> Does the —deep option actually work anymore? The signing script I use for an > app compiled with runtime has to sign every executable component in the built > app.
yes it works. I use --deep to sign every framework, bundle, plugin from the inside out. think of it like sealing smaller boxes before putting them inside a larger box and then an even larger box. the problem with --deep is that it might miss a few components in case of a complex package and that you can not customise the signature of each component inside the app (their entitlements in particular). you can try to --deep sign the app in one shot, it may or may not work. > have to completely re-sign and notarize a 4D app, which will likely require > changing the bundle ID in the info.plist there is no need to touch the bundle ID for code signing or notarisation. ********************************************************************** 4D Internet Users Group (4D iNUG) New Forum: https://discuss.4D.com Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **********************************************************************