Tutorial on publishing Flex/Air app for Mac App Store or just using Developer ID for general distribution

New Here ,
May 08, 2014

Copy link to clipboard

Copied

Has anybody put together a tutorial on publishing a Flex/AIR application for distribution as an OSX desktop app, either through Mac App Store or just using the Developer ID certificate?

In my time as a Flex developer, I've seen some things documented well and some that you had to dig for, but finding clear instructions on this is really difficult! I would have thought publishing your Flex/AIR app as a stand-alone (captive runtime) application either through the Mac App Store or to users directly (signing with an Apple Developer ID certificate) would be something many people are trying to do. But most of the helpful posts out there are dated or incomplete as well as being specifically targeted towards iOS. Furthermore, each time the AIR SDK changes it seems many of the past posts are no longer valid at some step.

Big thanks for anybody who can provide pointers or suggestions!

I have it working!!!   Woooohoooo!

DHL83​'s correspondence with Apple and reference to the Electron thread on Apple's Developer support site provided me with some ideas for googling whether entitlements could be added for apps produced by 3rd party tools such as the Flex SDK.  After a lot of trial-and-error, I worked out what entitlements are required.

Here are the steps in addition to the signing script I posted above:

1. You need to create an Entitlements file which will look like this:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>com.apple.security.cs.allow-jit</key>

<true/>

<key>com.apple.security.cs.allow-unsigned-executable-memory</key>

<true/>

</dict>

</plist>

Thismust be created in XCode otherwise get an error about blobs not being correct:

HomeDirXCodePropertyList.plist: unrecognized blob type (accepting blindly)
HomeDirXCodePropertyList.plist: invalid length in entitlement blob

To create in XCode, do this:

In XCode, File->New->File...
Choose MacOS tab -> Resource -> Property List
Right click on the document -> Property List Type -> Entitlements File
Add Row using + button.

Select Allow Execution of JIT-compiled code and select Boolean value YES

Add Row using + button

Select Allow Unsigned Executable Memory and select Boolean value YES

Save the file (I called it entitlements.plist) and reference it in the .app signing line.

2. Change the script you use for signing the .app to reference this file:

codesign  --force --options runtime --deep --sign  "Developer ID Application: My Company, Inc (AB1CD2E3FG)" --entitlements "/Users/username/Documents/entitlements.plist" "/Users/username/Documents/out/MyApp.app"

Check that you don't get any errors from the entitlements file.

3. Use product build in the script as before (no changes) to create the .pkg

4. As before, submit the app for Notarization, then staple once it completes successfully.

My testing has been as follows:

1. Delete the .app files from my machine.

2. Upload the .pkg file to a web server.

3. Download it and install on 10.14.5 Mojave.

It installs and runs without the previous codesign error.  Hope it works for others!

TOPICS
Development

Views

10.4K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
May 08, 2014 0
Explorer ,
Nov 08, 2018

Copy link to clipboard

Copied

Just in case anyone still has trouble with this for hosting your installer other than on the Mac App Store, here is my bash script that creates a .pkg installer for MacOS and it downloads without any warnings from any browser (tested with Safari, Chrome, Firefox and Brave), and it installs without warnings, and the installed app launches without warnings.

It also fixes the icons that as of AIR 31 are still wrong for MacOS, and it updates Info.plist with version. This app package contains 10 ANEs as well.

# !/bin/bash

VERSION=$1

USAGE="Usage: build.sh app_version_string (n.n.n)"

if [ "$VERSION" == "" ]; then

    echo "app_version_string is required"

    echo ${USAGE}

    exit 1

fi

INFO_PLIST="$APP_DIR/out/your-app.app/Contents/Info.plist"

cd $APP_DIR

# copy icons file over the one built by AIR which is still packaged incorrectly as of AIR SDK 31

cp -f ./packaging/Icon.icns ./out/your-app.app/Contents/Resources/Icon.icns

rm -f "./out/your-app.app/Contents/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/WebKit.dylib"

rm -f "./out/your-app.app/Contents/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/Adobe AIR.vch"

/usr/libexec/PlistBuddy -c "Set :CFBundleShortVersionString ${VERSION}" "${INFO_PLIST}"

/usr/libexec/PlistBuddy -c "Set :CFBundleGetInfoString ${VERSION}, © 2018 Your Company, Inc. All rights reserved." "${INFO_PLIST}"

/usr/libexec/PlistBuddy -c "Add :LSApplicationCategoryType string public.app-category.business " "${INFO_PLIST}"

codesign -f -v -s "Developer ID Application: Your Company, Inc. (YOUR_TEAM_ID)" "./out/your-app.app/Contents/Frameworks/Adobe AIR.framework/Versions/1.0/Adobe AIR_64"

codesign -f -v -s "Developer ID Application: Your Company, Inc. (YOUR_TEAM_ID)" "./out/your-app.app/Contents/Frameworks/Adobe AIR.framework/Versions/1.0/Adobe AIR"

codesign -f -v -s "Developer ID Application: Your Company, Inc. (YOUR_TEAM_ID)" "./out/your-app.app/Contents/Frameworks/Adobe AIR.framework"

codesign -f -v -s "Developer ID Application: Your Company, Inc. (YOUR_TEAM_ID)" "./out/your-app.app"

productbuild --component ./out/your-app.app /Applications "./packaging/mac/your-app.pkg"  --sign "Developer ID Installer: Your Company, Inc. (YOUR_TEAM_ID)" --identifier "your-app" --version "${VERSION}"

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 08, 2018 2
Explorer ,
Jun 28, 2019

Copy link to clipboard

Copied

Huge thanks to everyone for contributions to this thread and especially to ejthomas95746​ for providing the script.

A few extra pointers for anyone doing this process:

1. As of AIR 31 or 32, there is an additional file to sign which is Contents/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/A2712Enabler

I'm not sure if it's necessary but it is easy enough to sign.

2. For future-proofing, Apple now likes all apps to be Notarized (and will require it for all apps from MacOS 10.15).  Details of how to do it are here: https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/customizi...

For this to happen and for it not to fail, it's necessary to sign the A2712Enabler file and your MyApp.app file in a different way so that it includes a 'hardened runtime'.  The updated codesign commands are

codesign  --force --options runtime --deep --sign "Developer ID Application: Your Company, Inc. (YOUR_TEAM_ID)" "./out/your-app.app/Contents/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/A2712Enabler""

codesign  --force --options runtime --deep --sign "Developer ID Application: Your Company, Inc. (YOUR_TEAM_ID)" "./out/your-app.app"

Notarization is then performed as per the document linked above.  You have to create an App-specific password on your iTunes Connect account to do that.

The document also contains details of how to find errors which is very important if the process fails.

3. Finally, you staple the notarization to the app, although there's no reference required, just this command:

xcrun stapler staple "./packaging/mac/your-app.pkg"

4. One other note: It's quite acceptable to use the .air file built and signed on a Windows dev machine as the input to 'adt -package -target bundle' to create the MacOS Captive Runtime version (this saves us time in our build process).  I also found the app 'iCreate icons' to be a really simple way to generate the .icns file required for Mac from the Windows png icons we already had.

Hope this helps someone as much as everyone's previous answers helped me.  Thanks all!

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 28, 2019 2
Explorer ,
Jul 11, 2019

Copy link to clipboard

Copied

Thanks for this re-cycle​. I'm struggling a bit with the signing part. All actions are successfully completed, but after doing the last signing of the .app, using the --options runtime --deep, the app crashes during startup with a message of "Code Signature Invalid":

System Integrity Protection: enabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (Code Signature Invalid)

Exception Codes:       0x0000000000000032, 0x0000086b6eb84f30

Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    Namespace CODESIGNING, Code 0x2

Here are my steps:

1. Export app as "Captive Runtime Bundle (.app)" in IntelliJ IDEA

2. Run the following commands:

rm -f MyAIRApp.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/1.0/Resources/WebKit.dylib

rm -f MyAIRApp.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/1.0/Resources/Adobe\ AIR.vch

/usr/libexec/PlistBuddy -c "Set :CFBundleShortVersionString 2.0.2" /Users/me/Desktop/MyAIRApp.app/Contents/Info.plist

/usr/libexec/PlistBuddy -c "Set :CFBundleGetInfoString 2.0.2, © 2019 MyCompany, Inc. All rights reserved." /Users/me/Desktop/MyAIRApp.app/Contents/Info.plist

/usr/libexec/PlistBuddy -c "Add :LSApplicationCategoryType string public.app-category.business" /Users/me/Desktop/MyAIRApp.app/Contents/Info.plist

codesign -f -v -s "Developer ID Application: MyCompany, Inc" MyAIRApp.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/Current/Adobe\ AIR_64

codesign -f -v -s "Developer ID Application: MyCompany, Inc" MyAIRApp.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/Current/Adobe\ AIR

codesign --force --options runtime --deep --sign "Developer ID Application: MyCompany, Inc" MyAIRApp.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/1.0/Resources/A2712Enabler

codesign -f -v -s "Developer ID Application: MyCompany, Inc" MyAIRApp.app/Contents/Frameworks/Adobe\ AIR.framework/

codesign --force --options runtime --deep --sign "Developer ID Application: MyCompany, Inc" MyAIRApp.app

After this, if I run the app, I get the error above. I won't get the error if I sign A2712Enabler and MyAIRApp.app without --options runtime, but then notarization fails.

Any clue to why the --options runtime gives this Code Signature Invalid crash/error?

I'm using MacOS 10.14.5 and Adobe AIR 31. Air bundle packaged in IntelliJ 2019.1

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 11, 2019 0
Explorer ,
Jul 12, 2019

Copy link to clipboard

Copied

I'm not sure what's causing the error but I have two guesses:

1. My process is a little different to yours.  I export an unsigned .airi from Flash Builder 4.7.  I then (on Windows, though it shouldn't matter) use ADT to create an unsigned .air:

adt -package -target bundle MyApp MyApp.air

[I then sign that on Windows using Signtool but I think I use the unsigned version for Mac]

Next, I move that .air file to Mac OS and create the .app (again, unsigned):

adt -package -target bundle MyApp.app MyApp.air

I then copy the .icns file into the package:

cp -f MyApp.icns Contents/Resources/Icon.icns

and finally run the script to remove Webkit and DRM and to sign the .app and its various components.

2. My second guess would be to check and double-check your certificates since that's what the error is stating.  Also, have you followed the instructions in the Notarization link to get the full error message link when it fails?

The full format of the certificate IDs should include the letters and numbers in brackets: e.g "Developer ID Application: Company Name, Inc (AB1CD2E3FG)"

After completing all of the above, I create an installer .pkg file, signing that .pkg with my Developer ID Installer certificate from Apple (NOT the Developer ID Application one), which with xCode installed is:

productbuild --component MyApp.app /Applications "MyApp.pkg"  --sign "Developer ID Installer: My Company, Inc" --identifier "AppName" --version "1.0.0"

That signed .pkg is what I submit to Apple for notarisation.

Good luck - we're all just guessing here thanks to Adobe's lack of documentation about the details of publishing AIR apps to Macs in the various possible formats!

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 12, 2019 2
Explorer ,
Jul 12, 2019

Copy link to clipboard

Copied

Thanks a lot for the quick reply, re-cycle​. I've got bootcamp with Win10 installed on my mac, so I'll try to reproduce your steps (except I'll be exporting from IntelliJ IDEA instead of Flash Builder).

May I ask if you use AIR 31 or 32?

Also, do your do any more modifications to your Info.plist except the ones you mentioned in your post?

If I'm successful, I'll summarize all my steps here.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 12, 2019 0
Explorer ,
Jul 12, 2019

Copy link to clipboard

Copied

Using AIR 32 and no further modifications to Info.plist.

I'm also using Win10 on bootcamp on a MacBook Pro in my process.

[As an aside, when signing on Windows, I first tried using one of the latest MacMinis but couldn't get the USB signing token to work under windows, which I'm guessing is down to the T2 chip in the MacMini.  Signing tokens also don't work under virtualisation with VMWare Fusion or Parallels.  Works fine on Win 10 running as bootcamp on an older MacBook Pro though.  Not relevant to the Mac discussion but may be useful to someone who is using Bootcamp to run Windows to sign a captive runtime .exe AIR app.]

Good luck!

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 12, 2019 0
Explorer ,
Jul 12, 2019

Copy link to clipboard

Copied

Unfortunately, I couldn't get past the first step, creating an unsigned .air from exported .airi

On Windows using PowerShell:

.\adt -package -target bundle "C:\Users\MyUserName\Desktop\MyApp.air" "C:\MyUserName\Desktop\MyApp.airi"

I get the result:

An AIRI file was specified without signing arguments. AIRI files must be signed to be processed further.

I can't find anything on Google related to "unsigned .air" file..

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 12, 2019 0
Explorer ,
Jul 12, 2019

Copy link to clipboard

Copied

Been hammering this problem for a few hours now, without any luck.

My steps are:

  1. "Package AIR Application" -> "captive runtime bundle (.app)" in IntelliJ IDEA. Signed using my company's code signing certificate.
  2. cp -f ./MyApp-icon.png.icns ./MyApp.app/Contents/Resources/Icon.icns
  3. rm -f MyApp.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/1.0/Resources/WebKit.dylib
  4. rm -f MyApp.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/1.0/Resources/Adobe\ AIR.vch
  5. /usr/libexec/PlistBuddy -c "Add :LSApplicationCategoryType string public.app-category.business" MyApp.app/Contents/Info.plist
  6. codesign -f -v -s "Developer ID Application: MyCompany Inc" MyApp.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/1.0/Adobe\ AIR_64
  7. codesign -f -v -s "Developer ID Application: MyCompany Inc" MyApp.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/1.0/Adobe\ AIR
  8. codesign --force --verbose --options runtime --deep --sign "Developer ID Application: MyApp Inc" MyApp.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/1.0/Resources/A2712Enabler
  9. codesign -f -v -s "Developer ID Application: MyApp Inc" MyApp.app/Contents/Frameworks/Adobe\ AIR.framework/
  10. codesign --force --verbose --options runtime --deep --sign "Developer ID Application: MyApp Inc"  MyApp.app

When applying the last step (10) something is changed so that when I try to run the app it crashes with the Problem Report attached below. I am able to successfully notarize this app, but that doesn't help if the app crashes 😞

- AIR 31

- IntelliJ 2019.1

- macOS 10.14.5

Crashed Thread:    0  Dispatch queue: com.apple.main-thread

Exception Type:    EXC_BAD_ACCESS (Code Signature Invalid)
Exception Codes:   0x0000000000000032, 0x00002441987edf30
Exception Note:    EXC_CORPSE_NOTIFY

Termination Reason:Namespace CODESIGNING, Code 0x2

kernel messages:

VM Regions Near 0x2441987edf30:

Memory Tag 240     00002441987d9000-00002441987de000 [   20K] rw-/rwx SM=S/A 
--> Memory Tag 240     00002441987de000-00002441987ee000 [   64K] r-x/rwx SM=COW 
VM_ALLOCATE 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 12, 2019 0
Explorer ,
Jul 12, 2019

Copy link to clipboard

Copied

I presume you've tried those last steps varying the command line arguments to see if it works if you miss something out?

Just checking also that the certificate you are using is the one that you got from Apple labelled 'Developer ID Application', not Apple Development, Mac Development or iOS Development.

Also, do you have the latest version of Xcode installed?

Other than that, I'm really not sure.  However, since it sounds like an issue which is caused by Xcode signing with an Apple certificate, you should be able to contact Apple Developer technical support since you can prove the app runs before codesign alters it.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 12, 2019 0
Explorer ,
Jul 12, 2019

Copy link to clipboard

Copied

I've tried varying the command line arguments of the last step. The app runs fine up to step 10.

If I run step 10 without using "--options runtime", it will run fine, but will be rejected by apple with one error:  ("The executable does not have the hardened runtime enabled.") during notarization.

Running step 10 with "--options runtime" creates an app that I can successfully get notarized, but that crashes when executed on my mac.

I just updated my Mac from High Sierra to Mojave 10.14.5 (18F132). Xcode is Version 10.2.1 (10E1001). I am using certificate "Developer ID Application: Preseria AS (N111ABCD9E)"

I tried the procedure on the simplest AIR app possible, but with the same error:

<?xml version="1.0"?>

<s:WindowedApplication xmlns:fx="http://ns.adobe.com/mxml/2009" xmlns:s="library://ns.adobe.com/flex/spark">

  <fx:Script><![CDATA[
  import mx.controls.Alert;
   ]]></fx:Script>

  <s:Button click="Alert.show('Hello, world')" label="Say Hello"/>

</s:WindowedApplication>

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 12, 2019 0
Explorer ,
Jul 13, 2019

Copy link to clipboard

Copied

Have you tried cutting IntelliJ IDEA out of the process?  You can compile from the command line using the AIR SDK.

Other than that, I suggest Apple Developer Support.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 13, 2019 0
Explorer ,
Jul 13, 2019

Copy link to clipboard

Copied

I've contacted Apple Support.

I've tried packaging an .airi file from IntelliJ and signing it manually to get an .air bundle, but not the first step of "swc to .airi" from command line, no. That is something I could try, if I figure out the correct arguments.

I do have a Flash Builder 4.7 key somewhere, so I could try to install and import the project to FB before exporting it. Also I guess I could try some more combinations of first creating the .air file on Windows and then bring it over to MacOS.

re-cycle​, you mentioned creating an unsigned .air from an .airi file. How is that possible? Using the adt tool it seems you must sign it to get a .air, or is it something I'm missing?

By the way, thanks for all the help re-cycle. It's much appreciated. I've been checking codementor.io and upwork for expertise, as I'm happy to pay for guidance, but not many people have experience with this kind of stuff. If you, or anyone else who sees this, want to jump on a video call with screen sharing (TeamViewer) and help out, let me know. I'll gladly pay for it.

PS: I just found a recent thread on as3lang.org with a couple interesting links. Will see if I can find some new information there. Will share if I get any closer to a properly signed app that passes notarization. : https://discuss.as3lang.org/t/air-for-desktop-publishing-to-the-mac-app-store-is-it-possible/1850

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 13, 2019 0
New Here ,
Jul 18, 2019

Copy link to clipboard

Copied

Thanks for this helpful thread. It has helped me get an Adobe AIR 31 app successfully through the notarization process. But now I am at the same point as DHL83. After stapling the approved app, I get the same error when starting the app:

Exception Type:        EXC_BAD_ACCESS (Code Signature Invalid)

Exception Codes:       0x0000000000000032, 0x00002930cc582f30

Exception Note:        EXC_CORPSE_NOTIFY

My app is a captive runtime application built by command line on the Mac using mxmlc and adt. 

I found this article

https://successfulsoftware.net/2018/11/16/how-to-notarize-your-software-on-macos/

it says to try the following command to verify the stapling:

spctl -a -v "test.app"

It shows:

test.app: accepted

source=Notarized Developer ID

Which should indicate success. I'll let you know if I find out anything more.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 18, 2019 0
Explorer ,
Jul 22, 2019

Copy link to clipboard

Copied

Sorry for the radio silence - have been away with my family and ignoring email.

The bad news: I'm now getting that error on Mac OS X too for the notarized app:

Exception Type: EXC_BAD_ACCESS (Code Signature Invalid)

Exception Codes: 0x0000000000000032, 0x00001199ab481f30

Exception Note: EXC_CORPSE_NOTIFY

The reason I hadn't picked this up before is because I was creating the notarized app on my new Mac Mini running 10.14.5 Mojave but then downloading and testing the install of the app on my older MacBook Pro 10.13.6 High Sierra (which I'm keeping behind an OS X version so I can still run Flash Builder 4.7).  The notarised app installs and works perfectly on High Sierra and the crash only occurs on Mojave in my environment. DHL83​ - I wonder if that would be useful additional information for Apple Support?  Have you heard back from them?

[Apologies for not picking this up before - I was just so pleased to get the app installing before I went on vacation that I posted here without fully testing on Mojave.]

This is a fairly critical issue for our business, so I'll continue working on it.  Would love to hear from anyone who has ideas for further tests or can make progress with this.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 22, 2019 0
Explorer ,
Jul 22, 2019

Copy link to clipboard

Copied

Just some quick additional information: this doesn't seem to be restricted to AIR: there are users of other platforms reporting the same issue (without solutions yet...)

e.g.

Unity: https://stackoverflow.com/questions/56246948/how-to-tell-why-osx-code-signature-is-invalid

Electron apps: macOS Hardened runtime, notarization, code signing: app crashes and doesn't work at all · Issue #398...

This leads me to believe that it's an issue which Apple have introduced in the way Notarization checks are done.  If so, will they care enough about the Unity/AIR/Electron platforms to solve this before they release MacOS 10.15 Catalina?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 22, 2019 0
Explorer ,
Jul 22, 2019

Copy link to clipboard

Copied

I've been on a short week-long vacation myself. Catching up on some emails now. I got a standard response from Apple that I'll share below. In short, I need to provide them with some more information, screenshots, etc, although there's nothing new to tell them apart from the information I've already submitted.

I'll post back here when I get a follow-up reply from Apple. Oh, and I'll  mention in my reply to Apple that this is a problem also for Unity and Electron platforms.

The message I got from Apple:

Hello Dag,

My name is Laura, and I'm an Advisor from Apple Developer Program Support. Thank you so much for getting in contact about you issue with code signing.

To assist you with resolving this error, our engineers have compiled the Code Signing page.

This document should help you resolve most code signing errors. If you need additional assistance, review the Apple Developer Forums for threads on a variety of code signing issues.

Code sign issues are typically caused by an error in the configuration of local assets. I recommend checking the following items before reattempting your delivery:

1. You are signed into Xcode using the developer Apple ID associated with the app (Accounts pane in Xcode Preferences).

2. The bundle ID set in the Xcode project matches the bundle ID chosen in the App Store Connect app record.

If you continue to receive a code sign error, please provide responses to each of the following questions, so that we can make sure that your error is not related to an internal issue:

1. Is your Mac used to develop for multiple development teams?
2. Are you signing an iOS, tvOS, or macOS app?
3. If you are attempting to sign an iOS app, which type of deployment have you selected (Ad-hoc, Enterprise, or App Store)?

Also provide the screenshots of the following:

1. The error message you receive.
2. The Xcode project General pane.
3. The Xcode project Custom iOS Target Properties section located on the Info pane.
4. Your Provisioning Profile details as shown in Xcode Preferences on the Accounts pane after clicking the View Details button.
5. The Provisioning Profile details as shown in the Certificates, Identifiers & Profiles portal.

After we receive this information, I'll follow up with you when we have an update.

Should you have further queries, please do not hesitate to reply to this email or contact us through our support site. Your case number is 100854096929.

Have a lovely day.

Kind regards,

Laura

Apple Inc.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 22, 2019 0
Explorer ,
Jul 24, 2019

Copy link to clipboard

Copied

I was referenced to Apple Developer Forums by Laura from Apple Inc. There I found several posts from people with the exact same issue: electron mac build crashing on startup (signed ... |Apple Developer Forums

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 24, 2019 0
Explorer ,
Jul 24, 2019

Copy link to clipboard

Copied

Ah, so we're helpless unless someone at Adobe who wrote the code for the ADT tool will help us by talking directly to Apple.  Actionscript has always been Just In Time compiled as far as I know and if Apple are saying that's the reason for the notarization failing then it's a problem at the very core of the AIR runtime which Apple have introduced by requiring notarization.

Does anyone have a clue about how to get an Adobe engineer to look at this?  I'm guessing it would need someone from a large company who have a big support contract with Adobe to have enough clout for them to sit up and take notice... ;-(

DHL83 - thanks very much for reporting back with this.

Anyone have any other ideas about how to work around this?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 24, 2019 2
Explorer ,
Jul 25, 2019

Copy link to clipboard

Copied

Since Harman will be taking over the support and development of the AIR platform I've shot them an email explaining the problem and referencing this thread. (Adobe.Support@harman.com) / Harman - Adobe Partnership - HARMAN

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 25, 2019 0
Explorer ,
Jul 26, 2019

Copy link to clipboard

Copied

I have it working!!!   Woooohoooo!

DHL83​'s correspondence with Apple and reference to the Electron thread on Apple's Developer support site provided me with some ideas for googling whether entitlements could be added for apps produced by 3rd party tools such as the Flex SDK.  After a lot of trial-and-error, I worked out what entitlements are required.

Here are the steps in addition to the signing script I posted above:

1. You need to create an Entitlements file which will look like this:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>com.apple.security.cs.allow-jit</key>

<true/>

<key>com.apple.security.cs.allow-unsigned-executable-memory</key>

<true/>

</dict>

</plist>

Thismust be created in XCode otherwise get an error about blobs not being correct:

HomeDirXCodePropertyList.plist: unrecognized blob type (accepting blindly)
HomeDirXCodePropertyList.plist: invalid length in entitlement blob

To create in XCode, do this:

In XCode, File->New->File...
Choose MacOS tab -> Resource -> Property List
Right click on the document -> Property List Type -> Entitlements File
Add Row using + button.

Select Allow Execution of JIT-compiled code and select Boolean value YES

Add Row using + button

Select Allow Unsigned Executable Memory and select Boolean value YES

Save the file (I called it entitlements.plist) and reference it in the .app signing line.

2. Change the script you use for signing the .app to reference this file:

codesign  --force --options runtime --deep --sign  "Developer ID Application: My Company, Inc (AB1CD2E3FG)" --entitlements "/Users/username/Documents/entitlements.plist" "/Users/username/Documents/out/MyApp.app"

Check that you don't get any errors from the entitlements file.

3. Use product build in the script as before (no changes) to create the .pkg

4. As before, submit the app for Notarization, then staple once it completes successfully.

My testing has been as follows:

1. Delete the .app files from my machine.

2. Upload the .pkg file to a web server.

3. Download it and install on 10.14.5 Mojave.

It installs and runs without the previous codesign error.  Hope it works for others!

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 26, 2019 5
Explorer ,
Jul 26, 2019

Copy link to clipboard

Copied

YES! This is awesome! Thank you so much re-cycle​! Your step-by-step instructions should be marked as the correct answer! Ideally this should be put on Adobe's official blog or wherever we can expect to find updated information for AIR developers in the future.

What a great way to end the work week

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 26, 2019 0
New Here ,
Jul 26, 2019

Copy link to clipboard

Copied

Excellent. This worked for me too. Thank you so much!

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 26, 2019 0
Explorer ,
Jul 28, 2019

Copy link to clipboard

Copied

Wow! I am very troubled about notarization. Thanks!

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 28, 2019 0
Explorer ,
Jul 30, 2019

Copy link to clipboard

Copied

Sorry, I use poor English.

Did you omit the explanation?

I had to remove WebKit.dylib and sign A2712Enabler.

Other than that, it succeeded in the same way.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 30, 2019 0
Explorer ,
Sep 22, 2019

Copy link to clipboard

Copied

I am getting stuck on this -- I can't seem to sign the .app/Contents/Frameworks/Adobe AIR.framework, codesign keeps telling me ".app/Contents/Frameworks/Adobe AIR.framework: bundle format is ambiguous (could be app or framework)". I also added the --deep option to the codesign, and doing it as sudo, still no luck. That seems to be my final obstacle (though I don't know what is in store)! Does anyone have an idea how to resolve is error?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 22, 2019 0
Explorer ,
Sep 22, 2019

Copy link to clipboard

Copied

Not come across this myself but googling around it seems that codesign ambiguous error often relates to having two certificates in Keychain with the same ID:

https://stackoverflow.com/questions/32925844/codesign-and-ambiguos-identity-matches-mac-developer-an...

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 22, 2019 0
Explorer ,
Sep 25, 2019

Copy link to clipboard

Copied

Hi re-cycle, as you can imagine I've been following your thread but I got stuck on codesigning the Adobe AIR.framework, codesign gave me a 'bundle is ambiguous' error. Hours of digging and I finally discovered the problem -- the symlink structure inside the app was not correct coming out of ADT (AIR 32) -- here is a post that suggests the correct structure (https://stackoverflow.com/questions/27871099/creating-symlinks-in-osx-frameworks-inside-app-bundle). I have written up a detailed report and step-by-step instructions from codesigning through notarization, and have sent it to Harman, I am also thinking of posting it here but it is quite long (7 pages, ok so I am not particularly brief).

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 25, 2019 0
Explorer ,
Sep 28, 2019

Copy link to clipboard

Copied

I just went through the process on Mac OSX 10.14.6, and the posts in this thread helped me a lot to get my app properly signed and notarized. The main obstacle that I did not resolve from these posts was correcting the symlinks in the app generated by adt. I had to manually go in and correct the linkages.

 

To help others who may be going through this, I detailed my whole experience from adt'ing through notarizing. This post is quite long, but it is kind of what I wish I could have seen in trying to fix my issues. I hope it is helpful to someone out there. If you have questions, ping me and I'll try to help (you'll see I'm no expert on bash scripts).

 

-jonathan

 

----------------------------------------------------------------------

 

My Steps for Building AIR app on Mac OS 10.14.6

I have been publishing my Flash/AIR app (called SimsUshare_v2) to Mac OSX since 2012. Recently, however, Apple required that the app not only be code signed, but also notarized, since in some upcoming release of Mac OS, they will require all apps to be notarized.

I basically followed the steps I found in other articles, but they didn’t quite get me there. Here are three central articles I used:

  1. Notarizing the app, very useful: “How to notarize your software on macOS
  2. Codesigning and notarizing Mac AIR apps, specifically: “Tutorial on publishing Flex/Air app for Mac App Store or just using Developer ID for general distrib...”, particularly the post marked “Correct Answer” by re-cycle. Of course the success is due to several people who helped him or her, but it’s easiest to identify the last person who put it all together.
  3. Codesigning and notarizing in general: “How to codesign and notarise your app for macOS 10.14 and higher

In this post I will detail all the steps I used to get my app successfully codesigned and notarized. I am not going to go into how I got the certificates from my developer account, that should be clear from other places. I went into the process with my private key (myCertificate.p12), my password, and the latest AIR 32 build (as of September, 2019).

Compiling the App

I use adt to build the captive runtime as follows:

../AdobeAIRSDK/AdobeAIRSDK-32/bin/adt -package -storetype pkcs12 -keystore myCertificate.p12 -tsa http://sha256timestamp.ws.symantec.com/sha256/timestamp -target bundle "SimsUshare_v2.app" SUSFreeWinMac-app.xml -C . SUSFreeWinMac.swf libs/ examples/ icons/ piccache/ assets/

I am prompted for my certificate password, which I entered. This builds the SimsUshare_v2.app in the same folder.

The Start of Codesign woes

The original codesign statement I used to use did not have the parameters that were needed now to codesign and notarize the app, namely stuff about the hardened runtime.

codesign -f -v --options runtime -s "Developer ID Application: Equipment Simulations LLC" --entitlements "$APP_DIR/entitlements.plist" "$APP_DIR/SimsUshare_v2.app"

You’ll see from this statement I also added an entitlements.plist file which was suggested by the #2 article above (re-cycle). I am including that file with this post so you can see it directly. I did not try the build after getting it working to see if I truly need the entitlements.plist file, though. BTW, the $APP_DIR is from my build (bash) script (below) and merely points to the folder in which I have the app.

When I tried to follow the steps in article #2 after making my build script, I kept getting this error from codesign

SimsUshare_v2.app: bundle format is ambiguous (could be app or framework)

In subcomponent: /Users/jonathankaye/Dropbox/SimsUshare Mac Stuff/SimsUshare 2.8.6/SimsUshare_v2.app/Contents/Frameworks/Adobe AIR.framework

After reviewing a lot of the posts in the article #2 from above, I saw I had to remove certain parts of the app (like WebKit) and codesign the pieces directly. I was trying to do it once with the codesign --deep parameter. However, Apple’s codesigning documentation (which actually was useful, albeit very long) said that it is best to sign each part individually rather than to rely on --deep. This documentation also clued me into the real culprit, because it mentions “symlinks” under the error for ambiguous bundle format.

The symlink mention reminded me I had seen this post and comment from Juergen saying to examine the symlinks and the application needs to be in a certain structure. Honestly I didn’t quote understand what that structure was from Juergen’s comment, but I was able to find this somewhere else based on Dass’ comment that made it clearer:

clipboard_image_0.png

I used this example to clean up the SimsUshare_v2.app structure to have the correct symlinks, which I then put into my codesign script, below. FWIW, here is my diagram of the app (‘…’ is whatever is in there, -> are symlinks):

Adobe AIR.framework/

ADOBE AIR  ->     Versions/Current/ADOBE AIR

ADOBE AIR_64 ->     Versions/Current/ADOBE AIR_64

Resources  ->     Versions/Current/Resources

Versions/

     1.0/

           ADOBE AIR …

           ADOBE AIR_64 …

           Resources …

     Current    -> 1.0

Structure of AIR app under SimsUshare_v2.app/Contents/Frameworks

 

To make these changes, I added the fixes to my script for codesigning (I did hardcode the 2.8.6 into the APP_DIR variable which I will replace with VERSION at some later time, also I could make the script with a parameter for VERSION to make it more general).

You will see in the script that in addition to the symlink fixing, I also added some a command I had found to remove extended attributes (which Apple labels as “detritus”, if you don’t do that step), and I also put in checks to see that the app, once codesigned, passes two tests – one to verify the codesign, and the second to see if Gatekeeper will accept it. Of course I removed my passwords from the script, for posting. At the bottom of the script I put the complete output I received.

You’ll see I commented out a line (line 11) about copying icons, I did not have a problem with icons AFAIK but that copy statement was from a different article that had problems with AIR 31 and icons.

#!/usr/bin/env bash

 

VERSION="2.8.6"

APP_DIR="/Users/jonathankaye/Dropbox/SimsUShare Mac Stuff/SimsUshare 2.8.6"

 

INFO_PLIST="$APP_DIR/SimsUshare_v2.app/Contents/Info.plist"

 

cd "$APP_DIR"

 

# copy icons file over -- the one built by AIR which is still packaged incorrectly as of AIR SDK 31

# cp -f ./packaging/Icon.icns ./SimsUshare_v2.app/Contents/Resources/Icon.icns

 

printf "\n++++ Fix the symlinks manually\n"

cd "SimsUshare_v2.app/Contents/Frameworks/Adobe AIR.framework"

rm "Adobe AIR"

ln -s Versions/Current/Adobe\ AIR "Adobe AIR"

ln -s Versions/Current/Adobe\ AIR_64 "Adobe AIR_64"

rm -fr Resources/

ln -s Versions/Current/Resources Resources

cd Versions

rm -fr Current

ln -s 1.0 Current

 

cd "$APP_DIR"

 

printf "\n>>>> removing stuff that would cause problems\n"

rm -f "./SimsUshare_v2.app/Contents/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/WebKit.dylib"

rm -f "./SimsUshare_v2.app/Contents/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/Adobe AIR.vch"

rm -fr "./SimsUshare_v2.app/Contents/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/__MACOSX"

 

printf "\n>>>> removing extended resources (Apple calls it detritus)\n"

xattr -cr SimsUshare_v2.app

 

printf "\n>>>> updating the info.plist\n"

/usr/libexec/PlistBuddy -c "Set :CFBundleShortVersionString \"${VERSION}\"" "${INFO_PLIST}"

/usr/libexec/PlistBuddy -c "Set :CFBundleGetInfoString \"${VERSION}, © 2019 Equipment Simulations LLC. All rights reserved.\"" "${INFO_PLIST}"

/usr/libexec/PlistBuddy -c "Add :LSApplicationCategoryType string public.app-category.business" "${INFO_PLIST}"

 

codesign -f -v -s "Developer ID Application: Equipment Simulations LLC" "$APP_DIR/SimsUshare_v2.app/Contents/Frameworks/Adobe AIR.framework/Versions/1.0"

codesign -f -v -s "Developer ID Application: Equipment Simulations LLC" "$APP_DIR/SimsUshare_v2.app/Contents/Frameworks/Adobe AIR.framework/Versions/1.0/Adobe AIR"

codesign -f -v -s "Developer ID Application: Equipment Simulations LLC" "$APP_DIR/SimsUshare_v2.app/Contents/Frameworks/Adobe AIR.framework/Versions/1.0/Adobe AIR_64"

 

printf "\n>>>> code sign Frameworks/Adobe AIR.framework\n"

codesign -f -v -s "Developer ID Application: Equipment Simulations LLC" "$APP_DIR/SimsUshare_v2.app/Contents/Frameworks/Adobe AIR.framework"

 

printf "\n>>>> code signing the app\n"

codesign -f -v --options runtime -s "Developer ID Application: Equipment Simulations LLC" --entitlements "$APP_DIR/entitlements.plist" "$APP_DIR/SimsUshare_v2.app"

 

printf "\n+++ Check to see if signed properly\n"

codesign --verify --verbose=4 SimsUshare_v2.app

 

printf "\n+++ Check if app passes Gatekeeper test\n"

spctl -a -t exec -vv SimsUshare_v2.app/

 

: '

#################################################

############    EXPECTED OUTPUT      ############

#################################################

Jonathans-Mini:SimsUshare 2.8.6 jonathankaye$ ./build.sh

 

>>>> removing stuff that would cause problems

>>>> removing extended resources (Apple calls it detritus)

>>>> updating the info.plist/Users/jonathankaye/Dropbox/SimsUShare Mac Stuff/SimsUshare 2.8.6/SimsUshare_v2.app/Contents/Frameworks/Adobe AIR.framework/Versions/1.0: code object is not signed at all

In subcomponent: /Users/jonathankaye/Dropbox/SimsUshare Mac Stuff/SimsUshare 2.8.6/SimsUshare_v2.app/Contents/Frameworks/Adobe AIR.framework/Versions/1.0/Adobe AIR_64

/Users/jonathankaye/Dropbox/SimsUShare Mac Stuff/SimsUshare 2.8.6/SimsUshare_v2.app/Contents/Frameworks/Adobe AIR.framework/Versions/1.0/Adobe AIR: code object is not signed at all

In subcomponent: /Users/jonathankaye/Dropbox/SimsUshare Mac Stuff/SimsUshare 2.8.6/SimsUshare_v2.app/Contents/Frameworks/Adobe AIR.framework/Versions/1.0/Adobe AIR_64

/Users/jonathankaye/Dropbox/SimsUShare Mac Stuff/SimsUshare 2.8.6/SimsUshare_v2.app/Contents/Frameworks/Adobe AIR.framework/Versions/1.0/Adobe AIR_64: signed Mach-O thin (x86_64) [Adobe AIR_64]

 

>>>> code sign Frameworks/Adobe AIR.framework/Users/jonathankaye/Dropbox/SimsUShare Mac Stuff/SimsUshare 2.8.6/SimsUshare_v2.app/Contents/Frameworks/Adobe AIR.framework: signed bundle with Mach-O thin (x86_64) [com.adobe.AIR]

 

>>>> code signing the app/Users/jonathankaye/Dropbox/SimsUShare Mac Stuff/SimsUshare 2.8.6/SimsUshare_v2.app: signed app bundle with Mach-O thin (x86_64) [com.simsushare.desktop.free]

 

+++ Check to see if signed properly--prepared:/Users/jonathankaye/Dropbox/SimsUshare Mac Stuff/SimsUshare 2.8.6/SimsUshare_v2.app/Contents/Frameworks/Adobe AIR.framework/Versions/Current/.

--validated:/Users/jonathankaye/Dropbox/SimsUshare Mac Stuff/SimsUshare 2.8.6/SimsUshare_v2.app/Contents/Frameworks/Adobe AIR.framework/Versions/Current/.

SimsUshare_v2.app: valid on disk

SimsUshare_v2.app: satisfies its Designated Requirement

 

+++ Check if app passes Gatekeeper testSimsUshare_v2.app/:

accepted

source=Developer ID

origin=Developer ID Application: Equipment Simulations LLC (8AXD232TA7)

Jonathans-Mini:SimsUshare 2.8.6 jonathankaye$

'

 

From the last few lines you can see my app was now properly codesigned and it passes Gatekeeper’s test. On to the notarization!

For this, I followed article #1 that I had listed at the top. That article was very clear, so here are my instructions that made it work:

  1. I made a DMG using DropDMG, which is a great app, BTW, for making DMG’s really simply. Well worth the cost!
  2. Now I had to upload the DMG to Apple’s servers:

xcrun altool --type osx --file SimsUshare_v2.dmg --primary-bundle-id com.simsushare.SUSMobileDesktop --notarize-app --username u@eqsim.com

  1. Before doing this, I had to go through the Developer portal to create an app-specific password, which I was prompted for, and entered.
  2. I received the following response after 5 minutes (of course I blanked out the actual UUID [the notarize ID] received):

 

No errors uploading 'SimsUshare_v2.dmg'.

RequestUUID = 1xxxxxxxx-xxxx-xxxxx-xxxx-xxxxx1f1

 

  1. I put the notarize ID into the next command:

 

xcrun altool --notarization-info 1xxxxxxxx-xxxx-xxxxx-xxxx-xxxxx1f1 --username u@eqsim.com

 

  1. After it asked for the app-specific password, I received (I removed my password below!)

No errors getting notarization info.

Date: 2019-09-25 13:43:51 +0000

       Hash: bd86076feaxxxxxxxxxxxxxxxxxxx5ac2bc631bc7

RequestUUID: 1xxxxxxxx-xxxx-xxxxx-xxxx-xxxxx1f1

     Status: in progress

 

To query the status (from https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/customizi...😞

xcrun altool --notarization-info 1xxxxxxxx-xxxx-xxxxx-xxxx-xxxxx1f1 -u u@eqsim.com -p <my password!> --output-format xml

  1. I did check the status using the command it stated, but about 4-5 minutes later, I checked it and received the approval notice, like this:

xcrun altool --notarization-info 1xxxxxxxx-xxxx-xxxxx-xxxx-xxxxx1f1 -u u@eqsim.com -p <my password!> --output-format xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

     <key>notarization-info</key>

     <dict>

           <key>Date</key>

           <date>2019-09-25T13:43:51Z</date>

           <key>Hash</key>

           <string>bd86076feaxxxxxxxxxxxxxxxxxxx5ac2bc631bc7</string>

           <key>LogFileURL</key>

           <string>https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma123/v4/0e/48/4f/0e484f28-9919-3c8c-f0d1-045...>

           <key>RequestUUID</key>

           <string>xxxxxxxxxxxxxxxxxxxxx</string>

           <key>Status</key>

           <string>success</string>

           <key>Status Code</key>

           <integer>0</integer>

           <key>Status Message</key>

           <string>Package Approved</string>

     </dict>

     <key>os-version</key>

     <string>10.14.6</string>

     <key>success-message</key>

     <string>No errors getting notarization info.</string>

     <key>tool-path</key>

     <string>/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/Frameworks/AppStoreService.framework</string>

     <key>tool-version</key>

     <string>4.00.1181</string>

</dict>

</plist>

 

  1. Yay! Last step was to staple the output, or something:

xcrun stapler staple -v SimsUshare_v2.dmg

  1. Which after a little bit came back with a long response that ended with

The staple and validate action worked!

 

  1. As the article #1 I mentioned says: Congratulations ... your app has now been codesigned and notarized
  2. After you installed the app (from the .dmg) you can double check if everything is working:

 

spctl -a -v </Path/to/your.app>

 

  1. After your app has been successfully notarized, you will also receive a mail from Apple:

 

Dear Sir,

Your Mac software (bundle identifier ) has been notarized. You can now export this software and distribute it directly to users.

For details on exporting a notarized app, visit Xcode Help.

Best Regards,

Apple Developer Relations

 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 28, 2019 3
Explorer ,
Sep 30, 2019

Copy link to clipboard

Copied

Thank you for the tip about DropDMG @JonathanKaye19147! I ended up purchasing it and I am now using it to build my .dmgs

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 30, 2019 0
Contributor ,
Nov 12, 2019

Copy link to clipboard

Copied

THANK YOU!!!!

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 12, 2019 0
New Here ,
Mar 06, 2020

Copy link to clipboard

Copied

Thank you.  This was very helpful for me.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 06, 2020 0
Participant ,
Jun 26, 2020

Copy link to clipboard

Copied

Thanks for your summarize

 

I have mojave and i followed exactly the steps. 

I also created the entitlements.plist with Xcode

but i have the same error. When I codesign my SM.app with entitlements

then my App crashes

When i cut off the --options runtime it rund but is not notarized.

 

I double checked the PLIST a hundert times. What is wrong. Please help

that is my command

codesign -f -v --deep -s "Developer ID Application: Michael Menard (7RRN669PF8)" --entitlements "/Users/Menard/Desktop/Pack/MM.plist" "$AppLocation"

app is running

codesign -f -v --options runtime --deep -s "Developer ID Application: Michael Menard (7RRN669PF8)" --entitlements "/Users/Menard/Desktop/Pack/MM.plist" "$AppLocation"

app is crashing at start

 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 26, 2020 0
Explorer ,
Jun 26, 2020

Copy link to clipboard

Copied

Hi, I don't think you need to use --deep if you look through the .app file and codesign the pieces I mention directly. The app should run when codesigned, so I would not go farther until this is good, but the notarization is the steps after codesigning, are you doing that?

 

I would strongly recommend you move your question to AS3Lang. Here is where I'd look first

 

-jonathan

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 26, 2020 0
Participant ,
Jun 27, 2020

Copy link to clipboard

Copied

Thanks

I tried without --deep but app also crashes 

I am stuck

Cheers michael

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 27, 2020 0
Explorer ,
Jun 27, 2020

Copy link to clipboard

Copied

I don't know what to suggest, I'm sorry. If you do not use options runtime, then you try to go to notarize the app, it fails then? I may be saying something obvious but the notarization is another step.

 

Maybe posting your message on as3lang someone can help?

 

I have to make an update in the next couple of days and I plan to use the script I made above, I will let you know if I have a problem. I will be compiling on Catalina, not Mojave.

 

-jonathan

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 27, 2020 0
Explorer ,
Sep 13, 2020

Copy link to clipboard

Copied

Just wanted to post a note after I updated my Mac app using AIR 33.1.1.217 based on my previous steps I posted. I tried using adt then going to codesigning and notarizing directly (without the symbolic link and package removal changes I had to do before), but it choked at the notarization step with Apple, with the oh-so-useful error message from them "Package Invalid". Thanks, Apple.

Anyway, I steeled myself and went through all the link re-doing and removing packages from the adt output, then it all worked fine (albeit adding more grey hairs to my head).

I don't know specifically which things Harman has fixed in the meantime that I really didn't have to do, so I repeated all of what worked the last time. My guess is they probably did the symbolic linkage correctly, but I still saw packages in the .app might have. Just wanted to give others hope in case they were wondering if anything changed since I had done this successfully with AIR 32.

Ping me if you need any clarification on my steps, I will do my best.

-jonathan

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 13, 2020 0
Explorer ,
Dec 12, 2019

Copy link to clipboard

Copied

Hi. Has anyone succeeded in notarization using macOS 10.15 Catalina?

Doing the same, mojave succeeds but catalina fails.

When the app signature is confirmed with the spctl command, it is rejected.

spctl command displays "source=no usualble signature"

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 12, 2019 0
Explorer ,
Dec 13, 2019

Copy link to clipboard

Copied

Hi KR-san, yes I have successfully notarized my Mac app in 10.15 -- did you see my post directly above your's (https://community.adobe.com/t5/air/tutorial-on-publishing-flex-air-app-for-mac-app-store-or-just-usi...)? I documented all the steps and results. I was helping someone else who told me that the latest Harman build solved the symbolic linking thing I experienced, but try following my notes and let me know where yours gets different results.

 

-jonathan

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 13, 2019 0
Engaged ,
Jan 28, 2020

Copy link to clipboard

Copied

Here is what I am using.

I have created both notarized Developer Id and App Store apps using the bash scripts provided.

https://github.com/tuarua/WebViewANE/tree/development/example-desktop-complete/mac_packaging

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 28, 2020 0
Explorer ,
Nov 21, 2020

Copy link to clipboard

Copied

 
It's been a long time.
After the last writing, I ended up making it in Mojave.
I'm sorry I didn't reply.
 
It will be made with Adobe AIR for the first time in a year, and I confirmed your writing.
I learned a lot.😊
 

First of all, regarding "source = no usualble signature", I just got a new mac and most likely forgot to set up my keychain 😨

 

Then I tried to capture your method, but it failed.
(I can use Python a little, so I can sign, create an installer, and notarize with one command. I modified the script.
For this reason, I can't say I did what you said.)

 

Looking at the notary log, it still says that the A2712 Enabler file needs to be signed.
It also said that the Flash Plugin file in AIR also needs to be signed.
(I was very surprised not to know that Adobe AIR contains the ancient Flash Player 10.6 Plugin.)

 

I went back to re-cycle's way (using the --deep-sign option) to sign Plugins that are ridiculously deep.
Did it! I have succeeded in notarization.

 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 21, 2020 0
KR-san LATEST
Explorer ,
Nov 21, 2020

Copy link to clipboard

Copied

There are some supplements.

 

I'm not so familiar with CLI, so I use AnimateCC (GUI) to create APP files.
Also, when creating an APP, it is necessary to set the signature, but there is a bug in Animate CC and it fails to sign using Apple's certificate.
For this reason, I make an APP with my own certificate and then re-sign it using the CodeSign command and the Developer ID certificate.

 

I created it in the following environment.
machine: macBookPro 2019
OS: macOS 10.15 Catalina
App: Animate 2021
AIR: 32.0.0.116 (Last released version by Adobe)

 

Finally, the following processing is scripted
- Delete WebKit.dylib
- Signing A2712 Enabler (using "--options runtime" and "--deep" options)
- Signing Flash Player-10.6 (using "--options runtime" and "--deep" options)
- Signing APP (using "--entitlements <your plistFile>", "--options runtime" and "--deep" options)

Due to lack of knowledge about Codesign commands, you may have some options you don't need.
But I'm tired of trials and errors😫

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 21, 2020 1