Re: Notarization & hardening for macOS non-App Store Apps?

2019-05-09 Thread Monte Goulding via use-livecode 


> On 10 May 2019, at 10:49 am, kee nethery via use-livecode 
>  wrote:
> 
> 
> 
>> On May 9, 2019, at 5:42 PM, Monte Goulding via use-livecode 
>> mailto:use-livecode@lists.runrev.com>> wrote:
>> 
>> Looks like the hardened runtime needs —options=runtime
> 
> Which what terminal command would —options=runtime be used?
> 
> From what I can see, the only place to enable hardened runtime is with 
> projects in Xcode and … this is not a project in Xcode, right?

I’m fairly sure Xcode is just adding it when it executes codesign
> 
>> 
>> https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/resolving_common_notarization_issues?language=objc
>>  
>> >  
>> >
>> 
>> For the others are you using —force —deep to ensure you replace any existing 
>> code signatures?
> 
> yes. Learning lots about codesign and xattr and spctl but am really just a 
> code monkey pressing keys hoping for Shakespeare.


Haha… well we all feel like that sometimes!

Cheers

Monte
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Notarization & hardening for macOS non-App Store Apps?

2019-05-09 Thread kee nethery via use-livecode 


> On May 9, 2019, at 5:42 PM, Monte Goulding via use-livecode 
>  wrote:
> 
> Looks like the hardened runtime needs —options=runtime

Which what terminal command would —options=runtime be used?

From what I can see, the only place to enable hardened runtime is with projects 
in Xcode and … this is not a project in Xcode, right?

> 
> https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/resolving_common_notarization_issues?language=objc
>  
> 
> 
> For the others are you using —force —deep to ensure you replace any existing 
> code signatures?

yes. Learning lots about codesign and xattr and spctl but am really just a code 
monkey pressing keys hoping for Shakespeare.

Kee


> 
>> On 10 May 2019, at 10:29 am, kee nethery via use-livecode 
>>  wrote:
>> 
>> Help.
>> 
>> I volunteered to research this topic and present on it. I’ve documented the 
>> process to upload to the App Store, figured this would be less steps and I 
>> could figure it out and present on it at the LiveCode conference (as well as 
>> document it on the lessons web site).
>> 
>> There are two issues I’m running into and I could sorely use some help if 
>> any of you have gone through this notarization process on a macOS app. 
>> 
>> Kee Nethery
>> 
>> ——— TLDR ——— 
>> 
>> The developer ID certificate is the same one used to sign an app on the 
>> AppStore and it is not expired so … I’m really stumped as to why it is not 
>> signed with a valid Developer ID.
>> 
>> I set the —timestamp flag in the codesign command so it should have gotten a 
>> timestamp. Again, WTF?
>> 
>> And once those get resolved, without using Xcode, I have no idea how to 
>> “have the hardened runtime enabled”.
>> 
>> In specific I get the following error report.
>> 
>> 
>> 
>> 
>> {
>> "logFormatVersion": 1,
>> "jobId": "44f6d3f6-520b-4993-89af-3290ae2709c5",
>> "status": "Invalid",
>> "statusSummary": "Archive contains critical validation errors",
>> "statusCode": 4000,
>> "archiveFilename": "99_Bottles.pkg",
>> "uploadDate": "2019-05-08T00:41:02Z",
>> "sha256": "8f51bb68f65c36beed94c717d1bb49a146e927fe591aa4f3755aba2793bab7b3",
>> "ticketContents": null,
>> "issues": [
>>   {
>> "severity": "error",
>> "code": null,
>> "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 
>> Bottles.app/Contents/MacOS/revsecurity.dylib",
>> "message": "The binary is not signed with a valid Developer ID 
>> certificate.",
>> "docUrl": null,
>> "architecture": "x86_64"
>>   },
>>   {
>> "severity": "error",
>> "code": null,
>> "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 
>> Bottles.app/Contents/MacOS/revsecurity.dylib",
>> "message": "The signature does not include a secure timestamp.",
>> "docUrl": null,
>> "architecture": "x86_64"
>>   },
>>   {
>> "severity": "error",
>> "code": null,
>> "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 
>> Bottles.app/Contents/MacOS/99 Bottles",
>> "message": "The binary is not signed with a valid Developer ID 
>> certificate.",
>> "docUrl": null,
>> "architecture": "x86_64"
>>   },
>>   {
>> "severity": "error",
>> "code": null,
>> "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 
>> Bottles.app/Contents/MacOS/99 Bottles",
>> "message": "The signature does not include a secure timestamp.",
>> "docUrl": null,
>> "architecture": "x86_64"
>>   },
>>   {
>> "severity": "error",
>> "code": null,
>> "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 
>> Bottles.app/Contents/MacOS/99 Bottles",
>> "message": "The executable does not have the hardened runtime enabled.",
>> "docUrl": null,
>> "architecture": "x86_64"
>>   }
>> ]
>> }
>> ___
>> use-livecode mailing list
>> use-livecode@lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your subscription 
>> preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
> 
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription 
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Notarization & hardening for macOS non-App Store Apps?

2019-05-09 Thread Monte Goulding via use-livecode 
Looks like the hardened runtime needs —options=runtime

https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/resolving_common_notarization_issues?language=objc
 


For the others are you using —force —deep to ensure you replace any existing 
code signatures?

> On 10 May 2019, at 10:29 am, kee nethery via use-livecode 
>  wrote:
> 
> Help.
> 
> I volunteered to research this topic and present on it. I’ve documented the 
> process to upload to the App Store, figured this would be less steps and I 
> could figure it out and present on it at the LiveCode conference (as well as 
> document it on the lessons web site).
> 
> There are two issues I’m running into and I could sorely use some help if any 
> of you have gone through this notarization process on a macOS app. 
> 
> Kee Nethery
> 
> ——— TLDR ——— 
> 
> The developer ID certificate is the same one used to sign an app on the 
> AppStore and it is not expired so … I’m really stumped as to why it is not 
> signed with a valid Developer ID.
> 
> I set the —timestamp flag in the codesign command so it should have gotten a 
> timestamp. Again, WTF?
> 
> And once those get resolved, without using Xcode, I have no idea how to “have 
> the hardened runtime enabled”.
> 
> In specific I get the following error report.
> 
> 
> 
> 
> {
>  "logFormatVersion": 1,
>  "jobId": "44f6d3f6-520b-4993-89af-3290ae2709c5",
>  "status": "Invalid",
>  "statusSummary": "Archive contains critical validation errors",
>  "statusCode": 4000,
>  "archiveFilename": "99_Bottles.pkg",
>  "uploadDate": "2019-05-08T00:41:02Z",
>  "sha256": "8f51bb68f65c36beed94c717d1bb49a146e927fe591aa4f3755aba2793bab7b3",
>  "ticketContents": null,
>  "issues": [
>{
>  "severity": "error",
>  "code": null,
>  "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 
> Bottles.app/Contents/MacOS/revsecurity.dylib",
>  "message": "The binary is not signed with a valid Developer ID 
> certificate.",
>  "docUrl": null,
>  "architecture": "x86_64"
>},
>{
>  "severity": "error",
>  "code": null,
>  "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 
> Bottles.app/Contents/MacOS/revsecurity.dylib",
>  "message": "The signature does not include a secure timestamp.",
>  "docUrl": null,
>  "architecture": "x86_64"
>},
>{
>  "severity": "error",
>  "code": null,
>  "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 
> Bottles.app/Contents/MacOS/99 Bottles",
>  "message": "The binary is not signed with a valid Developer ID 
> certificate.",
>  "docUrl": null,
>  "architecture": "x86_64"
>},
>{
>  "severity": "error",
>  "code": null,
>  "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 
> Bottles.app/Contents/MacOS/99 Bottles",
>  "message": "The signature does not include a secure timestamp.",
>  "docUrl": null,
>  "architecture": "x86_64"
>},
>{
>  "severity": "error",
>  "code": null,
>  "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 
> Bottles.app/Contents/MacOS/99 Bottles",
>  "message": "The executable does not have the hardened runtime enabled.",
>  "docUrl": null,
>  "architecture": "x86_64"
>}
>  ]
> }
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription 
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Notarization & hardening for macOS non-App Store Apps?

2019-05-09 Thread kee nethery via use-livecode 
Help.

I volunteered to research this topic and present on it. I’ve documented the 
process to upload to the App Store, figured this would be less steps and I 
could figure it out and present on it at the LiveCode conference (as well as 
document it on the lessons web site).

There are two issues I’m running into and I could sorely use some help if any 
of you have gone through this notarization process on a macOS app. 

Kee Nethery

——— TLDR ——— 

The developer ID certificate is the same one used to sign an app on the 
AppStore and it is not expired so … I’m really stumped as to why it is not 
signed with a valid Developer ID.

I set the —timestamp flag in the codesign command so it should have gotten a 
timestamp. Again, WTF?

And once those get resolved, without using Xcode, I have no idea how to “have 
the hardened runtime enabled”.

In specific I get the following error report.




{
  "logFormatVersion": 1,
  "jobId": "44f6d3f6-520b-4993-89af-3290ae2709c5",
  "status": "Invalid",
  "statusSummary": "Archive contains critical validation errors",
  "statusCode": 4000,
  "archiveFilename": "99_Bottles.pkg",
  "uploadDate": "2019-05-08T00:41:02Z",
  "sha256": "8f51bb68f65c36beed94c717d1bb49a146e927fe591aa4f3755aba2793bab7b3",
  "ticketContents": null,
  "issues": [
{
  "severity": "error",
  "code": null,
  "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 
Bottles.app/Contents/MacOS/revsecurity.dylib",
  "message": "The binary is not signed with a valid Developer ID 
certificate.",
  "docUrl": null,
  "architecture": "x86_64"
},
{
  "severity": "error",
  "code": null,
  "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 
Bottles.app/Contents/MacOS/revsecurity.dylib",
  "message": "The signature does not include a secure timestamp.",
  "docUrl": null,
  "architecture": "x86_64"
},
{
  "severity": "error",
  "code": null,
  "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 
Bottles.app/Contents/MacOS/99 Bottles",
  "message": "The binary is not signed with a valid Developer ID 
certificate.",
  "docUrl": null,
  "architecture": "x86_64"
},
{
  "severity": "error",
  "code": null,
  "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 
Bottles.app/Contents/MacOS/99 Bottles",
  "message": "The signature does not include a secure timestamp.",
  "docUrl": null,
  "architecture": "x86_64"
},
{
  "severity": "error",
  "code": null,
  "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 
Bottles.app/Contents/MacOS/99 Bottles",
  "message": "The executable does not have the hardened runtime enabled.",
  "docUrl": null,
  "architecture": "x86_64"
}
  ]
}
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Help with Pasting of RTL languages into a field

2019-05-09 Thread Paul Dupuis via use-livecode 
I have a  test stack with a single scrolling field under LC904rc2. The 
textDirection for the field is the default of "auto" meaning it should 
align LTR  languages (like English) to the Left and RTL languages (like 
Arabic or Hebrew) to the Right.


English and other LTR test is correctly Left aligned. When I paste in 
RTL text (Arabic for example) it is incorrectly Left aligned. I am not 
sure if this is a 'paste' issue (tried the 'paste' command in a button 
and just using Ctrl-V in the IDE) or a field issue? Or even how to tell?


Does anyone else have experience with pasting RTL text from other 
applications (Word, Web pages, Google Translate, etc.) into LiveCode to 
have it align properly?


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Apple Provisioning Profile Is Missing

2019-05-09 Thread Sannyasin Brahmanathaswami via use-livecode 
Oh boy, I should have looked there first!

Panos, there is a new requirement for any who has not done this in the last 5 
months:

"Third" - Factor Identification.

Of course most iOS developers were forced get that, so are familiar with it (I 
mention this in another thread)

What is not familiar,  is how to enter that in the Applications Loader. Took me 
three support calls and ever Apple Tier 3 support -experts - did not know how 
to do it. They kept saying "Can't you enter at the prompt…. What? There is no 
prompt? We'll get back you…"  (never did…)

Well, mystery meat in the Application Loader UI, the first time you will be 
asked for a "password" There is no prompt.

On a hunch I clicked on  the upper left button that appears just to identify 
you with the developer account name. It wants you log in…. It doesn't tell you 
what password. First you think, it is must be your Mac admin password. Nope, 
doesn't work. Then you think, ahha! Must be my developer account password. Nope 
doesn't work…

You have to enter the app-specific password you created in the Apple ID account 
(you can only have 25 of these.) Once it is entered, Xcode knows and you won't 
have to enter it again, at least it hasn't so asked me again so far. And there 
appears no correlation between that password and you app name.  At least it is 
not apparent.

Hopefully that will save someone several days of tearing their hair out dealing 
with Apple's reg's. Perhaps I should put this in as a comment on the lesson.

BR

From: panagiotis merakos 


Hello all,

For future reference, we have a detailed lesson on how to upload your LC apps 
to the iOS AppStore:

http://lessons.livecode.com/m/4069/l/33064-how-do-i-submit-an-ios-app-to-the-app-store

Regards,
Panos
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode