Re: Another Signing/Notarization Question
Hello, in your posts, you say that you "tried to codesign the file as part of the app’s signing process, but haven’t had any luck with that" and that you've "tried several variations of signing the file, but haven’t had any luck." but you do not describe at all, what you did that did not work for you. --- as a test, I added a text file under 4D.app/Contents/ but I don't see any issues with code signing, notarisation or stapling. https://github.com/miyako/4d-utility-build-application/releases/tag/0.0.1 the code I used is here: https://github.com/miyako/4d-utility-build-application ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: Another Signing/Notarization Question
Hi Jim, Thanks for the ideas. I tried to codesign the file as part of the app’s signing process, but haven’t had any luck with that working. The alias idea is intriguing. I’m going to look into that. Thanks. -- Cannon Smith Synergy Farm Solutions Inc. > On Mar 7, 2020, at 8:17 AM, James Crate via 4D_Tech <4d_tech@lists.4d.com> > wrote: > > Will the other apps work if you create an alias in the Contents folder and > move the file to the Resources folder? I’m not sure how 4D’s commands work > with aliases, or whether aliases need to be signed. > >> So I’m wondering if there is a way to sign this file during the signing >> process. I’ve tried several variations of signing the file, but haven’t had >> any luck. I’m hoping someone knows of a way to sign a file like this so I >> don’t have to go down the difficult road of moving the file to another place. > > My impression based on nothing more than all sample signing code I’ve seen > has done it this way, is that all subdirectory items must be signed before > the app bundle. So if you have to force sign the file, you likely have to > resign the app. But, you probably wouldn’t have to re-sign all other > sub-items like plugins and other bundles. So after the app is built, you > could run a script that signs that file and the app again. So maybe > something like: ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: Another Signing/Notarization Question
On Mar 6, 2020, at 5:24 PM, Cannon Smith via 4D_Tech <4d_tech@lists.4d.com>
wrote:
>
> Thanks to Miyako and Rob Laveaux updating some plugins I use, and other help,
> I now have all but one of my applications notarizing again since the recent
> Apple changes. The problem with the last application is that some years ago I
> started placing a small blob file (compressed XML, not an executable) just
> inside the Contents folder during a build. Of course, the recent rules don’t
> like files being inside the Contents folder.
>
> I’m loathe to move this file somewhere else. Technically it is possible, but
> several applications rely on it so they would all have to be upgraded at the
> same time. And it affects the auto-update process itself which will cause
> issues for users trying to upgrade to the latest version.
Will the other apps work if you create an alias in the Contents folder and move
the file to the Resources folder? I’m not sure how 4D’s commands work with
aliases, or whether aliases need to be signed.
> So I’m wondering if there is a way to sign this file during the signing
> process. I’ve tried several variations of signing the file, but haven’t had
> any luck. I’m hoping someone knows of a way to sign a file like this so I
> don’t have to go down the difficult road of moving the file to another place.
My impression based on nothing more than all sample signing code I’ve seen has
done it this way, is that all subdirectory items must be signed before the app
bundle. So if you have to force sign the file, you likely have to resign the
app. But, you probably wouldn’t have to re-sign all other sub-items like
plugins and other bundles. So after the app is built, you could run a script
that signs that file and the app again. So maybe something like:
#!/bin/bash
cd "${BASH_SOURCE%/*}" || exit
devID="Developer ID Application: James Crate (CLJ9SRZQY3)"
appPath=“./MyApp.app”
if [[ -d $appPath ]]
then
codesign --force --deep --verbose --sign "$devID"
"${appPath}/Contents/SomeFile.blob"
# the base app
entPath="./sign_app.entitlements"
codesign --force --deep --verbose --options=runtime --entitlements ${entPath}
--sign "$devID" "${appPath}”
# check code-signing
echo "checking signing"
spctl -av "$appPath"
codesign --verify -v "$appPath”
fi
If you already are running a script to zip and upload for notarization, you
could just incorporate the signing into that script. There is an entitlements
file buried somewhere in the 4D app bundle so you could just directly reference
that file if you use LEP to run each command from 4D if you have a project
method that builds the app, or copy it to where you have your app built for
easier referencing in a script.
Jim
**
4D Internet Users Group (4D iNUG)
Archive: http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub: mailto:4d_tech-unsubscr...@lists.4d.com
**
Another Signing/Notarization Question
Hi All, Thanks to Miyako and Rob Laveaux updating some plugins I use, and other help, I now have all but one of my applications notarizing again since the recent Apple changes. The problem with the last application is that some years ago I started placing a small blob file (compressed XML, not an executable) just inside the Contents folder during a build. Of course, the recent rules don’t like files being inside the Contents folder. I’m loathe to move this file somewhere else. Technically it is possible, but several applications rely on it so they would all have to be upgraded at the same time. And it affects the auto-update process itself which will cause issues for users trying to upgrade to the latest version. So I’m wondering if there is a way to sign this file during the signing process. I’ve tried several variations of signing the file, but haven’t had any luck. I’m hoping someone knows of a way to sign a file like this so I don’t have to go down the difficult road of moving the file to another place. Thanks for any ideas! -- Cannon Smith Synergy Farm Solutions Inc. ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
