Skip to main content

How to Build a New Version for the Mac Mini

I recently learned how to sign and notarize our build for the Mac Mini, and will be documenting both the one-time setup that I had to do, as well as the steps that must be taken with each new build. If all you're looking for is how to do your next build, please skip down to that section.

 

Initial Setup

Update the Keychain certificates

In order to sign and notarize our build file, we're going to need to use two Keychain Certificates.

  1. Open the Keychain Access app, open the "All Items" tab
  2. Search for "J82X76G6Y8" (our "team identifier")
  3. Among the results you are looking for these two certificates 
    • Developer ID Application: eFilecabinet, Inc. (J82X76G6Y8)
    • Developer ID Installer: eFilecabinet, Inc. (J82X76G6Y8)
  4. You need to verify that both of these are still current (not expired). You also need to make sure that there aren't any expired duplicates of these certificates. If there are, then right-click on the expired duplicates and delete them.

Configure Visual Studio to sign the .dmg build

Now Visual Studio needs to be configured to sign the package as part of the build process. For this you will need the name of the Installer certificate from the last step, as well as the identifier for our application (currently "com.efilecabinet.rubex").

  1. In the Visual Studio project find and open the spec.json file
  2. On the same level as the title, background, icon-size, contents, and window, add a new section as follows (with the current signing-identity and identifier as defined above):
    • "code-sign": {
           "signing-identity": "Developer ID Application: eFilecabinet, Inc. (J82X76G6Y8)",
           "identifier": "com.efilecabinet.rubex"
      }
  3. Next, right-click on the RubexClient project in the Solution side-panel of Visual Studio and select Properties. Then open the Build->Mac Signing view
    • Check "Sign the application bundle" at the top
    • For the "Identity" directly beneath that checkbox select "Developer ID: eFilecabinet, Inc. (J82X76G6Y8)"
    • Check "Sign the installer package" at the bottom
    • For the "Identity" directly beneath that checkbox select "Developer ID Installer: eFilecabinet, Inc. (J82X76G6Y8)"
  4. Now when you build the project, towards the end of the process you should see a line that says: 
    • [20/21] Signing image...             [ OK ]

Configure Visual Studio to use the Hardened Runtime

 

Application-Specific Password for notarytool

We use the command-line utility notarytool to notarize our signed .dmg file. 

Back to top