Re: Code Signing

Peter Hudson

Sorry didn’t explain properly Alex.  It is a macOS app.

The license issue is about whether, for now, I can sign the application with the license file in /Contents in the bundle.
Or, as each license is different, I need to place it outside the bundle. 

I couldn’t determine, from the docs to hand, whether putting the license in the bundle would be a problem in the context of signing.

I’ll share what unfolds !




On 10 Feb 2021, at 17:21, Alex Zavatone via <zav@...> wrote:

On Feb 10, 2021, at 10:23 AM, Peter Hudson via <Peter.hudson@...> wrote:


Book suggestion looks good - have got a copy on the way !

Have been looking at the keychain as a home for the license file as part of the reorg for signing.

I’m not sure I understand.  Your license for a purchaser and the code signing should be two different things.  If you grant a license to a purchaser, then simply storing the license value in the keychain should be all you need for that, but you still will need to sort out code signing separately.

You also mentioned notarizing.   The book existed before that process, but the concepts in chapter 4 are foundational to wrap your head around code signing.

It just occurred to me that since you’re notarizing your app you need to code sign a Mac app. not an iOS one.  It’s still really important to understand the guts behind code signing and the book will help.

Here is a brief on Mac app notarizing that may help. 

Note the details about Hardened Runtime.  Is that enabled in your app?

Good luck.  Please share what you find.  

Alex Zavatone

Many thanks


On 10 Feb 2021, at 16:02, Alex Zavatone via <zav@...> wrote:

FYI, you should be storing the license in a more secure location such as the keychain.

On Feb 10, 2021, at 9:55 AM, Alex Zavatone via <zav@...> wrote:

Chapter 4 of Essential Build and Release by Ron Roche is what got me what I needed to learn.

Alex Zavatone

On Feb 10, 2021, at 9:48 AM, Peter Hudson via <Peter.hudson@...> wrote:


I finally need to sign an app that has been running for some time.  I’m looking at what docs I can find and two questions emerge.

1.    Could anybody point me at the best instructions for code signing / notarisation - I have never done it before.
   I’ve looked at the docs in Xcode and they seem to raise more questions than they solve.

2.    I currently squirrel away the license file for each install in the Contents folder of the bundle. 
   The license file is a simple text file and is different for each install.
   I wondered if this is going to cause problems in the context of code signing ?

Many thanks


Join to automatically receive all group messages.