Simplify import of signing certificates on macos executors
J
Jrherrick
Apple makes it non-trivial to sign OS X applications and installers. As it stands, getting signing certificates from one development machine to another is an undertaking; getting them onto a macos executor is very difficult, especially if you're not building an XCode-based project (e.g. Electron apps), but increased security restrictions on each release of OS X makes it mandatory if you want to distribute your application. Providing a relatively easy way to import the signing certificates into a project's settings (as well as documentation on how to export the certificates properly) would be enormously helpful when building non-XCode applications and installers.
CCI-I-797
Oran Wilder
open
Alexa Zeazas Loper
under review
Alexa Zeazas Loper
open
Alexa Zeazas Loper
under review
We are looking into ways to improve our code signing experience, though it isn't on our roadmap for this year. Once we have identified a good path forward and better understand the timeline, I will be sure to provide an update!
S
Sam Olukotun
Currently we support Fastlane for code signing; it would be nice to support non-Fastlane alternatives.
J
Jrherrick
This is actually even more important now with the addition of Apple's notarization requirement. I managed to get the build working for our Electron application without too much trouble, but have to a lot of work in the build configuration to try and get it working with the Maven build for a Java application using install4j: installing install4j each time (not relevant to the signing/notarization requirement but still), configuring the Maven settings.xml (required for install4j configuration, including specifying credentials for the call to the notarization service), then base64-decoding environment variables into pkcs12 and Java keystore files.And everyone has to figure this stuff out on their own. It's a real time sink.
J
Jrherrick
I actually got this working in a pretty straightforward way, as described here. At the very least official documentation for this would be helpful.