dryark/strawberry
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c26e09e90b59c904466cb7756b3aba81b1791b93
strawberry/build_tools/macos/README_MAS.md
David Helkowski c26e09e90b Enhance macOS provisioning profile handling in build scripts and documentation 
This commit updates the check_signing_identities.sh script to search for provisioning profiles in multiple common directories, improving the detection process. Additionally, the README_MAS.md is updated to clarify where provisioning profiles are stored in newer Xcode versions and provides guidance on locating the correct profile for Mac App Store builds. This enhances the overall usability and clarity for developers working with macOS builds.
2026-01-22 20:38:28 +09:00

162 lines
4.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Mac App Store (MAS) submission guide (manual steps)
This repo supports a **Mac App Store build mode** (`BUILD_FOR_MAC_APP_STORE=ON`) and includes scripts to build a signed upload `.pkg`.
If youre blocked because `security find-identity` only shows **Developer ID** and not **Apple Distribution / Installer**, follow the steps below.
---
## Open Keychain Access (macOS “hidden” Utilities)
Any of these work:
- **Spotlight**: press `⌘ + Space` → type **Keychain Access** → Enter
- **Finder**: Applications → Utilities → **Keychain Access**
- **Terminal**:
```bash
open -a "Keychain Access"
```
---
## The core issue: certificate exists but is not a usable identity
If you see certificates like:
- `Apple Distribution: ...`
- `3rd Party Mac Developer Installer: ...`
but `security find-identity` does **not** list them, then the certificate is present but **the private key is missing** (or not paired / in the wrong keychain).
You can confirm with:
```bash
./build_tools/macos/check_signing_identities.sh
```
---
## Step 1 — Create the private keys on this Mac (CSR)
1. Open **Keychain Access**
2. Menu: **Keychain Access → Certificate Assistant → Request a Certificate From a Certificate Authority…**
3. Fill:
- **User Email Address**: your Apple ID email
- **Common Name**: e.g. `Dry Ark LLC` (any label is fine)
- **CA Email Address**: leave blank
- Select: **Saved to disk**
4. Save the CSR (`.certSigningRequest`) somewhere safe
This CSR step is what creates the **private key** locally in your login keychain.
---
## Step 2 — Create + download the certificates (Apple Developer portal)
In Apple Developer → **Certificates, Identifiers & Profiles****Certificates****+**:
- Create **Apple Distribution** (use the CSR you just made)
- Create **Mac Installer Distribution** (or “3rd Party Mac Developer Installer”, wording varies) (use a CSR)
Download the resulting `.cer` files.
---
## Step 3 — Install certificates into your login keychain
Double-click each downloaded `.cer` to install it.
Then in **Keychain Access → login → My Certificates**:
- Find **Apple Distribution: ...** and **expand it**
- You must see a **private key** under it.
- Find **... Installer ...** and expand it
- You must see a **private key** under it.
If theres no private key under the certificate, it will not be usable for signing on this Mac.
---
## Step 4 — Verify identities from the CLI
```bash
security find-identity -p codesigning -v
security find-identity -p basic -v
./build_tools/macos/check_signing_identities.sh
```
Expected:
- `Apple Distribution: ...` shows up under **codesigning**
- `... Installer ...` shows up as an **installer identity** (used to sign upload `.pkg`)
---
## Step 5 — Create + install the provisioning profile (Mac App Store)
In Apple Developer → **Profiles****+**:
- Platform: **macOS**
- Type: **Mac App Store**
- App ID: `com.dryark.strawberry` (or your own bundle id)
- Select the **Apple Distribution** certificate
- Generate + Download
### Where the `.provisionprofile` ends up (newer Xcode/macOS)
Recent Xcode versions store “downloaded manual profiles” under:
- `~/Library/Developer/Xcode/UserData/Provisioning Profiles/`
Older tooling sometimes used:
- `~/Library/MobileDevice/Provisioning Profiles/`
This repos MAS build script does **not** require the profile to be in a specific folder — you can pass the path directly.
To locate and pick the right profile, use:
```bash
./build_tools/macos/find_mas_provisioning_profile.sh --bundle-id com.dryark.strawberry
```
### (Optional) Copy to the legacy folder
If some other tools expect the legacy folder, you can copy it there:
```bash
mkdir -p "$HOME/Library/MobileDevice/Provisioning Profiles"
cp -f "/path/to/profile.provisionprofile" "$HOME/Library/MobileDevice/Provisioning Profiles/"
```
---
## Step 6 — Build the signed upload package (.pkg)
This repo provides:
- `build_tools/macos/build_mas_pkg.sh` (build → deploy → embed profile → sign → productbuild)
Example:
```bash
./build_tools/macos/build_mas_pkg.sh --run --release --clean \
--codesign-identity "Apple Distribution: Dry Ark LLC (7628766FL2)" \
--installer-identity "3rd Party Mac Developer Installer: Dry Ark LLC (7628766FL2)" \
--provisionprofile "$HOME/Library/MobileDevice/Provisioning Profiles/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.provisionprofile"
```
Outputs:
- `cmake-build-macos-release-mas/strawberry.app`
- `cmake-build-macos-release-mas/strawberry-mas.pkg`
---
## Step 7 — Upload + submit for review
- Upload the `.pkg` using Apples **Transporter** app (App Store Connect).
- In App Store Connect, wait for processing, select the build, then **Submit for Review**.
Reference in New Issue View Git Blame Copy Permalink