Building on Cannon's code, rather than calling codesign directly with the
--deep flag we use the shell script that is distributed in the 4D app bundle,
which takes care of the signing of all of the subcomponents for you. You still
need to remove the extended attributes first (with xattr -cr) as Cannon does,
but the codesigning would do something like this instead:
C_BLOB($vX_StdIn;$vX_StdOut;$vX_StdErr)
$vT_AppPath:=Convert path system to POSIX($vT_AppPath)
//Make sure the path to the app does not end with a path delimiter - this
breaks the SignApp.sh script
If (Substring($vT_AppPath;Length($vT_AppPath))="/")
$vT_AppPath:=Substring($vT_AppPath;1;Length($vT_AppPath)-1)
End if
$vT_SignScriptPath:=Convert path system to POSIX(Application
file+":Contents:Resources:SignApp.sh")
LAUNCH EXTERNAL PROCESS(\
"\""+$vT_SignScriptPath+"\" "+\
"\""+$vT_CertificateName+"\" "+\
"\""+$vT_AppPath+"\"";$vX_StdIn;$vX_StdOut;$vX_StdErr)
Success is determined by:
* OK=1
* last line of $vX_StdErr = $vT_AppPath+": signed @bundle with Mach-O@"
* ERREUR not found in $vX_StdOut
> On 12 Jun 2018, at 3:45 am, Cannon Smith via 4D_Tech <4d_tech@lists.4d.com>
> wrote:
>
> Hi Jeff,
>
> I can’t give you a step by step guide, especially including getting the
> signing certificate. But here is a code snippet which I use for signing my
> apps which works. The takeaways will be in the comments as well as the two
> commands that are run using LEP.
>
> Hopefully that is enough to get you pointed in the right direction.
>
> P.S. Apple just introduced the idea of notarizing apps at WWDC last week.
> That will be additional steps and required in the future, but I haven’t tried
> it yet. Sigh.
>
>
> //If on Mac and a certificate is provided, we now code sign the app. Nothing
> inside the
> //application package should be changed after this point.
> //Use "codesign --verify --verbose /pathtoapp.app" to see if the application
> signing is still valid.
> //Use "codesign -dv /pathtoapp.app" to get the code signing information.
> //See http://kb.4d.com/assetid=77078 if we need to skip signing certain
> folders in the future.
> //Also, see
> http://stackoverflow.com/questions/39652867/code-sign-error-in-macos-sierra-xcode-8-resource-fork-finder-information-or
> //which explains that code signing no longer works with extended attributes
> on files in the app. It seems easiest to simply
> //use a command to strip all extended attributes before signing. We don't
> seem to need them anyway.
> If (OS_IsMac =True)
> $tCertificate:=BuildApp_Hook_MacCodeSign
> If ($tCertificate#"")
> BuildAppP_Log_Action ("Stripping files of extended attributes.")
> $tCommand:="xattr -cr "+FilePath_ConvertTo (OBJ_Get_Text
> (voBuildInfo;"PathToBuiltStandaloneApp");kFilePath_LEP)
> LAUNCH EXTERNAL PROCESS($tCommand;$tIn;$tOut;$tError) //If
> error, $tOut will be filled
>
> BuildAppP_Log_Action ("Code signing standalone.")
> $tCommand:="codesign -s \""+$tCertificate+"\" -fv --deep "+\
> FilePath_ConvertTo (OBJ_Get_Text
> (voBuildInfo;"PathToBuiltStandaloneApp");kFilePath_LEP)
> LAUNCH EXTERNAL PROCESS($tCommand;$tIn;$tOut;$tError) //If
> error, $tOut will be filled
> If ($tOut#"")
> BuildAppP_Log_Action ("Code signing error: "+$tOut;True)
> End if
> End if
> End if
>
>
> --
> Cannon.Smith
> Synergy Farm Solutions Inc.
> Hill Spring, AB Canada
> 403-626-3236
> <can...@synergyfarmsolutions.com>
> <www.synergyfarmsolutions.com>
>
>
>> Can someone please direct me to documentation on how to code sign apps for
>> MacOS with 4D. I need the entire process in a step-by-step guide from
>> explaining how to obtain the code signing certificate from Apple through
>> adding it to the 4D XML build files and building.
>
> **********************************************************************
> 4D Internet Users Group (4D iNUG)
> FAQ: http://lists.4d.com/faqnug.html
> Archive: http://lists.4d.com/archives.html
> Options: https://lists.4d.com/mailman/options/4d_tech
> Unsub: mailto:4d_tech-unsubscr...@lists.4d.com
> **********************************************************************
**********************************************************************
4D Internet Users Group (4D iNUG)
FAQ: http://lists.4d.com/faqnug.html
Archive: http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub: mailto:4d_tech-unsubscr...@lists.4d.com
**********************************************************************
