On Mar 6, 2020, at 5:24 PM, Cannon Smith via 4D_Tech <[email protected]>
wrote:
>
> Thanks to Miyako and Rob Laveaux updating some plugins I use, and other help,
> I now have all but one of my applications notarizing again since the recent
> Apple changes. The problem with the last application is that some years ago I
> started placing a small blob file (compressed XML, not an executable) just
> inside the Contents folder during a build. Of course, the recent rules don’t
> like files being inside the Contents folder.
>
> I’m loathe to move this file somewhere else. Technically it is possible, but
> several applications rely on it so they would all have to be upgraded at the
> same time. And it affects the auto-update process itself which will cause
> issues for users trying to upgrade to the latest version.
Will the other apps work if you create an alias in the Contents folder and move
the file to the Resources folder? I’m not sure how 4D’s commands work with
aliases, or whether aliases need to be signed.
> So I’m wondering if there is a way to sign this file during the signing
> process. I’ve tried several variations of signing the file, but haven’t had
> any luck. I’m hoping someone knows of a way to sign a file like this so I
> don’t have to go down the difficult road of moving the file to another place.
My impression based on nothing more than all sample signing code I’ve seen has
done it this way, is that all subdirectory items must be signed before the app
bundle. So if you have to force sign the file, you likely have to resign the
app. But, you probably wouldn’t have to re-sign all other sub-items like
plugins and other bundles. So after the app is built, you could run a script
that signs that file and the app again. So maybe something like:
#!/bin/bash
cd "${BASH_SOURCE%/*}" || exit
devID="Developer ID Application: James Crate (CLJ9SRZQY3)"
appPath=“./MyApp.app”
if [[ -d $appPath ]]
then
codesign --force --deep --verbose --sign "$devID"
"${appPath}/Contents/SomeFile.blob"
# the base app
entPath="./sign_app.entitlements"
codesign --force --deep --verbose --options=runtime --entitlements ${entPath}
--sign "$devID" "${appPath}”
# check code-signing
echo "checking signing"
spctl -av "$appPath"
codesign --verify -v "$appPath”
fi
If you already are running a script to zip and upload for notarization, you
could just incorporate the signing into that script. There is an entitlements
file buried somewhere in the 4D app bundle so you could just directly reference
that file if you use LEP to run each command from 4D if you have a project
method that builds the app, or copy it to where you have your app built for
easier referencing in a script.
Jim
**********************************************************************
4D Internet Users Group (4D iNUG)
Archive: http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub: mailto:[email protected]
**********************************************************************
