Getting started creating a MacOS build #2088
Replies: 16 comments 57 replies
-
Hi If you want to know what command lines are being used for packaging, you can set up the "DebugOut" configuration value in the AIR SDK "lib/adt.cfg" file, run the build from IntelliJ, and then check the log at "~/adt.log" which should start with a list of arguments.. You can use a macOS provisioning profile but I don't think they're required unless you're using some specific entitlements.. I don't know which is easier in terms of distribution, but you would need different certificates to be used for the two cases. If you're distributing it yourself you need to sign the app bundle with an "Developer ID Application" certificate; plus you need to notarise the final distributable. We use this approach for the AIR runtimes and it's fairly straightforward (hadn't really considered putting it onto the App Store!) For installing things you can either create .pkg file which is a bit like an .msi (but you'd need to sign this with a "Developer ID Distribution" certificate!), or you can create an installer app/script and put this into a .dmg archive or just put the app itself into the .dmg with instructions to drag it to the /Applications folder (there's a way that you can even show folk an arrow leading to a shortcut to that, but am not sure how that's done..). Either way, you need to notarize the final file... Not sure on the app store process... below are some links: Note that if you're creating a bundle using the ADT command line, you'll likely be providing some signing certificate details between the Hope that helps! thanks |
Beta Was this translation helpful? Give feedback.
-
Great tip about the adt.log, helped a bunch!
It attempts to build for a while but then I get: Is this because I didn't add the Developer ID certificate as mentioned? Also, you mentioned it would need to be present in my toolchain... I have it installed in my Mac's keychain app, is that what you meant or is there another thing called ToolChain I need to check out? I'm a Windows developer so I'm not so familiar with Mac stuff. |
Beta Was this translation helpful? Give feedback.
-
Thanks, yes I am using the terminal on the mac itself for this. I'm going to record here what I'm trying (and later what works) so that it can help the next person who does the same, and maybe it can be turned into a little guide someday. So back on developer.apple.com in the certificates section, I see two related choices:
I'm going to guess it is #2 as that talks about code signing the app rather than signing the app installer. Next, I have a choice for the certificate intermediary.
I'm going to guess #2 is better since we aren't using Xcode for this? Next, I downloaded the .cer file and double-clicked to install to Keychain. Next, to make the .p12, inside keychain, I went to the 'My Certificates' tab and found the new 'Developer ID Application' certificate, and (a tip here because most guides on the internet are plain wrong about this) I expanded the dropdown on the certificate and then highlighted both the certificate itself and the private key and then right clicked to 'export 2 items'. I found before that if you export it just the private key or just the certificate it will look like it worked but then fail when you try to build. So now, using the same command as before but I replaced the old my.p12 with the new developer_id.p12 adt -package -storetype PKCS12 -keystore /path/to/developer_id.p12 -storepass xxxx -target bundle /path/to/bundle /path/to/application.xml -extdir /path/to/anes -C /path/to/ MySwf.swf -C /path/to/assets . -C /path/to/icons Unfortunately, I still get "Unable to build a valid certificate chain for the signer" Hmm not sure what to try next...
edit: nevermind, tried a build with no anes and got the same error |
Beta Was this translation helpful? Give feedback.
-
Thanks for the follow-up. I'm still getting the "Unable to build a valid certificate chain for the signer" error, so let me walk you through the whole process I did to see where I went wrong. Maybe as we go, we can edit this process with fixes to whatever mistakes I made and use that as the basis of a guide for people so they don't have to be completely lost like I am. Step 1:
Step 2: Step 3:
Step 4: Step 5 Step 6 -- So like I said I'm still getting the "Unable to build a valid certificate chain for the signer" error. Likely I've misunderstood a step because I've never done anything like this before. Maybe you can look at the following screenshots to verify my certificate chain. screenshot of certificate: screenshot of keychain stuff: showing the certificates also in the System part of keychain if that matters? A thing I didn't understand from your response: "and also, just check that you have the extension for the "code signing" purpose" - Not sure what this means or how to check. |
Beta Was this translation helpful? Give feedback.
-
Hello, still requiring assistance on this. It kinda feels like Mac is not actually supported if there are no working steps for how to actually create a bundle anywhere... |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
Progress! Using the full alias the bundle command completes successfully. Does this mean it was signed correctly, or was that like a first step, and then I need to sign it manually after or something? So now unfortunately, when I run the AtiomBundle.app it seems to freeze immediately. The window pops up to the correct size and I can see my app's proper background color, but nothing happens. For example, when I look inside my .ipa file I see a folder that contains an ATIOM.app executable file and in that same folder are all of my assets and my Atiom.swf etc Do you think that could be it and do I have any control over that? |
Beta Was this translation helpful? Give feedback.
-
So I've followed some guides, created a pkg file, and attempted to notarize it.
I'm hoping not to have a separate codebase just for Mac with anes removed if possible, so would it make sense to try to sign them? Or is that not the way to go about it? |
Beta Was this translation helpful? Give feedback.
-
Here are the full steps that worked for me from start to finish. -- The following steps are meant to be a guide to help you release your Adobe Air project on MacOS. note: You'll need an Apple developer account in order to complete this process. In the end, we will create a signed and notarized .pkg file that can be installed for your customers. 1 - Prepare your Mac for code signing1.1 - Create and install your 'Developer ID Application' certificateStart by logging into your developer.apple.com account. Proceed to the certificate section and create a new 'Developer ID Application' certificate. Choose the G2 Sub-CA (Xcode 11.4.1 or later) option. If you don't have a 'Certificate Signing Request' follow this apple guide to create one: https://help.apple.com/developer-account/#/devbfa00fef7 1.2 - Prepare the other certificates in the chainIn Keychain, right-click on your new 'Developer ID Application' certificate and press 'Get Info'. Look at the Common Name in the Issuer Name section for me it's "Developer ID Certificate Authority" with the "G2" organizational unit. Proceed to https://www.apple.com/certificateauthority/ and under "Apple Intermediate Certificates" find the matching certificate i.e. "Developer ID - G2 (Expiring 09/17/2031 00:00:00 UTC)". Download and install this certificate again to the System and Login parts of your keychain. Repeat the process again this time clicking on your new "Developer ID Certificate Authority" certificate. For this one, my Issuer name is "Apple Root CA" So I went back to the certificate authority and then downloaded and installed that certificate: "Apple Root CA - G2 Root" That is likely enough, but I also downloaded and installed the "Apple Inc. Root" certificate just in case. 1.3 - Test if you now have a complete certificate signing chainClick on each of your new certificates in Keychain and ensure they all say "This certificate is valid". Next, we will try to sign a file to see if it works. First, copy your adl application into a folder so we have something to sign with the following: If the signing doesn't work then there is something wrong with the chain of certificates installed and you should ensure you installed all of the correct ones. Reinstalling them can help and make sure you don't edit them and press 'Always Allow' as apparently, that causes issues. 2 - Figure out your app bundle command2.1 - Start with your iOS command.We will need to create our bundle using the command line rather than IntelliJ. If you are like me and find the subtleties of the command line difficult it can help to start from your existing working command line that you use for iOS packaging. You can find the command line IntelliJ uses by setting up the "DebugOut" configuration value in the AIR SDK "lib/adt.cfg" file. You can build your iOS app like normal then check the newly created "~/adt.log" file. 2.2 - Update the command to build a bundleNext, update the command so that it creates a MacOS bundle. My final command looked like:
Run the command and if all goes well you'll have a new bundle.app file. This file won't work yet as it is only partially signed. 3.0 - Sign and package your bundle3.1 - Create an entitlements fileIn order to fully sign this, we'll need to sign it with an entitlements file. Create a file called adl.entitlements in the same directory as your swf with the following contents:
3.2 - Sign your bundleNow sign your bundle again with the entitlements and these specific options.
3.3 - Sign your ANEsSome ANEs such as com.distriqt.core will need to be signed. For now, you can skip this step until Apple rejects your notarization process and then come back to it once you know which ANEs apple wants you to sign. Once you know which ones, you'll sign their framework folder as follows:
Repeat for each ANE that needs to be signed. 3.4 - Sign the main binary fileAfter signing the ANEs you'll need to sign the main binary file located in the Contents/MacOS folder of your bundle. Here's my command for this:
3.5 - Create your .pkg fileAssuming you want to distribute via a .pkg file you can create one as follows. Apparently, you can also create .dmg files or just zip your bundle, but I only tried the .pkg method. 3.5.1 - Get a Developer ID Installer certificate.Head back to developer.apple.com and create a new certificate. This time it will be of the 'Developer ID Installer' type. Make sure you install it into your System and Login keychains again. 3.5.2 - Pkg commandNow run the following command taking note that we are using the installer certificate this time:
4.0 - Notarize your .pkg fileIf you don't notarize your app users may be unable to install it. As a first step, you'll need to have (or create) an app-specific password for your apple account. This can be done at https://appleid.apple.com a quick google should help if you need it. 4.1 Upload the pkgNow we'll upload our pkg file to Apple's notarization service with the following:
Nothing will happen for a while as the file is uploaded, eventually, you should get an upload success message. You'll be given a reference string, copy this. 4.2 Wait for your inevitable rejectionWait 5-10 minutes then check your email for your rejection email. Apple will say your app wasn't notarized.
You'll get a response back with a URL for a log file. Throw that into your web browser and you'll see a file explaining your rejection reason. i.e. one of your ANEs wasn't signed. Go back to step 2.5, sign the ANEs and then repeat all subsequent steps and try again. Hopefully, on your next try, you'll get a notarization success email instead. 4.3 - Staple your notarization to your pkg fileIn order for your app not to require an internet connection to check its notarization status, you should staple the notarization to it. This can be done with:
You should get a success message and congrats your pkg is ready for distribution. 5.0 - Useful linksThe following 2 guides helped me when I got stuck. They have a lot of details but don't quite follow the process that worked for me. Hopefully, they can help if you run into issues. https://www.molleindustria.org/blog/notarizing-your-flashair-applications-for-macos/ Thanks to @ajwfrost for guiding me through this whole process. I hope the steps will be useful to someone else. |
Beta Was this translation helpful? Give feedback.
-
New apple notary tool is needed. Old one is deprecated. New command to notarize PKG is as follows: feedback is immediate with the --wait option |
Beta Was this translation helpful? Give feedback.
-
Hey @ajwfrost 1: Is there a change to adl.entitlements? I've packaged 2 app updates per month with air 50 for a while with no issues, but now with air 51 for some reason my adl.entitlements file seems like it was auto removed? 2: Next is there a change to how ANEs are signed or built? My old ANE signing lines no longer work:
because inside of the 'MacOS-x86-64' folder there is only 1 file: library.swf so it cannot find this Core.framework file. |
Beta Was this translation helpful? Give feedback.
-
Hi @ajwfrost packaging for Mac Air 51.0.1.4 but Air SDK ERROR: ''
|
Beta Was this translation helpful? Give feedback.
-
I am loving this thread - thanks for putting together all the steps @Ender22 and @ajwfrost I am attempting to use entitlements such as Game Center, iCloud and In-App Purchases, and according to what @ajwfrost said above and what I've read on Apple's documentation, I will need to use a macOS provisioning file, so I've created a provisioning profile for both "development" (to use with my development certificate) and "distribution" (to use with distributing to macOS store). That being said, how do I incorporate my provisioning file into the signing process outlined above? Second question (wishful thinking): Who develops/controls the Flash IntelliJ plugin? Because it would be phenomenal if we could simply have that existing GUI panel that already handles Android/iOS to also be able to handle macOS and simply place our devCert and provisioning files in the appropriate fields (like we already do for iOS) and then have it automatically create the PKG file that's required to upload via Transporter for App Store submissions? |
Beta Was this translation helpful? Give feedback.
-
@Ender22 @itlancer @PippoApps - I'm working through the process of signing my Mac app and have noted that the PKG signing instructions appear specific for distributing the app outside the Mac App Store (as it references a developer ID certificate and installation certificate) rather than the general Apple distribution certificate. I have my iOS app linked to my Mac OS. I sign the iOS version with my D20Studios, LLC Distribution certificate and I upload the IPA file to the App Store with Transporter. I would like to do the same with the Mac OS version, so I believe I would first sign the bundle with this certificate, then convert it to a PKG file. I can't sign the PKG file with the Distribution certificate, since only installation certificates can sign PKG, so I'm thinking I can just upload the PKG file and App Store will handle signing it? Or, do I do I need to sign the PKG file with the an installation certificate (even if it will only be installed via App Store)? Also, my Mac OS app uses @marchbold 's Billing and Game Services extensions. These both work when testing the game locally, however, I cannot get the cloud save to work. I suspect that the reason is because these require entitlements that are normally defined in the Entitlements tag nested under the iPhone tag. So I followed @Ender22 's instructions to create the entitlements.app file and added these tags within that file (but still can't get it to work). For development testing and distribution on the App Store, Apple has you create provisioning files (development and distribution) just like iOS. So I have these being included when creating my bundle like this: This version is meant for creating a local test version (similar to how you'd test iPad with a USB cable and the development provisining): For distribution, I just change the distribution and provisioning file like this: However, I can't seem to get the cloud saves working in my local test. Any ideas? @ajwfrost - I tried your code referenced above to sign the entire bundle, but adt throws an exception saying that a parameter is missing (the output parameter) so I modified it like this: But, still no cloud save entitlements working. I need to my MacOS app in the App Review queue as soon as possible, so any help from anyone here would be greatly appreciated :) |
Beta Was this translation helpful? Give feedback.
-
@ajwfrost If I remove the entitlements that I added to the application descriptor and run the adt command again, the app will launch, but the save games still won't load. Here are the entitlements I added to macOS that match what I used for iOS following @marchbold 's documentation here:
I'm not sure if the infoAdditions from iOS are needed or not, but I tried with and without them, and in both cases, I get "The application can't be opened." message after packaging with that command.
|
Beta Was this translation helpful? Give feedback.
-
Good morning, Andrew! Thanks so much for your help again on this. The
provisioning embedding is working as expected, I had sent a follow up email
about that yesterday that probably got lost in the thread of other messages
I sent. Apple confirmed this morning that what's happening is that Test
Flight removes the provisioning file as Apple's distribution process
handles the provisioning once its delivered via Test Flight/App Store:
https://developer.apple.com/forums/thread/767609
I am running on MacOS Ventura (13.5.2) so good catch on the entitlements
signing. Normally I avoid updating my system environment until necessary
(less something that is already working break) but in this case it sounds
like I could have avoided this trouble if I had signed on MacOS 15?
I will add the adt.jar you sent and provide the output. Let me know if I
should start the process of updating my OS after that.
~Ross
…On Fri, Nov 1, 2024 at 2:20 AM Andrew Frost ***@***.***> wrote:
So, we should actually be handling the provisioning profile argument for
macOS now - see #2612
<#2612> .. I'm
wondering though, we have two sets of signing options for a bundle (one for
the "air" part, and one for the "native" macOS part) - possibly it needs to
be set in a specific one of these. I'll check this and confirm what's
happening..
I think though, provisioning profiles aren't needed for App Store
deployments.
The start-up issue with the "AIR cannot be found" message is related to
the code signing of the framework, investigating this now..
—
Reply to this email directly, view it on GitHub
<#2088 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAMNH6CLS3BQHCLGDDMTPHTZ6M2ULAVCNFSM57SPEM7KU5DIOJSWCZC7NNSXTOSENFZWG5LTONUW63SDN5WW2ZLOOQ5TCMJRGE4TMOBX>
.
You are receiving this because you were mentioned.Message ID:
<airsdk/Adobe-Runtime-Support/repo-discussions/2088/comments/11119687@
github.com>
|
Beta Was this translation helpful? Give feedback.
-
Currently, our app is only available on mobile, but we are working on desktop versions of it. Getting it bundled on Windows was quite easy but I'm having more trouble on MacOS.
Are there any guides for this out there? I could not find much by searching
My main issue is:
I use FlashDevelop on Windows so it was fairly easy to edit the existing command line that FD uses and add the target bundle commands. On iOS however I'm using IntelliJ, which just has a 'package for app store' button, so I'm not sure how I would go about updating it to make a Mac bundle build.
Instead, are people just compiling via command line? If so, could anyone provide an example command line that I could adjust for my needs? I'm a bit stuck because I can't even see what command intelliJ is running when I hit that 'package for app store' button so I don't know how to do a couple things like include a provisioning profile or how to package the needed assets.
Other general questions:
Beta Was this translation helpful? Give feedback.
All reactions