flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Santanu.K" <santanu.ka...@webspiders.com>
Subject [Issue] Signing native installer fails in MacOS!
Date Tue, 05 Nov 2013 05:41:14 GMT
System Configuration:
MacOS 10.7.5
Windows 7
AIR SDK 3.9

Certificates in use:
Thawte (AIR certification)
Comodo (Windows Installer certification)
Apple Mac Developer (MacOS Application/Installer certification)


Summary:
We're going through an unknown build situation of native installer, in
MacOS here. We thought to post the issue here, if the community can help in
some way.

We're trying to sign native installers both for Windows and MacOS, with
ADT. We succeeded so far to sign the installer (and its executable) with
the combination of Thawte + Comodo certificates with ADT. The signature
verification process shown that both the installer and its installed
executable signed properly. When doing the same process for/in MacOS with
ADT (with Thawte + Comodo, or, Thawte + Apple Mac Developer key), adt is
throwing error - "Native signing not supported on mac"

We previously packaged signed .pkg file with Apple Mac Developer key and
with the help of adt (to sign .app file) and productbuild (to sign and
package .pkg file) in MacOS. But we've found there is a good differences in
size of the files - .pkg (25 MB), .dmg (3 MB). We know this is since .pkg
file has captive runtime bundled.

We are looking for ways to sign a .dmg file which we can package without
captive runtime included.

Follows are a number of steps we tested so far (in MacOS), and looking to
the community - if they can help in someway to make a successful signing
process.


The command which makes the Windows build a success:
Found at
http://help.adobe.com/en_US/air/build/WS789ea67d3e73a8b22388411123785d839c-8000.html<http://www.linkedin.com/redirect?url=http%3A%2F%2Fhelp%2Eadobe%2Ecom%2Fen_US%2Fair%2Fbuild%2FWS789ea67d3e73a8b22388411123785d839c-8000%2Ehtml&urlhash=WXlE&_t=tracking_anet>.
Our final process involves creating an .airi file, sign it and therefore
use it to build a native installer -

adt -prepare MyApplicationAIRI.airi MyApplication-app.xml MyApplication.swf

adt -sign -storetype pkcs12 -keystore ThawteAIRCertificate.p12 -storepass
**** MyApplicationAIRI.airi MyApplicationAIR.air

adt -package -storetype pkcs12 -keystore ThawteAIRCertificate.p12
-storepass **** -target native -storetype pkcs12 -keystore
ComodoWinInstallerCertificate.p12 -storepass **** MyApplication.exe
MyApplicationAIRI.airi

(Note: the last command is the combination use of both the AIR and Windows
Installer certificates as mentioned in Adobe documentation link - which
Only we've found signs both the installer and its executable properly)


The command when used in MacOS ADT:
We tried with both Comodo and Apple Mac Developer key for this process, in
combination with Thawte AIR certificate key.

adt -package -storetype pkcs12 -keystore ThawteAIRCertificate.p12
-storepass **** -target native -storetype pkcs12 -keystore
ComodoInstallerCertificate.p12 -storepass **** MyApplication.dmg
MyApplicationAIRI.airi

or

adt -package -storetype pkcs12 -keystore ThawteAIRCertificate.p12
-storepass **** -target native -storetype pkcs12 -keystore
AppleMacDeveloperKey.p12 -storepass **** MyApplication.dmg
MyApplicationAIRI.airi

But, both the process returns only same error:
Native signing not supported on mac

We tried with other so many combinations like,

adt -package -storetype pkcs12 -keystore AppleMacDeveloperKey.p12
-storepass **** -target native MyApplication.dmg MyApplicationAIRI.airi
Which returns:
Unable to build a valid certificate chain for the signer.

or,

adt -package -storetype pkcs12 -keystore ThawteAIRCertificate.p12
-storepass **** -target native MyApplication.dmg MyApplicationAIRI.airi
Which found never signed when validating with 'codesign' utility in MacOS.


There is also almost no documentation/discucussion we've found over net.
We're draining out of ideas as well but only assumption. Now if the
community can suggest something over the line, we would be grateful.

Thanks!

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message