[Interest] Fw: Aw: Re: codesign issue with Qt6.9.1

[alexander_carot--- via Interest]

Hi all,

 

see subject – with Qt6.9.1 now I sign this way:

 

macdeployqt my.app -codesign="myAccount"

 

and then 

 

codesign --options=runtime --entitlements ./deployment/entitlements.xml —force ./my.app -s "myAccount"

 

checking this via

 

codesign --verify --deep --strict --verbose=2 ./myApp.app

 

it says "valid on disc" - so all is fine.

 

However, now a new issue comes up: When I zip it and load it up to notarise it via:

 

xcrun notarytool submit myApp.zip --keychain-profile MYKEYCHAIN --wait

 

then it eventually fails with:

 

status: invalid      

 

Thus, I went back to Qt6.5.3 and signed in the same way and also received the INVALID status at the very end. 

 

Deploying and Signing via:

 

macdeployqt my.app

codesign --options=runtime --entitlements ./deployment/entitlements.xml —deep ./my.app -s "myAccount"

 

does work out and leads to valid status but unfortunately this does not work out wiqht Qt6.9.1 because it refuses to take the --deep statement.

 

Can anyone advise how to achieve VALID status with the above structure using Qt6.9 ?

 

Thanks and

best

 

Alex

 

--
http://www.carot.de
Email : alexan...@carot.de
Tel.: +49 (0)177 5719797

 

Gesendet: Donnerstag, 18. September 2025 um 20:49

Von: "Alexander Carôt" <alexander_ca...@gmx.net>

An: kai.koe...@qt.io, ham...@risingsoftware.com, interest@qt-project.org

Betreff: Aw: Re: [Interest] codesign issue with Qt6.9.1

Hello Kai,

 

>>Any reason you don’t use macdeployqt -codesign=“My dev account” ? This should do deep signing...

 

when I do this and I check the result via 

 

codesign --verify --deep --strict --verbose=2 ./myApp.app

 

it looks fine:

 

./myApp.app: valid on disk
./myApp.app: satisfies its Designated Requirement

 

 but indeed I need to include the entitlements:

 

--entitlements ./deployment/entitlements.xml

 

which seems to not work when combining it via macdeployqt or am I mistaken on this ?

 

Any further help appeciated,

thanks beforehand and

best

 

Alex

 

--
http://www.carot.de
Email : alexan...@carot.de
Tel.: +49 (0)177 5719797

 

Gesendet: Donnerstag, 18. September 2025 um 17:44

Von: "Kai Köhne via Interest" <interest@qt-project.org>

An: "Hamish Moffatt" <ham...@risingsoftware.com>, "interest@qt-project.org" <interest@qt-project.org>

Betreff: Re: [Interest] codesign issue with Qt6.9.1

Confidential

>On 17/09/2025 8:31 pm, Alexander Carôt via Interest wrote:

>> Hello all,
>>
>> I just upgraded from Qt6.5.3 to Qt 6.9.1 – it's all fine except that now the codesigning fails. I typically do:
>>
>> macdeployqt My.app
>>
>> codesign --options=runtime --entitlements ./deployment/entitlements.xml --deep ./My.app -s "My dev account"
>
> According to the manual, --deep is deprecated - probably because it’s
> unreliable. You're expected to recurse all of the frameworks yourself, I

> think.

 

Any reason you don’t use macdeployqt -codesign=“My dev account” ? This should do deep signing...
 
>I don't know why codesign is so bad. But also I'm surprised that Qt is
> still shipping the official binaries unsigned.

Huh, they are signed?

Regards

 

Kai

_______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest

_______________________________________________
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest