Code signing my SheepShaver and BasiliskII builds
Moderators: Cat_7, Ronald P. Regensburg
- Ronald P. Regensburg
- Expert User
- Posts: 7821
- Joined: Thu Feb 09, 2006 10:24 pm
- Location: Amsterdam, Netherlands
Code signing my SheepShaver and BasiliskII builds
So I joined the Apple Developer Program for $99 a year.
Now I will need to get hold of a certificate.
If, in the process, I get confused about how to proceed, I will ask here for help.
Now I will need to get hold of a certificate.
If, in the process, I get confused about how to proceed, I will ask here for help.
- Ronald P. Regensburg
- Expert User
- Posts: 7821
- Joined: Thu Feb 09, 2006 10:24 pm
- Location: Amsterdam, Netherlands
Re: Code signing my SheepShaver and BasiliskII builds
First stumbling block.
I got my "Developer ID Application" certificate and installed it in my Keychain.
Until now, I understood that I could code sign my applications without being bothered about hardening or notarization, as long as I distributed outside the App Store.
However, this line appeared on the page were I downloaded the certificate:
I got my "Developer ID Application" certificate and installed it in my Keychain.
Until now, I understood that I could code sign my applications without being bothered about hardening or notarization, as long as I distributed outside the App Store.
However, this line appeared on the page were I downloaded the certificate:
Now what?If you're generating your first Developer ID certificate, the software that you sign it with must be notarized by Apple in order to run on macOS 10.14.5 or later.
Last edited by Ronald P. Regensburg on Thu Jul 25, 2019 1:53 pm, edited 1 time in total.
Reason:
Reason:
-
- Forum All-Star
- Posts: 1706
- Joined: Tue Oct 14, 2008 12:12 am
Re: Code signing my SheepShaver and BasiliskII builds
Since SheepShaver (and probably BasiliskII) cannot be notarized anyway (see kanjitalk755's explanation in another thread), this may not matter in any practical way. If you're creating an AppleScript applcation, use SD Notary (also referred to in another thread) to notarize it.
After notarizing something, try to codesign SheepShaver and see what happens. I doubt it will work, if Apple means what it says, but it's worth trying.
After notarizing something, try to codesign SheepShaver and see what happens. I doubt it will work, if Apple means what it says, but it's worth trying.
- Ronald P. Regensburg
- Expert User
- Posts: 7821
- Joined: Thu Feb 09, 2006 10:24 pm
- Location: Amsterdam, Netherlands
Re: Code signing my SheepShaver and BasiliskII builds
I'll see what I can produce to fool Apple.
-
- Forum All-Star
- Posts: 1706
- Joined: Tue Oct 14, 2008 12:12 am
Re: Code signing my SheepShaver and BasiliskII builds
Maybe start by using SD Notary to notarize the scripts that I notarized earlier?
- Ronald P. Regensburg
- Expert User
- Posts: 7821
- Joined: Thu Feb 09, 2006 10:24 pm
- Location: Amsterdam, Netherlands
Re: Code signing my SheepShaver and BasiliskII builds
I am trying to figure out how to use SD Notary for notarization. The "app-specific password" still confuses me.
Do I always need to use "altool" as name for the app-specific password, as you wrote in the other thread?
Do I always need to use "altool" as name for the app-specific password, as you wrote in the other thread?
But isn't it so that if you want to notarize more than one application, you will need an app-specific password for each application? Then you would also need more names for app-specific passwords.emendelson wrote:The only possibly confusing part is creating and storing the device-specific password. Apple will give you a password that looks like abcd-efgh-ijkl-mnop. The instructions show how to enter into the Keychain, with the name "altool". When you use SD Notary, you enter the name "altool" (no quotation marks) in the SD Notary utility and it works.
-
- Forum All-Star
- Posts: 1706
- Joined: Tue Oct 14, 2008 12:12 am
Re: Code signing my SheepShaver and BasiliskII builds
You only have to set up the app-specific password once, to be used by the "altool" unix command that sends the notarization request. You do NOT need a new password for the scripts or apps that you notarize. Once you have created the app-specific password for the altool command, you never have to create an app-specific password again for anything involving notarization.
You surely know this already, but in case anyone else is reading this, this page shows you how to set up an app-specific password:
http://learn.buildfire.com/en/articles/ ... c-password
When you create the password, give it a name. The reason to use the name "altool" is that you'll be using it for the command-line altool application, and it's easy to remember, and the guides tell to you use it, so it's easy to look in the guide if you forget it. But if you want to call it "MonaLisa" or "BritneySpears", feel free to do so.
Then, when you run the SD Notary app, all you need to do is enter "altool" in the "Keychain Item Name" in the SD Notary app, as described here:
https://latenightsw.com/sd-notary-notarizing-made-easy/
The reason to use the name "altool" and not the password itself is that you don't have to remember "abcd-efgh-ijkl-mnop" or type it into a window where other people can see it. The SD Notary app gets the password from the keychain by looking up its name.
Let me know if you have any other questions. When you get this set up the first time, you don't have to set it up again.
You surely know this already, but in case anyone else is reading this, this page shows you how to set up an app-specific password:
http://learn.buildfire.com/en/articles/ ... c-password
When you create the password, give it a name. The reason to use the name "altool" is that you'll be using it for the command-line altool application, and it's easy to remember, and the guides tell to you use it, so it's easy to look in the guide if you forget it. But if you want to call it "MonaLisa" or "BritneySpears", feel free to do so.
Then, when you run the SD Notary app, all you need to do is enter "altool" in the "Keychain Item Name" in the SD Notary app, as described here:
https://latenightsw.com/sd-notary-notarizing-made-easy/
The reason to use the name "altool" and not the password itself is that you don't have to remember "abcd-efgh-ijkl-mnop" or type it into a window where other people can see it. The SD Notary app gets the password from the keychain by looking up its name.
Let me know if you have any other questions. When you get this set up the first time, you don't have to set it up again.
- Ronald P. Regensburg
- Expert User
- Posts: 7821
- Joined: Thu Feb 09, 2006 10:24 pm
- Location: Amsterdam, Netherlands
Re: Code signing my SheepShaver and BasiliskII builds
Thanks for the explanation! I misunderstood "app-specific password". I thought it was a password specific for the application to be notarized. But I understand now that it is a password that is linked to the tool that is used for notarizing.
- adespoton
- Forum All-Star
- Posts: 4227
- Joined: Fri Nov 27, 2009 5:11 am
- Location: Emaculation.com
- Contact:
Re: Code signing my SheepShaver and BasiliskII builds
Essentially what it's doing is providing an app-specific access to your Apple ID. The access hash is stored in your keychain, and the password/hash pair is stored in your Apple ID, where you can revoke it from Apple's website at any time.
The only software that can access your Apple ID is software signed by Apple for that purpose, or software for which you've created an app-specific password such as altool.
The only software that can access your Apple ID is software signed by Apple for that purpose, or software for which you've created an app-specific password such as altool.