Add macOS Mac App Store build instructions to README.md
Some checks failed
Build / Build openSUSE (leap:15.6) (push) Has been cancelled
Build / Build openSUSE (leap:16.0) (push) Has been cancelled
Build / Build openSUSE (tumbleweed) (push) Has been cancelled
Build / Build Fedora (42) (push) Has been cancelled
Build / Build Fedora (43) (push) Has been cancelled
Build / Build Fedora (44) (push) Has been cancelled
Build / Build OpenMandriva (cooker) (push) Has been cancelled
Build / Build Mageia (9) (push) Has been cancelled
Build / Build Debian (bookworm) (push) Has been cancelled
Build / Build Debian (forky) (push) Has been cancelled
Build / Build Debian (trixie) (push) Has been cancelled
Build / Build Ubuntu (noble) (push) Has been cancelled
Build / Build Ubuntu (questing) (push) Has been cancelled
Build / Build Ubuntu (resolute) (push) Has been cancelled
Build / Upload Ubuntu PPA (noble) (push) Has been cancelled
Build / Upload Ubuntu PPA (questing) (push) Has been cancelled
Build / Upload Ubuntu PPA (resolute) (push) Has been cancelled
Build / Build FreeBSD (push) Has been cancelled
Build / Build OpenBSD (push) Has been cancelled
Build / Build macOS Public (release, macos-15) (push) Has been cancelled
Build / Build macOS Public (release, macos-15-intel) (push) Has been cancelled
Build / Build macOS Private (release, macos-arm64) (push) Has been cancelled
Build / Build Windows MinGW (i686, debug) (push) Has been cancelled
Build / Build Windows MinGW (i686, release) (push) Has been cancelled
Build / Build Windows MinGW (x86_64, debug) (push) Has been cancelled
Build / Build Windows MinGW (x86_64, release) (push) Has been cancelled
Build / Build Windows MSVC (arm64, debug, arm64 debug, windows-11-arm) (push) Has been cancelled
Build / Build Windows MSVC (arm64, release, arm64 release, windows-11-arm) (push) Has been cancelled
Build / Build Windows MSVC (x86, debug, x86 debug, windows-2022) (push) Has been cancelled
Build / Build Windows MSVC (x86, release, x86 release, windows-2022) (push) Has been cancelled
Build / Build Windows MSVC (x86_64, debug, x86_64 debug, windows-2022) (push) Has been cancelled
Build / Build Windows MSVC (x86_64, release, x86_64 release, windows-2022) (push) Has been cancelled
Build / Upload (push) Has been cancelled
Build / Attach to release (push) Has been cancelled
Some checks failed
Build / Build openSUSE (leap:15.6) (push) Has been cancelled
Build / Build openSUSE (leap:16.0) (push) Has been cancelled
Build / Build openSUSE (tumbleweed) (push) Has been cancelled
Build / Build Fedora (42) (push) Has been cancelled
Build / Build Fedora (43) (push) Has been cancelled
Build / Build Fedora (44) (push) Has been cancelled
Build / Build OpenMandriva (cooker) (push) Has been cancelled
Build / Build Mageia (9) (push) Has been cancelled
Build / Build Debian (bookworm) (push) Has been cancelled
Build / Build Debian (forky) (push) Has been cancelled
Build / Build Debian (trixie) (push) Has been cancelled
Build / Build Ubuntu (noble) (push) Has been cancelled
Build / Build Ubuntu (questing) (push) Has been cancelled
Build / Build Ubuntu (resolute) (push) Has been cancelled
Build / Upload Ubuntu PPA (noble) (push) Has been cancelled
Build / Upload Ubuntu PPA (questing) (push) Has been cancelled
Build / Upload Ubuntu PPA (resolute) (push) Has been cancelled
Build / Build FreeBSD (push) Has been cancelled
Build / Build OpenBSD (push) Has been cancelled
Build / Build macOS Public (release, macos-15) (push) Has been cancelled
Build / Build macOS Public (release, macos-15-intel) (push) Has been cancelled
Build / Build macOS Private (release, macos-arm64) (push) Has been cancelled
Build / Build Windows MinGW (i686, debug) (push) Has been cancelled
Build / Build Windows MinGW (i686, release) (push) Has been cancelled
Build / Build Windows MinGW (x86_64, debug) (push) Has been cancelled
Build / Build Windows MinGW (x86_64, release) (push) Has been cancelled
Build / Build Windows MSVC (arm64, debug, arm64 debug, windows-11-arm) (push) Has been cancelled
Build / Build Windows MSVC (arm64, release, arm64 release, windows-11-arm) (push) Has been cancelled
Build / Build Windows MSVC (x86, debug, x86 debug, windows-2022) (push) Has been cancelled
Build / Build Windows MSVC (x86, release, x86 release, windows-2022) (push) Has been cancelled
Build / Build Windows MSVC (x86_64, debug, x86_64 debug, windows-2022) (push) Has been cancelled
Build / Build Windows MSVC (x86_64, release, x86_64 release, windows-2022) (push) Has been cancelled
Build / Upload (push) Has been cancelled
Build / Attach to release (push) Has been cancelled
This commit introduces a new section in the README.md detailing the process for building and signing a macOS package for the Mac App Store. It includes requirements for Apple Developer accounts, a manual setup guide for certificates and provisioning profiles, and a command to build the signed upload package. Additionally, it provides instructions for uploading the package to App Store Connect for review.
This commit is contained in:
138
build_tools/macos/README_MAS.md
Normal file
138
build_tools/macos/README_MAS.md
Normal file
@@ -0,0 +1,138 @@
|
||||
# Mac App Store (MAS) submission guide (manual steps)
|
||||
|
||||
This repo supports a **Mac App Store build mode** (`BUILD_FOR_MAC_APP_STORE=ON`) and includes scripts to build a signed upload `.pkg`.
|
||||
|
||||
If you’re blocked because `security find-identity` only shows **Developer ID** and not **Apple Distribution / Installer**, follow the steps below.
|
||||
|
||||
---
|
||||
|
||||
## Open Keychain Access (macOS “hidden” Utilities)
|
||||
|
||||
Any of these work:
|
||||
|
||||
- **Spotlight**: press `⌘ + Space` → type **Keychain Access** → Enter
|
||||
- **Finder**: Applications → Utilities → **Keychain Access**
|
||||
- **Terminal**:
|
||||
|
||||
```bash
|
||||
open -a "Keychain Access"
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## The core issue: certificate exists but is not a usable identity
|
||||
|
||||
If you see certificates like:
|
||||
|
||||
- `Apple Distribution: ...`
|
||||
- `3rd Party Mac Developer Installer: ...`
|
||||
|
||||
but `security find-identity` does **not** list them, then the certificate is present but **the private key is missing** (or not paired / in the wrong keychain).
|
||||
|
||||
You can confirm with:
|
||||
|
||||
```bash
|
||||
./build_tools/macos/check_signing_identities.sh
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Step 1 — Create the private keys on this Mac (CSR)
|
||||
|
||||
1. Open **Keychain Access**
|
||||
2. Menu: **Keychain Access → Certificate Assistant → Request a Certificate From a Certificate Authority…**
|
||||
3. Fill:
|
||||
- **User Email Address**: your Apple ID email
|
||||
- **Common Name**: e.g. `Dry Ark LLC` (any label is fine)
|
||||
- **CA Email Address**: leave blank
|
||||
- Select: **Saved to disk**
|
||||
4. Save the CSR (`.certSigningRequest`) somewhere safe
|
||||
|
||||
This CSR step is what creates the **private key** locally in your login keychain.
|
||||
|
||||
---
|
||||
|
||||
## Step 2 — Create + download the certificates (Apple Developer portal)
|
||||
|
||||
In Apple Developer → **Certificates, Identifiers & Profiles** → **Certificates** → **+**:
|
||||
|
||||
- Create **Apple Distribution** (use the CSR you just made)
|
||||
- Create **Mac Installer Distribution** (or “3rd Party Mac Developer Installer”, wording varies) (use a CSR)
|
||||
|
||||
Download the resulting `.cer` files.
|
||||
|
||||
---
|
||||
|
||||
## Step 3 — Install certificates into your login keychain
|
||||
|
||||
Double-click each downloaded `.cer` to install it.
|
||||
|
||||
Then in **Keychain Access → login → My Certificates**:
|
||||
|
||||
- Find **Apple Distribution: ...** and **expand it**
|
||||
- You must see a **private key** under it.
|
||||
- Find **... Installer ...** and expand it
|
||||
- You must see a **private key** under it.
|
||||
|
||||
If there’s no private key under the certificate, it will not be usable for signing on this Mac.
|
||||
|
||||
---
|
||||
|
||||
## Step 4 — Verify identities from the CLI
|
||||
|
||||
```bash
|
||||
security find-identity -p codesigning -v
|
||||
security find-identity -p basic -v
|
||||
./build_tools/macos/check_signing_identities.sh
|
||||
```
|
||||
|
||||
Expected:
|
||||
|
||||
- `Apple Distribution: ...` shows up under **codesigning**
|
||||
- `... Installer ...` shows up as an **installer identity** (used to sign upload `.pkg`)
|
||||
|
||||
---
|
||||
|
||||
## Step 5 — Create + install the provisioning profile (Mac App Store)
|
||||
|
||||
In Apple Developer → **Profiles** → **+**:
|
||||
|
||||
- Platform: **macOS**
|
||||
- Type: **Mac App Store**
|
||||
- App ID: `com.dryark.strawberry` (or your own bundle id)
|
||||
- Select the **Apple Distribution** certificate
|
||||
- Generate + Download
|
||||
|
||||
Install it by double-clicking it, or place it under:
|
||||
|
||||
`~/Library/MobileDevice/Provisioning Profiles/`
|
||||
|
||||
---
|
||||
|
||||
## Step 6 — Build the signed upload package (.pkg)
|
||||
|
||||
This repo provides:
|
||||
|
||||
- `build_tools/macos/build_mas_pkg.sh` (build → deploy → embed profile → sign → productbuild)
|
||||
|
||||
Example:
|
||||
|
||||
```bash
|
||||
./build_tools/macos/build_mas_pkg.sh --run --release --clean \
|
||||
--codesign-identity "Apple Distribution: Dry Ark LLC (7628766FL2)" \
|
||||
--installer-identity "3rd Party Mac Developer Installer: Dry Ark LLC (7628766FL2)" \
|
||||
--provisionprofile "$HOME/Library/MobileDevice/Provisioning Profiles/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.provisionprofile"
|
||||
```
|
||||
|
||||
Outputs:
|
||||
|
||||
- `cmake-build-macos-release-mas/strawberry.app`
|
||||
- `cmake-build-macos-release-mas/strawberry-mas.pkg`
|
||||
|
||||
---
|
||||
|
||||
## Step 7 — Upload + submit for review
|
||||
|
||||
- Upload the `.pkg` using Apple’s **Transporter** app (App Store Connect).
|
||||
- In App Store Connect, wait for processing, select the build, then **Submit for Review**.
|
||||
|
||||
Reference in New Issue
Block a user