Yes, my project has multiple command-line tools and a couple of .app
applications.
OK. I’m going to outline my normal recommendation for folks using Xcode, then explain why that won’t work for you, and then offer a suggestion that should work.
If you’re building your product with Xcode then I generally recommend that you use Xcode’s code signing support. For example, if you’re building a standard app you can do this using
xcodebuild:
Use the archive action to create an Xcode archive for your app.
Use the the -exportArchive option to export that archive with Developer ID signing.
This uses exactly the same machinery as the Xcode Organizer. Specifically, step 1 is equivalent to Product > Archive and step 2 is equivalent to Distribute App > Developer ID > Export.
Unfortunately this won’t work for you. The problem is with step 2, which only works for apps. You can see this in the Organizer. If you do a Product > Archive on a command-line tool target you’ll see that the button in the Organizer says Distribute Content and clicking it doesn’t offer you the Developer ID > Export path.
So, here’s what you need to do:
For your app targets, use the workflow described above.
For your command-line tool targets, use step 1 of the workflow but replace step 2 with your own script that exports and re-signs the tool from the archive.
Finally, use your existing script to combine everything up into an installer package and then sign and notarise that package.
For help with this signing, see
Signing a Mac Product For Distribution.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"