I am attempting to codesign and notarize a MacOS .app bundle generated by Pyinstaller. The application is developed using Python3, PyQt bindings, and the Qt toolkit. Here are the versions:
PyInstaller 3.5 Python version: 3.7.4 (v3.7.4:e09359112e, Jul 8 2019, 14:54:52) [Clang 6.0 (clang-600.0.57)] Qt version: 5.13.0 PyQt version: 5.13.1 sip version: 4.19.19 The app itself runs great on the MAC, the problems start when attempting to code sign the app so it can be notarized. The issue I'm illustrating here has to do with the Qt Frameworks. If anyone can provide a set of steps that will successfully sign one of the Qt Frameworks in the pyinstaller generated .app bundle I'd really appreciate it. Here is my process... The .app bundle is created by Pyinstaller and runs fine. The first step is to fix the folder structure created by Pyinstaller. It doesn't conform exactly to what Apple expects, but to be fair, what Qt installs doesn't either. Run this script to fix the QtCore framework in the .app bundle Echo Fix the QtCore framework folders qtfolder="/Users/xxx/Qt/5.13.1/clang_64/lib" basefolder= "/Users/xxx/Documents/PYINSTALLERTEST/dist/MyApp.app/Contents/MacOS/PyQt5/Qt/lib/QtCore.framework" cp -R $qtfolder/QtCore.framework/Versions/5/Resources $basefolder/Versions/5 ln -s $basefolder/Versions/5 $basefolder mv $basefolder/5 $basefolder/Versions/Current ln -s $basefolder/Versions/Current/Resources $basefolder ln -s $basefolder/Versions/Current/QtCore $basefolder This produces the following folder structure and files which I believe conform to what Apple expects. this is based on numerous blog posts etc. QtCore@ -> /Users/xxx/Documents/PYINSTALLERTEST/dist/MyApp.app/Contents/MacOS/PyQt5/Qt/lib/QtCore.framework/Versions/Current/QtCore Resources@ -> /Users/xxx/Documents/PYINSTALLERTEST/dist/MyApp .app/Contents/MacOS/PyQt5/Qt/lib/QtCore.framework/Versions/Current/Resources Versions/ ./Versions: 5/ Current@ -> /Users/xxx/Documents/PYINSTALLERTEST/dist/MyApp .app/Contents/MacOS/PyQt5/Qt/lib/QtCore.framework/Versions/5 ./Versions/5: QtCore* Resources/ ./Versions/5/Resources: Info.plist Now I start signing the files. There are many posts on what to sign and how to sign all of which seem outdated and contradictory. The best current advice I think is to sign everything. I've tried many combinations and they've all ended up with the same error. sudo codesign --verbose --force --sign "Developer ID Application: (xxx)" /Users/xxx/Documents/PYINSTALLERTEST/dist/MyApp.app/Contents/MacOS/PyQt5/Qt/lib/QtCore.framework/versions/5/resources/Info.plist sudo codesign --verbose --force --sign "Developer ID Application: (xxx)" /Users/xxx/Documents/PYINSTALLERTEST/dist/MyApp .app/Contents/MacOS/PyQt5/Qt/lib/QtCore.framework/versions/5/QtCore sudo codesign --verbose --force --sign "Developer ID Application: (xxx)" /Users/xxx/Documents/PYINSTALLERTEST/dist/MyApp .app/Contents/MacOS/PyQt5/Qt/lib/QtCore.framework/versions/5/_CodeSignature/CodeResources sudo codesign --verbose --force --sign "Developer ID Application: (xxx)" /Users/xxx/Documents/PYINSTALLERTEST/dist/MyApp .app/Contents/MacOS/PyQt5/Qt/lib/QtCore.framework/versions/5 At this point every file and folder in the framework that can be signed has been signed successfully. I don't sign the symlinks as I think that just resigns the underlying files. The final step is to sign the framework itself. sudo codesign --verbose --force --sign "Developer ID Application: (xxx)" /Users/xxx/Documents/PYINSTALLERTEST/dist/MyApp .app/Contents/MacOS/PyQt5/Qt/lib/QtCore.framework this produces the following error message: /Users/xxx/Documents/PYINSTALLERTEST/dist/MyApp.app/Contents/MacOS/PyQt5/Qt/lib/QtCore.framework: replacing existing signature /Users/xxx/Documents/PYINSTALLERTEST/dist/MyApp.app/Contents/MacOS/PyQt5/Qt/lib/QtCore.framework: *unsealed contents present in the root directory of an embedded framework* *Any ideas on what I'm doing wrong?* -- You received this message because you are subscribed to the Google Groups "PyInstaller" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pyinstaller/b3219614-2df3-44a5-ad2a-e57e822f0813%40googlegroups.com.
