Moving signing to a new machine

The easiest way to do this is use Xcode’s import/export feature. Launch Xcode, choose Xcode > Settings, select Accounts, select the account in question, then choose Export Apple ID and Code Signing Assets from the action (…) menu.

Having said that, Developer ID signing identities are precious and I encourage you to maintain your own backup of them. See the various posts on this thread.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

The problem with that is that we don't use Xcode for development. We are a Java application, and only use a few of the Xcode tools to sign the app. I still have no idea what I did in the past to get the key into my keychain.
The ONLY thing we use the Mac for is to assemble our app, sign it, and assemble an installer and notarize that. Note that I'm am just one of several developers working under a team apple dev account.

Note that I tried to use "Keychain Access" to export the relevant private key (which shows the related certificate under it). While the export seemed to work, importing it on the new Mac doesn't seem to have added any thing to the keychain. I had to enter an admin password 3 times, and the p12 password - and then absolutely nothing changed.

Note that I HAVE made progress. I figured out that I had to setup (again) a new stored credential for the notary tool. I was able to do that, and now I get further.

Notarization is attempted, takes a while, and then fails.

Current status: Invalid........................Processing complete
  id: 0e4af460-82b1-468e-9396-f711485e0a11
  status: Invalid

Not an especially helpful message.

Not an especially helpful message.

The next step is to fetch the notary log.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Yup, and I immediately found a problem with our build system. It didn't save the notarization log. Had to fix that. So, i fixed it and ran again. The log contained 3 errors, all for the same file:

      "path": "Metrix Installer.dmg/Metrix-Installer.app/Contents/MacOS/Installer",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "message": "The signature does not include a secure timestamp.",
      "message": "The executable requests the com.apple.security.get-task-allow entitlement.",

The interesting thing is that the same set of files will work if run on the old Mac VM - using the same Apple Dev account.

We built the Installer app last year (using a different Apple Dev account), and have just been re-using it since. The stuff that changes is what the app installs.

I started up XCode to see if I could just recompile the Installer app - but now, with the most current xcode, there are various errors with text controls (size mostly) and some permissions settings, and it won't build until those issues are fixed. (at least, running a build does not result in an "Installer.app" like it used to.) While I have been able to fix some minor issues with the code in the past (mostly changing some strings), I've been unable to find solutions to the current compile issues. When I search for the various error messages I find solutions from 2 years ago that use settings that don't exist.

Yes, I'm annoyed, tired, and grumpy right now, and definitely NOT an Apple Developer with experience using XCode. Gonna have to see if we have somebody on staff that knows how to deal with this mess.