Date
1 - 8 of 8
[XCode] Developer ID code signing - still exists?
|
Graham Cox
Hi all,
Run into another code signing issue. I distribute an app outside the App Store, so I use a Developer ID to sign it. Suddenly, the option to do this disappeared from XCode. When I attempt it, I get the following error:  (If the screenshot wasn’t allowed, it has Failed to locate or generate matching signing assets: Xcode attempted to locate or generate matching signing assets and failed to do so because of the following issues Permissions failure Your account does not have permission to create MacOS App Direct Distribution certificates.) So, I go to apple developer site to see what’s going on. Under my Mac OS signing certificates, I have a development ID, and certs forthe App Store. But no Developer ID cert. When I go to add one, there is no option available:  (I really hope we can attach screenshots, because decribing this one is tedious. But the gist is: there’s no option to request a Developer ID certificate, only a development cert, or Mac App Store (plus push notifications, et, which are irrelvant to me). We have checked and we’re fully paid up, so we see no reason that Developer ID certificates shoukd be unavailable to us. Are they still supported? If not, what am I supposed to do to sign my app? —Graham |
|
|
|
Quincey Morris
It’s missing for me on my “regular” Apple ID team role. However, when I logged in as the account owner (team agent), the extra Developer ID option was shown. I’m pretty sure this is (relatively) new — I think I used to do this as just admin role.
toggle quoted message
Show quoted text
|
|
|
|
Graham Cox
Yep, I since discovered the same thing. The account owner (not me) was able to create Developer ID certs, but there’s still a problem - because she requested the cert (using Keychain Access), when I download the cert, there’s no associated private key, so signing still fails, but now with a slightly different error message.
toggle quoted message
Show quoted text
We don’t know how to resolve this. I’ve asked Apple support, seems they may have broken something, or else we just don’t understand how it’s supposed to work (quite likely). Waiting on their response. —Graham On 12 Oct 2017, at 11:46 am, Quincey Morris <quinceymorris@...> wrote: |
|
|
|
Quincey Morris
That is by design, because the ability to download the private key is a pretty big security hole. The account owner can go to her login keychain and export the certificate and keys as a .p12 file which you can import into your keychain.
toggle quoted message
Show quoted text
Alternatively, she can export her developer profile from Xcode itself and you can import it. However, I avoid this because it’s not clear whether this will transfer other information which you don’t want overriding your current Xcode setup, or shouldn’t have.
|
|
|
|
Alex Zavatone
On Oct 11, 2017, at 8:51 PM, Graham Cox <graham@...> wrote:The same person who requests the key is the one that needs to download and install it. You need to be an admin on the dev site, or whomever is needs to request it, download and install it and then export the p12 file and send it to you. There is a very good commercial book on this that has a chapter that explains this in depth. We don’t know how to resolve this. I’ve asked Apple support, seems they may have broken something, or else we just don’t understand how it’s supposed to work (quite likely). Waiting on their response. |
|
|
|
Alex Zavatone
On Oct 12, 2017, at 10:16 AM, Alex Zavatone <zav@...> wrote:Here’s the book, Graham. I strongly recommend that you get it and read chapter 2. Lots of what you want to do for Mac OS is the same as it is for iOS.On Oct 11, 2017, at 8:51 PM, Graham Cox <graham@...> wrote:The same person who requests the key is the one that needs to download and install it. You need to be an admin on the dev site, or whomever is needs to request it, download and install it and then export the p12 file and send it to you. https://www.safaribooksonline.com/library/view/essential-ios-build/9781449314781/ch01.html http://shop.oreilly.com/product/0636920022282.do GL. - Alex Zavatone |
|
|
|
Roland King
I have the Developer ID option on that screen,
it's just below the Website Push ID one for me. Perhaps go check the agreements section and see
if there's one which has been updated you need to click on. Otherwise a call to Apple is in your future. On 12/10/2017 07:51, Graham Cox wrote:
Hi all, |
|
|
|
Roland King
have her export the private key and send it to you
(properly passworded) so you can import it into your keychain.
toggle quoted message
Show quoted text
(don't know why messages show up so slowly on this list .. still haven't seen my reply from this morning). On 12/10/2017 09:51, Graham Cox wrote:
Yep, I since discovered the same thing. The account owner (not me) was able to create Developer ID certs, but there’s still a problem - because she requested the cert (using Keychain Access), when I download the cert, there’s no associated private key, so signing still fails, but now with a slightly different error message. We don’t know how to resolve this. I’ve asked Apple support, seems they may have broken something, or else we just don’t understand how it’s supposed to work (quite likely). Waiting on their response. —GrahamOn 12 Oct 2017, at 11:46 am, Quincey Morris <quinceymorris@...> wrote: It’s missing for me on my “regular” Apple ID team role. However, when I logged in as the account owner (team agent), the extra Developer ID option was shown. I’m pretty sure this is (relatively) new — I think I used to do this as just admin role.On Oct 11, 2017, at 16:51 , Graham Cox <graham@...> wrote: Suddenly, the option to do this disappeared from XCode. |
|
|
