[XCode] Developer ID code signing - still exists?


Roland King
 

have her export the private key and send it to you (properly passworded) so you can import it into your keychain.

(don't know why messages show up so slowly on this list .. still haven't seen my reply from this morning).

On 12/10/2017 09:51, Graham Cox wrote:

Yep, I since discovered the same thing. The account owner (not me) was able to create Developer ID certs, but there’s still a problem - because she requested the cert (using Keychain Access), when I download the cert, there’s no associated private key, so signing still fails, but now with a slightly different error message.

We don’t know how to resolve this. I’ve asked Apple support, seems they may have broken something, or else we just don’t understand how it’s supposed to work (quite likely). Waiting on their response.

—Graham





On 12 Oct 2017, at 11:46 am, Quincey Morris <quinceymorris@...> wrote:

It’s missing for me on my “regular” Apple ID team role. However, when I logged in as the account owner (team agent), the extra Developer ID option was shown. I’m pretty sure this is (relatively) new — I think I used to do this as just admin role.

On Oct 11, 2017, at 16:51 , Graham Cox <graham@...> wrote:

Suddenly, the option to do this disappeared from XCode.






Roland King
 

I have the Developer ID option on that screen, it's just below the Website Push ID one for me.

Perhaps go check the agreements section and see if there's one which has been updated you need to click on.

Otherwise a call to Apple is in your future.


On 12/10/2017 07:51, Graham Cox wrote:

Hi all,

Run into another code signing issue.

I distribute an app outside the App Store, so I use a Developer ID to sign it. Suddenly, the option to do this disappeared from XCode. When I attempt it, I get the following error:


(If the screenshot wasn’t allowed, it has

Failed to locate or generate matching signing assets:
Xcode attempted to locate or generate matching signing assets and failed to do so because of the following issues
Permissions failure
Your account does not have permission to create MacOS App Direct Distribution certificates.)

So, I go to apple developer site to see what’s going on. Under my Mac OS signing certificates, I have a development ID, and certs forthe App Store. But no Developer ID cert. When I go to add one, there is no option available:


(I really hope we can attach screenshots, because decribing this one is tedious. But the gist is: there’s no option to request a Developer ID certificate, only a development cert, or Mac App Store (plus push notifications, et, which are irrelvant to me).

We have checked and we’re fully paid up, so we see no reason that Developer ID certificates shoukd be unavailable to us.

Are they still supported? If not, what am I supposed to do to sign my app?

—Graham





Alex Zavatone
 

On Oct 12, 2017, at 10:16 AM, Alex Zavatone <zav@...> wrote:


On Oct 11, 2017, at 8:51 PM, Graham Cox <graham@...> wrote:


Yep, I since discovered the same thing. The account owner (not me) was able to create Developer ID certs, but there’s still a problem - because she requested the cert (using Keychain Access), when I download the cert, there’s no associated private key, so signing still fails, but now with a slightly different error message.
The same person who requests the key is the one that needs to download and install it. You need to be an admin on the dev site, or whomever is needs to request it, download and install it and then export the p12 file and send it to you.

There is a very good commercial book on this that has a chapter that explains this in depth.
Here’s the book, Graham. I strongly recommend that you get it and read chapter 2. Lots of what you want to do for Mac OS is the same as it is for iOS.

https://www.safaribooksonline.com/library/view/essential-ios-build/9781449314781/ch01.html

http://shop.oreilly.com/product/0636920022282.do

GL.

- Alex Zavatone


Alex Zavatone
 

On Oct 11, 2017, at 8:51 PM, Graham Cox <graham@...> wrote:


Yep, I since discovered the same thing. The account owner (not me) was able to create Developer ID certs, but there’s still a problem - because she requested the cert (using Keychain Access), when I download the cert, there’s no associated private key, so signing still fails, but now with a slightly different error message.
The same person who requests the key is the one that needs to download and install it. You need to be an admin on the dev site, or whomever is needs to request it, download and install it and then export the p12 file and send it to you.

There is a very good commercial book on this that has a chapter that explains this in depth.

We don’t know how to resolve this. I’ve asked Apple support, seems they may have broken something, or else we just don’t understand how it’s supposed to work (quite likely). Waiting on their response.

—Graham


Quincey Morris
 

That is by design, because the ability to download the private key is a pretty big security hole. The account owner can go to her login keychain and export the certificate and keys as a .p12 file which you can import into your keychain.

Alternatively, she can export her developer profile from Xcode itself and you can import it. However, I avoid this because it’s not clear whether this will transfer other information which you don’t want overriding your current Xcode setup, or shouldn’t have.

On Oct 11, 2017, at 18:51 , Graham Cox <graham@...> wrote:

I download the cert, there’s no associated private key, so signing still fails, but now with a slightly different error message.


Graham Cox
 

Yep, I since discovered the same thing. The account owner (not me) was able to create Developer ID certs, but there’s still a problem - because she requested the cert (using Keychain Access), when I download the cert, there’s no associated private key, so signing still fails, but now with a slightly different error message.

We don’t know how to resolve this. I’ve asked Apple support, seems they may have broken something, or else we just don’t understand how it’s supposed to work (quite likely). Waiting on their response.

—Graham

On 12 Oct 2017, at 11:46 am, Quincey Morris <quinceymorris@...> wrote:

It’s missing for me on my “regular” Apple ID team role. However, when I logged in as the account owner (team agent), the extra Developer ID option was shown. I’m pretty sure this is (relatively) new — I think I used to do this as just admin role.

On Oct 11, 2017, at 16:51 , Graham Cox <graham@...> wrote:

Suddenly, the option to do this disappeared from XCode.


Quincey Morris
 

It’s missing for me on my “regular” Apple ID team role. However, when I logged in as the account owner (team agent), the extra Developer ID option was shown. I’m pretty sure this is (relatively) new — I think I used to do this as just admin role.

On Oct 11, 2017, at 16:51 , Graham Cox <graham@...> wrote:

Suddenly, the option to do this disappeared from XCode.


Graham Cox
 

Hi all,

Run into another code signing issue.

I distribute an app outside the App Store, so I use a Developer ID to sign it. Suddenly, the option to do this disappeared from XCode. When I attempt it, I get the following error:


(If the screenshot wasn’t allowed, it has

Failed to locate or generate matching signing assets:
Xcode attempted to locate or generate matching signing assets and failed to do so because of the following issues
Permissions failure
Your account does not have permission to create MacOS App Direct Distribution certificates.)

So, I go to apple developer site to see what’s going on. Under my Mac OS signing certificates, I have a development ID, and certs forthe App Store. But no Developer ID cert. When I go to add one, there is no option available:


(I really hope we can attach screenshots, because decribing this one is tedious. But the gist is: there’s no option to request a Developer ID certificate, only a development cert, or Mac App Store (plus push notifications, et, which are irrelvant to me).

We have checked and we’re fully paid up, so we see no reason that Developer ID certificates shoukd be unavailable to us.

Are they still supported? If not, what am I supposed to do to sign my app?

—Graham