mahnunchik opened this issue 5 years ago • 6 comments

Hi,

It seems Apple Distribution certificates not supported.

https://help.apple.com/xcode/mac/current/#/dev3a05256b8 Apple Distribution Sign your apps for submission to the App Store or for Ad Hoc distribution. For use with Xcode 11 or later.

mahnunchik avatar May 06 '20 21:05 mahnunchik

Hi @mahnunchik! As far as I know the Apple Distribution certificates are designed to be used with Xcode only... like it's not for manual codesiging?

sethlu avatar May 09 '20 07:05 sethlu

Hi @sethlu

I've checked the Apple Distribution / Development certificates are supported. But there are lack of documentation on Apple and this module side.

mahnunchik avatar May 10 '20 21:05 mahnunchik

Oh I see 👌 The new certificates seem to be taking over the existing certificates. How does it sound if we have electron-osx-sign do the following?

  • For development: Try Apple Development, then Mac Developer
  • For distribution: Try Apple Distribution, then 3rd Party Mac Developer Application or Developer ID Application depending on the Electron build?

For now, a workaround would be to provide an --identity="Apple Distribution" option to override the default electron-osx-sign behavior.

Currently electron-osx-sign chooses Developer ID Application for signing development builds... Here's a PR that suggests defaulting all development builds to be signed with Mac Developer identity: https://github.com/electron/electron-osx-sign/pull/183

sethlu avatar May 23 '20 21:05 sethlu

Sorry about the delay, I took a closer look at the documentation again and it seems that the Apple Development and Apple Distribution certs only apply to apps submitted to the (Mac) App Store.

Apple Development For iOS, tvOS, or watchOS apps, run the app on devices and use app services during development. For macOS apps, use app services during development and testing. Note: Available in Xcode 11.0 and later. For earlier Xcode versions, use an iOS Development or Mac Development certificate.

Apple Distribution For iOS, tvOS, or watchOS apps, run the app on designated devices for testing or submit it to the App Store. For macOS apps, sign an app before distributing it through the Mac App Store. Note: Available in Xcode 11.0 and later. For earlier Xcode versions, use an iOS Distribution or Mac App Distribution certificate.

Ref: https://help.apple.com/xcode/mac/current/#/dev3a05256b8

Here's an updated version...

  • Targeting inside the Mac App Store
    • For development: Try Apple Development, then Mac Developer
    • For distribution: Try Apple Distribution, then 3rd Party Mac Developer Application
  • Targeting outside the Mac App Store
    • Always try Developer ID Application for development/distribution

A PR will be up in a few minutes with this implementation.

sethlu avatar Jul 06 '20 23:07 sethlu

Any news?

mahnunchik avatar Apr 13 '22 08:04 mahnunchik