docs: WIP Mac codesigning docs #1372
Conversation
mistydemeo
force-pushed
the
mac-codesign-docs
branch
from
54eff59 to
dcfea7e
Compare
|
I ran into this while doing docs work and noticed that the |
| You'll need the following three secrets: | ||
|
|
||
| - `CODESIGN_IDENTITY`: the identity in the certificate | ||
| - `CODESIGN_CERTIFICATE_PASSWORD`: this is the base64-encoded certificate from Step 4 |
There was a problem hiding this comment.
Should this be CODESIGN_CERTIFICATE? (edit: yes!)
There was a problem hiding this comment.
| - `CODESIGN_CERTIFICATE_PASSWORD`: this is the base64-encoded certificate from Step 4 | |
| - `CODESIGN_CERTIFICATE`: this is the base64-encoded certificate from Step 4 |
|
|
||
| You'll need the following three secrets: | ||
|
|
||
| - `CODESIGN_IDENTITY`: the identity in the certificate |
There was a problem hiding this comment.
Should this be the "User ID" from the certificate? e.g. the part of the name at the end like (XXXXXXXXXX)?
There was a problem hiding this comment.
I'll update the docs to make that clearer!
There was a problem hiding this comment.
Note: you can find that ID also with security find-identity -v -p codesigning from the terminal.
|
Just noting that I followed these instructions after creating a "Developer ID Application" key, and cargo-dist was able to sign the app successfully (it seems?). I'm currently waiting to see if Apple will notarize this, I currently do not build a package or installer, though I probably should as the notary tool requires the app to be in a pkg or dmg or zip. The first notarization has taken >4h so far, but some searching on the internet says that this isn't too unusual (and that later notarizations might take longer), so I notarized using: xcrun notarytool submit ./MY_APP.zip --keychain-profile "MY_KEYCHAIN_PROFILE" --wait |
|
Four hours 😱 I forget how long it can take sometimes. At my last gig it was usually only taking us a few minutes. Thanks for the docs feedback - that's very helpful! |
mistydemeo
force-pushed
the
mac-codesign-docs
branch
from
dcfea7e to
744db7b
Compare
|
FYI Instead of going through keychain it's also possible to get / export the certificates in XCode: 
|
|
This also seems to give a p12 file by default. 
|
Documents the feature we added in #1361. This is currently a WIP until I have access to a developer account so I can confirm the precise steps to walk people through.
I believe it's possible to get a cert either via the web or through Xcode. I'm going to focus on documenting the web route if that's feasible, so users don't have to install Xcode.