Re: New Notarization Issues

2020-04-28 Thread Herr Alexander Heintz via 4D_Tech 
Am 28.04.2020 um 17:01 schrieb Randy Jaynes via 4D_Tech <4d_tech@lists.4d.com>:
> 
> I was cursing Apple frequently and for the first time in 20+ years (did I 
> really say that?) seriously considering becoming a Windows only programmer.

I still develop on windows, but: 
Man am I happy that I only hav Windows clients…
So much less headaches, on all fronts.
And there is so much stuff you can do on windows easily that is an incredible 
PITA on Mac.
Examples : CTI, TWAIN, RDP, Virtualisation
Oh, and lets not go down the road of hardware prices, especially server…
I have no pity for anyone using a Mac as server, none whatsoever…
OK, my rant of the day.
Better stop before I start diving into the joys of visiting an apple store with 
a defective 6000 $ laptop.
The give a whole new meaning to the word „customer oriented service“


NOT!
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-04-28 Thread Randy Jaynes via 4D_Tech 
Jeremy,

I won’t tell you how many day's worth of hours it took me to get my stuff 
through the process.

I was cursing Apple frequently and for the first time in 20+ years (did I 
really say that?) seriously considering becoming a Windows only programmer.

Randy

--
Randy Jaynes
Senior Programmer and Customer Support

http://printpoint.com • 845.687.3741 • PrintPoint, Inc • 57 Ludlow Lane • 
Palisades, NY 10964 
Please send all email contacts to supp...@printpoint.com



> On Apr 28, 2020, at 10:47 AM, Jeremy Roussak via 4D_Tech 
> <4d_tech@lists.4d.com> wrote:
> 
> Randy and Spencer,
> 
> Thanks. That’s exactly what I did and my application is now successfully 
> notarized.
> 
> I wish I understood what notarization actually involves. One day…
> 
> Jeremy
> 
>> On 28 Apr 2020, at 14:04, Randy Jaynes > > wrote:
>> 
>> For that one I was able to replace it with the php-fcgi-4d from the recent 
>> release of 4D v18.
>> 
>> Randy
>> 
>> --
>> Randy Jaynes
>> Senior Programmer and Customer Support
>> 
>> http://printpoint.com  • 845.687.3741 • PrintPoint, 
>> Inc • 57 Ludlow Lane • Palisades, NY 10964 
>> Please send all email contacts to supp...@printpoint.com 
>> 
>> 
>> 
>>> On Apr 28, 2020, at 7:33 AM, Jeremy Roussak >> > wrote:
>>> 
>>> Randy, thanks for that pointer and Miyako, thanks very much indeed, as 
>>> ever, for that marvellous application.
>>> 
>>> The huge slew of notarization errors has now been reduced to just one:
>>> 
>>>  "issues": [
>>>{
>>>  "severity": "error",
>>>  "code": null,
>>>  "path": "PI_Calculator.app-1.84.app.zip/PI 
>>> calculator.app/Contents/Resources/php/Mac/php-fcgi-4d",
>>>  "message": "The binary uses an SDK older than the 10.9 SDK.",
>>>  "docUrl": null,
>>>  "architecture": "x86_64"
>>>}
>>>  ]
>>> It seems I need a new version of the PHP binary. I seem vaguely to remember 
>>> that this was discussed before, but I can’t recall what the solution was. 
>>> Is there one somewhere?
>>> 
>>> Jeremy
>>> 
 On 27 Apr 2020, at 21:28, Randy Jaynes >>> > wrote:
 
 Jeremy,
 
 I would RUN to Miyako’s buildApp 
 (https://github.com/miyako/4d-utility-build-application 
 )
 
 I found on the Catalina build machine that I’m using, I have to constantly 
 sign the entire plugins folder.
 
 This database has been nothing short of a miracle for this process.
 
 There was a test method in there that is already pretty much set up to go 
 down through the whole chain of all the folders, frameworks, plugins, … 
 you name it. 
 
 Randy
 
 --
 Randy Jaynes
 Senior Programmer and Customer Support
 
 http://printpoint.com  • 845.687.3741 • 
 PrintPoint, Inc • 57 Ludlow Lane • Palisades, NY 10964 
 Please send all email contacts to supp...@printpoint.com 
 
 
 
> On Apr 27, 2020, at 3:14 PM, Jeremy Roussak via 4D_Tech 
> <4d_tech@lists.4d.com > wrote:
> 
> 4Dv17R5, Mac Mojave
> 
> An application which I have previously codesigned and successfully 
> submitted for notarization is now failing to be notarized. The log file 
> contains a stream of errors, complaining about 4D InternetCommands, 
> InstallTool, Updater.app and others, the errors being invalid signature, 
> signature algorithm is too weak, executable does not have hardened 
> runtime enabled, and so on.
> 
> I’ve changed nothing since January, when it was notarized just fine. 
> codesign —verify says it’s OK.
> 
> Help!
> 
> Jeremy
> 
> The log file is at
> 
> https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma113/v4/03/70/62/03706243-2acd-5546-7a56-0fc4bda885a1/developer_log.json?accessKey=1588208394_8709044140572407954_aq%2Fu1eNX3LZEeLteCNikuUhL0w2W6BTpOHDmSGWv6lff9IL9W2H%2BGZI1WIfIm6R1rcc0fM1dEsPP43G5FhGjzCQUrvPwYL41E2YoNZSUzqtk1p1xkzmU%2BbjTpJ7s9RmairuCloWnEEFJsKbehxOX6EEY7i3Y5E%2FdrELaMZv1d2c%3D
>  
> 
>  
>

Re: New Notarization Issues

2020-04-28 Thread Jeremy Roussak via 4D_Tech 
Randy and Spencer,

Thanks. That’s exactly what I did and my application is now successfully 
notarized.

I wish I understood what notarization actually involves. One day…

Jeremy

> On 28 Apr 2020, at 14:04, Randy Jaynes  > wrote:
> 
> For that one I was able to replace it with the php-fcgi-4d from the recent 
> release of 4D v18.
> 
> Randy
> 
> --
> Randy Jaynes
> Senior Programmer and Customer Support
> 
> http://printpoint.com  • 845.687.3741 • PrintPoint, 
> Inc • 57 Ludlow Lane • Palisades, NY 10964 
> Please send all email contacts to supp...@printpoint.com 
> 
> 
> 
>> On Apr 28, 2020, at 7:33 AM, Jeremy Roussak > > wrote:
>> 
>> Randy, thanks for that pointer and Miyako, thanks very much indeed, as ever, 
>> for that marvellous application.
>> 
>> The huge slew of notarization errors has now been reduced to just one:
>> 
>>   "issues": [
>> {
>>   "severity": "error",
>>   "code": null,
>>   "path": "PI_Calculator.app-1.84.app.zip/PI 
>> calculator.app/Contents/Resources/php/Mac/php-fcgi-4d",
>>   "message": "The binary uses an SDK older than the 10.9 SDK.",
>>   "docUrl": null,
>>   "architecture": "x86_64"
>> }
>>   ]
>> It seems I need a new version of the PHP binary. I seem vaguely to remember 
>> that this was discussed before, but I can’t recall what the solution was. Is 
>> there one somewhere?
>> 
>> Jeremy
>> 
>>> On 27 Apr 2020, at 21:28, Randy Jaynes >> > wrote:
>>> 
>>> Jeremy,
>>> 
>>> I would RUN to Miyako’s buildApp 
>>> (https://github.com/miyako/4d-utility-build-application 
>>> )
>>> 
>>> I found on the Catalina build machine that I’m using, I have to constantly 
>>> sign the entire plugins folder.
>>> 
>>> This database has been nothing short of a miracle for this process.
>>> 
>>> There was a test method in there that is already pretty much set up to go 
>>> down through the whole chain of all the folders, frameworks, plugins, … you 
>>> name it. 
>>> 
>>> Randy
>>> 
>>> --
>>> Randy Jaynes
>>> Senior Programmer and Customer Support
>>> 
>>> http://printpoint.com  • 845.687.3741 • PrintPoint, 
>>> Inc • 57 Ludlow Lane • Palisades, NY 10964 
>>> Please send all email contacts to supp...@printpoint.com 
>>> 
>>> 
>>> 
 On Apr 27, 2020, at 3:14 PM, Jeremy Roussak via 4D_Tech 
 <4d_tech@lists.4d.com > wrote:
 
 4Dv17R5, Mac Mojave
 
 An application which I have previously codesigned and successfully 
 submitted for notarization is now failing to be notarized. The log file 
 contains a stream of errors, complaining about 4D InternetCommands, 
 InstallTool, Updater.app and others, the errors being invalid signature, 
 signature algorithm is too weak, executable does not have hardened runtime 
 enabled, and so on.
 
 I’ve changed nothing since January, when it was notarized just fine. 
 codesign —verify says it’s OK.
 
 Help!
 
 Jeremy
 
 The log file is at
 
 https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma113/v4/03/70/62/03706243-2acd-5546-7a56-0fc4bda885a1/developer_log.json?accessKey=1588208394_8709044140572407954_aq%2Fu1eNX3LZEeLteCNikuUhL0w2W6BTpOHDmSGWv6lff9IL9W2H%2BGZI1WIfIm6R1rcc0fM1dEsPP43G5FhGjzCQUrvPwYL41E2YoNZSUzqtk1p1xkzmU%2BbjTpJ7s9RmairuCloWnEEFJsKbehxOX6EEY7i3Y5E%2FdrELaMZv1d2c%3D
  
 
  
 >
 
 
 **
 4D Internet Users Group (4D iNUG)
 Archive:  http://lists.4d.com/archives.html

Re: New Notarization Issues

2020-04-28 Thread Randy Jaynes via 4D_Tech 
For that one I was able to replace it with the php-fcgi-4d from the recent 
release of 4D v18.

Randy

--
Randy Jaynes
Senior Programmer and Customer Support

http://printpoint.com • 845.687.3741 • PrintPoint, Inc • 57 Ludlow Lane • 
Palisades, NY 10964 
Please send all email contacts to supp...@printpoint.com



> On Apr 28, 2020, at 7:33 AM, Jeremy Roussak  wrote:
> 
> Randy, thanks for that pointer and Miyako, thanks very much indeed, as ever, 
> for that marvellous application.
> 
> The huge slew of notarization errors has now been reduced to just one:
> 
>   "issues": [
> {
>   "severity": "error",
>   "code": null,
>   "path": "PI_Calculator.app-1.84.app.zip/PI 
> calculator.app/Contents/Resources/php/Mac/php-fcgi-4d",
>   "message": "The binary uses an SDK older than the 10.9 SDK.",
>   "docUrl": null,
>   "architecture": "x86_64"
> }
>   ]
> It seems I need a new version of the PHP binary. I seem vaguely to remember 
> that this was discussed before, but I can’t recall what the solution was. Is 
> there one somewhere?
> 
> Jeremy
> 
>> On 27 Apr 2020, at 21:28, Randy Jaynes > > wrote:
>> 
>> Jeremy,
>> 
>> I would RUN to Miyako’s buildApp 
>> (https://github.com/miyako/4d-utility-build-application 
>> )
>> 
>> I found on the Catalina build machine that I’m using, I have to constantly 
>> sign the entire plugins folder.
>> 
>> This database has been nothing short of a miracle for this process.
>> 
>> There was a test method in there that is already pretty much set up to go 
>> down through the whole chain of all the folders, frameworks, plugins, … you 
>> name it. 
>> 
>> Randy
>> 
>> --
>> Randy Jaynes
>> Senior Programmer and Customer Support
>> 
>> http://printpoint.com  • 845.687.3741 • PrintPoint, 
>> Inc • 57 Ludlow Lane • Palisades, NY 10964 
>> Please send all email contacts to supp...@printpoint.com 
>> 
>> 
>> 
>>> On Apr 27, 2020, at 3:14 PM, Jeremy Roussak via 4D_Tech 
>>> <4d_tech@lists.4d.com > wrote:
>>> 
>>> 4Dv17R5, Mac Mojave
>>> 
>>> An application which I have previously codesigned and successfully 
>>> submitted for notarization is now failing to be notarized. The log file 
>>> contains a stream of errors, complaining about 4D InternetCommands, 
>>> InstallTool, Updater.app and others, the errors being invalid signature, 
>>> signature algorithm is too weak, executable does not have hardened runtime 
>>> enabled, and so on.
>>> 
>>> I’ve changed nothing since January, when it was notarized just fine. 
>>> codesign —verify says it’s OK.
>>> 
>>> Help!
>>> 
>>> Jeremy
>>> 
>>> The log file is at
>>> 
>>> https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma113/v4/03/70/62/03706243-2acd-5546-7a56-0fc4bda885a1/developer_log.json?accessKey=1588208394_8709044140572407954_aq%2Fu1eNX3LZEeLteCNikuUhL0w2W6BTpOHDmSGWv6lff9IL9W2H%2BGZI1WIfIm6R1rcc0fM1dEsPP43G5FhGjzCQUrvPwYL41E2YoNZSUzqtk1p1xkzmU%2BbjTpJ7s9RmairuCloWnEEFJsKbehxOX6EEY7i3Y5E%2FdrELaMZv1d2c%3D
>>>  
>>> 
>>>  
>>> >>  
>>> >
>>> 
>>> 
>>> **
>>> 4D Internet Users Group (4D iNUG)
>>> Archive:  http://lists.4d.com/archives.html 
>>> 
>>> Options: https://lists.4d.com/mailman/options/4d_tech 
>>> 
>>> Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com 
>>> 
>>> **
>> 
> 

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html

Re: New Notarization Issues

2020-04-28 Thread Spencer Hinsdale via 4D_Tech 
Release notes for v17.4 indicate you can substitute PHP and Internet Commands 
from v18, or remove entirely:
https://download.4d.com/Documents/Products_Documentation/LastVersions/Line_17/VIntl/PDF_Format/4D_v17_4_ReleaseNotes.pdf

On 4/28/20, 4:33 AM, "4D_Tech on behalf of Jeremy Roussak via 4D_Tech" 
<4d_tech-boun...@lists.4d.com on behalf of 4d_tech@lists.4d.com> wrote:

Randy, thanks for that pointer and Miyako, thanks very much indeed, as 
ever, for that marvellous application.

The huge slew of notarization errors has now been reduced to just one:

  "issues": [
{
  "severity": "error",
  "code": null,
  "path": "PI_Calculator.app-1.84.app.zip/PI 
calculator.app/Contents/Resources/php/Mac/php-fcgi-4d",
  "message": "The binary uses an SDK older than the 10.9 SDK.",
  "docUrl": null,
  "architecture": "x86_64"
}
  ]
It seems I need a new version of the PHP binary. I seem vaguely to remember 
that this was discussed before, but I can’t recall what the solution was. Is 
there one somewhere?

Jeremy


**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-04-28 Thread Jeremy Roussak via 4D_Tech 
Randy, thanks for that pointer and Miyako, thanks very much indeed, as ever, 
for that marvellous application.

The huge slew of notarization errors has now been reduced to just one:

  "issues": [
{
  "severity": "error",
  "code": null,
  "path": "PI_Calculator.app-1.84.app.zip/PI 
calculator.app/Contents/Resources/php/Mac/php-fcgi-4d",
  "message": "The binary uses an SDK older than the 10.9 SDK.",
  "docUrl": null,
  "architecture": "x86_64"
}
  ]
It seems I need a new version of the PHP binary. I seem vaguely to remember 
that this was discussed before, but I can’t recall what the solution was. Is 
there one somewhere?

Jeremy

> On 27 Apr 2020, at 21:28, Randy Jaynes  wrote:
> 
> Jeremy,
> 
> I would RUN to Miyako’s buildApp 
> (https://github.com/miyako/4d-utility-build-application 
> )
> 
> I found on the Catalina build machine that I’m using, I have to constantly 
> sign the entire plugins folder.
> 
> This database has been nothing short of a miracle for this process.
> 
> There was a test method in there that is already pretty much set up to go 
> down through the whole chain of all the folders, frameworks, plugins, … you 
> name it. 
> 
> Randy
> 
> --
> Randy Jaynes
> Senior Programmer and Customer Support
> 
> http://printpoint.com  • 845.687.3741 • PrintPoint, 
> Inc • 57 Ludlow Lane • Palisades, NY 10964 
> Please send all email contacts to supp...@printpoint.com 
> 
> 
> 
>> On Apr 27, 2020, at 3:14 PM, Jeremy Roussak via 4D_Tech 
>> <4d_tech@lists.4d.com > wrote:
>> 
>> 4Dv17R5, Mac Mojave
>> 
>> An application which I have previously codesigned and successfully submitted 
>> for notarization is now failing to be notarized. The log file contains a 
>> stream of errors, complaining about 4D InternetCommands, InstallTool, 
>> Updater.app and others, the errors being invalid signature, signature 
>> algorithm is too weak, executable does not have hardened runtime enabled, 
>> and so on.
>> 
>> I’ve changed nothing since January, when it was notarized just fine. 
>> codesign —verify says it’s OK.
>> 
>> Help!
>> 
>> Jeremy
>> 
>> The log file is at
>> 
>> https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma113/v4/03/70/62/03706243-2acd-5546-7a56-0fc4bda885a1/developer_log.json?accessKey=1588208394_8709044140572407954_aq%2Fu1eNX3LZEeLteCNikuUhL0w2W6BTpOHDmSGWv6lff9IL9W2H%2BGZI1WIfIm6R1rcc0fM1dEsPP43G5FhGjzCQUrvPwYL41E2YoNZSUzqtk1p1xkzmU%2BbjTpJ7s9RmairuCloWnEEFJsKbehxOX6EEY7i3Y5E%2FdrELaMZv1d2c%3D
>>  
>> 
>>  
>> >  
>> >
>> 
>> 
>> **
>> 4D Internet Users Group (4D iNUG)
>> Archive:  http://lists.4d.com/archives.html 
>> 
>> Options: https://lists.4d.com/mailman/options/4d_tech 
>> 
>> Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com 
>> 
>> **
> 

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-04-27 Thread Randy Jaynes via 4D_Tech 
Jeremy,

I would RUN to Miyako’s buildApp 
(https://github.com/miyako/4d-utility-build-application 
)

I found on the Catalina build machine that I’m using, I have to constantly sign 
the entire plugins folder.

This database has been nothing short of a miracle for this process.

There was a test method in there that is already pretty much set up to go down 
through the whole chain of all the folders, frameworks, plugins, … you name it. 

Randy

--
Randy Jaynes
Senior Programmer and Customer Support

http://printpoint.com • 845.687.3741 • PrintPoint, Inc • 57 Ludlow Lane • 
Palisades, NY 10964 
Please send all email contacts to supp...@printpoint.com



> On Apr 27, 2020, at 3:14 PM, Jeremy Roussak via 4D_Tech 
> <4d_tech@lists.4d.com> wrote:
> 
> 4Dv17R5, Mac Mojave
> 
> An application which I have previously codesigned and successfully submitted 
> for notarization is now failing to be notarized. The log file contains a 
> stream of errors, complaining about 4D InternetCommands, InstallTool, 
> Updater.app and others, the errors being invalid signature, signature 
> algorithm is too weak, executable does not have hardened runtime enabled, and 
> so on.
> 
> I’ve changed nothing since January, when it was notarized just fine. codesign 
> —verify says it’s OK.
> 
> Help!
> 
> Jeremy
> 
> The log file is at
> 
> https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma113/v4/03/70/62/03706243-2acd-5546-7a56-0fc4bda885a1/developer_log.json?accessKey=1588208394_8709044140572407954_aq%2Fu1eNX3LZEeLteCNikuUhL0w2W6BTpOHDmSGWv6lff9IL9W2H%2BGZI1WIfIm6R1rcc0fM1dEsPP43G5FhGjzCQUrvPwYL41E2YoNZSUzqtk1p1xkzmU%2BbjTpJ7s9RmairuCloWnEEFJsKbehxOX6EEY7i3Y5E%2FdrELaMZv1d2c%3D
>  
> 
> 
> 
> **
> 4D Internet Users Group (4D iNUG)
> Archive:  http://lists.4d.com/archives.html
> Options: https://lists.4d.com/mailman/options/4d_tech
> Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
> **

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-04-27 Thread Jeremy Roussak via 4D_Tech 
4Dv17R5, Mac Mojave

An application which I have previously codesigned and successfully submitted 
for notarization is now failing to be notarized. The log file contains a stream 
of errors, complaining about 4D InternetCommands, InstallTool, Updater.app and 
others, the errors being invalid signature, signature algorithm is too weak, 
executable does not have hardened runtime enabled, and so on.

I’ve changed nothing since January, when it was notarized just fine. codesign 
—verify says it’s OK.

Help!

Jeremy

The log file is at

https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma113/v4/03/70/62/03706243-2acd-5546-7a56-0fc4bda885a1/developer_log.json?accessKey=1588208394_8709044140572407954_aq%2Fu1eNX3LZEeLteCNikuUhL0w2W6BTpOHDmSGWv6lff9IL9W2H%2BGZI1WIfIm6R1rcc0fM1dEsPP43G5FhGjzCQUrvPwYL41E2YoNZSUzqtk1p1xkzmU%2BbjTpJ7s9RmairuCloWnEEFJsKbehxOX6EEY7i3Y5E%2FdrELaMZv1d2c%3D
 



**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-04-25 Thread Paul Ringsmuth via 4D_Tech 
I have successfully notarized my 4D app Using DropDMG. I’m using 4D v18.0 on 
MacOS Catalina. 

Paul Ringsmuth
pringsm...@charter.net



> On Apr 21, 2020, at 11:35 AM, Pat Bensky via 4D_Tech <4d_tech@lists.4d.com> 
> wrote:
> 
> Peeps,
> I ran into this problem also. I replaced the Internet Commands plugin with
> the v18 version and that more or less fixed it.
> 
> I say "more or less" because after downloading the installer (a .dmg
> created with DropDMG) and installing the app, the user gets the message
> 
> *“CatBase 8.app” can’t be opened because Apple cannot check it for
> malicious software.*
> 
> This software needs to be updated. Contact the developer for more
> information.
> 
> 
> with the options "Show in Finder" and "OK".
> 
> This is an improvement on the previous version (pre-IC update), where the
> options were "Move to trash" and "Cancel".
> 
> So the user has to right-click on the app and choose Open, and then they
> get the dialog with the same alert message, but this time it has an *Open*
> option. Select that and everything works OK.
> 
> 
> So this is not a complete solution, as most users won't know what to do.
> 
> 
> Any suggestions?
> 
> 
> Thanks!
> 
> 
> Pat
> 
> 
> 
> 
> On Thu, 13 Feb 2020 at 03:33, Keisuke Miyako via 4D_Tech <
> 4d_tech@lists.4d.com> wrote:
> 
>> code signature can easily get invalidated if the app or plugin was not
>> packaged and distributed correctly.
>> for example, if you simply sign, zip and upload a file to a public server,
>> a downloaded copy would most probably be thrown to the bin.
>> 
>> the developer should sign, archive (pkg, zip, dmg), notarise, and staple
>> the app or plugin before distribution.
>> also a plugin created for v17 R6 or earlier has manifest.json in a
>> non-conventional location, which may get rejected by Catalina 10.15.3.
>> 
>> On Feb 12, 2020, at 13:18, Chuck Miller via 4D_Tech <4d_tech@lists.4d.com
>> > wrote:
>> Slightly related. Any idea why I have a plug-in that is signed but shows
>> as damaged on Catalina but not in windows. I am not sure of other Mac OS
>> versions.
>> 
>> **
>> 4D Internet Users Group (4D iNUG)
>> Archive:  http://lists.4d.com/archives.html
>> Options: https://lists.4d.com/mailman/options/4d_tech
>> Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
>> **
> 
> 
> 
> -- 
> *
> CatBase - Top Dog in Data Publishing
> tel: +44 (0) 207 118 7889
> w: http://www.catbase.com
> skype: pat.bensky
> *
> **
> 4D Internet Users Group (4D iNUG)
> Archive:  http://lists.4d.com/archives.html
> Options: https://lists.4d.com/mailman/options/4d_tech
> Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
> **

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-04-21 Thread Keisuke Miyako via 4D_Tech 
- check if software is signed 

codesign --verify --verbose {path}

- check if software is notarised

spctl --assess --verbose --type install {path}

---

what you describe is normal behaviour for software that is not signed or 
notarised.

https://support.apple.com/en-us/HT202491

> On Apr 22, 2020, at 1:35, Pat Bensky via 4D_Tech <4d_tech@lists.4d.com> wrote:
> Any suggestions?

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-04-21 Thread Pat Bensky via 4D_Tech 
Peeps,
I ran into this problem also. I replaced the Internet Commands plugin with
the v18 version and that more or less fixed it.

I say "more or less" because after downloading the installer (a .dmg
created with DropDMG) and installing the app, the user gets the message

*“CatBase 8.app” can’t be opened because Apple cannot check it for
malicious software.*

This software needs to be updated. Contact the developer for more
information.


with the options "Show in Finder" and "OK".

This is an improvement on the previous version (pre-IC update), where the
options were "Move to trash" and "Cancel".

So the user has to right-click on the app and choose Open, and then they
get the dialog with the same alert message, but this time it has an *Open*
option. Select that and everything works OK.


So this is not a complete solution, as most users won't know what to do.


Any suggestions?


Thanks!


Pat




On Thu, 13 Feb 2020 at 03:33, Keisuke Miyako via 4D_Tech <
4d_tech@lists.4d.com> wrote:

> code signature can easily get invalidated if the app or plugin was not
> packaged and distributed correctly.
> for example, if you simply sign, zip and upload a file to a public server,
> a downloaded copy would most probably be thrown to the bin.
>
> the developer should sign, archive (pkg, zip, dmg), notarise, and staple
> the app or plugin before distribution.
> also a plugin created for v17 R6 or earlier has manifest.json in a
> non-conventional location, which may get rejected by Catalina 10.15.3.
>
> On Feb 12, 2020, at 13:18, Chuck Miller via 4D_Tech <4d_tech@lists.4d.com
> > wrote:
> Slightly related. Any idea why I have a plug-in that is signed but shows
> as damaged on Catalina but not in windows. I am not sure of other Mac OS
> versions.
>
> **
> 4D Internet Users Group (4D iNUG)
> Archive:  http://lists.4d.com/archives.html
> Options: https://lists.4d.com/mailman/options/4d_tech
> Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
> **



-- 
*
CatBase - Top Dog in Data Publishing
tel: +44 (0) 207 118 7889
w: http://www.catbase.com
skype: pat.bensky
*
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-02-12 Thread Keisuke Miyako via 4D_Tech 
code signature can easily get invalidated if the app or plugin was not packaged 
and distributed correctly.
for example, if you simply sign, zip and upload a file to a public server,
a downloaded copy would most probably be thrown to the bin.

the developer should sign, archive (pkg, zip, dmg), notarise, and staple the 
app or plugin before distribution.
also a plugin created for v17 R6 or earlier has manifest.json in a 
non-conventional location, which may get rejected by Catalina 10.15.3.

On Feb 12, 2020, at 13:18, Chuck Miller via 4D_Tech 
<4d_tech@lists.4d.com> wrote:
Slightly related. Any idea why I have a plug-in that is signed but shows as 
damaged on Catalina but not in windows. I am not sure of other Mac OS versions.

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-02-12 Thread John DeSoi via 4D_Tech 
Hi Tim,

Do you mean there is currently a way to use an offscreen web area (without 
creating an invisible form process), or is this something just happening 
internally?

That would be really nice to have in order to take advantage of Javascript 
libraries.

Thanks,

John DeSoi, Ph.D.


> On Feb 12, 2020, at 10:35 AM, Timothy Penner via 4D_Tech 
> <4d_tech@lists.4d.com> wrote:
> 
> I have been informed that 4D is using the web area in more and more parts 
> internally, and with the offscreen web area allowing to execute JavaScript 
> this might increase.

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-02-12 Thread Cannon Smith via 4D_Tech 
Hi Miyako,

I have all my applications except one notarizing again since Apple’s recent 
changes. I appreciate you updating the  cURL FTP and System Notification 
plugins.

The application that isn’t notarizing has some other plugins that I’m hoping 
can be updated by their authors. I’m not sure what to tell them needs to be 
changed, though. Would you have time to explain what changes are necessary to 
make plugins notarizable now?

Thanks so much.

--
Cannon Smith
Synergy Farm Solutions Inc.



> On Feb 11, 2020, at 9:00 PM, Keisuke Miyako via 4D_Tech 
> <4d_tech@lists.4d.com> wrote:
> 
> very curious to know if 3.9.v18 is successfully signed with the official 
> shell script.

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-02-12 Thread James Crate via 4D_Tech 
On Feb 12, 2020, at 11:35 AM, Timothy Penner via 4D_Tech <4d_tech@lists.4d.com> 
wrote:
> 
> James et all, 
> 
> Please disregard my response from yesterday regarding removing the 
> WebViewerCEF.bundle as this was bad advice on my part!
> 
> I have been informed that 4D is using the web area in more and more parts 
> internally, and with the offscreen web area allowing to execute JavaScript 
> this might increase.
> 
> The bottom line is that as of today 4D is not designed to work in a modular 
> base, where a customer can remove unwanted parts without impacting the total 
> application.
> 
> Sorry for the misguidance!

It’s useful to know what that component is for, since it doubles the size of 
the app. The system-based web areas I have in the app functioned with it 
removed, so I thought it might be an old legacy item. 

Jim

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-02-12 Thread Cannon Smith via 4D_Tech 
Hi Miyako,

I just tried and 3.9.v18 is successfully signed with the official shell script. 
Thank you for the changes!

I now have one application successfully notarizing again. Now I need to check 
my other applications to make sure they will still notarize. :-)

--
Cannon Smith
Synergy Farm Solutions Inc.



> On Feb 11, 2020, at 9:00 PM, Keisuke Miyako via 4D_Tech 
> <4d_tech@lists.4d.com> wrote:
> 
> very curious to know if 3.9.v18 is successfully signed with the official 
> shell script.

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-02-12 Thread Cannon Smith via 4D_Tech 
Hi Jim,

Thanks. I’m now using the v18 Internet Commands and it is notarization 
correctly.

--
Cannon Smith
Synergy Farm Solutions Inc.



> On Feb 11, 2020, at 5:40 PM, James Crate via 4D_Tech <4d_tech@lists.4d.com> 
> wrote:
> 
> I didn’t verify that the v18 4DIC is on a newer SDK, I replaced a copy of the 
> plugin but the one from inside the 4D.app was being copied, so I ended up 
> with the same error because it was the same v17 4DIC. The PostgreSQL plugin 
> from Pluggers.nl is also on an old SDK, since it won’t notarize either I 
> didn’t try again.
> 
> I don’t see any reason the SignApp.sh script would skip the cURL plugin, 
> since it ends with .bundle it should be processed. You might want to add an 
> echo in the SignFile() function to print a list of all files it signs. Does 
> the plugin include a curl binary? Maybe it’s not in a location codesign 
> expects to find binaries and the error is misleading?

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

RE: New Notarization Issues

2020-02-12 Thread Timothy Penner via 4D_Tech 
James et all, 

Please disregard my response from yesterday regarding removing the 
WebViewerCEF.bundle as this was bad advice on my part!

I have been informed that 4D is using the web area in more and more parts 
internally, and with the offscreen web area allowing to execute JavaScript this 
might increase.

The bottom line is that as of today 4D is not designed to work in a modular 
base, where a customer can remove unwanted parts without impacting the total 
application.

Sorry for the misguidance!

-Tim



-Original Message-
From: 4D_Tech <4d_tech-boun...@lists.4d.com> On Behalf Of James Crate via 
4D_Tech
Sent: Tuesday, February 11, 2020 1:26 PM
To: 4D iNug Technical <4d_tech@lists.4d.com>
Cc: James Crate 
Subject: Re: New Notarization Issues

On Feb 11, 2020, at 2:58 PM, Timothy Penner via 4D_Tech <4d_tech@lists.4d.com> 
wrote:
> 
> Regarding this:
>> However, after building I remove the “Contents/Native 
>> Components/WebViewerCEF.bundle”, which is an apparently unused 275MB 
>> package, so if I wanted to use the built-in signing, I’d have to accept the 
>> extra 275MB on my app size.
> 
> True, if you modify the application package AFTER signing then the signature 
> becomes invalid.
> 
> However, you could modify the source package PRIOR to running the build 
> application command, by removing the “Contents/Native 
> Components/WebViewerCEF.bundle" file from the 4D Volume Desktop.app and 4D 
> Server.app packages...  In this way, when the BUILD APPLICATION command 
> merges the applications together the WebViewerCEF.bundle is already removed 
> before the built-in signing operation takes place.

I thought about that. If I have to mess around with the code signing script 
again I’ll probably switch to just doing that. I’m already running the BUILD 
APPLICATION command with a custom project xml file which I update with the 
version, so I could pretty easily update that to use a customized 4D Volume 
Desktop.app.

Jim Crate

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-02-12 Thread Keisuke Miyako via 4D_Tech 
if it works, then that's fine,
but maybe there is a difference between Catalina 10.15.1 and 10.15.3.
at least that has been my experience.

On Feb 12, 2020, at 22:25, James Crate via 4D_Tech 
<4d_tech@lists.4d.com> wrote:
plugin has manifest.json under Contents (old-style), and there are no 
notarization errors for this plugin once it is properly signed.

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-02-12 Thread James Crate via 4D_Tech 
On Feb 11, 2020, at 11:00 PM, Keisuke Miyako via 4D_Tech <4d_tech@lists.4d.com> 
wrote:
> 
> I am not 100% sure, but it might be because plugins that support v17 (up to 
> R6) or earlier
> have their manifest.json file under Contents, where the code sign CLI might 
> fail to find it.
> 
> v18 plugins have moved the location to Contents/Resources,
> but then, the plugin is no longer compatible with v17.

I don’t think this is a problem. The v17.3 HF3 build of 4D Internet Commands 
has the manifest.json file under Contents/Resources, as does the v18 4D IC 
plugin. Both work on V17.3 HF3. The XLS plugin has manifest.json under Contents 
(old-style), and there are no notarization errors for this plugin once it is 
properly signed.

I haven’t tested v18 yet to see whether the current XLS plugin (with 
manifest.json in Contents) works, but that seems like something not worth 
making a breaking change.

Jim Crate

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-02-11 Thread Chuck Miller via 4D_Tech 
Slightly related. Any idea why I have a plug-in that is signed but shows as 
damaged on Catalina but not in windows. I am not sure of other Mac OS versions. 
Chuck 
Sent from my iPhone

> On Feb 11, 2020, at 8:01 PM, Keisuke Miyako via 4D_Tech 
> <4d_tech@lists.4d.com> wrote:
> 
> I am not 100% sure, but it might be because plugins that support v17 (up to 
> R6) or earlier
> have their manifest.json file under Contents, where the code sign CLI might 
> fail to find it.
> 
> v18 plugins have moved the location to Contents/Resources,
> but then, the plugin is no longer compatible with v17.
> that is why I am now posting 2 builds,
> which are virtually identical except for the location of manifest.json.
> 
> see:
> 
> https://github.com/miyako/4d-plugin-curl-ftp/releases
> 
> very curious to know if 3.9.v18 is successfully signed with the official 
> shell script.
> 
> 
> 
> On Feb 12, 2020, at 8:28, Cannon Smith via 4D_Tech 
> <4d_tech@lists.4d.com> wrote:
> 
> I’m less sure what to do about the cURL FTP plugin. I know Miyako has it 
> ready for notarization and I assumed 4D’s shell script would take care of 
> plugins correctly, but maybe there is something I have to do manually with it.
> 
> **
> 4D Internet Users Group (4D iNUG)
> Archive:  http://lists.4d.com/archives.html
> Options: https://lists.4d.com/mailman/options/4d_tech
> Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
> **

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-02-11 Thread Keisuke Miyako via 4D_Tech 
I am not 100% sure, but it might be because plugins that support v17 (up to R6) 
or earlier
have their manifest.json file under Contents, where the code sign CLI might 
fail to find it.

v18 plugins have moved the location to Contents/Resources,
but then, the plugin is no longer compatible with v17.
that is why I am now posting 2 builds,
which are virtually identical except for the location of manifest.json.

see:

https://github.com/miyako/4d-plugin-curl-ftp/releases

very curious to know if 3.9.v18 is successfully signed with the official shell 
script.



On Feb 12, 2020, at 8:28, Cannon Smith via 4D_Tech 
<4d_tech@lists.4d.com> wrote:

I’m less sure what to do about the cURL FTP plugin. I know Miyako has it ready 
for notarization and I assumed 4D’s shell script would take care of plugins 
correctly, but maybe there is something I have to do manually with it.

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-02-11 Thread James Crate via 4D_Tech 
On Feb 11, 2020, at 6:28 PM, Cannon Smith via 4D_Tech <4d_tech@lists.4d.com> 
wrote:

> issues": [
>{
>  "severity": "error",
>  "code": null,
>  "path": "FFE5A08083D54FDE8D0FBAB1A1E06060.zip/Herdly 
> Team.app/Contents/Plugins/4D InternetCommands.bundle/Contents/MacOS/4D 
> InternetCommands",
>  "message": "The binary uses an SDK older than the 10.9 SDK.",
>  "docUrl": null,
>  "architecture": "i386"
>},
>{
>  "severity": "error",
>  "code": null,
>  "path": "FFE5A08083D54FDE8D0FBAB1A1E06060.zip/Herdly 
> Team.app/Contents/Plugins/cURL FTP.bundle/Contents/MacOS/cURL FTP",
>  "message": "The signature of the binary is invalid.",
>  "docUrl": null,
>  "architecture": "x86_64"
>}
>  ]
> 
> 
> I’m not surprised at the Internet Commands one and was hoping I could use the 
> one from v18 which should overcome that. Haven’t tested that it works yet, 
> but it sounds like Jim already did that if I understood correctly. I’m less 
> sure what to do about the cURL FTP plugin. I know Miyako has it ready for 
> notarization and I assumed 4D’s shell script would take care of plugins 
> correctly, but maybe there is something I have to do manually with it.

I didn’t verify that the v18 4DIC is on a newer SDK, I replaced a copy of the 
plugin but the one from inside the 4D.app was being copied, so I ended up with 
the same error because it was the same v17 4DIC. The PostgreSQL plugin from 
Pluggers.nl is also on an old SDK, since it won’t notarize either I didn’t try 
again.

I don’t see any reason the SignApp.sh script would skip the cURL plugin, since 
it ends with .bundle it should be processed. You might want to add an echo in 
the SignFile() function to print a list of all files it signs. Does the plugin 
include a curl binary? Maybe it’s not in a location codesign expects to find 
binaries and the error is misleading?

Jim Crate

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-02-11 Thread Cannon Smith via 4D_Tech 
Hi Erick and Jim,

Thanks for your thoughts. I’ve taken another approach which has solved most of 
my issues. Instead of navigating the package and calling LEP commands myself on 
each component, I’m now just using 4D’s SignApp.sh shell script. This handles 
all the general cases just fine. I do have some executables that I keep in my 
own resources folder which I sign manually (in code) before firing off 4D’s 
shell script. So the process looks like this:

- Strip extended attributes and remove any code signing that exists anywhere in 
the package
- Code sign the executables I keep in my Resources folder
- Call 4D’s SignApp.sh script (I’m using the one from 4D v18).
- Sent to Apple for notarization.

Doing this I’m now down to two errors:

issues": [
{
  "severity": "error",
  "code": null,
  "path": "FFE5A08083D54FDE8D0FBAB1A1E06060.zip/Herdly 
Team.app/Contents/Plugins/4D InternetCommands.bundle/Contents/MacOS/4D 
InternetCommands",
  "message": "The binary uses an SDK older than the 10.9 SDK.",
  "docUrl": null,
  "architecture": "i386"
},
{
  "severity": "error",
  "code": null,
  "path": "FFE5A08083D54FDE8D0FBAB1A1E06060.zip/Herdly 
Team.app/Contents/Plugins/cURL FTP.bundle/Contents/MacOS/cURL FTP",
  "message": "The signature of the binary is invalid.",
  "docUrl": null,
  "architecture": "x86_64"
}
  ]


I’m not surprised at the Internet Commands one and was hoping I could use the 
one from v18 which should overcome that. Haven’t tested that it works yet, but 
it sounds like Jim already did that if I understood correctly. I’m less sure 
what to do about the cURL FTP plugin. I know Miyako has it ready for 
notarization and I assumed 4D’s shell script would take care of plugins 
correctly, but maybe there is something I have to do manually with it.

Anyway, I’m much closer than I was yesterday. Thanks for everyone’s input.

--
Cannon Smith
Synergy Farm Solutions Inc.



> On Feb 11, 2020, at 8:28 AM, ericklui678 via 4D_Tech <4d_tech@lists.4d.com> 
> wrote:
> 
> I was able to a notarize a v17 app yesterday by letting 4D handle the
> signing in the build application window with the "Sign application" option
> checked. This option will handle almost everything except the PHP libraries
> and InternetCommands.bundle (which can be substituted with the ones from
> v18). Try to avoid signing anything manually from terminal and let 4D handle
> the signing. This should cover the CodeEditor native component without
> issue.

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-02-11 Thread James Crate via 4D_Tech 
On Feb 11, 2020, at 2:58 PM, Timothy Penner via 4D_Tech <4d_tech@lists.4d.com> 
wrote:
> 
> Regarding this:
>> However, after building I remove the “Contents/Native 
>> Components/WebViewerCEF.bundle”, which is an apparently unused 275MB 
>> package, so if I wanted to use the built-in signing, I’d have to accept the 
>> extra 275MB on my app size.
> 
> True, if you modify the application package AFTER signing then the signature 
> becomes invalid.
> 
> However, you could modify the source package PRIOR to running the build 
> application command, by removing the “Contents/Native 
> Components/WebViewerCEF.bundle" file from the 4D Volume Desktop.app and 4D 
> Server.app packages...  In this way, when the BUILD APPLICATION command 
> merges the applications together the WebViewerCEF.bundle is already removed 
> before the built-in signing operation takes place.

I thought about that. If I have to mess around with the code signing script 
again I’ll probably switch to just doing that. I’m already running the BUILD 
APPLICATION command with a custom project xml file which I update with the 
version, so I could pretty easily update that to use a customized 4D Volume 
Desktop.app.

Jim Crate

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

RE: New Notarization Issues

2020-02-11 Thread Timothy Penner via 4D_Tech 
Hi James,

Regarding this:
> However, after building I remove the “Contents/Native 
> Components/WebViewerCEF.bundle”, which is an apparently unused 275MB package, 
> so if I wanted to use the built-in signing, I’d have to accept the extra 
> 275MB on my app size.

True, if you modify the application package AFTER signing then the signature 
becomes invalid.

However, you could modify the source package PRIOR to running the build 
application command, by removing the “Contents/Native 
Components/WebViewerCEF.bundle"  file from the 4D Volume Desktop.app and 4D 
Server.app packages...  In this way, when the BUILD APPLICATION command merges 
the applications together the WebViewerCEF.bundle is already removed before the 
built-in signing operation takes place.

-Tim






-Original Message-
From: 4D_Tech <4d_tech-boun...@lists.4d.com> On Behalf Of James Crate via 
4D_Tech
Sent: Tuesday, February 11, 2020 11:44 AM
To: 4D iNug Technical <4d_tech@lists.4d.com>
Cc: James Crate 
Subject: Re: New Notarization Issues

On Feb 11, 2020, at 10:58 AM, James Crate via 4D_Tech <4d_tech@lists.4d.com> 
wrote:
>
> With 4D v17.3 HF3, I have errors like this:
>
>{
>  "severity": "error",
>  "code": null,
>  "path": "Travel-1.0.7.app.zip/Travel.app/Contents/MacOS/Travel",
>  "message": "The executable does not have the hardened runtime enabled.",
>  "docUrl": null,
>  "architecture": "x86_64"
>},

So the built-in signing (I had to manually edit the BuildApp.xml file) does 
sign the other items, and uses the signing option to turn on hardened runtime.

However, after building I remove the “Contents/Native 
Components/WebViewerCEF.bundle”, which is an apparently unused 275MB package, 
so if I wanted to use the built-in signing, I’d have to accept the extra 275MB 
on my app size.

However, for those that use a script to sign and want to keep doing so for 
workflow reasons, you can sign the individual components and then the base app, 
including turning on hardened runtime and adding the necessary entitlements. 
What used to be a single line to codesign the app now looks like this:

  # set up $IFS for find to handle spaces
  OIFS="$IFS"
  IFS=$'\n'

  # sign items in directories codesign --deep doesn't handle
  entPath="./sign_plugins.entitlements"
  extraDirs=("Plugins" "SASL Plugins" "Native Components")
  for extraDir in ${extraDirs[@]}; do
for item in $(find "${appPath}/Contents/${extraDir}" \( -iname "*.bundle" 
-o -iname "*.plugin" \)); do
  echo "signing \"${item}\""
  codesign --force --deep --verbose --options=runtime --entitlements 
${entPath} --sign "$devID" "${item}"
done
  done
  IFS="$OIFS" # restore $IFS

  # php and the Updater app
  codesign --force --deep --verbose --options=runtime --entitlements ${entPath} 
--sign "$devID" "${appPath}/Contents/Resources/php/Mac/php-fcgi-4d"
  codesign --force --deep --verbose --options=runtime --entitlements ${entPath} 
--sign "$devID" "${appPath}/Contents/Resources/Updater/Updater.app"

  # and the base app
  entPath="./sign_Travel.entitlements"
  codesign --force --deep --verbose --options=runtime --entitlements ${entPath} 
--sign "$devID" "${appPath}”

A sample entitlements file with all entitlements enabled, like 4D uses:


http://www.apple.com/DTDs/PropertyList-1.0.dtd;>


com.apple.security.automation.apple-events

com.apple.security.cs.allow-dyld-environment-variables

com.apple.security.cs.allow-jit

com.apple.security.cs.allow-unsigned-executable-memory

com.apple.security.cs.debugger

com.apple.security.cs.disable-executable-page-protection

com.apple.security.cs.disable-library-validation

com.apple.security.device.audio-input

com.apple.security.device.camera

com.apple.security.personal-information.addressbook

com.apple.security.personal-information.calendars

com.apple.security.personal-information.location

com.apple.security.personal-information.photos-library




My plugins.entitlements just removes the personal info and device keys. It’s 
probably ok to use the same entitlements file for everything though.

Jim Crate


**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-02-11 Thread James Crate via 4D_Tech 
On Feb 11, 2020, at 10:58 AM, James Crate via 4D_Tech <4d_tech@lists.4d.com> 
wrote:
> 
> With 4D v17.3 HF3, I have errors like this:
> 
>{
>  "severity": "error",
>  "code": null,
>  "path": "Travel-1.0.7.app.zip/Travel.app/Contents/MacOS/Travel",
>  "message": "The executable does not have the hardened runtime enabled.",
>  "docUrl": null,
>  "architecture": "x86_64"
>},

So the built-in signing (I had to manually edit the BuildApp.xml file) does 
sign the other items, and uses the signing option to turn on hardened runtime. 

However, after building I remove the “Contents/Native 
Components/WebViewerCEF.bundle”, which is an apparently unused 275MB package, 
so if I wanted to use the built-in signing, I’d have to accept the extra 275MB 
on my app size.

However, for those that use a script to sign and want to keep doing so for 
workflow reasons, you can sign the individual components and then the base app, 
including turning on hardened runtime and adding the necessary entitlements. 
What used to be a single line to codesign the app now looks like this:

  # set up $IFS for find to handle spaces
  OIFS="$IFS"
  IFS=$'\n'
  
  # sign items in directories codesign --deep doesn't handle
  entPath="./sign_plugins.entitlements"
  extraDirs=("Plugins" "SASL Plugins" "Native Components")
  for extraDir in ${extraDirs[@]}; do
for item in $(find "${appPath}/Contents/${extraDir}" \( -iname "*.bundle" 
-o -iname "*.plugin" \)); do
  echo "signing \"${item}\""
  codesign --force --deep --verbose --options=runtime --entitlements 
${entPath} --sign "$devID" "${item}"
done
  done
  IFS="$OIFS" # restore $IFS
  
  # php and the Updater app
  codesign --force --deep --verbose --options=runtime --entitlements ${entPath} 
--sign "$devID" "${appPath}/Contents/Resources/php/Mac/php-fcgi-4d"
  codesign --force --deep --verbose --options=runtime --entitlements ${entPath} 
--sign "$devID" "${appPath}/Contents/Resources/Updater/Updater.app"
  
  # and the base app
  entPath="./sign_Travel.entitlements"
  codesign --force --deep --verbose --options=runtime --entitlements ${entPath} 
--sign "$devID" "${appPath}”

A sample entitlements file with all entitlements enabled, like 4D uses:


http://www.apple.com/DTDs/PropertyList-1.0.dtd;>


com.apple.security.automation.apple-events

com.apple.security.cs.allow-dyld-environment-variables

com.apple.security.cs.allow-jit

com.apple.security.cs.allow-unsigned-executable-memory

com.apple.security.cs.debugger

com.apple.security.cs.disable-executable-page-protection

com.apple.security.cs.disable-library-validation

com.apple.security.device.audio-input

com.apple.security.device.camera

com.apple.security.personal-information.addressbook

com.apple.security.personal-information.calendars

com.apple.security.personal-information.location

com.apple.security.personal-information.photos-library




My plugins.entitlements just removes the personal info and device keys. It’s 
probably ok to use the same entitlements file for everything though.

Jim Crate


**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-02-11 Thread James Crate via 4D_Tech 
With 4D v17.3 HF3, I have errors like this:

{
  "severity": "error",
  "code": null,
  "path": "Travel-1.0.7.app.zip/Travel.app/Contents/MacOS/Travel",
  "message": "The executable does not have the hardened runtime enabled.",
  "docUrl": null,
  "architecture": "x86_64"
},

It might no longer be possible to notarize 4D apps until 4D enables the 
hardened runtime for the 4D Runtime app as well as the 4D plugins. 

I also had:

{
  "severity": "error",
  "code": null,
  "path": "Travel-1.0.7.app.zip/Travel.app/Contents/Plugins/4D 
InternetCommands.bundle/Contents/MacOS/4D InternetCommands",
  "message": "The binary uses an SDK older than the 10.9 SDK.",
  "docUrl": null,
  "architecture": "i386"
},

I don’t believe this app even uses 4D InternetCommands so I can probably just 
remove that, unless the internal HTTP client commands like HTTP Get actually 
call 4D InternetCommands.

As for the invalid signature bits, Apple recommends this command to help 
diagnose notarization issues:

codesign -vvv --deep --strict $appPath

It spits out a list of things which are correctly signed, and says the 
signature is valid. However, those are not the things listed in the 
notarization log as having incorrect signatures. So codesign —deep is not 
digging through all the subdirectories, just Contents/MacOS and 
Contents/Frameworks. I’m going to test whether running codesign —deep on other 
subdirectories containing binaries solves the signature issues.

Jim Crate


> On Feb 10, 2020, at 4:19 PM, Cannon Smith via 4D_Tech <4d_tech@lists.4d.com> 
> wrote:
> 
> Hi Everyone,
> 
> A couple months ago I finally got my applications to notarize correctly. I’m 
> in 4D v17.3 HF3, but using the PHP libraries from v18. As you probably know, 
> Apple made changes last week and my notarization code has stopped working. 
> Here is one example of the errors I’m getting back now:
> 
>{
>  "severity": "error",
>  "code": null,
>  "path": "B3A9E8C4BFA342E4B27E1E54538DEABA.zip/Herdly 
> Team.app/Contents/Native 
> Components/CodeEditor.bundle/Contents/MacOS/CodeEditor",
>  "message": "The signature of the binary is invalid.",
>  "docUrl": null,
>  "architecture": "x86_64"
>},
> 
> I have a log that spits out what is happening during signing. The relevant 
> part is this:
> 
>> codesign --verbose --timestamp --deep  --sign Developer\ ID\ Application:\ 
>> Cannon\ Smith\ \(Y5RAH3A6C3\) /Users/Cannon/Library/Application\ 
>> Support/D9BE268668A4451A8FF411ADC94400CF/Standalone\ Build/Final\ 
>> Application/Herdly\ Team.app/Contents/Native\ Components/CodeEditor.bundle
> 
> StdError: /Users/Cannon/Library/Application 
> Support/D9BE268668A4451A8FF411ADC94400CF/Standalone Build/Final 
> Application/Herdly Team.app/Contents/Native Components/CodeEditor.bundle: 
> signed bundle with Mach-O thin (x86_64) [com.4d.component.CodeEditor]
> 
> 
> Further, both "codesign —verify --verbose” and "codesign -vvv —deep —strict” 
> indicate that the app is signed correctly, but notarization returns errors 
> like above.
> 
> Does anyone know what I might be missing? This is very frustrating. :-(
> 
> Thanks.
> 
> --
> Cannon Smith
> Synergy Farm Solutions Inc.
> 
> 
> 
> **
> 4D Internet Users Group (4D iNUG)
> Archive:  http://lists.4d.com/archives.html
> Options: https://lists.4d.com/mailman/options/4d_tech
> Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
> **

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: New Notarization Issues

2020-02-11 Thread ericklui678 via 4D_Tech 
Hi Cannon,

I was able to a notarize a v17 app yesterday by letting 4D handle the
signing in the build application window with the "Sign application" option
checked. This option will handle almost everything except the PHP libraries
and InternetCommands.bundle (which can be substituted with the ones from
v18). Try to avoid signing anything manually from terminal and let 4D handle
the signing. This should cover the CodeEditor native component without
issue.

Regards,
Erick



--
Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**