Your SlideShare is downloading. ×
Osx workflow guide (1)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Osx workflow guide (1)

511
views

Published on

IPHONE & MAC DEVELOPMENT …

IPHONE & MAC DEVELOPMENT
APPLICATION DEVELOPMENT FOR THE IPHONE USING APPLE'S OFFICIAL SDK.


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
511
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Tools Workflow Guide for Mac
  • 2. Contents About the Tools Workflow for Mac 6 At a Glance 6 Manage Your Team 6 Code Sign Your App 7 Enable Sandboxing 7 Use Push Notifications 7 Enable iCloud Storage 7 Configure In-App Purchase 8 Submit an App to the Mac App Store 8 Prepare for Gatekeeper 8 How to Use This Document 8 See Also 9 Managing Your Team 10 Technology-Specific Administrative Tasks 10 Enrolling in the Mac Developer Program 15 Inviting Team Members and Assigning Roles 13 Registering an App ID 16 Approving Signing Certificates 20 Creating Signing Certificates 22 Enabling iCloud Storage 25 Enabling Push Notifications 25 Registering Developer Systems 26 Creating Provisioning Profiles 28 Using the Mac Team Provisioning Profile 30 Creating Specialized Development Provisioning Profiles 30 Creating a Production Provisioning Profile 33 Renewing Expired Provisioning Profiles 35 Configuring Apps 36 Setting the App Icon 36 Setting the Application Category 37 Setting the Bundle ID 37 Setting the Bundle Version and Copyright Keys 38 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 2
  • 3. Contents Specifying the Deployment Target 38 Configuring Entitlements 39 Configuring iCloud Key-Value Storage 41 Configuring iCloud Document Storage 41 Configuring Sandboxing 42 Specifying Build Settings 44 Code Signing Your App 45 How Code Signing Works 45 Requesting a Signing Certificate 47 Verifying Your Certificate in the Keychain 59 Signing an App 54 Exporting and Importing Signing Certificates 56 Repairing Signing Certificates 59 Removing Certificates 59 Revoking Certificates 60 Creating New Certificates 61 Repairing Another Development System 62 Provisioning Your System 63 Adding Your System to the Mac Team Provisioning Profile 63 Refreshing Provisioning Profiles 66 Requesting a Specialized Development Provisioning Profile 68 Installing Development Provisioning Profiles on Your System 69 Setting Your Provisioning Profile in Xcode 70 Submitting to the Mac App Store 72 Signing Using a Mac Submission Certificate 74 Signing Using a Production Provisioning Profile 74 Creating an Archive 76 Testing the Installer Package 77 Validating and Submitting Your App Using Xcode 82 Submitting Your App Using Application Loader 83 Distributing Outside the Mac App Store 84 Creating Developer ID-Signed Applications or Installer Packages 84 Enrolling in the Mac Developer Program 84 Requesting Developer ID Certificates 85 Code Signing Your Application 89 Exporting a Developer ID-signed Application 90 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 3
  • 4. Contents Signing an Installer Package 92 Testing Developer ID-signed Applications 93 Enabling and Disabling Gatekeeper 93 Testing Gatekeeper Behavior 95 Document Revision History 98 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 4
  • 5. Figures Managing Your Team 10 Figure 1-1 Provisioning profile components 29 Configuring Apps 36 Figure 2-1 Figure 2-2 Setting iCloud entitlements 41 Configuring sandbox entitlements 43 Code Signing Your App 45 Figure 3-1 Figure 3-2 Figure 3-3 Developer certificates 46 Team member development certificate 50 Team agent or admin certificates 51 Provisioning Your System 63 Figure 4-1 Code Signing Identity menu for a team admin 71 Submitting to the Mac App Store 72 Figure 5-1 Code Signing Identity menu for a team agent 76 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 5
  • 6. About the Tools Workflow for Mac To submit your app to the Mac App Store, you use Xcode features and several web tools available only to members of the Mac Developer Program. Before using technologies such as iCloud storage and push notifications, you must join the Mac Developer Program. You should join the program even if you distribute your application outside of the Mac App Store and sign it with a Developer ID certificate so that customers know your application comes from an identified source. Configure Profile Development Certificate Provisioning Profile Develop Xcode Distribute Code Signing At a Glance This document covers the Mac Developer Program tasks and sequence of steps, using Xcode and other tools, you follow to develop your app and distribute it. The workflow includes tasks such as managing your development team, enabling entitlements, requesting signing certificates, and creating provisioning profiles. The workflow also includes configuring technologies available only to apps submitted to the Mac App Store. Manage Your Team If you join the Mac Developer Program as an individual, you are the team agent and only team member of your account. You can perform any tasks described in this book that a team agent can perform, such as creating an app ID and creating specialized provisioning profiles. A team agent also code signs and submits an app to the Mac App Store. However, if you join the program as a company, you are the team agent who has additional responsibilities such as adding and granting privileges to other team members. You are also responsible for approving signing certificates and registering developer systems. Certificates are automatically approved for team agents. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 6
  • 7. About the Tools Workflow for Mac At a Glance Related Chapters: “Managing Your Team” (page 10), “Submitting to the Mac App Store” (page 72) Code Sign Your App Code signing allows you to sign your app and thereby certify that the app is released by you. To submit an app to the Mac App Store, you have to sign both the app bundle and the installer package that you upload to iTunes Connect. To code sign your app, you need a Mac Submission certificate and Mac Installer certificate. Related Chapters: “Code Signing Your App” (page 45) Enable Sandboxing A sandbox is a set of fine-grained controls that limit an app’s access to files, preferences, network resources, hardware, and so on. As part of the sandboxing process, the system also installs each app in its own sandbox directory, which acts as the home for the app and its data. To use sandboxing, you enable entitlements in your Xcode project and select the sandboxing entitlements your app is using. You don’t need a provisioning profile to use sandboxing. Related Chapters: “Configuring Apps” (page 36) Use Push Notifications Push notifications allow an app that is not running in the foreground to notify the user that it has information for the user. The app that provides the push notifications must have an SSL certificate generated by Apple to use this feature. You need to register an app ID, enable push notification, and create a provisioning profile to use this technology. Related Chapters: “Provisioning Your System” (page 63) Enable iCloud Storage iCloud storage allows you to share the user’s data among multiple instances of your app running on different iOS and OS X devices. Access to iCloud is controlled using entitlements, which your app configures through Xcode. If these entitlements are not present, your app is prevented from accessing files and other data in iCloud. You can test your iCloud app using the generic development provisioning profile that Xcode creates for you, but you’ll need a production provisioning profile to submit an iCloud app. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 7
  • 8. About the Tools Workflow for Mac How to Use This Document Related Chapters: “Configuring Apps” (page 36), “Provisioning Your System” (page 63) Configure In-App Purchase In-App Purchase embeds a store directly into your app by allowing you to connect to the Mac App Store and securely process payments from the user. You can use In-App Purchase to collect payment for enhanced functionality or additional content usable by your app. You need an app ID to use In-App Purchase but not a provisioning profile. Related Chapters: “Managing Your Team” (page 10) Submit an App to the Mac App Store When your app is ready to be submitted to the Mac App Store, you need to create an iTunes Connect app record, code sign the app and the installer package, and pass validation tests. If you use certain technologies, you’ll need a production provisioning profile too. Related Chapters: “Submitting to the Mac App Store” (page 72) Prepare for Gatekeeper Using Security & Privacy system preferences in OS X Mountain Lion, users will be able to reduce the risk of downloading malware by prohibiting applications that do not come from an identified source from launching on their Macs. If you distribute your application outside of the Mac App Store, sign your application using a Developer ID certificate so that users don’t block your application in future OS releases. Related Chapters: “Distributing Outside the Mac App Store” (page 84) How to Use This Document If you are an individual developer, you should read this entire book for all the steps to develop and submit your app to the Mac App Store. You may skip a few tasks that are specific to larger teams. If you are a team agent for a company, read “Managing Your Team” (page 10) and “Submitting to the Mac App Store” (page 72) for specific tasks you are responsible for. If you are a team member who doesn’t have admin responsibilities, 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 8
  • 9. About the Tools Workflow for Mac See Also read “Code Signing Your App” (page 45) and “Provisioning Your System” (page 63) to learn how to manage your digital identities and provision your systems for development. If you are not submitting your application to the Mac App Store, read “Distributing Outside the Mac App Store” (page 84). See Also To learn about the user interface guidelines and get your app approved, read: ● OS X Human Interface Guidelines ● App Store Review Guidelines for Mac Apps For a description of the app development process and concepts, read Developing for the App Store . If you want to learn more about programming your app and certain technologies, read: ● Mac App Programming Guide ● Code Signing Guide ● App Sandbox Design Guide ● Local and Push Notification Programming Guide ● In-App Purchase Programming Guide To learn more about Xcode, read Xcode 4 User Guide . For details on entitlements, read Entitlement Key Reference . 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 9
  • 10. Managing Your Team If you want to submit an app to the Mac App Store, you need to enroll in the Mac Developer Program, set up a development team, and provide credentials to people on your team. You use Mac Developer Program tools—available to members only—to manage your team’s app IDs, developer systems, signing certificates, and provisioning profiles. Before you can perform any other tasks in this chapter, you must become a registered Apple Developer and enroll in the Mac Developer Program as described in “Enrolling in the Mac Developer Program” (page 15). The person who enrolls in the developer program is the primary contact for the development team. If you are an individual developer, you are the primary contact for your one person team. If you represent a company, you manage a team of developers who also need signing certificates and may need provisioning profiles. You can add developers to your team as described in “Inviting Team Members and Assigning Roles” (page 13). This chapter covers the administrative tasks you need to follow to set up and configure certain technologies. Some of the tasks are mandatory and others are optional depending on the technologies you choose as described in “Technology-Specific Administrative Tasks” (page 10). Team members should read the other chapters in this book to learn how to configure these technologies and provision their systems using Xcode. Important: Developers on your team won’t be able to use certain technologies—such as iCloud and push notifications—until you complete some of the tasks in this chapter. Technology-Specific Administrative Tasks If you use iCloud, In-App Purchase, or push notifications, you need a provisioning profile for Mac development and submission to the Mac App Store. Depending on which technologies you choose, you may need an explicit app ID and specialized provisioning profile too. A development provisioning profile contains the app ID, a list of development certificates, and a list of development systems. Therefore, creating development certificates, as described in “Creating Signing Certificates” (page 22), and registering systems, as described in “Registering Developer Systems” (page 26), are mandatory steps that all team members need to perform. If you are a team agent for a company, read “Approving Signing Certificates” (page 20) to learn how to approve signing certificates requested by team members. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 10
  • 11. Managing Your Team Enrolling in the Mac Developer Program Additional administrative tasks you may need to perform for these technologies are: ● ● ● iCloud. Your team may use the wild card app ID and team provisioning profile that Xcode manages for you. If you use another app ID, read “Enabling iCloud Storage” (page 25) to learn how to enable iCloud. To learn how to configure iCloud in your Xcode project, read “Configuring iCloud Key-Value Storage” (page 41) and “Configuring iCloud Document Storage” (page 41). In-App Purchase. You need an explicit app ID (used to identify your app throughout the system) that matches your bundle ID and a specialized provisioning profile that contains the explicit app ID. Read “Registering an App ID” (page 16) to learn how to register your app ID and read “Creating Provisioning Profiles” (page 28) to learn how to create your specialized provisioning profile. Push Notifications. You need an explicit app ID, the app ID needs to be enabled for push notifications, and you need a specialized provisioning profile that contains the explicit app ID. Read “Registering an App ID” (page 16) to learn how to register your app ID, read “Enabling Push Notifications” (page 25) to learn how to enable push notifications, and read “Creating Provisioning Profiles” (page 28) to learn how to create your specialized provisioning profile. Enrolling in the Mac Developer Program You cannot distribute an app on the Mac App Store without first joining the Mac Developer Program. When you enroll in the Mac Developer Program, you have access to all the resources and tools you need to create an app, manage your account, and publish it on the Mac App Store. The Mac Developer Program web tools you use to manage your account are: ● ● ● Member Center. The primary tool used to manage developer program accounts, invite team members, purchase technical support, and sign up for compatibility labs. The Member Center is also a gateway to other resources and tools you need to create an app for the Mac App Store. Developer Certificate Utility. A developer tool used to register your app ID, register developer systems, create signing certificates, and create provisioning profiles. iTunes Connect. The marketing and business tool used to check the status of your contracts, set up tax and banking information, obtain sales and finance reports, manage developers, and manage metadata about your app. To enroll in the Mac Developer Program, go to Apple Developer Program Enrollment, where a web assistant guides you through the entire process of enrolling. If you have not registered as an Apple Developer yet, you can do so as part of enrolling in the Mac Developer Program. When you are prompted to select a program, select the Mac Developer Program. You can enroll as an individual or a company. If you enroll as an individual, you are the team agent for and only member of your team, who can perform all the team agent tasks described in this book. If you enroll as a company, you are the team agent for your entire team. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 11
  • 12. Managing Your Team Enrolling in the Mac Developer Program Note that during the enrollment process, you receive a series of emails from Apple containing further instructions and links to various web tools. Read and follow the instructions carefully in the emails to complete the enrollment process: ● After you submit your enrollment request on the website, you receive a confirmation email with an invitation to visit the Member Center. While waiting for your request to be processed further, you can visit the Member Center to explore the resources, including documentation, you use to develop your app. ● After your enrollment request is processed by Apple, you receive an email requesting that you sign the license agreement. Follow the instructions in the email to sign the license agreement. ● After signing the license agreement and completing the enrollment process online, you receive an email containing your activation code. Click the activation code in the email to complete the purchase of your Mac Developer Program. ● After the enrollment is successful, you receive an email welcoming you to the Mac Developer Program. Click the “Log in now” button in the email to go to the Member Center. The Member Center contains links to all the web tools you’ll need to manage your team. ● Finally, you receive an email inviting you to use iTunes Connect to set up your app for purchase on the Mac App Store. After you successfully enroll in the Mac Developer Program, you can follow the rest of the steps in this chapter. All of these steps assume that you know how to launch the member tools. When you go to http://developer.apple.com, click Member Center in the toolbar and log in. To open Developer Certificate Utility, click the Certificate button under Developer Program Resources. If you manage a team of developers, read “Inviting Team Members and Assigning Roles” (page 13) first to add the rest of the team to the Mac Developer Program. People on your team can’t use Xcode to request development certificates or provisioning profiles without being registered as a team member first. To learn how to use iTunes Connect to manage your product information that is not covered in this book, read iTunes Connect Developer Guide . 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 12
  • 13. Managing Your Team Inviting Team Members and Assigning Roles Note: It’s possible for you to belong to multiple teams and a team may be enrolled in multiple developer programs. When you log in using your Apple ID, you select the team from a pop-up menu. Be sure to select a team that is enrolled in the Mac Developer Program to follow the steps described in this document. Inviting Team Members and Assigning Roles If you enroll as a company, you are the de facto team agent who has permission to add other developers, called team members, to your account. In general, team members have read access to view and download information managed by the web tools, but not write access. However, you can assign an admin role to a team member, which allows that person to have some of the privileges of a team agent—for example, a team admin can create signing certificates and provisioning profiles but can’t accept agreements. Assigning roles helps team agents delegate some of their responsibilities. If you are a team admin, add people to your development team through the Member Center. When you add a person to your team, you can grant them access to the developer programs that your team is enrolled in. To add team admins and members 1. After logging in to the Member Center, click People in the bar at the top. 2. Click Invitations in the sidebar. 3. Click Invite Person and provide the first name, last name, and email address. 4. Specify the person’s access and role for each program. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 13
  • 14. Managing Your Team Inviting Team Members and Assigning Roles 5. Click Send Invitation. 1 3 2 3 4 5 A development team can have as many people as necessary. Once you have added someone to your team, the Member Center generates and sends an email to the invitee. Team admins are notified by email when your invitation is accepted. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 14
  • 15. Managing Your Team Inviting Team Members and Assigning Roles Alternative: If you want to send invitations to multiple people at once, you can click Bulk Invite instead of Invite Person and upload a .txt file. Add up to 100 people per file by listing their first name, last name, and email address in a tab-delimited format. The first row of the file must contain the field labels, not contact information. Important: When you send an invitation, the person you specify receives an email invitation to join the team. The person should click the invitation code in the email to accept the invitation. If the person doesn’t have an Apple ID, they are asked to create an Apple ID first. Apple needs to verify the person’s email address before creating an Apple ID so the person might receive another email with a request to verify the email address. The person needs to follow the instructions in this email and complete the Apple ID creation process before accepting the invitation. At the Member Center you can read more about the specific privileges of each type of member. After the team member accepts the invitation, the team agent receives a confirmation email and the team member has access to the Member Center and other web tools. As your team grows, you may need to edit a team member’s privileges. By changing a person’s role in the Member Center, the team agent or a team admin can grant that person more or fewer privileges. To edit a team member's privileges 1. After logging in to the Member Center, click People in the bar at the top. 2. Click All People in the sidebar. 3. Click Details in the last column in the row of the person whose privileges you want to change. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 15
  • 16. Managing Your Team Registering an App ID 4. Specify the person’s access and role for each program and click Save. 1 2 3 4 A person’s membership level determines the level of access he or she has to Apple Developer Program webpages and the team information stored there. Important: Team members should belong to only one Mac Developer Program; otherwise, Xcode displays information for multiple teams, which can be confusing. Registering an App ID OS X and developer program tools use the app ID to uniquely identify your app throughout the system. For example, OS X uses the app ID to recognize any future updates to your app. The app ID is also used to identify one or more apps for provisioning. If you are just starting development, you can use a generic app ID that Xcode provides for you. However, if you use certain technologies, you may need an explicit app ID. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 16
  • 17. Managing Your Team Registering an App ID You use the Developer Certificate Utility tool to register your app ID. When you register the app ID, you enter a human–readable text description of the app and a unique identifier string of your choice. In this case, the app ID is usually the same as your bundle ID (called a bundle identifier in Xcode) which you set in the information property list of your app or on the target’s Summary pane of the project navigator using Xcode. However, you can also register a wildcard app ID that matches multiple apps your team is developing. Xcode automatically creates a wild card app ID for you as described in “Using the Mac Team Provisioning Profile” (page 30). In either case, the team ID followed by a dot (.) separator is automatically prefixed to your app ID to make it truly unique. Typically, the bundle ID in your Xcode project is string formatted as a reverse domain name, such as com.MyCompany.MyProductName, where you replace MyCompany and MyProductName with your company and product name. However, unlike domain names, app IDs and bundle IDs are case sensitive. If you are a team agent or admin, make sure that team members set the bundle IDs in the Xcode project to match the app ID, as described in “Setting the Bundle ID” (page 37). Otherwise, any specialized provisioning profiles you create based on an app ID won’t match the bundle ID. Important: You cannot change an app ID after you register it. Developer Certificate Utility reserves it for your use until you delete it. To register an app ID 1. Go to Developer Certificate Utility and log in. 2. Click App IDs in the left column. 3. Click Create App ID in the upper-right corner. 4. Enter a name or description. 5. Enter the app ID in the Bundle Identifier text field. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 17
  • 18. Managing Your Team Registering an App ID Examples of wildcard app IDs are com.johndoeinc.* (to match every app in your domain) and * (to match every app developed by your team). 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 18
  • 19. Managing Your Team Registering an App ID 6. Click Continue. To view the team ID 1. Go to Developer Certificate Utility and log in. 2. Select App IDs in the left column. 3. Click Configure in the last column in the row of the app ID you want to examine. The team ID is the unique number at the beginning of the app ID under the Configure App ID title. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 19
  • 20. Managing Your Team Approving Signing Certificates Approving Signing Certificates If you are a team agent for a company, it is your responsibility to approve team member requests for an Mac Development certificate. Team members need a type of signing certificate, called a development certificate, to sign apps, use the generic Mac Team Provisioning Profile, or be added to other provisioning profiles. To learn how to request development certificates using Xcode, read “Requesting a Signing Certificate” (page 47). Team agents and admins can also use Xcode to request their signing certificates, which are automatically approved. When a request for a development certificate arrives from a team member, team agents and admins receive an email notification and use Developer Certificate Utility to approve the request. To approve a certificate request 1. Go to Developer Certificate Utility and log in. 2. Click Approve in the last column in the row of the certificate you want to approve. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 20
  • 21. Managing Your Team Approving Signing Certificates The certificate appears in the Pending state. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 21
  • 22. Managing Your Team Creating Signing Certificates Creating Signing Certificates To submit an app to the Mac App Store, you have to sign the app bundle and the installer package that you upload to the Mac App Store. You can create both a Mac Submission certificate and Mac Installer certificate using Xcode or Developer Certificate Utility. These distribution certificates are owned by the team, not by an individual team member. For this reason, only one certificate of each type is allowed. All team members can use Developer Certificate Utility to create their own development certificates as well. You can also use Developer Certificate Utility to create Developer ID certificates but the preferred method is to create them using Xcode as described in “Requesting Developer ID Certificates” (page 85). When a team agent or admin clicks the Refresh button in Xcode, as described in “Requesting a Signing Certificate” (page 47), Xcode offers to create distribution certificates when it creates a development certificate. If you are a team agent, Xcode offers to create Developer ID certificates too. It is your choice whether you create these distribution certificates using Xcode or follow the steps in this section to create the certificates using Developer Certificate Utility. Note that team agents cannot create development certificates on behalf of other team members. Team members must request their own development certificates because the private key is stored locally and cannot be created by someone else. To create signing certificates using Developer Certificate Utility 1. Go to Developer Certificate Utility and log in. 2. Click Certificates in the left column. 3. Click Create Certificate in the upper-right corner of the page. 4. Select the type of certificate you want to create. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 22
  • 23. Managing Your Team Creating Signing Certificates You can have only one of each type of certificate. Therefore if you already have that certificate type, you will notice that some of the options are disabled. Only team agents can create Developer ID certificates (see “Distributing Outside the Mac App Store” (page 84)). 5. Click Create. 6. Follow the instructions to create a Certificate Signing Request (CSR) using Keychain Access. 7. Follow the instructions in Developer Certificate Utility to select the CSR you just created. 8. Click Generate. Generating the certificate may take a few minutes. 9. If successful, click Continue. A panel appears showing the new certificate and its expiration date. If you are a team member, a panel appears stating that your development certificate is pending approval by your team agent or admin. Click Done, and wait for the team agent or admin to approve your request before continuing. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 23
  • 24. Managing Your Team Creating Signing Certificates If you are a team agent or admin and selected multiple certificates in step 4, repeat steps 6-8 until all the certificates you selected are generated. 10. Click the Download button next to the expiration date to download the certificate now, or click Done and download the certificate later. 11. Double-click the downloaded certificate file (extension .cer) to install it in your login keychain. Keychain Access launches and puts the certificate in your login keychain. The certificate should appear in the My Certificates category in Keychain Access. The name of the certificate begins with the text “Mac Developer” for a Mac Development certificate, “3rd Party Mac Developer Application” for a Mac Submission certificate, and “3rd Party Mac Developer Installer” for a Mac Installer certificate. If you click the disclosure triangle next to the name, you should see your private key. Verify that the certificate is valid and the expiration date is correct. To create a Certificate Signing Request using Keychain Access 1. Launch Keychain Access. 2. Choose Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority. 3. In the User Email Address field, enter your email address. 4. In the Common Name field, enter your name. 5. Leave the CA Email Address field blank. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 24
  • 25. Managing Your Team Enabling iCloud Storage 6. In the “Request is” group, select the “Saved to disk” option. 7. Click Continue. Read “Code Signing Your App” (page 45) for more on how to use signing certificates to sign your app. If you need to revoke a signing certificate, read “Repairing Signing Certificates” (page 59). Enabling iCloud Storage To use iCloud storage, you must first enable it for your app using Developer Certificate Utility. You also need to have development and distribution certificates, and provisioning profiles containing these certificates to use this feature. To enable iCloud storage 1. Go to Developer Certificate Utility and log in. 2. Click app IDs in the left column. 3. Click Configure in the right column of the row containing your app ID. 4. Select the option “Enable for iCloud” to enable iCloud storage for this specific app ID. 5. Click Done at the bottom of the page. After you enable iCloud storage, create a new provisioning profile containing the app ID, as described in “Creating Provisioning Profiles” (page 28). This new provisioning profile is iCloud compatible and should be used to build your app. For more details on configuring iCloud storage, read “Configuring Entitlements” (page 39). Enabling Push Notifications If you use push notifications, you must enable push notifications for your app using Developer Certificate Utility. To use this feature, you also need to have development and distribution certificates, and provisioning profiles containing these certificates. To enable push notifications for your app ID, you need to create a client SSL certificate that allows your notification server to connect to the Apple Push Notification Service. Each app ID requires its own client SSL certificate to connect to the Apple Push Notification Service. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 25
  • 26. Managing Your Team Registering Developer Systems To enable push notifications 1. Go to Developer Certificate Utility and log in. 2. Click app IDs in the left column. 3. Click Configure in the right column of the row containing your app ID. 4. Select the option “Enable for Apple Push Notification service” to enable push notifications. 5. Click Generate next to the development or production SSL certificate you want to create. After you generate the SSL certificate, create a new provisioning profile containing the app ID as described in “Creating Provisioning Profiles” (page 28). This new provisioning profile is Apple Push Notification Service compatible and should be used to build your app. For more information on push notifications, read Local and Push Notification Programming Guide . Registering Developer Systems Before creating development provisioning profiles, team members need to register their developer systems with Apple. Each Mac Developer Program membership year, you are allowed to register a fixed number of developer systems that use push notifications and iCloud provisioning. The maximum number of systems you can register is 100. Team agents and admins can register a developer system using Xcode, as described in “Adding Your System to the Mac Team Provisioning Profile” (page 63). Team members need to send a request to their team agent or admin to register their system. In Xcode, a team member can select the computer in the Devices organizer to display the device identifier. The team member should send the device identifier to the team agent or admin to register it. To locate your device identifier using System Information 1. Open the System Information app located in the /Applications/Utilities folder. 2. Select Hardware in the left column. The device identifier, or hardware UUID, appears near the bottom of the Hardware Overview pane and is of the form 915A75DC-7BD9-50D7-987F-A19358828029. To locate your device identifier using Xcode 1. Choose Window > Organizer. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 26
  • 27. Managing Your Team Registering Developer Systems 2. Select your Mac in the Devices section. 3. Select and copy the text in the Identifier field. To register a developer system 1. Go to Developer Certificate Utility and log in. 2. Select Systems in the left column. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 27
  • 28. Managing Your Team Creating Provisioning Profiles 3. Click Register System in the upper-right corner. 4. Enter a name or description. 5. Enter the device identifier, or hardware UUID. 6. Click Continue. 7. Verify the system information and click Submit. Creating Provisioning Profiles You need two types of Mac provisioning profiles if you use certain technologies such as iCloud and push notifications. There are two types of provisioning profiles you create: ● Development Provisioning Profiles. For creating subteams to develop, debug, or test an app. Xcode creates a simple development provisioning profile for you that you can use all your team’s apps. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 28
  • 29. Managing Your Team Creating Provisioning Profiles ● Production Provisioning Profiles. For submitting an app to the Mac App Store. If you don’t use any of these specialized technologies, it is sufficient to just sign your app and submit it to the Mac App Store. In order for a team to build and test an app that uses these technologies, you need to create a Development Provisioning Profile for that team that is then installed on the team member’s individual systems. The Development Provisioning Profile allows a team member to build an app on his or her system and share it with other team members, who can then run that app on their systems. For small teams, you might have one Development Provisioning Profile that all team members belong to. Xcode creates this type of Development Provisioning Profile for you, which is called the Mac Team Provisioning Profile. For larger organizations, you can create a Development Provisioning Profile for a specific purpose like testing or seeding your app. A Development Provisioning Profile is a mapping between a single app ID, a number of signing certificates, and a number of developer systems, as shown in Figure 1-1. Before creating a provisioning profile, you register your app ID with Apple as described in “Registering an App ID” (page 16), create a development certificate for each team member as described in “Creating Signing Certificates” (page 22), and register each of the team member’s systems as described in “Registering Developer Systems” (page 26). If you use iCloud storage or push notifications, you need to enable them as described in“Enabling iCloud Storage” (page 25) and “Enabling Push Notifications” (page 25) before creating a provisioning profile. Figure 1-1 Provisioning profile components Provisioning Profile Company X Team Mac Dev Program App ID certificates systems App ID Certificates David Brown public key CurrentApp John Doe public key Jane Smith Systems John’s work computer John’s home computer David’s work computer Jane’s work computer Jane’s laptop public key 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 29
  • 30. Managing Your Team Creating Provisioning Profiles You use a combination of web and native tools to create, download, and install Development Provisioning Profiles. Provisioning profiles are installed on the system you use to run your app and added to the Xcode project you use to build the app. It’s your choice which tools you use to perform some of these tasks. A Production Provisioning Profile is used for submitting your app to the Mac App Store as described in “Submitting to the Mac App Store” (page 72). You cannot install a Production Provisioning Profile on your system—that is, install it in the Profiles pane in System Preferences. Using the Mac Team Provisioning Profile When a team agent or admin first refreshes provisioning profiles using Xcode, Xcode creates a wildcard app ID (called Xcode: Mac Wildcard App ID). Xcode creates a Mac Team Provisioning Profile the first time a system is added to the portal. The wildcard app ID is set to an asterisk (*) which matches any bundle ID used by your team. The Mac Team Provisioning Profile can be used as an all-inclusive, generic provisioning profile for app development. The Mac Team Provisioning Profile contains the wildcard app ID, all the team registered systems, and approved development certificates. You can also use the wildcard app ID to create other provisioning profiles. Xcode manages the Mac Team Provisioning Profile for you throughout the development process. Whenever a new system or development certificate is added to the team, they are added to the Mac Team Provisioning Profile. The Mac Team Provisioning Profile is updated when you refresh the provisioning profiles in Xcode. So if you add a system or development certificate using Developer Certificate Utility, you need to refresh the provisioning profiles in Xcode to update the Mac Team Provisioning Profile automatically. If you accidentally delete the Mac Team Provisioning Profile, Xcode recreates it the next time you add a system to the portal. Because the Mac Team Provisioning Profile uses a wildcard app ID, you can use this same provisioning profile for all your apps. The Mac Team Provisioning Profile is sufficient for iCloud development but needs to be enabled for iCloud storage, as described in “Enabling iCloud Storage” (page 25). If you want to test push notifications, you need to create a development provisioning profile that uses an explicit app ID (not a wildcard app ID). The app ID needs to be enabled for push notification as described in “Enabling Push Notifications” (page 25). Read “Adding Your System to the Mac Team Provisioning Profile” (page 63) to learn how to add your system to the portal and create the Mac Team Provisioning Profile. Creating Specialized Development Provisioning Profiles Provisioning profiles can be created only by team agents or admins using Developer Certificate Utility. After a provisioning profile is created, team members can either use Developer Certificate Utility or Xcode to download and install provisioning profiles on their system. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 30
  • 31. Managing Your Team Creating Provisioning Profiles To create a development provisioning profile 1. Go to Developer Certificate Utility and log in. 2. Select Provisioning Profiles in the left column. 3. Click Create Profile in the upper-right corner of the page. 4. Select Development Provisioning Profile. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 31
  • 32. Managing Your Team Creating Provisioning Profiles The window changes to show the Development Provisioning Profile options. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 32
  • 33. Managing Your Team Creating Provisioning Profiles 5. Enter a name or description of the provisioning profile. 6. Select the appropriate app ID. 7. Select the team members the provisioning profile applies to. 8. Select the systems the provisioning profile applies to. 9. Click Generate. 10. Click “Back to list” or Download. If you want to install the development provisioning profile on your own system now, click the Download button; otherwise, click “Back to list.” If you click Download, the file is placed in your Downloads folder and depending on your preferences, Finder might automatically install the profile in System Preferences. You need to have a system administrator user name and password to install a profile. Other team members can use Xcode to download and install development provisioning profiles as described in “Provisioning Your System” (page 63). Creating a Production Provisioning Profile If you use iCloud storage or push notifications, you need to create a Production Provisioning Profile in order to submit your app to the Mac App Store. To create a Production Provisioning Profile 1. Go to Developer Certificate Utility and log in. 2. Select Provisioning Profiles in the left column. 3. Click Create Profile in the upper-right corner of the page. 4. Select Production Provisioning Profile. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 33
  • 34. Managing Your Team Creating Provisioning Profiles The window changes to show the Production Provisioning Profile options. 5. Enter a name or description of the provisioning profile. 6. Select the appropriate app ID. 7. Select the certificate that begins with the text Mac App that you want to use in the profile (in Xcode, the type of certificate is called Mac Submission). 8. Click Generate. Follow the instructions on the next page if you want to install the provisioning profile now. 9. Click “Back to list” . Later, you can install the Production Provisioning Profile, as described in “Submitting to the Mac App Store” (page 72). 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 34
  • 35. Managing Your Team Renewing Expired Provisioning Profiles If you click Download, the file is placed in your Downloads folder and depending on your preferences, Finder might attempt to install the profile in System Preferences. You cannot install a Production Provisioning Profile on our system, so if a dialog appears asking if you want to install it, Click Cancel. Renewing Expired Provisioning Profiles If the expiration date of a provisioning profile passes, the provisioning profile appears expired in both Xcode and Developer Certificate Utility. Using Xcode, a team agent or admin can renew an expiring or expired provisioning profile. To renew an expiring or expired provisioning profile 1. In the Devices organizer, select Provisioning Profiles in the Library section. 2. In the provisioning profiles list, select the provisioning profile you want to renew. 3. Click Renew. 4. Enter your Apple ID user name and password, and click “Log in” . If you installed the provisioning profile on your system, replace the expired provisioning profile with the renewed provisioning profile. To replace a provisioning profile 1. In the Library section in the devices organizer, select Provisioning Profiles. 2. From the provisioning profiles list, drag the new provisioning profile to your device. 3. Delete the old provisioning profile from your device by selecting it and clicking Delete. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 35
  • 36. Configuring Apps Before you validate and submit an app on the Mac App Store, you need to configure it. You set the deployment target, possibly enable entitlements to use iCloud storage or sandboxing, and change other settings required by the Mac App Store. Some of this configuration is done automatically when you create your Xcode project or sign your app, but you can always change these settings manually, too. Most of the options, discussed in this chapter, including enabling entitlements, are located on the target’s Summary or Build Settings pane of the project editor. All apps and their installer packages need to be signed to submit them to the Mac App Store. Refer to “Code Signing Your App” (page 45) to learn how to do this. If you use a helper app, read Daemons and Services Programming Guide to learn how to configure it. Setting the App Icon Unless your app has an app icon to represent it on the Mac App Store, it won't pass the iTunes validation test. The icon file needs to be in ICNS format and contain a 512 x 512 image. You can use the Icon Composer utility to create your icon and then add it to your project. Choose Xcode > Other Developer Tool > Icon Composer to launch this app. To add an app icon 1. If the project navigator is not displayed, choose View > Navigators > Show Project Navigator. 2. In the project navigator, select your project. 3. Select your target in the Targets section of the second sidebar to display the project editor. 4. Click the Summary tab. 5. Drag the icon file to the App Icon image well. To learn how to validate your app before submission to the Mac App Store, read “Validating and Submitting Your App Using Xcode” (page 82). 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 36
  • 37. Configuring Apps Setting the Application Category Setting the Application Category Set the category under which your app will be listed on the Mac App Store. Note that the category you select should match the category defined in your iTunes Connect app record. To set the application category 1. In the project navigator, select the project. 2. Select your target in the Targets section of the second sidebar. 3. Click the Summary tab. 4. Choose the category from the Application Category pop-up menu. Read iTunes Connect Developer Guide for more details on app categories. Setting the Bundle ID The bundle ID (called a bundle identifier in Xcode) is used by Xcode, OS X, and the Mac App Store to uniquely identify an app. A Mac app and iOS app cannot share the same bundle ID either. The bundle ID is also used to match a team’s app ID and any associated provisioning profiles. You can’t use a specialized provisioning profile if the bundle ID in your app’s Xcode project doesn’t match the app ID used by the provisioning profile. App IDs can use an asterisk to match multiple bundle IDs (or in the case of the wildcard app ID, match all team bundle IDs). However, the bundle ID needs to be absolute. Typically, the bundle ID in your Xcode project is a string formatted as a reverse-domain name such as com.MyCompany.MyProductName, where you replace MyCompany and MyProductName with your domain and product name. The Xcode project template uses the Product Name build setting, which defaults to your app name, as the product name in this string. For example, the bundle ID for the TrackMix app defaults to com.MyCompany.TrackMix. So it is sufficient to just replace com.MyCompanyName in your information property list with your domain name to set the bundle ID in your Xcode project. However, unlike domain names, app IDs and bundle IDs are case sensitive. If the app ID is in lowercase, your bundle ID needs to be lowercase, too. To change your bundle ID 1. In Xcode, choose View > Navigators > Show Project Navigator to open the project navigator. 2. In the project navigator, select the project. 3. Select your target in the Targets section of the second sidebar to display the project editor. 4. Click the Info tab. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 37
  • 38. Configuring Apps Setting the Bundle Version and Copyright Keys 5. Enter the bundle ID in the Value column of the “Bundle identifier” row. Ensure that every bundle ID is unique within your app bundle. For example, if your app bundle includes a helper app, ensure that you do not include two copies of a framework that is used by both your app and the helper app. Read “Managing Your Team” (page 10) to learn how to register an app ID and create provisioning profiles and read “Provisioning Your System” (page 63) to learn how to use provisioning profiles for development. Setting the Bundle Version and Copyright Keys Make sure that your information property list file contains valid values for the “Bundle version” and “Copyright” keys. You can also set the version at the top of the target’s Summary pane in Xcode. For details on possible values, see “CFBundleShortVersionString” in Information Property List Key Reference and “NSHumanReadableCopyright” in Information Property List Key Reference . Specifying the Deployment Target Each version of OS X includes features and capabilities not present in earlier versions. As new versions are published, some users may upgrade immediately while other users may wait before moving to the latest version. There are several strategies to choosing the deployment target when developing your app. You can target the latest version taking full advantage of all the new features, but limiting the app to only users running the latest version. Or you can target an earlier version making your app available to more users, but limiting the features you can use in the app. A better approach is to target an earlier version but use weak linking to check at run time if later version features are available before using them. To set the target version 1. In the project navigator, select the project. 2. Select your target in the Targets section of the second sidebar to display the target editor. 3. Click the Summary tab. 4. Choose the version you want to target from the Deployment Target pop-up menu. Xcode sets the Minimum System Version key in the app’s information property list to the deployment target you choose. When you publish your app to the Mac App Store, the store uses this property value to indicate which versions your app supports. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 38
  • 39. Configuring Apps Configuring Entitlements Note: The SDK version, not the deployment target, determines which features you can use in an app. If the SDK you’re using to build the app is more recent than the app’s deployment target, Xcode displays build warnings when it detects that your app is using a feature that’s unavailable in the deployment target. You must also ensure that the symbols you use are available in the app’s runtime environment. To check for their availability, use the techniques described in SDK Compatibility Guide . For details on weak linking, read “Frameworks and Weak Linking”. Configuring Entitlements To protect against your app being compromised by a hacker who might damage the user’s system, you give permissions, known as entitlements , to your app to perform specific functions. An entitlement is a key-value pair whose value you can set to specify a capability or security permission. You configure entitlements for each target in the Xcode project. For example, if you have a main app and multiple helper apps in one Xcode project, you need to configure entitlements for each target in the project. When you enable entitlements, Xcode adds a file with entitlement key-value pairs to your target. The name of the file is your project name with the extension .entitlements. You can configure entitlements—for example, for iCloud storage or sandboxing—using either the property list editor to edit this file or the project editor. For entitlements to take effect, you need to code sign your app, as described in “Code Signing Your App” (page 45). Therefore, when you enable entitlements, the Code Signing Identity build setting is automatically set to the default Mac Developer certificate. If you use iCloud storage, your team agent or admin may need to enable iCloud storage for your app ID before you can use it, as described in “Enabling iCloud Storage” (page 25). Turn on application entitlements to configure your application’s access and use of special resources and capabilities. To enable entitlements 1. In the project editor, select the target that builds the application whose entitlements you want to configure. 2. Click Summary at the top of the project editor. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 39
  • 40. Configuring Apps Configuring Entitlements 3. In the Entitlements section, select the Enable Entitlements option. After turning on entitlements, you can enter values for the entitlements listed under the Enable Entitlements option. Refer to Entitlement Key Reference for a complete list of application entitlements. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 40
  • 41. Configuring Apps Configuring Entitlements Configuring iCloud Key-Value Storage iCloud key-value storage allows an app to share small amounts of data with other instances of itself running on the user’s other devices. To configure iCloud key-value storage, set the iCloud Key-Value Store field to the bundle ID for example, com.johndoeinc.trackmix as shown in Figure 2-1. When you enable entitlements, Xcode automatically configures both iCloud key-value and document storage. Figure 2-1 Setting iCloud entitlements To learn how to use iCloud key-value storage for preferences, read “iCloud Storage” and “Storing Preferences in iCloud”. Configuring iCloud Document Storage iCloud document storage is used to store user documents and app data in the user’s iCloud account. Each app has a container in the user’s iCloud account identified by its app ID. An app can access containers belonging to other apps created by your team as well. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 41
  • 42. Configuring Apps Configuring Entitlements To configure iCloud document storage, set the iCloud Containers field to one or more of your team’s app IDs. When you enable entitlements, Xcode adds the app’s bundle ID as the first container. Add additional app IDs to the container list or add a wildcard app ID to match a set of app IDs. Note that the first container identifier cannot be a wildcard app ID. To add iCloud containers 1. Click the Add (+) button at the bottom of the iCloud Containers field. The bundle ID is added to the list and appears highlighted. 2. Enter the app ID for the container you want to add. To learn more about iCloud storage, read “iCloud Storage” in Mac App Programming Guide . Configuring Sandboxing Sandboxing provides the last line of defense against stolen, corrupted, or deleted user data if malicious code exploits your app. It also minimizes damage from coding errors in your app or in frameworks you link against. Simply enabling sandboxing provides the maximum level of restrictions on how an app can interact with the rest of the system. You configure sandboxing by enabling this feature and then optionally granting permission for specific types of functions. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 42
  • 43. Configuring Apps Configuring Entitlements To enable sandboxing, select the Enable App Sandboxing option as shown in Figure 2-2. Xcode automatically selects the Enable App Sandboxing option when you enable entitlements. Figure 2-2 Configuring sandbox entitlements Use the remaining App Sandbox entitlements to describe the minimum set of capabilities the target needs to do its job. Refer to Entitlement Key Reference for a complete description of these entitlements. If you are enabling sandboxing for an existing app, read “Migrating an App to a Sandbox” in App Sandbox Design Guide to learn the new locations a sandboxed app can access. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 43
  • 44. Configuring Apps Specifying Build Settings Specifying Build Settings Set the Debug Information Format build setting to “DWARF with dSYM,” and ensure that the Architectures build setting does not include PPC. To find the build setting quickly, type debug information in the search field in the Build Settings pane of the project editor. Click All if some build settings fail to appear. Customize aspects of your product’s build process by editing its build settings. To edit a build setting 1. In the project editor, select the project or target whose build setting you want to edit. 2. Click Build Settings at the top of the project editor. 3. Locate the build setting in the left column. 4. Set the value for the build setting in the right column. See the HTML version of this document to view the video. You set build settings at either the project level or the target level. To see all the levels of build settings, select Levels rather than Combined. The lowest level at which a build setting is defined takes precedence. If you define a build setting at the project level, the definition is set for the corresponding project, and it’s applied to all the targets that belong to that project. If you define a build setting at the target level, the definition applies only to the corresponding target. Definitions applied at the target level override definitions set at the project level. The level at which the build setting is defined is highlighted in green. For example, at the beginning of the video, the Architecture build setting is highlighted in green at the default level. At the end of the video, after the setting has been redefined at the target level, the Architecture build setting is highlighted in green at the target level. If you have changed or customized a setting, it’s shown in boldface. The video shows changing the compiler build setting for a target. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 44
  • 45. Code Signing Your App The bundle, installer package, and any other helper apps installed with your app need to be signed before submitting them to the Mac App Store. You sign the entire Xcode project, containing the app and any helper apps, using a Mac Submission certificate, and the installer package using a Mac Installer certificate. If you use certain technologies, such as push notifications and iCloud storage, you also need a development certificate and provisioning profile. Only team agents and admins can create signing certificates and approve team member requests for development certificates using the Developer Certificate Utility. If you are an individual developer, certificates are automatically approved. All team members can request signing certificates using Xcode as described in “Requesting a Signing Certificate” (page 47). However, only a team agent or admin can request distribution certificates used to submit the app to the Mac App Store. Regular team members can request only development certificates. All team members follow the instructions in this chapter to install these certificates in their login keychains and add them to their Xcode projects. If you are a team agent or admin, read “Submitting to the Mac App Store” (page 72) when you are ready to submit an app to the Mac App Store. In most cases, Xcode can handle your code signing needs for you. If you want to learn more about code signing or need to use the codesign command-line tool, read Code Signing Guide . How Code Signing Works Code signing works the same way regardless of the type of certificate. Code signing allows you and your team to sign your app and thereby certify that the app is released by you. Because the app is signed with a private key that only you possess, OS X can distinguish between legitimate and modified copies of your app. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 45
  • 46. Code Signing Your App How Code Signing Works A development certificate identifies you as a legitimate member of your team. The code signing process uses the public and private key associated with your development certificate as your digital identity. The development certificate in Developer Certificate Utility contains the public key, and the development certificate in your login keychain contains the private key. The development certificate in your login keychain begins with the text “Mac Developer:” followed by your name, as shown in Figure 3-1. Figure 3-1 Developer certificates Jane Smith’s Developer System Developer Certificate Utility Keychains Team Account Certificates System Apple Worldwide... David Brown public key John Doe login public key Jane Smith Mac Developer: Jane Smith public key private key Jane Smith The development certificate is also signed by the certification authority who issued the certificate. A team agent or admin approves your request using Developer Certificate Utility, but the certificate is issued and authorized by Apple. Therefore, you must have the intermediate signing certificate provided by Apple installed in your system keychain to use your development certificate; otherwise, it is invalid. The name of the intermediate signing certificate is Apple Worldwide Developer Relations Certification Authority. You can use Developer Certificate Utility to view all the signing certificates issued by Apple and use Keychain Access to view signing certificates installed on your system. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 46
  • 47. Code Signing Your App Requesting a Signing Certificate Requesting a Signing Certificate If you need a development or distribution certificate, you can request one using Xcode. Development certificates are owned by individual team members, and distribution certificates are shared by the team. If you are a team member and request a development certificate, the team agent is notified by email and approves your request using Developer Certificate Utility. You receive an email notification when your request is approved. If you are a team agent or admin, your request is automatically approved. To request a signing certificate 1. In Xcode, choose Window > Organizer to open the Organizer window. 2. Click Devices to display the Devices organizer. 3. Select Provisioning Profiles in the Library section and click Refresh. 4. Enter your Apple ID user name and password and click “Log in” . If you don’t have a development certificate, Xcode offers to request a Mac Development certificate on your behalf. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 47
  • 48. Code Signing Your App Requesting a Signing Certificate Warning: If instead Xcode offers to create iOS certificates, you are not enrolled in the Mac Developer Program. Go to the Member Center and click Programs & Add-ons to add the Mac Developer Program to your account. 5. Click Submit Request. If you are a team agent or admin, a certificate named “Mac Developer:” followed by your name appears in your login keychain. 6. If a dialog appears stating that a certificate request is pending, click OK. 7. If you are a team agent or admin and there are no distribution certificates for your team, Xcode offers to create distribution certificates. If you are a team agent, Xcode offers to create Developer ID certificates too. (Read “Distributing Outside the Mac App Store” (page 84) to learn how to use Developer ID certificates.) Click Submit Request for each dialog that appears. Xcode requests a development certificate for every team member but distribution certificates only for team agents or admins and only if that type of certificate doesn’t exist. Development certificates are for individuals, and distribution certificates are shared by the team agents and admins. 8. If you are a team member, wait for your team agent to approve your certificate request before continuing. 9. If a dialog appears at the end of the refresh process, asking if you want to export your developer profile, click Export. The private keys for your certificates are stored in your keychain and the public keys are stored by Developer Certificate Utility. For this reason, you can’t refresh your provisioning profiles and certificates in Xcode to replace a missing private key in your keychain. Instead, you should backup your certificates after you create them and import them when you are missing a private key or move to another Mac. To learn how to import your certificates later, read “Exporting and Importing Signing Certificates” (page 56). 10. If you are a team member, once your request is approved, open the Devices organizer, select Provisioning Profiles in the Library section, and click Refresh again. 11. Select your team in the Teams section in the Library section. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 48
  • 49. Code Signing Your App Verifying Your Certificate in the Keychain Your new certificates are displayed. If you are a team agent or admin, your certificate requests are automatically approved and appear in Xcode and your login keychain. Xcode adds a Teams section to the Devices organizer that displays your team certificates. Important: If you have other certificates in your login keychain from previous projects, you need to remove them before continuing. Team agents or admins should have only one certificate installed that begins with the text “3rd Party Mac Developer Application” and another that begins with the text “3rd Party Mac Developer Installer.” Verifying Your Certificate in the Keychain When you request a development or distribution certificate using Xcode, the certificate is automatically installed in your login keychain. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 49
  • 50. Code Signing Your App Verifying Your Certificate in the Keychain The development certificate should appear in the My Certificates category in Keychain Access. The name of the certificate begins with the text “Mac Developer:” followed by your name for a development certificate as shown in Figure 3-2. It should have a disclosure triangle next to the name, which when clicked, shows your private key. Figure 3-2 Team member development certificate 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 50
  • 51. Code Signing Your App Verifying Your Certificate in the Keychain If you are a team agent or admin and you requested a distribution certificate, both your distribution and developer certificates appear in the My Certificates category in Keychain Access as shown in Figure 3-3. The distribution certificates begin with the text “3rd Party Mac Developer” followed by the type of certificate and your team name. Figure 3-3 Team agent or admin certificates Verify that the certificates are valid and the expiration dates are correct. When you select the certificate, the pane above should display a green circle containing a checkmark, and the text next to the circle should read “This certificate is valid.” This means that the intermediate certificate authorized your certificate. If you don’t have a private key for a certificate, you most likely did not request that certificate from this system or you accidentally removed your key. To fix this problem, export your private key from the system you first requested the certificate from and import it into this system as described in “Exporting and Importing Signing Certificates” (page 56). If you don’t have a backup of your private key, read “Repairing Signing Certificates” (page 59) for the steps to recreate your certificate. If your certificates are not valid, you could be missing the intermediate certificate used to authenticate your certificate. The intermediate certificate is installed when you install Xcode. It is called Apple Worldwide Developer Relations Certification Authority and should appear in your System keychain. If you accidentally remove the intermediate certificate, you can retrieve it from Developer Certificate Utility and install it again. To install the intermediate certificate 1. Go to Developer Certificate Utility. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 51
  • 52. Code Signing Your App Verifying Your Certificate in the Keychain 2. Click the WWDR Intermediate Certificate link in the Certificates section of the Overview page. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 52
  • 53. Code Signing Your App Verifying Your Certificate in the Keychain The WWDR certificate is downloaded. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 53
  • 54. Code Signing Your App Signing an App 3. Double-click the certificate file to install it in your System keychain. Do not change the trust settings from the default “Use System Defaults” for any of your certificates. If the trust setting is not “Use System Defaults” you get a CSSMERR_TP_TRUSTED error message from the codesign command-line tool when you build and run your app. If your certificate doesn’t appear in the login keychain, it may not be the default keychain as Xcode expects it to be. The default keychain appears in bold in the Keychains column in Keychain Access. If the default keychain is not login, select login in the Keychains column and choose File > Make Keychain “login” Default. Signing an App After you’ve added the signing certificate to your login keychain, you can use it to sign your app in Xcode. To do this, set the Code Signing Identity build setting for your project to your development certificate. To quickly find the build setting, select the project and type code signing in the search field in the Build Settings pane of the project editor. Important: You set the Code Signing Identity build setting for the project, not for any of the individual targets. Customize aspects of your product’s build process by editing its build settings. To edit a build setting 1. In the project editor, select the project or target whose build setting you want to edit. 2. Click Build Settings at the top of the project editor. 3. Locate the build setting in the left column. 4. Set the value for the build setting in the right column. See the HTML version of this document to view the video. You set build settings at either the project level or the target level. To see all the levels of build settings, select Levels rather than Combined. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 54
  • 55. Code Signing Your App Signing an App The lowest level at which a build setting is defined takes precedence. If you define a build setting at the project level, the definition is set for the corresponding project, and it’s applied to all the targets that belong to that project. If you define a build setting at the target level, the definition applies only to the corresponding target. Definitions applied at the target level override definitions set at the project level. The level at which the build setting is defined is highlighted in green. For example, at the beginning of the video, the Architecture build setting is highlighted in green at the default level. At the end of the video, after the setting has been redefined at the target level, the Architecture build setting is highlighted in green at the target level. If you have changed or customized a setting, it’s shown in boldface. The video shows changing the compiler build setting for a target. The possible values for the Code Signing Identity build setting are: ● ● ● ● Don’t Code Sign. Choose this option if you don’t want to sign your app. However, choosing this option disables entitlements, including sandboxing. Automatic Profile Selector. This selector selects an identity whose name starts with “Mac Developer” or “3rd Party Mac Developer.” Identities without Provisioning Profiles. A code signing identity that is not in a provisioning profile. Other... A specific code signing identity. The code signing identities in your default keychain are listed by the name. Expired or otherwise invalid identities are dimmed and cannot be chosen. You use this same pop-up menu to select your identity in a provisioning profile. So if your team has provisioning profiles that you belong to, your Code Signing Identity menu might look different as described in “Setting Your Provisioning Profile in Xcode” (page 70). If you are not using a provisioning profile, select an identity in the Automatic Profile Selector group. If you are signing with a development certificate not shown, select Other, enter the text in the text field, and click Done. If you are a team agent or admin and are signing using a distribution certificate, enter “3rd Party Mac Developer Application” in the text field. The next time you build and run the app, a dialog appears asking if you want to allow the codesign command-line tool to sign your app using your private key in your login keychain. When this happens, click Always Allow. If you click Allow, the dialog appears every time you build and run your app. If a dialog appears when you run the app asking for a Developer Tools Access login, enter an account name and password of a user in this group—for example, a system administrator—and click Continue. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 55
  • 56. Code Signing Your App Exporting and Importing Signing Certificates Exporting and Importing Signing Certificates After you create signing certificates and install them in your login keychain, you may need to move them to another system that you use for development, or repair a certificate whose private key is missing. Because the signing certificate public key is stored by Developer Certificate Utility and the private key is stored in your login keychain, you can’t refresh your provisioning profiles and certificates to replace a missing private key. However, you might be able to restore your signing certificates by exporting them from one system and importing them into another. (When you create certificates in Xcode, a dialog automatically appears asking whether you want to export your developer profile.) Archive your code signing assets to keep them safe or to use them on another Mac. To export your developer profile 1. In the Devices organizer, select your team in the Teams section. 2. Click Export. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 56
  • 57. Code Signing Your App Exporting and Importing Signing Certificates 3. Specify a filename and a password, and click Save. The file produced contains the items you need to code sign apps, including the provisioning profiles, certificates, and private keys needed to install apps in development on a device. Because it contains sensitive information that can be used to sign apps in your name, the contents of the file are stored in an encrypted format using the password you provide. That password is required later to import the file to another system. Place your code signing assets on a new Mac by importing the code signing assets exported from another Mac. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 57
  • 58. Code Signing Your App Exporting and Importing Signing Certificates To import your developer profile 1. In the Devices organizer, select your team in the Teams section. 2. Click Import. 3. Select the file containing your code signing assets. 4. Enter the password for the file, and click Open. The importation process installs the certificates, private keys, and provisioning profiles that are stored in the developer-profile file. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 58
  • 59. Code Signing Your App Repairing Signing Certificates Troubleshooting: If you don’t see the Team section in the devices organizer: ● Drag the password-protected file that contains your code signing assets to the Xcode icon in the Dock. If you use provisioning profiles, refresh the provisioning profiles after importing the signing certificates, as described in “Refreshing Provisioning Profiles” (page 66). All your provisioning profiles should be valid. Repairing Signing Certificates There are several reasons why you might need to repair signing certificates on your system. For example, a signing certificate on your system is missing the private key and you don’t have a backup to restore your certificate. Or you may have signing certificates from an old project, or your certificate may be invalid. If any of these are true for you, you can replace them with new ones. If you or a team agent intentionally revoke a signing certificate, it becomes invalid and any provisioning profiles that include it become invalid. If a signing certificate expires, you need to replace it too. The workflow to replace or revoke signing certificates is similar in all these cases: It uses a combination of steps you performed in other tasks. Removing Certificates First, remove the troublesome signing certificates from your keychain and any specialized provisioning profiles that use them from your system. If you are intentionally re-creating your certificates, revoke all your certificates immediately after removing them from your login keychain. If you do not revoke your certificates using Developer Certificate Utility, Xcode attempts to install them in your login keychain the next time you refresh your provisioning profiles. However, Xcode can install only the public key in your login keychain. Without the private key, the certificate is useless. To remove development and distribution certificates from your keychain 1. Launch Keychain Access (located in /Applications/Utilities). 2. In the Category section, select Keys. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 59
  • 60. Code Signing Your App Repairing Signing Certificates 3. Click the disclosure triangles for all the private keys to reveal the associated certificates. 4. Select all the private keys associated with a Mac Developer, 3rd Party Mac Developer Application, or 3rd Party Mac Developer Installer certificate. 5. Select the corresponding public key for each private key. 6. Press Delete. 7. In the Category section, select Certificates, and delete any remaining developer or distribution certificates. To remove a specialized provisioning profile 1. Select the invalid provisioning profile in Provisioning Profiles in the Library section of the Devices organizer and click Delete. 2. Click the disclosure triangle next to your Mac in the Devices organizer and select Provisioning Profiles under your Mac. Select the invalid provisioning profile and click Delete. Revoking Certificates All team members may revoke their own certificates and team agents can revoke any team member’s certificate. To revoke a certificate 1. Go to Developer Certificate Utility and log in. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 60
  • 61. Code Signing Your App Repairing Signing Certificates 2. Select Certificates in the left column. 3. Click Revoke in the last column in the row of the certificate you want to revoke. The certificate appears in the Pending state. Creating New Certificates The steps to create new certificates were covered in earlier sections. These are the main things you need to know. Create new development or distribution certificates, as described in “Requesting a Signing Certificate” (page 47), or if you have a backup and did not revoke the certificates, import the certificates, as described in “Exporting and Importing Signing Certificates” (page 56). If you are using a specialized provisioning profile, do one of the following: ● ● If you are a team member, notify your team agent or admin to re-create the provisioning profile using your new certificate. If you are an individual developer or team agent, do this step yourself (see “Creating Provisioning Profiles” (page 28)). After you re-create the provisioning profile, refresh it (see “Refreshing Provisioning Profiles” (page 66)). Then install it on your system, as described in “Installing Development Provisioning Profiles on Your System” (page 69). 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 61
  • 62. Code Signing Your App Repairing Signing Certificates Repairing Another Development System If you use multiple development systems, you are not done. However, once you repair certificates on one development system, there are less steps to repair them on another. Export your developer profile from the first development system, as described in “Exporting and Importing Signing Certificates” (page 56), and move the file to a location you can access from the other development system. To repair another development system: 1. Remove the invalid certificates from your keychain as described in “Removing Certificates” (page 59). 2. Import your signing certificates as described in “Exporting and Importing Signing Certificates” (page 56). 3. If you use a specialized provisioning profile, install the new provisioning profile on your system as described in “Installing Development Provisioning Profiles on Your System” (page 69). 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 62
  • 63. Provisioning Your System Team members need provisioning profiles to test technologies such as push notifications and iCloud storage. But Xcode creates a generic Mac Team Provisioning Profile so that you can test iCloud storage. But the team agent or admin needs to create a specialized provisioning profile for push notifications or may need to enable iCloud storage before you can use it. This chapter covers the steps you follow to add provisioning profiles to your system and Xcode project. If you are a team agent or admin and need to create a provisioning profile for your team or distribution, read “Creating Provisioning Profiles” (page 28). If you are a team member and your team is not using the wildcard app ID, set the Xcode project bundle ID, as described in “Setting the Bundle ID” (page 37), to match the app ID created by your team agent or admin, as described in “Registering an App ID” (page 16), before following the steps in this chapter. Adding Your System to the Mac Team Provisioning Profile The Mac Team Provisioning Profile is the generic provisioning profile you can use to test your app. This profile uses the wildcard app ID, which matches all apps developed by your team. It also contains all the team’s registered systems and approved development certificates. You can use the Mac Team Provisioning Profile for iCloud storage but not for push notifications, because push notifications require an explicit app ID. Team agents and admins can add their systems to the Mac Team Provisioning Profile using Xcode. Team members need to request that their system be added to the portal. The first time a team member adds a system to the portal, Xcode creates the Mac Team Provisioning Profile. To add your system to the portal using Xcode 1. Choose Window > Organizer to open the Organizer window. 2. Click Devices to display the Devices organizer. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 63
  • 64. Provisioning Your System Adding Your System to the Mac Team Provisioning Profile 3. Select your system in the Devices section. 4. Click the “Add to Portal” button at the bottom of the window. Xcode adds your system to the Mac Team Provisioning Profile and refreshes your provisioning profiles. To request that your system be added to the portal 1. Choose Window > Organizer to open the Organizer window. 2. Click Devices to display the Devices organizer. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 64
  • 65. Provisioning Your System Adding Your System to the Mac Team Provisioning Profile 3. Select your system in the Devices section. 4. Copy the device identifier from the Identifier text field. 5. Send a message containing your device identifier to your team agent or admin requesting that it be added to the portal. Team agents and admins should follow the instructions in “Registering Developer Systems” (page 26) to do so. Wait until the team agent or admin tells you that your device has been added before continuing. 6. In the Devices organizer, select Provisioning Profiles in the Library section, and click Refresh. Xcode updates your Mac Team Provisioning Profile and other team assets. 7. (Optional) If a dialog appears asking if Xcode should request a certificate on your behalf, click Submit Request. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 65
  • 66. Provisioning Your System Refreshing Provisioning Profiles Refreshing Provisioning Profiles You can download and install provisioning profiles using Developer Certificate Utility, but it is easier for team members to install provisioning profiles using Xcode. The steps are similar to using Xcode to request a signing certificate, as described in “Requesting a Signing Certificate” (page 47). Installing a provisioning profile is a two-part process. First, you refresh the provisioning profile in Xcode, and then you install the provisioning profile in System Preferences, as described in “Installing Development Provisioning Profiles on Your System” (page 69). If you plan to use the Mac Team Provisioning Profile and you already added your development system to it, you can skip this step because Xcode already refreshed your provisioning profiles. To refresh your signing certificates and provisioning profiles 1. Choose Window > Organizer to open the Organizer window. 2. Click Devices to display the Devices organizer. 3. Select Provisioning Profiles in the Library section. 4. Click Refresh. 5. Enter your Apple ID user name and password and click “Log in” . 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 66
  • 67. Provisioning Your System Refreshing Provisioning Profiles All the provisioning profiles for your team appear in the Devices organizer. If you belong to multiple teams, you’ll see the provisioning profiles from those teams as well. 6. (Optional) If a dialog appears asking whether Xcode should request a certificate on your behalf, click Submit Request. If you perform this operation without having a development certificate, Xcode offers to request a Mac Development certificate on your behalf. If this happens, you are automatically added to the Mac Team Provisioning Profile. But you won’t be able to use any specialized provisioning profiles until the team admin or agent approves your request and adds you to these. Xcode doesn’t automatically update provisioning profiles that you may already have installed on your system. For example, a new team member may be added to the Mac Team Provisioning Profile or to another specialized provisioning profile you use for development. Always update the provisioning profiles on your system after you refresh your provisioning profiles using Xcode, as described in “Installing Development Provisioning Profiles on Your System” (page 69). 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 67
  • 68. Provisioning Your System Requesting a Specialized Development Provisioning Profile Important: If you move to a different system and refresh your provisioning profiles or team assets, your private key might be missing from your login keychain. To move your certificates or keys from one system to another, you need to export and import these assets, as described in “Exporting and Importing Signing Certificates” (page 56). Alternatively, you can download a provisioning profile from Developer Certificate Utility and add it in Xcode manually. To add a provisioning profile to Xcode Do one of the following: ● Drag the provisioning profile file to the Xcode Organizer window ● Click the Import button in the Xcode Organizer window Next you need to install the provisioning profile in System Preferences, as described in “Installing Development Provisioning Profiles on Your System” (page 69). Requesting a Specialized Development Provisioning Profile A specialized development provisioning profile is any profile other than the generic Mac Team Provisioning Profile. There are many reasons your team might want to use a specialized development provisioning profile. If you use push notifications, you need to use a specific provisioning profile that uses an app ID enabled for push notifications. If you need a specialized development provisioning profile and Xcode displays only the Mac Team Provisioning Profile, ask the team agent or admin to create one (see “Creating Provisioning Profiles” (page 28)). Your developer system needs to be registered before a team agent can add it to a new provisioning profile. Follow the steps in “Adding Your System to the Mac Team Provisioning Profile” (page 63) to register your system using Xcode. Otherwise, send your device identifier to your team agent or admin to register it for you. If you use iCloud storage or push notifications, remind the team agent or admin to enable these technologies for your app ID, as described in “Enabling iCloud Storage” (page 25) and “Enabling Push Notifications” (page 25). After the provisioning profile is created, refresh your provisioning profiles in Xcode, as described in “Refreshing Provisioning Profiles” (page 66), and install it on your system. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 68
  • 69. Provisioning Your System Installing Development Provisioning Profiles on Your System Installing Development Provisioning Profiles on Your System When you refresh the provisioning profiles in Xcode, it downloads the team provisioning profiles on your system but doesn’t install the development provisioning profile in System Preferences. In the same way that you provision an iOS device for development, you need to provision your system for development. To provision your system for development 1. Choose Window > Organizer to open the Organizer window. 2. Click Devices to display the Devices organizer. 3. Select Provisioning Profiles in the Library section. 4. Drag the provisioning profile you want to install to your system icon in the Devices section. 5. Click the disclosure triangle next to your system icon and click Provisioning Profiles under the icon. The provisioning profile you installed appears. The provisioning profile also appears in the Profiles pane in System Preferences. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 69
  • 70. Provisioning Your System Setting Your Provisioning Profile in Xcode Note: A distribution provisioning profile is used to submit your app to the App Store. You cannot install a distribution provisioning profile on a Mac. Setting Your Provisioning Profile in Xcode To set your provisioning profile in Xcode, set the Code Signing Identity build setting to the development certificate in the provisioning profile you want to use. To quickly find the build setting, type code signing in the search field. Customize aspects of your product’s build process by editing its build settings. To edit a build setting 1. In the project editor, select the project or target whose build setting you want to edit. 2. Click Build Settings at the top of the project editor. 3. Locate the build setting in the left column. 4. Set the value for the build setting in the right column. See the HTML version of this document to view the video. You set build settings at either the project level or the target level. To see all the levels of build settings, select Levels rather than Combined. The lowest level at which a build setting is defined takes precedence. If you define a build setting at the project level, the definition is set for the corresponding project, and it’s applied to all the targets that belong to that project. If you define a build setting at the target level, the definition applies only to the corresponding target. Definitions applied at the target level override definitions set at the project level. The level at which the build setting is defined is highlighted in green. For example, at the beginning of the video, the Architecture build setting is highlighted in green at the default level. At the end of the video, after the setting has been redefined at the target level, the Architecture build setting is highlighted in green at the target level. If you have changed or customized a setting, it’s shown in boldface. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 70
  • 71. Provisioning Your System Setting Your Provisioning Profile in Xcode The video shows changing the compiler build setting for a target. If you refresh your provisioning profiles as described in “Refreshing Provisioning Profiles” (page 66), a menu item appears for each provisioning profile your development certificate belongs to in the Code Signing Identity pop-up menu. In Figure 4-1, Mac Team Provisioning Profile can be used for general development, but TrackMix Core Dev Team is a specialized provisioning file with push notifications enabled. If the team agent, John Doe, is working on push notifications, he needs to select his development certificate under TrackMix Core Dev Team, not under Mac Team Provisioning Profile. Figure 4-1 Code Signing Identity menu for a team admin Every team member should belong to the Mac Team Provisioning Profile and therefore Mac Team Provisioning Profile should appear in this menu. If you are not in the Mac Team Provisioning Profile, you might need to request a development certificate, as described in “Requesting a Signing Certificate” (page 47). If your development certificate should match a provisioning profile but it doesn’t, make sure that the bundle ID in your Xcode project matches the app ID in the provisioning profile. To learn how to view and change the bundle ID, read “Setting the Bundle ID” (page 37). If you don’t need a provisioning profile for development or you are not included in a specialized provisioning profile, the text “(no profiles currently match)” appended to a menu item is not an error. To learn how to select a certificate when validating and submitting an app to the Mac App Store, read “Submitting to the Mac App Store” (page 72). 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 71
  • 72. Submitting to the Mac App Store The Mac App Store is the preferred way to deliver your app to users. It makes it easy for them to find and purchase your app, and offers them the most streamlined installation experience. You can submit your app to the Mac App Store using Xcode or Application Loader. Before submitting your app to the Mac App Store, you need to enter information about it in iTunes Connect. Read OS X Human Interface Guidelines and App Store Review Guidelines for Mac Apps to make sure your app meets the submission requirements and you have entered the appropriate information into iTunes Connect. Your iTunes Connect app record must be in the state of Waiting For Upload before you can validate or submit your app. Add your app in iTunes Connect to start the process of submitting it to the App Store. To create an app record in iTunes Connect 1. Open iTunes Connect and select Manage Your Applications. 2. Click the Add New App button. 3. Select the appropriate platform. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 72
  • 73. Submitting to the Mac App Store 4. Fill out the forms with your app’s information. The iTunes Connect web application prompts you for a variety of information about your app, including the app’s name, screenshots, pricing, SKU number, and bundle identifier. Some of these can be changed only under certain circumstances: ● ● ● The SKU number and app type cannot be changed after you submit your app. The bundle identifier can be changed only before you submit any binaries for review, and only if your app does not use Game Center or iAd. The app name can be changed only when your app is in an editable state in iTunes connect. For a list of the editable states, see “App Information Table” on pages 184–186 of iTunes Connect Developer Guide . Note: After adding an app in iTunes Connect, you must submit it for review within 90 days. Effectively, adding the app commits you to a ship date. Therefore, you may want to wait as long as possible before performing this task. However, some technologies such as Game Center and In-App Purchase required you to add your app in iTunes Connect earlier in the development process. For a detailed discussion, see “Adding New Apps” on pages 38–61 of iTunes Connect Developer Guide . 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 73
  • 74. Submitting to the Mac App Store Signing Using a Mac Submission Certificate You also need to configure your app for distribution on the Mac App Store. Your app may fail validation tests if it is not properly configured. Read the relevant sections of “Configuring Apps” (page 36) before attempting to submit your app to the Mac App Store. Only a team agent or admin can submit an app to the Mac App Store. Before doing so, you must have the necessary distribution certificate and Production Provisioning Profile installed on your system. Then you need to sign your app using the distribution certificate and create an archive. Finally, you validate and submit the app to the Mac App Store. Signing Using a Mac Submission Certificate Before you create an archive, sign your project using the Mac Submission certificate. If you use helper apps or external frameworks, ensure that all executables in your app bundle are signed using the Mac Submission certificate. To do this, set the Code Signing Identity build setting for the project, not for the individual targets in your project. If you import external frameworks, sign the frameworks using the codesign command-line tool at the end of the build process, as described in Mac OS X Code Signing In Depth . Only a team agent or admin can obtain and use distribution certificates for this purpose. If you haven’t already done so, create your distribution certificates as described in “Creating Signing Certificates” (page 22) now. Later when you submit to the Mac App Store, you are asked to select the Mac Installer certificate to sign the installer package. Next, set the Code Signing Identity build setting to the Mac Submission certificate that begins with the text “3rd Party Mac Developer Application” as described in “Signing an App” (page 54). Run your app to verify that this is the build you want to release. Signing Using a Production Provisioning Profile If you use iCloud storage or push notifications, you must sign your app using a Production Provisioning Profile and enable your entitlements. You need to create and download a Production Provisioning Profile, as described in “Creating a Production Provisioning Profile” (page 33). You cannot sign an app using any of the development provisioning profiles that might appear in the menu when you set the Code Signing Identity build setting. To import the Production Provisioning Profile 1. In Xcode, choose Window > Organizer to open the Organizer window. 2. Click Devices to display the Devices organizer. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 74
  • 75. Submitting to the Mac App Store Signing Using a Production Provisioning Profile 3. Select Provisioning Profiles in the Library section. 4. Click Import at the bottom of the window. 5. Select the Production Provisioning Profile file that you downloaded and click Open. You should see the Production Provisioning Profile listed in the Organizer window. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 75
  • 76. Submitting to the Mac App Store Creating an Archive Now sign your app, as described in “Signing an App” (page 54), using the Production Provisioning Profile identity as shown in Figure 5-1. Run your app to verify that this is the build you want to release. Figure 5-1 Code Signing Identity menu for a team agent Creating an Archive No matter what method you chose to distribute your app, you need to archive it first. Archive your product for submission to iTunes Connect or for sharing with others. Schemes have an Archive action with settings you use to customize the archive that Xcode creates when you choose Product > Archive. To archive your app 1. From the Scheme toolbar menu, choose a scheme. 2. From the same menu, choose Edit Scheme to display the scheme dialog. 3. In the left column, select Archive. 4. Choose a build configuration. 5. Specify a name for the archive and click OK. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 76
  • 77. Submitting to the Mac App Store Testing the Installer Package 6. Choose Product > Archive. An archive is a bundle that includes your product along with symbol information. You can build an archive to seed an application for testing or to validate and submit an application to iTunes Connect. Your new archive appears in the Archives list in the Organizer window, unless you turn off this option. Each archive is identified in the archives organizer with the date and time it was created. For more information, see the related article on the archives organizer. Testing the Installer Package Before you submit to the Mac App Store, you should test the installation process to verify that your app installs correctly. You can do this by saving the installer package to your disk and running a test using the installer command before submitting it. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 77
  • 78. Submitting to the Mac App Store Testing the Installer Package You save an installer package to your disk by following the same steps for distributing your Mac app. When doing so, select Export as the distribution method, Mac Installer Package as the file format, and the Mac Installer certificate as the signing certificate. The name of the Mac Installer certificate is your team name, and it appears under “Identities without profiles” in the Code Signing Identity menu. Distribute your Mac app to users or other members of your development team. To distribute your app 1. In the Archives organizer, select the application archive you want to distribute, and click Distribute. 2. Select the distribution method, and click Next. 3. Follow the instructions to complete the process. Here’s how you select the distribution method: ● To submit the app for publication to the Mac App Store, select “Submit to the Mac App Store.” 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 78
  • 79. Submitting to the Mac App Store Validating and Submitting Your App Using Xcode ● To create an Xcode archive, an installation package, or a binary file of the app, select “Export as” and choose the file format from the pop-up menu. Do not test the installation process by opening the package with the Installer app. Only the installer command verifies that your app will be installed correctly when it is purchased from the Mac App Store. To test your installer package, execute the following command in a Terminal window: sudo installer -store -pkg path-to-package -target / If the installer finds a bundle with the same bundle ID as the one it is installing, it upgrades the existing app in place. Users can then install upgrades even if they have moved your app. If you have a copy of your app installed (for example, in your build products directory), you may want to remove it so that your app gets installed in /Applications. Other options include archiving the existing version in a ZIP file or moving it to another volume and unmounting that volume. Validating and Submitting Your App Using Xcode Before submitting your app, you should validate it to ensure that is passes essential iTunes Connect validation tests. After you select your archive in the Archives organizer, click the Validate button and select Mac App Store as the distribution method. During this step, you sign the installer package using the Mac Installer certificate. Validate your app to find out whether it meets minimum submission requirements. To validate your app 1. In the Archives organizer, select the application archive you want to validate, and click Validate. 2. For Mac distribution, select the distribution method, and click Next. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 79
  • 80. Submitting to the Mac App Store Validating and Submitting Your App Using Xcode 3. Follow the instructions to complete the process. Before submitting your app for publication on the App Store, you should validate it to ensure that it passes standard iTunes Connect checks. The screenshot shows the validation-method pane that appears for Mac distribution. This pane doesn’t appear for iOS distribution. Troubleshooting: If Xcode doesn’t find an iTunes Connect application record for your application, the dialog “No suitable application records were found” appears. This dialog also appears when the application record state is not at least “Waiting for Upload” . ● Ensure that an application record exists for your application in iTunes Connect. ● Ensure that the application record status is at least “Waiting to Upload.” Distribute your Mac app to users or other members of your development team. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 80
  • 81. Submitting to the Mac App Store Validating and Submitting Your App Using Xcode To submit your app 1. In the Archives organizer, select the application archive you want to distribute, and click Distribute. 2. Select the distribution method, and click Next. 3. Follow the instructions to complete the process. Here’s how you select the distribution method: ● ● To submit the app for publication to the Mac App Store, select “Submit to the Mac App Store.” To create an Xcode archive, an installation package, or a binary file of the app, select “Export as” and choose the file format from the pop-up menu. If you get the alert message "Unable to find registered user with username <username>," you are not registered in iTunes Connect. Have your team agent register you in iTunes Connect. Add a person to your team in iTunes Connect to allow them to submit and manage your apps for sale in the App Store. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 81
  • 82. Submitting to the Mac App Store Validating and Submitting Your App Using Xcode To manage your team in iTunes Connect 1. Open iTunes Connect and select Manage Users. 2. Select iTunes Connect User. 3. Perform the appropriate management task. You use the iTunes Connect interface to manage iTunes Connect user accounts for members of your team, as well as test-user accounts, which are used for testing In-App Purchase code in the sandbox. iTunes Connect is distinct from the iOS Developer Provisioning Portal and the Developer Certificate Utility; adding someone to your team in either of those places does not give them access to iTunes Connect. Note: To add, delete, or modify a user, your account’s role must be Admin. For a detailed discussion including step-by-step instructions for adding, modifying, and deleting users, see “Managing Users” on pages 32–37 of iTunes Connect Developer Guide . Read “Configuring Apps” (page 36) to configure your app correctly for submission to the Mac App Store. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 82
  • 83. Submitting to the Mac App Store Submitting Your App Using Application Loader Submitting Your App Using Application Loader Using Xcode to submit your app is recommended in most cases. Sometimes, though, it may be more appropriate for your organization to use Application Loader and other command-line utilities for the build process. If your app needs to enforce minimum configuration requirements, you must use this method. To submit your app using Application Loader: 1. Make sure your app is signed. a. b. 2. If you build and sign your app using Xcode, as described in “Signing Using a Mac Submission Certificate” (page 74), your app is already signed. If you don’t, use codesign to sign your app with your Mac Submission certificate (begins with “3rd Party Mac Developer Application”). Archive your app and create an installer package using the productbuild command. The following listing shows a typical usage: productbuild --component build/Release/Sample.app /Applications --sign "3rd Party Mac Developer Installer: John Doe, Inc." --product product_definition.plist Sample.pkg The productbuild command can build a variety of product types; it provides a number of options that are not appropriate for submissions to the Mac App Store. You should specify a single component, a signature, and (optionally) a product definition file. The option to install into the user’s home directory is not supported. For more details about productbuild, see the productbuild man page. Alternatively, use Xcode to archive your app by following the steps in “Creating an Archive” (page 76), select the archive in the Archives organizer, click Distribute, select Export distribution method, and Xcode Archive file format. Note: Using the PackageMaker app to archive your app is not supported. 3. Test the installation process, as described in “Testing the Installer Package” (page 77). 4. Submit the package to the Mac App Store using Application Loader. Choose Xcode > Other Developer Tool > Application Loader to launch it. The filename of the package must not have spaces in it, and the file extension must be pkg. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 83
  • 84. Distributing Outside the Mac App Store In some cases, you may want to distribute an application outside the Mac App Store. In that situation, use a Developer ID certificate to give your users assurance that you are an Apple identified developer. OS X Mountain Lion users will have the option of turning on Gatekeeper, a security feature that gives users the ability to choose to install software only from the Mac App Store and identified developers. If your application is not signed with a Developer ID certificate issued by Apple, it will not launch on systems that have this security option selected. To avoid this situation, sign your applications and installer packages using a Developer ID certificate and thoroughly test the end-user experience using a Gatekeeper enabled system before you distribute your application outside of the Mac App Store. This document describes the Xcode workflow to create and test Developer ID-signed applications for distribution and provides links to more information for developers who use the command line for signing their applications or installer packages. Creating Developer ID-Signed Applications or Installer Packages Creating a Developer ID-signed application or installer package is a multistep process. For most developers, the entire Developer ID workflow takes place within Xcode. First you request Developer ID certificates. There are two types of Developer ID certificates: Developer ID Application is used to sign applications and Developer ID Installer is used to sign installer packages. Using Xcode, you export and sign an archive of your application using the Developer ID Application certificate. You can also use command line utilities to sign an installer package using the Developer ID Installer certificate. But before you can get started, you must be a member of the Mac Developer Program. Enrolling in the Mac Developer Program Only Mac Developer Program members are eligible to request Developer ID certificates and sign applications or installer packages using them. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 84
  • 85. Distributing Outside the Mac App Store Creating Developer ID-Signed Applications or Installer Packages When you enroll in the Mac Developer Program, you become the primary contact for Apple and are asked to sign legal agreements. Regardless whether you enroll as an individual or company, you are the team agent and responsible for creating Developer ID certificates. If you enroll as a company, you can add individuals to your team, but only the team agent has permission to create Developer ID certificates. Developer ID certificates are owned by the team not an individual. To enroll in the Mac Developer Program, go to Apple Developer Program Enrollment where a web assistant guides you through the entire process of enrolling. If you have not registered as an Apple Developer yet, you can do so as part of enrolling in the Mac Developer Program. When you are prompted to select a program, select the Mac Developer Program. Requesting Developer ID Certificates Use the Xcode Organizer window to obtain the Developer ID Application and Developer ID Installer certificates, as well as the Developer ID Certification Authority intermediate certificate. When you refresh your provisioning profiles for the first time, Xcode asks whether it should create signing certificates on your behalf. Signing certificates that begin with the text “Developer ID” are used to distribute your application outside of the Mac App Store. Note: Only a team agent can request Developer ID certificates. If you are an individual developer, you are the team agent and can request these certificates. To request your Developer ID certificates 1. Choose Window > Organizer to open the Organizer window. 2. In the Organizer window, select Devices. 3. In the Library section of the Devices organizer, select Provisioning Profiles. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 85
  • 86. Distributing Outside the Mac App Store Creating Developer ID-Signed Applications or Installer Packages 4. Click the Refresh button at the bottom of the window. 5. In the dialog that appears, enter your Apple ID user name and password and click “Log in.” 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 86
  • 87. Distributing Outside the Mac App Store Creating Developer ID-Signed Applications or Installer Packages After you log in to your account, multiple dialogs appear, asking whether Xcode should request certain types of signing certificates on your behalf. If you just joined the Mac Developer Program, the first dialog asks whether Xcode should request your Mac Development certificate. The last two dialogs ask whether Xcode should request your Developer ID certificates. 6. Click the Submit Request button each time a certificate request dialog appears. After you submit the last certificate request, allow the refresh process to complete. Your Developer ID Application and Developer ID Installer certificates are added to your keychain. The Developer ID Certification Authority intermediate certificate is also added to your keychain. 7. If a dialog appears asking whether you want to export your developer profile, click Export. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 87
  • 88. Distributing Outside the Mac App Store Creating Developer ID-Signed Applications or Installer Packages You should always back up your certificates after you create them. The private keys for your certificates are stored in your keychain, and the public keys are stored by Developer Certificate Utility. For this reason, you can’t refresh your provisioning profiles and certificates in Xcode to replace a missing private key in your keychain. 8. Enter a filename and password, and click Save. Because the file contains your developer profile, which can be used to sign applications in your name, it is encrypted and password protected. (You will need the password later to import your developer profile to another system.) Important: Your Developer ID private keys are valuable, and you should back them up. Exporting your developer profile lets you create a password-protected backup. Save that backup as you would any essential backup; for example, save it to a different disk. Later, if you need to replace a private key, import it from your backup. Your Developer ID Certification Authority intermediate certificate, which is required for Developer ID code signing, is not exported. If you need to obtain another copy, retrieve it from Apple at https://developer.apple.com/certificationauthority/DeveloperIDCA.cer. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 88
  • 89. Distributing Outside the Mac App Store Creating Developer ID-Signed Applications or Installer Packages You can view your Developer ID certificates in your Team folder in the Devices organizer. Code Signing Your Application Optionally, code sign your application during development and testing using the Developer ID Application certificate. Later, you resign the application with this certificate when you export it. To code sign an application with your Developer ID Application certificate 1. In Xcode, select the project in the project navigator. Xcode displays the project editor. 2. Click Build Settings at the top of the window. 3. Click All. 4. Type code signing into the project editor search field. The list of build settings now shows only the Code Signing settings. 5. From the Code Signing Identity pop-up menu, choose your Developer ID Application certificate. 6. Click Run. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 89
  • 90. Distributing Outside the Mac App Store Creating Developer ID-Signed Applications or Installer Packages Exporting a Developer ID-signed Application To export your application for distribution outside of the Mac App Store, use the Archives organizer. To create a Developer ID-signed application 1. Choose Product > Archive. Xcode constructs an archive containing your code-signed application and opens the Organizer window, showing the archive. Note: You can set the Code Signing Identity build setting to any valid signing certificate during this step because the archive is resigned with the Developer ID certificate in a later step. 2. Select the newly created archive in the Organizer window, then click Distribute. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 90
  • 91. Distributing Outside the Mac App Store Creating Developer ID-Signed Applications or Installer Packages A dialog appears, offering a choice of distribution methods. 3. Select “Export Developer ID-signed Application” and click Next. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 91
  • 92. Distributing Outside the Mac App Store Creating Developer ID-Signed Applications or Installer Packages 4. Choose your Developer ID name from the Developer ID pop-up menu and click Next. 5. Enter a filename and location for the signed application and click Save. Signing an Installer Package If you want to distribute your application outside of the Mac App Store as part of an installer package, create the package as you normally do, perhaps by using the packagemaker(1) command. Code sign the resulting package with your Developer ID Installer certificate by using the productsign command. Then test your installer package using this command by replacing MyPackageName.pkg with your package file name: spctl -a -v --type install MyPackageName.pkg Warning: Make sure you sign the installer package using your Developer ID Installer certificate. The productsign command might allow you to sign an installer package using your Developer ID Application certificate. It may appear to work, but the resulting installer archive will fail on the destination system. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 92
  • 93. Distributing Outside the Mac App Store Testing Developer ID-signed Applications If your development workflow includes code signing from the command line, read Code Signing Guide . Testing Developer ID-signed Applications Before you distribute your application, test the end-user experience launching your application with Gatekeeper enabled and disabled. You can enable and disable Gatekeeper using System Preferences or a command-line utility. The command-line utility is also useful for testing. To simulate the end-user experience, you need to quarantine your application and test it again with Gatekeeper enabled. Enabling and Disabling Gatekeeper You can turn on Gatekeeper by using the Security & Privacy system preferences or system policy control command-line utility, spctl(8). Gatekeeper system preferences are hidden by default but you can show them using a Terminal command. To enable or disable Gatekeeper using the Security & Privacy system preferences 1. To show Gatekeeper system preferences, enter this command in Terminal: defaults write com.apple.systempreferences ShowGatekeeperOptionsInSecurityPreferences -bool YES 2. Launch System Preferences and select Security & Privacy. 3. Click the lock button if it appears locked, and enter the administrator password. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 93
  • 94. Distributing Outside the Mac App Store Testing Developer ID-signed Applications 4. To enable Gatekeeper, select “Mac App Store and identified developers.” 5. To disable Gatekeeper, select Anywhere. 6. (Optional) To hide Gatekeeper system preferences, enter this command in Terminal: defaults write com.apple.systempreferences ShowGatekeeperOptionsInSecurityPreferences -bool NO To enable Gatekeeper using the spctl command 1. In Terminal, enter the following command: $ sudo spctl --master-enable When prompted, enter your login password. 2. Confirm that Gatekeeper is successfully enabled by entering the following command: 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 94
  • 95. Distributing Outside the Mac App Store Testing Developer ID-signed Applications $ spctl --status With Gatekeeper enabled, the previous command prints the following text in Terminal: assessments enabled To disable Gatekeeper using the spctl command 1. In Terminal, enter the following command: $ sudo spctl --master-disable When prompted, enter your login password. 2. Confirm that Gatekeeper is successfully disabled by entering the following command: $ spctl --status With Gatekeeper disabled, the previous command prints the following text in Terminal: assessments disabled Testing Gatekeeper Behavior After you sign your application with a Developer ID certificate, you can test whether it was signed correctly and simulate the launch behavior of your application when Gatekeeper is enabled. On a system with Gatekeeper turned on, a quarantined copy of your application launches only if it is Developer ID–signed. (Learn about quarantine in this Knowledge Base article.) You can also test the behavior of Gatekeeper for an application that is not Developer ID–signed. Testing a Developer ID–Signed Application You can use the spctl command-line utility to test if your application is signed correctly using a Developer ID certificate. To test your Developer ID–signed application using spctl 1. Enable Gatekeeper on your test machine by entering the following command in Terminal: 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 95
  • 96. Distributing Outside the Mac App Store Testing Developer ID-signed Applications $ sudo spctl --master-enable 2. Enter the following command in Terminal by replacing TrackMix.app with the path to your application. $ sudo spctl -a -v TrackMix.app If the application is correctly signed, text similar to the following appears in Terminal: ./TrackMix.app: accepted source=Developer ID Testing the Launch Behavior To thoroughly test your Developer ID–signed application, simulate launching the application on an end-user system. To prepare for testing Gatekeeper behavior 1. Enable Gatekeeper on your test machine (as described in “Enabling and Disabling Gatekeeper” (page 93)). 2. Quarantine a copy of your Developer ID–signed application. You can do this in either of the following ways: ● ● Email your Developer ID–signed application to yourself and use the copy that Mail.app downloads; or Host your Developer ID–signed application on your own local or remote server and use the copy that Safari downloads. You are ready to test Gatekeeper behavior. To test Gatekeeper behavior for your Developer ID–signed application ● In the Finder, locate the quarantined copy of your Developer ID–signed application and double-click its icon. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 96
  • 97. Distributing Outside the Mac App Store Testing Developer ID-signed Applications The system displays an alert asking whether you are sure you want to open the application. This alert, that allows you to open the quarantined application with Gatekeeper turned on, confirms that your Developer ID workflow is correct. Tip: If you do not see an alert at this point, it is likely that you have opened a nonquarantined copy of your application. Review the steps in “To prepare for testing Gatekeeper behavior” (page 96). To test Gatekeeper behavior for blocking applications that are not Developer ID–signed 1. Enable Gatekeeper on your test machine (as described in “Enabling and Disabling Gatekeeper” (page 93)). 2. Quarantine a copy of your application that is not Developer ID–signed. As before, you can invoke quarantine on this copy of your application in either of the following ways: ● ● 3. Email your application to yourself and use the copy that Mail.app downloads; or Host your Developer ID–signed application on your own local or remote server and use the copy that Safari downloads. In the Finder, locate the quarantined copy of your non-Developer ID–signed application and double-click its icon. The system displays an alert that blocks you from opening the application. By way of this alert, the Gatekeeper feature protects a system by preventing first-time opening of applications from unidentified developers. Applications previously opened by a user are no longer quarantined, and Gatekeeper does not prevent them from opening. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 97
  • 98. Document Revision History This table describes the changes to Tools Workflow Guide for Mac . Date Notes 2012-09-19 Made available in PDF. 2012-05-14 Updated for Xcode 4.3.1 and OS X v10.7.4. Added the "Distributing Outside the Mac App Store" chapter. 2012-02-16 Updated for Xcode 4.3. 2012-01-09 Applied minor edits. 2011-11-03 Added details on configuring entitlements. 2011-10-12 New document that describes how to build and submit your app to the Mac App Store. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 98
  • 99. Apple Inc. © 2012 Apple Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, mechanical, electronic, photocopying, recording, or otherwise, without prior written permission of Apple Inc., with the following exceptions: Any person is hereby authorized to store documentation on a single computer for personal use only and to print copies of documentation for personal use provided that the documentation contains Apple’s copyright notice. No licenses, express or implied, are granted with respect to any of the technology described in this document. Apple retains all intellectual property rights associated with the technology described in this document. This document is intended to assist application developers to develop applications only for Apple-labeled computers. Apple Inc. 1 Infinite Loop Cupertino, CA 95014 408-996-1010 Apple, the Apple logo, Finder, iTunes, Keychain, Mac, Mac OS, OS X, Safari, Sand, and Xcode are trademarks of Apple Inc., registered in the U.S. and other countries. iAd and iCloud are service marks of Apple Inc., registered in the U.S. and other countries. App Store and Mac App Store are service marks of Apple Inc. iOS is a trademark or registered trademark of Cisco in the U.S. and other countries and is used under license. Even though Apple has reviewed this document, APPLE MAKES NO WARRANTY OR REPRESENTATION, EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THIS DOCUMENT, ITS QUALITY, ACCURACY, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE. AS A RESULT, THIS DOCUMENT IS PROVIDED “AS IS,” AND YOU, THE READER, ARE ASSUMING THE ENTIRE RISK AS TO ITS QUALITY AND ACCURACY. IN NO EVENT WILL APPLE BE LIABLE FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES RESULTING FROM ANY DEFECT OR INACCURACY IN THIS DOCUMENT, even if advised of the possibility of such damages. THE WARRANTY AND REMEDIES SET FORTH ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHERS, ORAL OR WRITTEN, EXPRESS OR IMPLIED. No Apple dealer, agent, or employee is authorized to make any modification, extension, or addition to this warranty. Some states do not allow the exclusion or limitation of implied warranties or liability for incidental or consequential damages, so the above limitation or exclusion may not apply to you. This warranty gives you specific legal rights, and you may also have other rights which vary from state to state.