System Configuration: MacOS 10.7.5 Windows 7 AIR SDK 3.9 Certificates in use: Thawte (AIR certification) Comodo (Windows Installer certification) Apple Mac Developer (MacOS Application/Installer certification)
Summary: We're going through an unknown build situation of native installer, in MacOS here. We thought to post the issue here, if the community can help in some way. We're trying to sign native installers both for Windows and MacOS, with ADT. We succeeded so far to sign the installer (and its executable) with the combination of Thawte + Comodo certificates with ADT. The signature verification process shown that both the installer and its installed executable signed properly. When doing the same process for/in MacOS with ADT (with Thawte + Comodo, or, Thawte + Apple Mac Developer key), adt is throwing error - "Native signing not supported on mac" We previously packaged signed .pkg file with Apple Mac Developer key and with the help of adt (to sign .app file) and productbuild (to sign and package .pkg file) in MacOS. But we've found there is a good differences in size of the files - .pkg (25 MB), .dmg (3 MB). We know this is since .pkg file has captive runtime bundled. We are looking for ways to sign a .dmg file which we can package without captive runtime included. Follows are a number of steps we tested so far (in MacOS), and looking to the community - if they can help in someway to make a successful signing process. The command which makes the Windows build a success: Found at http://help.adobe.com/en_US/air/build/WS789ea67d3e73a8b22388411123785d839c-8000.html<http://www.linkedin.com/redirect?url=http%3A%2F%2Fhelp%2Eadobe%2Ecom%2Fen_US%2Fair%2Fbuild%2FWS789ea67d3e73a8b22388411123785d839c-8000%2Ehtml&urlhash=WXlE&_t=tracking_anet>. Our final process involves creating an .airi file, sign it and therefore use it to build a native installer - adt -prepare MyApplicationAIRI.airi MyApplication-app.xml MyApplication.swf adt -sign -storetype pkcs12 -keystore ThawteAIRCertificate.p12 -storepass **** MyApplicationAIRI.airi MyApplicationAIR.air adt -package -storetype pkcs12 -keystore ThawteAIRCertificate.p12 -storepass **** -target native -storetype pkcs12 -keystore ComodoWinInstallerCertificate.p12 -storepass **** MyApplication.exe MyApplicationAIRI.airi (Note: the last command is the combination use of both the AIR and Windows Installer certificates as mentioned in Adobe documentation link - which Only we've found signs both the installer and its executable properly) The command when used in MacOS ADT: We tried with both Comodo and Apple Mac Developer key for this process, in combination with Thawte AIR certificate key. adt -package -storetype pkcs12 -keystore ThawteAIRCertificate.p12 -storepass **** -target native -storetype pkcs12 -keystore ComodoInstallerCertificate.p12 -storepass **** MyApplication.dmg MyApplicationAIRI.airi or adt -package -storetype pkcs12 -keystore ThawteAIRCertificate.p12 -storepass **** -target native -storetype pkcs12 -keystore AppleMacDeveloperKey.p12 -storepass **** MyApplication.dmg MyApplicationAIRI.airi But, both the process returns only same error: Native signing not supported on mac We tried with other so many combinations like, adt -package -storetype pkcs12 -keystore AppleMacDeveloperKey.p12 -storepass **** -target native MyApplication.dmg MyApplicationAIRI.airi Which returns: Unable to build a valid certificate chain for the signer. or, adt -package -storetype pkcs12 -keystore ThawteAIRCertificate.p12 -storepass **** -target native MyApplication.dmg MyApplicationAIRI.airi Which found never signed when validating with 'codesign' utility in MacOS. There is also almost no documentation/discucussion we've found over net. We're draining out of ideas as well but only assumption. Now if the community can suggest something over the line, we would be grateful. Thanks!
