I’m trying to code sign a macOs application through CMake with a certificate.
I followed the approach mentioned in the book of @craig.scott, using
-DCMAKE_XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY variables, but it didn’t work.
By the way, the snippet which inspires me is:
"ABC12345DE" CACHE STRING ""
"Apple Development" CACHE STRING ""
I got an error message from Xcode:
<project-name>.xcodeproj: error: No certificate for team '<the-id>' matching '<name>' found: Select a
different signing certificate for CODE_SIGN_IDENTITY, a team that matches your selected certificate, or
switch to automatic provisioning. (in target 'starship_platform_desktop' from project '<project-name>')
I already try this: xcode - No "iOS Development" signing certificate matching team ID "*****"with a private key was found - Stack Overflow
I don’t know if someone already face a similar issue.
I’m @tonygo 's colleague. We are testing this with certificates generated from my personal Apple Developer account. The title of the certificate looks like this: “Developer ID Application: Juan Cruz Viotti (97Z2ARC25P)”
From what we understand,
CMAKE_XCODE_ATTRIBUTE_DEVELOPMENT_TEAM should be
CMAKE_XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY should be
Juan Cruz Viotti.
Is that correct, or are we misinterpreting the variables?
Unless you have multiple different identities on your machine for the same team ID, I’d normally recommend setting
Apple Development. Xcode should then select the appropriate identity matching your specified team ID.
It’s been a while since I’ve revisited these things in my book, and I haven’t been working on any Apple projects lately. It’s possible things have changed recently, but so far I haven’t heard anything to suggest the advice in the book isn’t still applicable. The name on that certificate doesn’t seem like what I’d expect. My signing certificates for development are named “Apple Development: Craig Scott (<team-ID>)”. Are you perhaps trying to use the wrong certificate?
Thanks! We’ll give this a shot. As far as I understand, the “Apple Development” ones are for App Store / Mac App Store distribution, where as the “Developer ID Application” ones are for distribution outside of the store (which we are aiming for).
I seem to vaguely recall having difficulties trying to use the application certificate for the first signing long ago. I think the workflow that eventually worked for me was to sign with the usual
Apple Developer certificate when building the code. Then, produce the archive using
xcodebuild -archve ..., and lastly export that archive for distribution using
xcodebuild -exportArchive .... The exporting step requires you to specify the method of distribution, and you select that in your export options plist file (using the
-exportOptionsPlist command line argument). Check if one of those distribution methods matches what you want to use. The exporting step will select the appropriate certificate to re-sign your app based on the distribution method you specify.
Thanks for these insights @craig.scott
I tried to replace our current
Apple Development, but it didn’t work.
Regarding the second approach, what I’ve to do is:
- produce an archive with
xcodebuild (I have to figure out how exactly, probably some answers there: Xcode "Build and Archive" from command line - Stack Overflow)
- export the archive still with
xcodebuild with flags
- In the plist file, I should add the property
signingCertificate with the value:
Juan Cruz Viotti (97Z2ARC25P)”
I’ll work on that and see it how it goes.
I think another approach would be to use
CPACK_BUNDLE_APPLE_CERT_APP . I found an example usage on GitHub.
I tried setting these options in the cmake file:
set(CMAKE_XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Developer ID Application")
and it appears that the resultant bundle has been code signed successfully using the right certificate:
$ codesign -dv --verbose=2 examples/hello_world/dist/desktop/Debug/Hello\ World.app
Executable=/Users/raisinten/Desktop/git/starship-next/examples/hello_world/dist/desktop/Debug/Hello World.app/Contents/MacOS/Hello World
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20400 size=16712 flags=0x0(none) hashes=511+7 location=embedded
Authority=Developer ID Application: Juan Cruz Viotti (97Z2ARC25P)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Signed Time=20-Jan-2023 at 12:20:06 PM
Sealed Resources version=2 rules=13 files=5
Internal requirements count=1 size=228
Awesome! @craig.scott This would good for inclusion on the next edition of the book. We are all big fans of it at Postman