documentation issue on p12-file on "Managing Code Signing Certificates"

[donbowman]

The instructions https://gregoryszorc.com/docs/apple-codesign/stable/apple_codesign_certificate_management.html#

say:

openssl genrsa -out private.pem 2048
rcodesign generate-certificate-signing-request --pem-source private.pem
rcodesign generate-certificate-signing-request --p12-file key.p12

but I am not sure how to create the p12. I have the apple .cer downloaded. I tried: openssl pkcs12 -export -out key.pfx -inkey private.pem -in developerID_application.cer

to create a key.pfx, but when doing rcodesign sign, I get: Error: incorrect password given when decrypting PFX data

What is the magic incantation to create the key.p12/pfx from the private-key/certificate such that rcodesign will ingest it on the signing pass?

[donbowman]

Oh, my apologies, you run 1 of the commands, not each.

So i have the .cer file downloaded from apple

rcodesign sign --dem-source developerID_application.cer binary returns no error rcodesign verify agilicus-agent-darwin-amd64 says no cryptographic signature present (but I see in another issue that maybe the verify is not strong) rcodesign notary-submit --staple --api-key-path ./key.json binary says Error: do not know how to notarize binary

but it does not appear that it contacted an api, it just immediately says this, making me suspect its not signed.

the sign-step does indeed change the binary (sha256 sum before and after).

[mfmarche]

in case others hit this, i found that the notary-submit does take a MACHO binary, see:

https://github.com/indygreg/apple-platform-rs/blob/main/apple-codesign/src/notarization.rs#L189

Zip the file and it gets further now.