Closed donbowman closed 10 months ago
Oh, my apologies, you run 1 of the commands, not each.
So i have the .cer file downloaded from apple
rcodesign sign --dem-source developerID_application.cer binary
returns no error
rcodesign verify agilicus-agent-darwin-amd64
says no cryptographic signature present
(but I see in another issue that maybe the verify is not strong)
rcodesign notary-submit --staple --api-key-path ./key.json binary
says
Error: do not know how to notarize binary
but it does not appear that it contacted an api, it just immediately says this, making me suspect its not signed.
the sign-step does indeed change the binary (sha256 sum before and after).
in case others hit this, i found that the notary-submit does take a MACHO binary, see:
https://github.com/indygreg/apple-platform-rs/blob/main/apple-codesign/src/notarization.rs#L189
Zip the file and it gets further now.
The instructions https://gregoryszorc.com/docs/apple-codesign/stable/apple_codesign_certificate_management.html#
say:
but I am not sure how to create the p12. I have the apple .cer downloaded. I tried: openssl pkcs12 -export -out key.pfx -inkey private.pem -in developerID_application.cer
to create a key.pfx, but when doing rcodesign sign, I get:
Error: incorrect password given when decrypting PFX data
What is the magic incantation to create the key.p12/pfx from the private-key/certificate such that rcodesign will ingest it on the signing pass?