Skip to content
You can then notarize the package using a command like so:
Cheers,
James
Continued issues making a signed bundles installer... because I don't know what I'm doing :)
Got a problem with Viscosity or need help? Ask here!
Hello,
After following the instructions from both this site, and the Apple Developers site, I have made a .cer file and saved it to my desktop, when I double click on it and bring it into Keychain it imports it, but gives me a red error message underneath telling me it's not trusted.
If I proceed anyways and attempt to sign the installer in Terminal I get an error message that it cannot find an appropriate signing identify.
I'm assuming I'm doing something wrong on the certificate generation, but for the life of me I cannot figure out what. Any suggestions would be helpful. Thanks!
After following the instructions from both this site, and the Apple Developers site, I have made a .cer file and saved it to my desktop, when I double click on it and bring it into Keychain it imports it, but gives me a red error message underneath telling me it's not trusted.
If I proceed anyways and attempt to sign the installer in Terminal I get an error message that it cannot find an appropriate signing identify.
I'm assuming I'm doing something wrong on the certificate generation, but for the life of me I cannot figure out what. Any suggestions would be helpful. Thanks!
Hi horsman,
If macOS considers your Developer ID Installer certificate untrusted/invalid, your computer may be missing the necessary Apple Intermediate Certificates. Try downloading these and loading them into the Keychain from the link below. At a minimum you'll want the two Developer ID Intermediate certificates.
https://www.apple.com/certificateauthority/
Cheers,
James
If macOS considers your Developer ID Installer certificate untrusted/invalid, your computer may be missing the necessary Apple Intermediate Certificates. Try downloading these and loading them into the Keychain from the link below. At a minimum you'll want the two Developer ID Intermediate certificates.
https://www.apple.com/certificateauthority/
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Bluesky: https://bsky.app/profile/sparklabs.com
Support: https://www.sparklabs.com/support
Bluesky: https://bsky.app/profile/sparklabs.com
Hi,
Thanks for all the help, I'm making progress but still having issues. I was able to sign the packages, and after updating my OS to install a more recent version of Xcode I'm not longer getting a Terminal error messages saying I don't have the tools needed.
However I'm still not able to Notarize the package. Initially I was getting an error saying altool couldn't be used to notarize anymore and to use notarytool.
I was hoping to be able to just update the script you had provided by changing altool to notarytool, but no luck.
I'm trying to attach screenshots to show you the messages in Terminal but I keep getting HTTP errors and I'm unsure why.
Thanks for all the help, I'm making progress but still having issues. I was able to sign the packages, and after updating my OS to install a more recent version of Xcode I'm not longer getting a Terminal error messages saying I don't have the tools needed.
However I'm still not able to Notarize the package. Initially I was getting an error saying altool couldn't be used to notarize anymore and to use notarytool.
I was hoping to be able to just update the script you had provided by changing altool to notarytool, but no luck.
I'm trying to attach screenshots to show you the messages in Terminal but I keep getting HTTP errors and I'm unsure why.
Since I can't get screenshots to upload, here's the Terminal copy:
Running altool at path '/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Frameworks/AppStoreService.framework/Support/altool'...
2024-10-24 12:38:43.133 *** Error: altool: option '-' is unknown: ignored
2024-10-24 12:38:43.136 *** Error: altool encountered an error. No command argument was specified. Use -h for help. (-1003)
{
NSLocalizedDescription = "altool encountered an error.";
NSLocalizedFailureReason = "No command argument was specified. Use -h for help.";
}
2024-10-24 12:38:43.137
usage: altool --upload-package <file> --type <platform> --asc-public-id <id> --apple-id <id>
--bundle-version <version> --bundle-short-version-string <string>
--bundle-id <id>
{-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
altool --validate-app -f <file> -t <platform>
{-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
altool --list-apps
{-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
altool --list-providers
{-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
altool --store-password-in-keychain-item <keychain_item_name> -u <username> -p <password>
[--keychain <filename> | --sync]
altool --upload-hosted-content <file> --sku <sku> --type <platform> --product-id <id> --asc-public-id <id>
{-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>} [DEPRECATED]
altool --upload-app -f <file> -t <platform>
{-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>} [DEPRECATED]
NOTE: altool no longer supports notarization. Use notarytool to notarize apps.
XXXXXXXXX-RH-VJG24WXGX5-MBP-2023M2Max-12C38C-64GB-1TB ~ %
And then when I change altool for notarytool:
Last login: Thu Oct 24 12:38:09 on ttys000
XXXXXXXXX-RH-VJG24WXGX5-MBP-2023M2Max-12C38C-64GB-1TB ~ % xcrun notarytool --notarize-app \
--primary-bundle-id "com.sparklabs.pkg.ViscosityInstaller" \
--username "XXXXXXXXX" \
--password "XXXXXXXXX" \
--asc-provider "XXXXXXXXX" \
--file "/Users/rhorsman/Desktop/Viscosity/Viscosity Installer/build/Viscosity Installer Signed.pkg"
Error: Unknown option '--notarize-app'
Usage: notarytool <subcommand>
See 'notarytool --help' for more information.
XXXXXXXXX-RH-VJG24WXGX5-MBP-2023M2Max-12C38C-64GB-1TB ~ %
(Personal information replaced with XXXXXXXXX)
Running altool at path '/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Frameworks/AppStoreService.framework/Support/altool'...
2024-10-24 12:38:43.133 *** Error: altool: option '-' is unknown: ignored
2024-10-24 12:38:43.136 *** Error: altool encountered an error. No command argument was specified. Use -h for help. (-1003)
{
NSLocalizedDescription = "altool encountered an error.";
NSLocalizedFailureReason = "No command argument was specified. Use -h for help.";
}
2024-10-24 12:38:43.137
usage: altool --upload-package <file> --type <platform> --asc-public-id <id> --apple-id <id>
--bundle-version <version> --bundle-short-version-string <string>
--bundle-id <id>
{-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
altool --validate-app -f <file> -t <platform>
{-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
altool --list-apps
{-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
altool --list-providers
{-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>}
altool --store-password-in-keychain-item <keychain_item_name> -u <username> -p <password>
[--keychain <filename> | --sync]
altool --upload-hosted-content <file> --sku <sku> --type <platform> --product-id <id> --asc-public-id <id>
{-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>} [DEPRECATED]
altool --upload-app -f <file> -t <platform>
{-u <username> [-p <password>] | --apiKey <api_key> --apiIssuer <issuer_id>} [DEPRECATED]
NOTE: altool no longer supports notarization. Use notarytool to notarize apps.
XXXXXXXXX-RH-VJG24WXGX5-MBP-2023M2Max-12C38C-64GB-1TB ~ %
And then when I change altool for notarytool:
Last login: Thu Oct 24 12:38:09 on ttys000
XXXXXXXXX-RH-VJG24WXGX5-MBP-2023M2Max-12C38C-64GB-1TB ~ % xcrun notarytool --notarize-app \
--primary-bundle-id "com.sparklabs.pkg.ViscosityInstaller" \
--username "XXXXXXXXX" \
--password "XXXXXXXXX" \
--asc-provider "XXXXXXXXX" \
--file "/Users/rhorsman/Desktop/Viscosity/Viscosity Installer/build/Viscosity Installer Signed.pkg"
Error: Unknown option '--notarize-app'
Usage: notarytool <subcommand>
See 'notarytool --help' for more information.
XXXXXXXXX-RH-VJG24WXGX5-MBP-2023M2Max-12C38C-64GB-1TB ~ %
(Personal information replaced with XXXXXXXXX)
I feel like every time I take a step forward, I take another step back.
No matter what I do I cannot get the installer to install any bundled connections on my test machine. It always shows 0 Connections, and when I go to Application Support>Viscosity>OpenVPN the folder is empty.
Here is what my folder structure looks like before I run Viscosity Installer.pkgproj (sorry, I cannot attach images, constantly get a HTTP error)
Connections
- Empty
Connections-Append:
1> ca.crt
ta.key
config.conf
Connections-Overwrite
- Empty
MenuItems
- Empty
com.viscosityvpn.Viscosity.plist
Here's what's in there. I removed any "ConnectionOrder" reference:
?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>FirstRun</key>
<false/>
<key>License</key>
<string>REMOVED THIS INFO FOR THIS POST=</string>
<key>MenuBarIcons</key>
<string>Default Colored</string>
<key>SUAutomaticallyUpdate</key>
<true/>
<key>SUEnableAutomaticChecks</key>
<true/>
<key>StartAtLogin</key>
<true/>
</dict>
</plist>
If it helps, here is the contents of the config.conf file:
#viscosity name REMOVED FOR PRIVACY
#viscosity protocol openvpn
#viscosity startonopen false
#viscosity usepeerdns false
#viscosity dns automatic
#viscosity dnsserver 8.8.8.8
#viscosity dnsserver 8.8.4.4
#viscosity autoreconnect true
#viscosity dhcp true
remote REMOVED FOR PRIVACY 1194 udp
nobind
dev tun
redirect-gateway def1 ipv6
persist-tun
persist-key
compress lzo
pull
auth-user-pass
tls-client
ca ca.crt
tls-auth ta.key 1
auth SHA512
cipher AES-256-CBC
reneg-sec 0
For what it's worth, I've also tried moving the contents of Connection-Append to the other Connection folders and have also had no luck.
I notice that I can export a connection directly out of Viscosity>Settings. Should I be doing something with that?
No matter what I do I cannot get the installer to install any bundled connections on my test machine. It always shows 0 Connections, and when I go to Application Support>Viscosity>OpenVPN the folder is empty.
Here is what my folder structure looks like before I run Viscosity Installer.pkgproj (sorry, I cannot attach images, constantly get a HTTP error)
Connections
- Empty
Connections-Append:
1> ca.crt
ta.key
config.conf
Connections-Overwrite
- Empty
MenuItems
- Empty
com.viscosityvpn.Viscosity.plist
Here's what's in there. I removed any "ConnectionOrder" reference:
?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>FirstRun</key>
<false/>
<key>License</key>
<string>REMOVED THIS INFO FOR THIS POST=</string>
<key>MenuBarIcons</key>
<string>Default Colored</string>
<key>SUAutomaticallyUpdate</key>
<true/>
<key>SUEnableAutomaticChecks</key>
<true/>
<key>StartAtLogin</key>
<true/>
</dict>
</plist>
If it helps, here is the contents of the config.conf file:
#viscosity name REMOVED FOR PRIVACY
#viscosity protocol openvpn
#viscosity startonopen false
#viscosity usepeerdns false
#viscosity dns automatic
#viscosity dnsserver 8.8.8.8
#viscosity dnsserver 8.8.4.4
#viscosity autoreconnect true
#viscosity dhcp true
remote REMOVED FOR PRIVACY 1194 udp
nobind
dev tun
redirect-gateway def1 ipv6
persist-tun
persist-key
compress lzo
pull
auth-user-pass
tls-client
ca ca.crt
tls-auth ta.key 1
auth SHA512
cipher AES-256-CBC
reneg-sec 0
For what it's worth, I've also tried moving the contents of Connection-Append to the other Connection folders and have also had no luck.
I notice that I can export a connection directly out of Viscosity>Settings. Should I be doing something with that?
Never mind. If I distribute the package through my MDM the signed package works just fine and doesn't need to be notarized.Glad to hear you found a solution. Just in case anyone else comes across this forum post with the same issue, the most recent version of Xcode requires "notarytool" be used instead. To use this command you must first store the Apple credentials to use in the Keychain using a command like so:
Code: Select all
xcrun notarytool store-credentials --apple-id "[email protected]" --team-id "ABCD1234AB" --password myApplePassword NotaryToolCreds
You can then notarize the package using a command like so:
Code: Select all
xcrun notarytool submit "/path/to/Viscosity Installer.pkg" --keychain-profile NotaryToolCreds --wait
No matter what I do I cannot get the installer to install any bundled connections on my test machine. It always shows 0 Connections, and when I go to Application Support>Viscosity>OpenVPN the folder is empty.Please feel free to email us a copy of your bundled version (you can remove the Viscosity application itself to reduce the file size, but keep everything else in place and zip it up) and we can take a look and see what may be wrong for you. Our support email address can be found at https://www.sparklabs.com/support/#contact
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Bluesky: https://bsky.app/profile/sparklabs.com
Support: https://www.sparklabs.com/support
Bluesky: https://bsky.app/profile/sparklabs.com