Greetings reader,
Today we started experimenting with the long awaited standalone builds.
Running for windows is smooth and holds all features we want (controlled by a TeamCity build street).
When trying the standalones on a Yosemite Mac though we get a warning saying “xxx can’t be opened because it’s from an unidentified developer”.
Because of the automatisation we developed to controll all our builds I’m not too fond too manually sign these apps (don’t even know how to).
Will this be added to the cloud in the near future?
David
Adding a bump as I still can’t seem to get it up and running…
Bump
Hi there,
Mac OSX has a setting that specifies which sources you can run applications from. You can access this setting by going to System Preferences → Security and Privacy, on the General tab you will see ‘Allow apps downloaded from’ with three options:
‘Mac App Store’: Only run apps from the App Store
‘Mac App Store and identified developers’: Run apps from the App Store, and those signed by known developers
‘Anywhere’: Run all applications regardless of source
Hi Chris,
Thanks for responding.
We really like to avoid the store, but also to be recognized as a known developer so people can check the second option.
The third option sounds a little spooky 
So if my research is correct, our way would be to
- build everything through the cloud
- download the mac standalone app
- sign this application on a local os X (in whatever awfull way this is supported, something about a lot of certificates and terminal code)
- and then distribute to users
?
With kind regards,
David
Hi David,
While I can’t exactly support the signing effort outside of Cloud Build, I’ve dug into the process for a built .app file, and the gist of it looks like this:
- Apply for Developer ID certificate at Apple Developer Member Center, and import via Keychain Access.
- Run codesign verify command to show that your app is currently unsigned:
- Run security command to list identities that are available for signing apps. Identify the Developer ID one.
- Sign the app via the codesign using “Developer ID Application: XXXXXX (XXXXXXXXXX)” as the identity name:
–deep: option specifies recursive signing of app contents
-s: Specifies the identity to use, in this case the Developer ID cert imported.
-f: Force replaces any existing signature
- Verify that the app is now signed, and test on another system with the ‘App Store and identified developers’ option chosen.
Beyond that, there may be other issues you encounter that are outside the scope of our service (i.e. ‘entitlements’ that must be added for the App Store). Hopefully this is enough to get you going when the time comes. You may also want to request this as a feature on our Cloud Build feedback site, and drum up some votes for it! 