Wiki
Clone wikiSigning Manager / Testing
Signing Manager QA Testing Guide
Test Client Setup
-
Run an MDS workflow so that the macOS installation is clean.
-
Create non-admin user named
standard
with the passwordtwocanoes
. -
Log out and sign in as the standard user.
-
Download the test app and package from:
https://tcs-signing-manager.s3.us-west-2.amazonaws.com/SigningManagerTestFiles.zip
-
Unzip the folder on the Desktop. You should now have a folder called
SigningManagerResources
. -
Install the file
Twocanoes-CA.cer
from theSigningManagerResources > Test Root Certiificate (trust in Root Keychain on signing mac)
by double-clicking on it and adding it to the login keychain. This certificate is required for package signing to work. -
In Keychain, mark
Twocanoes-CA.cer
as trusted by double-clicking it, then clicking theTrust
disclosure triangle, andWhen Using Certificate, Always Trust
. Close the window and enter your password when prompted. -
Install the target version of Signing Manager.
Test Client
-
Launch Signing Manager. When prompted, enter these values:
Signing Server
https://signing-service.twocanoes.com
API Key
<get API key from Signing Service>
Client Name
<enter any value to identify the current test machine>
-
Refresh the Signing Manager certificate list by clicking the
Refresh
button. -
Verify that server shows several signing certificates including one with a name that includes
Twocanoes Test Code Signing
and one with a name that includesPackage Signing
.
Signing
-
Make a copy of the folder
Test App and Package
. Use a new copy of each file for each test of signing operations described below. -
Drag
TestApp
onto theCode Signing
certificate in Signing Manager and confirm it shows a success message. DragTestPackage
onto the `Package Signing certificate in Signing Manager, choose a name and location to save the signed package file, and confirm a success message is shown. -
Sign a file by right-clicking on
Twocanoes Test Code Signing
and selectingCopy "codesign" command
. Then open Terminal and paste in the command you copied. Then drag theTestApp
file into Terminal to add its location to the command. The complete command should look something like:codesign -fs "LOTSOFNUMBERS" ~/Desktop/SigningManagerTestFiles/TestApp.app
Press return.
-
Verify signature by copying
codesign -dvvv
into Terminal, then draggingTestApp
into Terminal. The complete command should look something like:codesign -dvvv ~/Desktop/SigningManagerTestFiles/TestApp.app
Press return.
A successful result will show this line in the output:
Authority=Twocanoes Test Code Signing
-
Sign a package by right-clicking on
Twocanoes Test Package Certificate
and selectingCopy "productsign" command
. -
Open Terminal and paste in the command you copied. Delete
source.pkg destination.pkg
from the end of this, then drag theTestPackage
file into Terminal, then in Terminal copy this to the end of the command as the destination:~/Desktop/Signed-TestPackage.pkg
The complete command should look something like:
productsign --sign "LOTSOFNUMBERS" ~/Desktop/SigningManagerTestFiles/TestPackage.pkg ~/Desktop/Signed-TestPackage.pkg
Press return.
-
Verify that Terminal shows output like the following with no error messages.
productsign: signing product with identity <Name of certificate used>
productsign: adding certificate "Twocanoes-CA"
productsign: Wrote signed product archive to </path/specified/for/output>
-
Delete all copies of test files used in signing operations.
DO NOT TEST: Test Command Line
-
Reboot Mac and log in as the normal user.
-
Open Terminal and refresh certificates by running:
"/Applications/Signing Manager.app/Contents/MacOS/Signing Manager" -r
The details of the list of signing certificates should be returned.
-
Find the section for
Twocanoes Test Code Signing
in the output and copy theSHA1 Hash
. -
Run the following command by inserting the SHA1 Hash in place of
"SHA1 Hash"
below:codesign -fs "SHA1 Hash" ~/Desktop/SigningManagerTestFiles/TestApp.app
-
Verify signature:
codesign -dvvv ~/Desktop/SigningManagerTestFiles/TestApp.app
A successful result will show this line in the output:
Authority=Twocanoes Test Code Signing
-
In the previous output that listed signing certificate details, find the section for
Package Signing
and copy the value forSHA1 Hash
. -
Run the following command by inserting the SHA1 Hash in place of
"SHA1 Hash"
below:productsign --sign "SHA1 Hash" ~/Desktop/SigningManagerTestFiles/TestPackage.pkg ~/Desktop/SigningManagerTestFiles/TestPackage-signed.pkg
-
Verify that Terminal shows output like the following with no error messages.
productsign: signing product with identity <Name of certificate used>
productsign: adding certificate "Twocanoes-CA"
productsign: Wrote signed product archive to </path/specified/for/output>
DO NOT TEST: Test Set Settings on the Command Line
-
Print settings on the command line:
"/Applications/Signing Manager.app/Contents/MacOS/Signing Manager" -p
-
Compare these settings with the preferences shown in the Signing Manager app.
-
Modify the settings in the app:
Signing Server:
https://signing-service.twocanoes.com
API Key: <get API key from Signing Service>
Deselect the
Trust Self-Signed Certificates
checkbox. -
Print the settings on the command line and verify they changed:
"/Applications/Signing Manager.app/Contents/MacOS/Signing Manager" -p
-
Click
Refresh
in the Signing Manager app and verify it fails to load certificates. -
Reset settings back to good settings on the command line:
"/Applications/Signing Manager.app/Contents/MacOS/Signing Manager" -s -i https://signing-server.twocanoes.com -a '<REPLACE-WITH-API-KEY>' -u
-
Print the settings on the command line and verify they changed:
"/Applications/Signing Manager.app/Contents/MacOS/Signing Manager" -p
-
Click
Refresh
in the Signing Manager app and verify it now successfully loads certificates.
Updated