Fix some issues in the new optional code signing config.

* Reinstate separate signing identities for the app and installer.
* Fix so that productbuild command actually works when DO_CODE_SIGNING=1.
* Update README.
* Remove vim-related junk added to the end of files.

Author: davidfstr

README.md

@@ -23,19 +23,21 @@ It displays a simple dialog and exits.
 1. Clone this repository or download a ZIP file of it:
     * `git clone https://github.com/davidfstr/Python-in-Mac-App-Store.git`
     * `cd Python-in-Mac-App-Store`
-2. Configure code signing:
-    * **(Option 1)** If you have Mac App Store signing certificates, update the `SIGNING_IDENTITY` line in `./build-app.sh` and `./build-pkg.sh` to refer to them:
-        * You will need an [Apple Developer account](https://developer.apple.com/devcenter/mac/) and a subscription to the Mac Developer Program ($99/year) to get signing certificates.
-        * Create the appropriate Mac App Store certificates in the [Mac Dev Center](https://developer.apple.com/account/mac/certificate/) and download them to your dev machine.
-    * **(Option 2)** If you do not have a Mac App Store signing certificate:
-        1. Comment out all `codesign` commands in `./build-app.sh`.
-        2. Remove the `--sign "$SIGNING_IDENTITY"` option from `./build-pkg.sh`
-        3. With these modifications you will be able to build the app and the installer package, but you will not be able to submit them to the store.
-4. Build the app package `dist/HelloAppStore.app`:
+2. Build the app package `dist/HelloAppStore.app`:
     * `./build-app.sh`
-5. Build the installer package `dist/HelloAppStore.pkg`:
+3. Build the installer package `dist/HelloAppStore.pkg`:
     * `./build-pkg.sh`
 
+For submission to the App Store you will also need to enable code signing:
+
+1. Configure code signing:
+    * Update the `SIGNING_IDENTITY` line in `code-signing-config.sh` to refer to your Mac App Store signing certificates:
+        * You will need an [Apple Developer account](https://developer.apple.com/devcenter/mac/) and a subscription to the Mac Developer Program ($99/year) to get signing certificates.
+        * Create the appropriate Mac App Store certificates in the [Mac Dev Center](https://developer.apple.com/account/mac/certificate/) and download them to your dev machine.
+    * Change the `DO_CODE_SIGNING` line in `code-signing-config.sh` to assign
+      `1` instead of `0`.
+2. Rebuild the app package and installer package using the same steps as above.
+
 ### How to Submit
 
 1. Create a record for your app inside [iTunes Connect](https://itunesconnect.apple.com/).
@@ -50,7 +52,6 @@ It displays a simple dialog and exits.
 
 ## Writing your Own App?
 
-
 ### Choosing a GUI Library
 
 Any app you submit to the Mac App Store must have a GUI. In Python there are a few libraries available to create a GUI:

build-app.sh

@@ -22,6 +22,7 @@ python setup.py py2app
 
 # Limit Universal Binaries to only contain the architechures {i386, x86_64},
 # since these are the only architechures permitted on the Mac App Store.  
+# 
 # In addition, remove all i386 items since all Macs models from early 2007 and 
 # newer have x86_64 support (aka Core 2 Duo or newer).  This will save 1.1MB
 # of space in Python's libraries alone, more from other frameworks..
@@ -33,24 +34,23 @@ for i in ${APP_PATH}/Contents/Resources/lib/python2.7/lib-dynload/* ; do
     remove_arch i386 ${i}
 done
 
+# Import configuration related to code signing
 source code-signing-config.sh
 
 # Sign the app, frameworks, and all helper tools as required by the Mac App Store.
 # (This example app has no helper tools.)
 # 
 # NOTE: Inner frameworks and tools must be signed before the outer app package.
 # NOTE: codesign with the -f option can incorrectly return exit status of 1
-
 if [ ${DO_CODE_SIGNING} -eq 1 ] ; then
-    codesign -s "$SIGNING_IDENTITY" -f \
+    codesign -s "$SIGNING_IDENTITY_APP" -f \
         "$APP_PATH/Contents/Frameworks/Python.framework/Versions/2.7"
-    codesign -s "$SIGNING_IDENTITY" -f \
+    codesign -s "$SIGNING_IDENTITY_APP" -f \
         --entitlements src/app.entitlements \
         "$APP_PATH/Contents/MacOS/HelloAppStore"
-    codesign -s "$SIGNING_IDENTITY" -f \
+    codesign -s "$SIGNING_IDENTITY_APP" -f \
         --entitlements src/app.entitlements \
         "$APP_PATH/Contents/MacOS/python"
 fi
 
 exit 0
-# vim:ts=4:sts=4:sw=4:et

build-pkg.sh

@@ -10,16 +10,15 @@ if [ ! -d dist/HelloAppStore.app ]; then
     exit 1
 fi
 
+# Import configuration related to code signing
 source code-signing-config.sh
 
-dash_dash_sign=''
 if [ ${DO_CODE_SIGNING} -eq 1 ] ; then
-    dash_dash_sign="--sign ${SIGNING_IDENTITY}"
+    # NOTE: If having trouble with signing, debug by removing the --sign flag and
+    #       trying to sign manually with the productsign command
+    productbuild --component dist/HelloAppStore.app /Applications dist/HelloAppStore.pkg \
+        --sign "${SIGNING_IDENTITY_INSTALLER}"
+else
+    productbuild --component dist/HelloAppStore.app /Applications dist/HelloAppStore.pkg
 fi
 
-# NOTE: If having trouble with signing, debug by removing the --sign flag and
-#       trying to sign manually with the productsign command
-productbuild --component dist/HelloAppStore.app /Applications dist/HelloAppStore.pkg \
-    $dash_dash_sign
-
-# vim:ts=4:sts=4:sw=4:et

code-signing-config.sh

@@ -6,5 +6,8 @@ DO_CODE_SIGNING=0
 
 # The package signing identity corresponds to a "3rd Party Mac Developer Application"
 # certificate that resides within the Keychain Access application.
-SIGNING_IDENTITY="3rd Party Mac Developer Application: David Foster"
+SIGNING_IDENTITY_APP="3rd Party Mac Developer Application: David Foster"
 
+# The package signing identity corresponds to a "3rd Party Mac Developer Installer"
+# certificate that resides within the Keychain Access application.
+SIGNING_IDENTITY_INSTALLER="3rd Party Mac Developer Installer: David Foster"