On Mar 24, 2021, at 6:09 PM, Keisuke Miyako via 4D_Tech <4d_tech@lists.4d.com> wrote: > >> Does the —deep option actually work anymore? The signing script I use for an >> app compiled with runtime has to sign every executable component in the >> built app. > > yes it works. > I use --deep to sign every framework, bundle, plugin from the inside out. > think of it like sealing smaller boxes before putting them inside a larger > box and then an even larger box. > > the problem with --deep is that it might miss a few components in case of a > complex package > and that you can not customise the signature of each component inside the app > (their entitlements in particular). > > you can try to --deep sign the app in one shot, it may or may not work.
From my experience it no longer works on a complex app like a built 4D app with many included frameworks in several different directories. I do still use the —deep option for each individual thing that I sign but I just wasn’t sure that it actually did anything anymore. >> have to completely re-sign and notarize a 4D app, which will likely require >> changing the bundle ID in the info.plist\ > > there is no need to touch the bundle ID for code signing or notarisation. So if Jorg wanted to change the entitlements on the 4D.app he uses for development so it could access the camera, he could just re-sign with the new entitlements and his developer ID and notarize a copy of 4D.app with the bundle ID "com.4d.4d”? I never tried this but I just assumed notarization would require a different bundle ID. I guess the combination of bundle ID + developer ID would still be unique, but I guess I just assumed that Apple wouldn’t let that happen. Btw, I’m pretty sure camera access requires entries in info.plist in addition to the entitlements but I guess that’s probably already been covered. It’s also worth noting that the “4D.entitlements” used by 4D’s SignApp.sh has com.apple.security.device.camera set to true so theoretically the only extra thing needed should be the info.plist keys and a built signed notarized app should be allowed to access the camera. Jim > ********************************************************************** > 4D Internet Users Group (4D iNUG) > New Forum: https://discuss.4D.com > Archive: http://lists.4d.com/archives.html > Options: https://lists.4d.com/mailman/options/4d_tech > Unsub: mailto:4d_tech-unsubscr...@lists.4d.com > ********************************************************************** ********************************************************************** 4D Internet Users Group (4D iNUG) New Forum: https://discuss.4D.com Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **********************************************************************
