Date   

Re: Sandboxed WkWebView

Gerriet M. Denkmann
 

On 18 Oct 2017, at 12:21, Jens Alfke <jens@...> wrote:

On Oct 17, 2017, at 9:14 PM, Gerriet M. Denkmann <g@...> wrote:

I would never have guessed that an app which does not use any outgoing connections at all needs this entitlement.
It sounds like the framework is being too eager to check for this entitlement. It’s definitely worth filing a bug report with Apple!

—Jens
The reason that I took all this trouble with sandboxing is:

In iOS 11 this shows a cat:

htmlString = <h1>Cat</h1><img alt=“Cat” src=“cat.gif” />
[wkWebView loadHTMLString: htmlString baseURL: folder containing cat.gif ]

In macOS 12.6 there was no cat, just a blue icon with “?”, probably meaning broken link.
So I thought: iOS is sandboxed, so maybe WkWebView needs sandboxing to show cats.

But now with sandboxing on macOS I still do not see a cat.
Most frustrating.

Gerriet.


Re: Sandboxed WkWebView

 



On Oct 17, 2017, at 9:14 PM, Gerriet M. Denkmann <g@...> wrote:

I would never have guessed that an app which does not use any outgoing connections at all needs this entitlement.

It sounds like the framework is being too eager to check for this entitlement. It’s definitely worth filing a bug report with Apple!

—Jens


Re: Sandboxed WkWebView

Gerriet M. Denkmann
 

On 18 Oct 2017, at 06:21, Andrew Keller <andrew@...> wrote:

"deny mach-lookup com.apple.nsurlstorage-cache” sounds exactly like the OS denying something because the app isn’t provisioned for that capability, but I’m having trouble identifying which provision I need to turn on in Xcode.
I believe URL access requires com.apple.security.files.bookmarks.app-scope entitlement in a sandboxed app.
That one by itself didn’t change the symptoms of the issue.

However, upon clicking on random buttons on the Entitlements screen, it seems that `com.apple.security.network.client` does make the example app work while sandboxed.
I just tried this:
App Sandbox
Network
[checked] Outgoing Connections (Client)

and now it seems to work.

Excellent idea!

I would never have guessed that an app which does not use any outgoing connections at all needs this entitlement.

A million thanks to you!

Gerriet.


Re: Sandboxed WkWebView

Gerriet M. Denkmann
 

On 17 Oct 2017, at 23:37, Andrew Keller <andrew@...> wrote:

Now I’m curious.

I created the test application as described, and I get the same results (macOS 10.13, Xcode 9). I also see these entries in the system log while the app is sandboxed:

standard 10:19:55.172176 -0400 SandboxedWebView Faulting in NSHTTPCookieStorage singleton
standard 10:19:55.172220 -0400 SandboxedWebView Faulting in CFHTTPCookieStorage singleton
fehler 10:19:55.417821 -0400 appleeventsd <rdar://problem/11489077> A sandboxed application with pid 4372, '"SandboxedWebView"', checked in with appleeventsd, but its code signature could not be read and validated by appleeventsd, and so it cannot receive AppleEvents targeted by name, bundle id, or signature. Install the application in /Applications/ or some other world readable location to resolve this issue. Error=ERROR: #100013 { "NSDescription"="SecCodeCopySigningInformation() returned 100013, -." }
fehler 10:19:55.449646 -0400 sandboxd Sandbox: SandboxedWebView(4372) deny mach-lookup com.apple.nsurlstorage-cache
Sandbox Check by: launchd(1)

Violation: deny mach-lookup com.apple.nsurlstorage-cache
MetaData: {"build":"Mac OS X 10.13 (17A405)","sandbox_checker":"launchd","action":"deny","target":["com.apple.nsurlstorage-cache"],"hardware":"Mac","platform_binary":"no","profile":"unknown","process":"SandboxedWebView","op":"mach-lookup”}

[ lots and lots of text that I can post if wanted ]

"deny mach-lookup com.apple.nsurlstorage-cache” sounds exactly like the OS denying something because the app isn’t provisioned for that capability, but I’m having trouble identifying which provision I need to turn on in Xcode.

Any ideas?
Regarding:
fehler 10:19:55.449646 -0400 sandboxd Sandbox: SandboxedWebView(4372) deny mach-lookup com.apple.nsurlstorage-cache

I added in: SandboxedWebView.enttitlements the following item:

com.apple.security.temporary-exception.mach-lookup.global-name = com.apple.nsurlstorage-cache

which seems to get rid of this error. But the app does not work any better for this.


Regarding:
fehler 10:19:55.417821 -0400 appleeventsd <rdar://problem/11489077> A sandboxed application with pid 4372, ‘“SandboxedWebView”’,….

This might go away if you run the app not from Xcode, but as /Applications/SandboxedWebView.app

I tried this too, but no change for the better.


Herzliche Grüße

Gerriet.


Thanks,
- Andrew


Am 17.10.2017 um 3:06 AM schrieb Gerriet M. Denkmann <g@...>:


On 17 Oct 2017, at 10:59, Marco S Hyman <marc@...> wrote:

This said, the porcupine in my home directory seems to be a red herring:
Even without non-Ascii characters in the path to the home directory a sandboxed WkWebView just does nothing, while the non-sandboxed version works as expected.
I don’t know if this has anything to do with your issue.

One difference between a sandboxed and non-sandboxed app is that the “home directory” in a sandboxed app is inside the application container, not the current users home directory.

~/ ==> non-sandboxed home directory
~/Library/Containers/com.example.appid/Data/ ==> sandboxed home directory

You will not be able to create/access anything outside of the sandbox container without going through Powerbox or adding appropriate entitlements.

Marc
My Test app is really simple, just one window (with WKWebView), one framework (WebKit.framework) and one method:

#import "AppDelegate.h"
@import WebKit;

@interface AppDelegate ()
@property (weak) IBOutlet NSWindow *window;
@property (strong) IBOutlet WKWebView *webView;
@end

@implementation AppDelegate

- (void)applicationDidFinishLaunching:(NSNotification *)aNotification
{
BOOL sandboxed = ![ NSFileManager.defaultManager isWritableFileAtPath: @"/tmp/" ];
NSString *htmlString = sandboxed ? @"<h1>Sand</h1>" : @"<h1>Water</h1>";
NSLog(@"%s %@ will loadHTMLString: \"%@\" baseURL: nil",__FUNCTION__, self.webView, htmlString);
WKNavigation *a = [ self.webView loadHTMLString: htmlString baseURL: nil ];
NSLog(@"%s loadHTMLString returned %@",__FUNCTION__, a);
}

@end

No access to any files, whether inside or outside of home folder.
Still I have never seen “Sand” in my window.

Gerriet.


Re: Sandboxed WkWebView

Andrew Keller
 

"deny mach-lookup com.apple.nsurlstorage-cache” sounds exactly like the OS denying something because the app isn’t provisioned for that capability, but I’m having trouble identifying which provision I need to turn on in Xcode.
I believe URL access requires com.apple.security.files.bookmarks.app-scope entitlement in a sandboxed app.
That one by itself didn’t change the symptoms of the issue.

However, upon clicking on random buttons on the Entitlements screen, it seems that `com.apple.security.network.client` does make the example app work while sandboxed. I wonder if there is a more specific entitlement that may be more to-the-point, given that this test application does not need to make network calls.

Thanks,
- Andrew


Re: Sandboxed WkWebView

Marco S Hyman
 

"deny mach-lookup com.apple.nsurlstorage-cache” sounds exactly like the OS denying something because the app isn’t provisioned for that capability, but I’m having trouble identifying which provision I need to turn on in Xcode.
I believe URL access requires com.apple.security.files.bookmarks.app-scope entitlement in a sandboxed app.

Marc


Re: Sandboxed WkWebView

 



On Oct 16, 2017, at 8:28 PM, Gerriet M. Denkmann <g@...> wrote:

Please note that the path to the home directory is *not* guaranteed to be Ascii: if anything in ”/Users/username” is a symbolic link then this assumption is no longer valid.

Yup. This doesn’t even require messing with symlinks; it’s a supported option in the GUI:
- Open Users & Groups system pref
- Unlock
- Ctrl/right-click a user in the list
- Select “Advanced Options” from the context menu
- A sheet opens where you can configure the home directory path (and much more)

—Jens


Re: Sandboxed WkWebView

Andrew Keller
 

Now I’m curious.

I created the test application as described, and I get the same results (macOS 10.13, Xcode 9). I also see these entries in the system log while the app is sandboxed:

standard 10:19:55.172176 -0400 SandboxedWebView Faulting in NSHTTPCookieStorage singleton
standard 10:19:55.172220 -0400 SandboxedWebView Faulting in CFHTTPCookieStorage singleton
fehler 10:19:55.417821 -0400 appleeventsd <rdar://problem/11489077> A sandboxed application with pid 4372, '"SandboxedWebView"', checked in with appleeventsd, but its code signature could not be read and validated by appleeventsd, and so it cannot receive AppleEvents targeted by name, bundle id, or signature. Install the application in /Applications/ or some other world readable location to resolve this issue. Error=ERROR: #100013  { "NSDescription"="SecCodeCopySigningInformation() returned 100013, -." }
fehler 10:19:55.449646 -0400 sandboxd Sandbox: SandboxedWebView(4372) deny mach-lookup com.apple.nsurlstorage-cache
Sandbox Check by:    launchd(1)

Violation:       deny mach-lookup com.apple.nsurlstorage-cache 
MetaData: {"build":"Mac OS X 10.13 (17A405)","sandbox_checker":"launchd","action":"deny","target":["com.apple.nsurlstorage-cache"],"hardware":"Mac","platform_binary":"no","profile":"unknown","process":"SandboxedWebView","op":"mach-lookup”}

[ lots and lots of text that I can post if wanted ]

"deny mach-lookup com.apple.nsurlstorage-cache” sounds exactly like the OS denying something because the app isn’t provisioned for that capability, but I’m having trouble identifying which provision I need to turn on in Xcode.

Any ideas?

Thanks,
 - Andrew


Am 17.10.2017 um 3:06 AM schrieb Gerriet M. Denkmann <g@...>:


On 17 Oct 2017, at 10:59, Marco S Hyman <marc@...> wrote:

This said, the porcupine in my home directory seems to be a red herring:
Even without non-Ascii characters in the path to the home directory a sandboxed WkWebView just does nothing, while the non-sandboxed version works as expected.

I don’t know if this has anything to do with your issue.

One difference between a sandboxed and non-sandboxed app is that the “home directory” in a sandboxed app is inside the application container, not the current users home directory.

~/ ==> non-sandboxed home directory
~/Library/Containers/com.example.appid/Data/ ==> sandboxed home directory

You will not be able to create/access anything outside of the sandbox container without going through Powerbox or adding appropriate entitlements.

Marc

My Test app is really simple, just one window (with WKWebView), one framework (WebKit.framework) and one method:

#import "AppDelegate.h"
@import WebKit;

@interface AppDelegate ()
@property (weak)  IBOutlet NSWindow *window;
@property (strong)  IBOutlet WKWebView *webView;
@end

@implementation AppDelegate

- (void)applicationDidFinishLaunching:(NSNotification *)aNotification 
{
BOOL sandboxed = ![ NSFileManager.defaultManager isWritableFileAtPath: @"/tmp/" ];
NSString *htmlString = sandboxed ? @"<h1>Sand</h1>" : @"<h1>Water</h1>";
NSLog(@"%s %@ will loadHTMLString: \"%@\" baseURL: nil",__FUNCTION__, self.webView, htmlString);
WKNavigation *a = [ self.webView loadHTMLString: htmlString  baseURL: nil ];
NSLog(@"%s loadHTMLString returned %@",__FUNCTION__, a);
}

@end

No access to any files, whether inside or outside of home folder.
Still I have never seen “Sand” in my window.

Gerriet.




Re: Sandboxed WkWebView

Gerriet M. Denkmann
 

On 17 Oct 2017, at 10:59, Marco S Hyman <marc@...> wrote:

This said, the porcupine in my home directory seems to be a red herring:
Even without non-Ascii characters in the path to the home directory a sandboxed WkWebView just does nothing, while the non-sandboxed version works as expected.
I don’t know if this has anything to do with your issue.

One difference between a sandboxed and non-sandboxed app is that the “home directory” in a sandboxed app is inside the application container, not the current users home directory.

~/ ==> non-sandboxed home directory
~/Library/Containers/com.example.appid/Data/ ==> sandboxed home directory

You will not be able to create/access anything outside of the sandbox container without going through Powerbox or adding appropriate entitlements.

Marc
My Test app is really simple, just one window (with WKWebView), one framework (WebKit.framework) and one method:

#import "AppDelegate.h"
@import WebKit;

@interface AppDelegate ()
@property (weak) IBOutlet NSWindow *window;
@property (strong) IBOutlet WKWebView *webView;
@end

@implementation AppDelegate

- (void)applicationDidFinishLaunching:(NSNotification *)aNotification
{
BOOL sandboxed = ![ NSFileManager.defaultManager isWritableFileAtPath: @"/tmp/" ];
NSString *htmlString = sandboxed ? @"<h1>Sand</h1>" : @"<h1>Water</h1>";
NSLog(@"%s %@ will loadHTMLString: \"%@\" baseURL: nil",__FUNCTION__, self.webView, htmlString);
WKNavigation *a = [ self.webView loadHTMLString: htmlString baseURL: nil ];
NSLog(@"%s loadHTMLString returned %@",__FUNCTION__, a);
}

@end

No access to any files, whether inside or outside of home folder.
Still I have never seen “Sand” in my window.

Gerriet.


Re: Sandboxed WkWebView

Marco S Hyman
 

This said, the porcupine in my home directory seems to be a red herring:
Even without non-Ascii characters in the path to the home directory a sandboxed WkWebView just does nothing, while the non-sandboxed version works as expected.
I don’t know if this has anything to do with your issue.

One difference between a sandboxed and non-sandboxed app is that the “home directory” in a sandboxed app is inside the application container, not the current users home directory.

~/ ==> non-sandboxed home directory
~/Library/Containers/com.example.appid/Data/ ==> sandboxed home directory

You will not be able to create/access anything outside of the sandbox container without going through Powerbox or adding appropriate entitlements.

Marc


Re: Sandboxed WkWebView

Gerriet M. Denkmann
 

Some further notes:

NSString *porcupine = @"เม่น";
NSData *utf8Data = [ porcupine dataUsingEncoding: NSUTF8StringEncoding ];
NSString *badPorcupine = [ [ NSString alloc ] initWithData: utf8Data encoding: NSASCIIStringEncoding ];
NSLog(@"NSASCIIStringEncoding \"%@\" → \"%@\"", porcupine, badPorcupine);
prints:
NSASCIIStringEncoding “เม่น" → "เม่น"

Please note that the path to the home directory is *not* guaranteed to be Ascii: if anything in ”/Users/username” is a symbolic link then this assumption is no longer valid.
NSLog(@"home \"%@\"", @"~".stringByExpandingTildeInPath);
prints:
home "/Volumes/เม่น/Users/gerriet/Library/Containers/de.mdenkmann.TestViewsMac/Data"

This said, the porcupine in my home directory seems to be a red herring:
Even without non-Ascii characters in the path to the home directory a sandboxed WkWebView just does nothing, while the non-sandboxed version works as expected.

Gerriet.

P.S. macOS 12.6

On 16 Oct 2017, at 19:23, Gerriet M. Denkmann <g@...> wrote:


On 16 Oct 2017, at 18:58, Sandor Szatmari <admin.szatmari.net@...> wrote:

One thing that can cause delegate methods to never be called is if there’s been some sort of exception thrown, one that doesn’t crash the app but causes SDK internals to get all mucked up.
Do you have a catch all Objc exception breakpoint set?
Yes I have, and: No there are no exceptions.

I can imaging if the path to the volume is getting mangled and everything ‘seems’ ok that some call is failing and causing your delegate reference to fail.

Sandor

On Oct 16, 2017, at 07:46, Gerriet M. Denkmann <g@...> wrote:

macOS 12.6

When I start my sandboxed app, I get lots of messages like:

“could not create “/Volumes/เม่น/Users/gerriet/Library/Containers/….”."

Of course there is no disk-partition called “เม่น”.

And when I check “/Volumes/เม่น™/Users/gerriet/Library/Containers/….” all complained about folders have been created.

So far so confusing.


But when I do [ wkWebView loadHTMLString: … ] I see again:

“could not create “/Volumes/เม่น/Users/gerriet/Library/Containers/de.mdenkmann.TestViewsMac/Data/Library/Caches/WebKit/NetworkCache”"

and then nothing happens - no delegate method is ever called and the view remains blank.

Any idea what I am doing wrong?

Gerriet.

P.S. works fine without sandboxing. And WebView works with or without sandboxing.


Re: Sandboxed WkWebView

Gerriet M. Denkmann
 

On 16 Oct 2017, at 18:58, Sandor Szatmari <admin.szatmari.net@...> wrote:

One thing that can cause delegate methods to never be called is if there’s been some sort of exception thrown, one that doesn’t crash the app but causes SDK internals to get all mucked up.
Do you have a catch all Objc exception breakpoint set?
Yes I have, and: No there are no exceptions.

I can imaging if the path to the volume is getting mangled and everything ‘seems’ ok that some call is failing and causing your delegate reference to fail.

Sandor

On Oct 16, 2017, at 07:46, Gerriet M. Denkmann <g@...> wrote:

macOS 12.6

When I start my sandboxed app, I get lots of messages like:

“could not create “/Volumes/เม่น/Users/gerriet/Library/Containers/….”."

Of course there is no disk-partition called “เม่น”.

And when I check “/Volumes/เม่น™/Users/gerriet/Library/Containers/….” all complained about folders have been created.

So far so confusing.


But when I do [ wkWebView loadHTMLString: … ] I see again:

“could not create “/Volumes/เม่น/Users/gerriet/Library/Containers/de.mdenkmann.TestViewsMac/Data/Library/Caches/WebKit/NetworkCache”"

and then nothing happens - no delegate method is ever called and the view remains blank.

Any idea what I am doing wrong?

Gerriet.

P.S. works fine without sandboxing. And WebView works with or without sandboxing.





Re: Sandboxed WkWebView

Sandor Szatmari
 

One thing that can cause delegate methods to never be called is if there’s been some sort of exception thrown, one that doesn’t crash the app but causes SDK internals to get all mucked up. Do you have a catch all Objc exception breakpoint set? I can imaging if the path to the volume is getting mangled and everything ‘seems’ ok that some call is failing and causing your delegate reference to fail.

Sandor

On Oct 16, 2017, at 07:46, Gerriet M. Denkmann <g@...> wrote:

macOS 12.6

When I start my sandboxed app, I get lots of messages like:

“could not create “/Volumes/เม่น/Users/gerriet/Library/Containers/….”."

Of course there is no disk-partition called “เม่น”.

And when I check “/Volumes/เม่น™/Users/gerriet/Library/Containers/….” all complained about folders have been created.

So far so confusing.


But when I do [ wkWebView loadHTMLString: … ] I see again:

“could not create “/Volumes/เม่น/Users/gerriet/Library/Containers/de.mdenkmann.TestViewsMac/Data/Library/Caches/WebKit/NetworkCache”"

and then nothing happens - no delegate method is ever called and the view remains blank.

Any idea what I am doing wrong?

Gerriet.

P.S. works fine without sandboxing. And WebView works with or without sandboxing.





Re: Sandboxed WkWebView

Sandor Szatmari
 

One thing that can cause delegate methods to never be called is if there’s been some sort of exception thrown, one that doesn’t crash the app but causes SDK internals to get all mucked up. Do you have a catch all Objc exception breakpoint set? I can imaging if the path to the volume is getting mangled and everything ‘seems’ ok that some call is failing and causing your delegate reference to fail.

Sandor

On Oct 16, 2017, at 07:46, Gerriet M. Denkmann <g@...> wrote:

macOS 12.6

When I start my sandboxed app, I get lots of messages like:

“could not create “/Volumes/เม่น/Users/gerriet/Library/Containers/….”."

Of course there is no disk-partition called “เม่น”.

And when I check “/Volumes/เม่น™/Users/gerriet/Library/Containers/….” all complained about folders have been created.

So far so confusing.


But when I do [ wkWebView loadHTMLString: … ] I see again:

“could not create “/Volumes/เม่น/Users/gerriet/Library/Containers/de.mdenkmann.TestViewsMac/Data/Library/Caches/WebKit/NetworkCache”"

and then nothing happens - no delegate method is ever called and the view remains blank.

Any idea what I am doing wrong?

Gerriet.

P.S. works fine without sandboxing. And WebView works with or without sandboxing.





Sandboxed WkWebView

Gerriet M. Denkmann
 

macOS 12.6

When I start my sandboxed app, I get lots of messages like:

“could not create “/Volumes/เม่น/Users/gerriet/Library/Containers/….”."

Of course there is no disk-partition called “เม่น”.

And when I check “/Volumes/เม่น™/Users/gerriet/Library/Containers/….” all complained about folders have been created.

So far so confusing.


But when I do [ wkWebView loadHTMLString: … ] I see again:

“could not create “/Volumes/เม่น/Users/gerriet/Library/Containers/de.mdenkmann.TestViewsMac/Data/Library/Caches/WebKit/NetworkCache”"

and then nothing happens - no delegate method is ever called and the view remains blank.

Any idea what I am doing wrong?

Gerriet.

P.S. works fine without sandboxing. And WebView works with or without sandboxing.


Re: iOS automatic build number incrementing.

Dave Fernandes
 

I add this script to my build phases:
https://gist.github.com/slangley/f09aaa11bba608478546

On Oct 14, 2017, at 1:30 AM, Alex Zavatone <zav@...> wrote:

Earlier today, I finally added this to my latest app in a way that doesn’t constantly dirty the info.plist file. I’ve been trying it out for the day and it seems to handle the initial need.

I’ve written up a how to for a friend on this, including the basic needs this solves and how to add it to your Objective-C app in Xcode 9, iOS. If anyone thinks it would be useful, and wants me to forward it your way, please email me and I’ll send it over.

Happy Friday,
Alex Zavatone


iOS automatic build number incrementing.

Alex Zavatone
 

Earlier today, I finally added this to my latest app in a way that doesn’t constantly dirty the info.plist file. I’ve been trying it out for the day and it seems to handle the initial need.

I’ve written up a how to for a friend on this, including the basic needs this solves and how to add it to your Objective-C app in Xcode 9, iOS. If anyone thinks it would be useful, and wants me to forward it your way, please email me and I’ll send it over.

Happy Friday,
Alex Zavatone


Re: [XCode] Developer ID code signing - still exists?

Roland King
 

have her export the private key and send it to you (properly passworded) so you can import it into your keychain.

(don't know why messages show up so slowly on this list .. still haven't seen my reply from this morning).

On 12/10/2017 09:51, Graham Cox wrote:

Yep, I since discovered the same thing. The account owner (not me) was able to create Developer ID certs, but there’s still a problem - because she requested the cert (using Keychain Access), when I download the cert, there’s no associated private key, so signing still fails, but now with a slightly different error message.

We don’t know how to resolve this. I’ve asked Apple support, seems they may have broken something, or else we just don’t understand how it’s supposed to work (quite likely). Waiting on their response.

—Graham





On 12 Oct 2017, at 11:46 am, Quincey Morris <quinceymorris@...> wrote:

It’s missing for me on my “regular” Apple ID team role. However, when I logged in as the account owner (team agent), the extra Developer ID option was shown. I’m pretty sure this is (relatively) new — I think I used to do this as just admin role.

On Oct 11, 2017, at 16:51 , Graham Cox <graham@...> wrote:

Suddenly, the option to do this disappeared from XCode.






Re: [XCode] Developer ID code signing - still exists?

Roland King
 

I have the Developer ID option on that screen, it's just below the Website Push ID one for me.

Perhaps go check the agreements section and see if there's one which has been updated you need to click on.

Otherwise a call to Apple is in your future.


On 12/10/2017 07:51, Graham Cox wrote:

Hi all,

Run into another code signing issue.

I distribute an app outside the App Store, so I use a Developer ID to sign it. Suddenly, the option to do this disappeared from XCode. When I attempt it, I get the following error:


(If the screenshot wasn’t allowed, it has

Failed to locate or generate matching signing assets:
Xcode attempted to locate or generate matching signing assets and failed to do so because of the following issues
Permissions failure
Your account does not have permission to create MacOS App Direct Distribution certificates.)

So, I go to apple developer site to see what’s going on. Under my Mac OS signing certificates, I have a development ID, and certs forthe App Store. But no Developer ID cert. When I go to add one, there is no option available:


(I really hope we can attach screenshots, because decribing this one is tedious. But the gist is: there’s no option to request a Developer ID certificate, only a development cert, or Mac App Store (plus push notifications, et, which are irrelvant to me).

We have checked and we’re fully paid up, so we see no reason that Developer ID certificates shoukd be unavailable to us.

Are they still supported? If not, what am I supposed to do to sign my app?

—Graham





Re: [XCode] Developer ID code signing - still exists?

Alex Zavatone
 

On Oct 12, 2017, at 10:16 AM, Alex Zavatone <zav@...> wrote:


On Oct 11, 2017, at 8:51 PM, Graham Cox <graham@...> wrote:


Yep, I since discovered the same thing. The account owner (not me) was able to create Developer ID certs, but there’s still a problem - because she requested the cert (using Keychain Access), when I download the cert, there’s no associated private key, so signing still fails, but now with a slightly different error message.
The same person who requests the key is the one that needs to download and install it. You need to be an admin on the dev site, or whomever is needs to request it, download and install it and then export the p12 file and send it to you.

There is a very good commercial book on this that has a chapter that explains this in depth.
Here’s the book, Graham. I strongly recommend that you get it and read chapter 2. Lots of what you want to do for Mac OS is the same as it is for iOS.

https://www.safaribooksonline.com/library/view/essential-ios-build/9781449314781/ch01.html

http://shop.oreilly.com/product/0636920022282.do

GL.

- Alex Zavatone

1121 - 1140 of 1478