From 77b868e7e757dee25ca6e4f455d96f520e810b04 Mon Sep 17 00:00:00 2001 From: Tim Angus Date: Thu, 25 Sep 2025 12:06:54 +0100 Subject: [PATCH] Add macOS code sign/notarization setup doc --- docs/macos-codesign-notarization.txt | 46 ++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 docs/macos-codesign-notarization.txt diff --git a/docs/macos-codesign-notarization.txt b/docs/macos-codesign-notarization.txt new file mode 100644 index 00000000..07762f7b --- /dev/null +++ b/docs/macos-codesign-notarization.txt @@ -0,0 +1,46 @@ +Code Signing + +1. Open Keychain Access +2. Goto Keychain Access -> Certificate Assistant -> Request a Certificate From + a Certificate Authority... +3. Enter Apple Developer Account email address for User Email Address +4. Select Request is: Saved to disk +5. Click Continue and save the CSR to disk + +6. Sign in to account at https://developer.apple.com/account +7. Click Certificates, then the plus icon to add a certificate +8. Select "Developer ID Application" and click Continue +9. Upload the previously created CSR, then download the signed certificate + +10. Locate it in Finder and double click, importing it into the 'login' + keychain +11. In Keychain Access, click the login keychain, then My Certificates +12. Find the imported "Developer ID Application" certificate, then right click + and select Export +13. Select to save as .p12, and set a secure password +14. Open a command line, and run base64 -i on the exported + certificate +15. Copy the output to the clipboard + +16. On the GitHub repo, go to Settings -> Secrets and variables -> Actions +17. Click New repository secret and enter APPLE_CERTIFICATE_P12_BASE64 for the + Name +18. Paste the contents of the clipboard for the Secret +19. Set a secret, APPLE_CERTIFICATE_PASSWORD for the password created above +20. Set a secret, APPLE_CERTIFICATE_ID that matches the certificate name; under + normal circumstances "Developer ID Application" should be sufficient + + +Notarization + +1. Sign in to https://account.apple.com/sign-in +2. Create an App-Specific Password named "Notarization" +3. Set a secret, APPLE_NOTARIZATION_USERNAME to your Apple ID +4. Set a secret, APPLE_NOTARIZATION_PASSWORD to the newly created password +3. Set a secret, APPLE_TEAM_ID to your Apple Developer Account Team ID, which + can be found in the Membership Details section at + https://developer.apple.com/account + + +Note: GitHub secrets cannot be retrieved in plain text, even by the repository +owner, so securely store any values you may want to re-enter later