The version 2 codesign tool will allow me to replace a version 1 signature, but will not allow me to freshly sign a copy of the same app.
This is an older Carbon app. The final .app is built on 10.6.8 with Xcode 3.2 (ancient, I know - but hey, it runs on Yosemite perfectly fine.) So, I move the unsigned app over to a Mavericks partition, where I attempt to use the code-sign tool to give it the new v2 codesigning. It fails: codesign -s "Developer ID Application" "Example.app" -fv Example.app: main executable failed strict validation But, if I codesign it with version 1 *first* on the 10.6.8 machine, then move it to Mavericks and *replace* the existing signature with v2, it works fine: On the Mavericks machine, first we check the existing v1 signature: codesign -dv "Example.app" [...] Format=bundle with Mach-O universal (i386 ppc)CodeDirectory v=20100 size=65533 flags=0x0(none) hashes=3270+3 location=embedded Signature size=4220 Signed Time=Oct 29, 2014, 5:33:54 PM Info.plist entries=22 TeamIdentifier=not set Sealed Resources version=1 rules=4 files=20 Internal requirements count=1 size=152 (Second last line shows version.) OK, now we try to codesign it with v2, and it works: codesign -s "Developer ID Application" "Example.app" -fv Example.app: replacing existing signature Example.app: signed bundle with Mach-O universal (i386 ppc) [com.example.example] Now, we check it again and see that it has v2 codesigning: codesign -dv "Example.app" [...] Format=bundle with Mach-O universal (i386 ppc)CodeDirectory v=20200 size=65548 flags=0x0(none) hashes=3270+3 location=embedded Signature size=8511 Timestamp=Oct 29, 2014, 5:36:06 PM Info.plist entries=22 TeamIdentifier=CE5P9HVLTN Sealed Resources version=2 rules=12 files=20 Internal requirements count=1 size=184 Why would I get "main executable failed strict validation" on an unsigned app, yet it allows me to replace a v1 signature with no errors? I've been trying to find out what this means, but all I've come across so far is: codesign says my main executable failed strict validation. * Your Mach-O executable does not conform to modern Mach-O layout rules. * You may be using a third party development product that hasn't been brought up to date, or post-processed your file in unsupported ways. OK, but then have I come up with a workaround that allows me to leave things the way they are? Just codesign it with v1 first and then replace it with v2? Thanks, - Stephen _______________________________________________ Do not post admin requests to the list. They will be ignored. Xcode-users mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/xcode-users/archive%40mail-archive.com This email sent to [email protected]
