So... Stapling always staples the app, regardless if it is nested in one container or more.
When you send your app as pkg, dmg or as pkg on dmg to apple, then you can staple those containers, because the stapling goes "through" and the stapling information is written to the .app inside the container. When you sent a .zip file to Apple, then you have to staple the .app itself. You do not need to extract the zip and staple that .app. You can staple the app from which you've created the .zip. The .zip file can be deleted, because it is not needed anymore. - Matthias Rebbe Life Is Too Short For Boring Code > Am 06.05.2021 um 10:28 schrieb Tiemo via use-livecode > <use-livecode@lists.runrev.com>: > > One question is left for me about notarization and stapling. If you have an > app, which is packaged and the package is wrapped in a DMG, which instance > should be notarized and which stapled? All three, each one after the other, > before proceeding to the next step, or only the outer shell, in this case the > DMG? > > Is the notarization/stapeling checked by the gatekeeper only once at > installation time or at each start of the app? > If I would only notarize and staple the outer DMG, is the notarization and > stapling be automatically issued downwards to the content of the DMG down to > the package and the app inside the package? Or on the other hand, would it > interfere the process, if I would do notarization and stapling at each step? > > Thanks for getting some insight in gatekeepers behaviour. > > @Matthias: perhaps you want to add this information also in you doc in > chapter 7 / 7.5 to clarify this question? > > Thanks > Tiemo > > -----Ursprüngliche Nachricht----- > Von: use-livecode <use-livecode-boun...@lists.runrev.com> Im Auftrag von > matthias rebbe via use-livecode > Gesendet: Donnerstag, 6. Mai 2021 01:18 > An: How to use LiveCode <use-livecode@lists.runrev.com> > Cc: matthias_livecode_150...@m-r-d.de > Betreff: Re: notarizing DMG fails - solved > > Thanks Phil. > > > @all > I've updated the lesson at > > https://lessons.livecode.com/m/4071/l/1122100-codesigning-and-notarizing-your-lc-standalone-for-distribution-outside-the-mac-appstore > > now and added detailed information about package installers. > So it now contains also information about how to create,sign and notarize > package installers or package installers on dmg. > > > It would be really awesome, if someone could check it. I needed to insert > some additional steps and i really hope that i did not forget to adjust some > references to internal steps. > > So please let me if you find any errors, typos or wrong information. > > Thanks. > > Matthias > > >> Am 05.05.2021 um 19:49 schrieb Phil Davis via use-livecode >> <use-livecode@lists.runrev.com>: >> >> Thank you Matthias! Your tools make my life SO much easier! You have >> done a great service for this community. >> >> Phil Davis >> >> >> On 5/5/21 2:20 AM, matthias rebbe via use-livecode wrote: >>>> Am 05.05.2021 um 11:10 schrieb Tiemo via use-livecode >>>> <use-livecode@lists.runrev.com>: >>>> >>>> Thank you all for helping my lost soul in Apples notarizing nirvana >>>> >>>> Tiemo >>>> >>>> P.S. >>>> Matthias, perhaps you want to add this in your great helpfile - without >>>> that it would have taken weeks for me! >>>> >>> I am currently working on it. ;) >>> First i will just add a note, but later, when i have more free time i will >>> enhance it to describe all more detailed. >>> >>> The Helper Stack will also get an update to support package installers. But >>> it takes some time. >>> >>> >>> >>>> -----Ursprüngliche Nachricht----- >>>> Von: use-livecode <use-livecode-boun...@lists.runrev.com> Im Auftrag >>>> von matthias rebbe via use-livecode >>>> Gesendet: Mittwoch, 5. Mai 2021 10:31 >>>> An: How to use LiveCode <use-livecode@lists.runrev.com> >>>> Cc: matthias_livecode_150...@m-r-d.de >>>> Betreff: Re: notarizing DMG fails >>>> >>>> Tiemo, >>>> >>>> i think i found the solution. I tried here myself and did als get the >>>> error "this identity cannot be used for signing code" when using the >>>> Developer ID Installer certificate for signing the .pkg. >>>> According to Apple (see point 2) >>>> https://help.apple.com/xcode/mac/current/#/deve51ce7c3d >>>> >>>> you have to use the tool productsign to sign the package installer. >>>> >>>> So the syntax is like this >>>> >>>> productsign --sign <Your_Developer_Installer_ID> <Path_to_PKG> >>>> <Path_where_the_signed_PKG_shall_be written> >>>> >>>> Example >>>> productsign --sign "Developer ID Installer: Matthias Rebbe (xxxxxxxx)" >>>> "/users/matthias/LC/builts/test/test.pkg" >>>> "/users/matthias/LC/builts/test/test_signed.pkg" >>>> >>>> After successful signing i got this messages in Terminal >>>> >>>> productsign: using timestamp authority for signature >>>> productsign: signing product with identity "Developer ID Installer: >>>> Matthias Rebbe (xxxxxxxx)" from keychain >>>> /Users/matthias/Library/Keychains/login.keychain-db >>>> productsign: adding certificate "Developer ID Certification Authority" >>>> productsign: adding certificate "Apple Root CA" >>>> productsign: Wrote signed product archive to >>>> /users/matthias/LC/builts/test/test_signed.pkg >>>> >>>> >>>> Regards >>>> >>>> - >>>> Matthias Rebbe >>>> Life Is Too Short For Boring Code >>> >>> _______________________________________________ >>> use-livecode mailing list >>> use-livecode@lists.runrev.com >>> Please visit this url to subscribe, unsubscribe and manage your >>> subscription preferences: >>> http://lists.runrev.com/mailman/listinfo/use-livecode >> >> -- >> Phil Davis >> 503-307-4363 >> >> >> _______________________________________________ >> use-livecode mailing list >> use-livecode@lists.runrev.com >> Please visit this url to subscribe, unsubscribe and manage your subscription >> preferences: >> http://lists.runrev.com/mailman/listinfo/use-livecode > > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
