Re: Error signing built app for Catalina
Jim,
I translated your shell commands into a series of LEPs in my build method and
it worked beautifully.
Thanks again.
Jeremy
> On 25 Oct 2019, at 15:04, Jim Crate via 4D_Tech <4d_tech@lists.4d.com> wrote:
>
> On Oct 24, 2019, at 3:14 PM, Jeremy Roussak via 4D_Tech
> <4d_tech@lists.4d.com> wrote:
>>
>> App built with v17R6. Trying to sign a built application gives this:
>>
>> 20:07:01.341: Error 105553143319120 signing '/Users/jbr/Desktop/Final
>> Application/PI calculator - Working/PI
>> calculator.app/Contents/Resources/Internal User Components/4D
>> Report.4dbase/Resources/Images/tbSave.png': Error Domain=NSPOSIXErrorDomain
>> Code=9 "Bad file descriptor"
>>
>> Is there some documentation on the topic?
>
> I’ve used a script for signing for years, and have now added notarization to
> it. I’ve never tried to use 4D’s signing when building functionality.
>
> This link from Apple describes the notarization workflow and also includes a
> link to describe how to generate an app-specific password to use for
> command-line notarization.
>
> If you copy/paste this, the email app probably converted to curly quotes so
> you’ll want to fix all the double-quotes. The script goes in the same folder
> as the built app you want to sign. If you name it with a .command extension,
> you can double-click to run it, and if you use a method to configure a
> buildapp.xml project file and run BUILD APPLICATION, you can use LAUNCH
> EXTERNAL PROCESS to automatically launch the script.
>
> Jim Crate
>
>
> #!/bin/bash
>
> cd "${BASH_SOURCE%/*}" || exit
> echo "current directory: `pwd`"
>
> devID="Developer ID Application: James Crate (developerID)"
> appPath="./MyBuiltApp.app"
>
> filename=$(basename -- "$appPath")
> appName="${filename%.*}"
>
> if [[ -d $appPath ]]
> then
> echo "signing $appPath"
> # clean up by removing file system extended attributes
> xattr -cr "$appPath"
>
> # sign application with developer signature
> codesign --force --deep --verbose --sign "$devID" "$appPath"
>
> # check code-signing
> echo "checking signing"
> spctl -av "$appPath"
> codesign --verify -v "$appPath"
>
> # zip with versioned name
> version=$(/usr/libexec/PlistBuddy "${appPath}/Contents/Info.plist" -c 'Print
> CFBundleShortVersionString')
> zipName="./${appName}-${version}.app.zip"
> echo "zipping to ${zipName}"
> rm "${zipName}"
> ditto -c -k --sequesterRsrc --keepParent "${appPath}" "${zipName}"
>
> echo "uploading for notarization"
> xcrun altool --notarize-app --primary-bundle-id "com.vantine.MyBuiltApp.zip"
> \
>--username "m...@example.com" --password
> "@keychain:AC_PASSWORD_NotarizationScript" \
>--file "${zipName}"
> echo "finished uploading, watch for result email"
> fi
>
> # after notarization completes, run:
> # xcrun stapler staple MyBuiltApp.app
>
> # This command stores a password in the keychain. The keychain item can also
> be created manually.
> # xcrun altool --store-password-in-keychain-item
> "AC_PASSWORD_NotarizationScript" -u "m...@example.com" -p
> "generated_app_password"
>
>
> **
> 4D Internet Users Group (4D iNUG)
> Archive: http://lists.4d.com/archives.html
> Options: https://lists.4d.com/mailman/options/4d_tech
> Unsub: mailto:4d_tech-unsubscr...@lists.4d.com
> **
**
4D Internet Users Group (4D iNUG)
Archive: http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub: mailto:4d_tech-unsubscr...@lists.4d.com
**
Re: Error signing built app for Catalina
You have a script that uses a .dmg file for notarization?
Thank you.
Joan Grabuleda
> I’ve used a script for signing for years, and have now added notarization to
> it. I’ve never tried to use 4D’s signing when building functionality.
>
> This link from Apple describes the notarization workflow and also includes a
> link to describe how to generate an app-specific password to use for
> command-line notarization.
>
> If you copy/paste this, the email app probably converted to curly quotes so
> you’ll want to fix all the double-quotes. The script goes in the same folder
> as the built app you want to sign. If you name it with a .command extension,
> you can double-click to run it, and if you use a method to configure a
> buildapp.xml project file and run BUILD APPLICATION, you can use LAUNCH
> EXTERNAL PROCESS to automatically launch the script.
>
> Jim Crate
>
>
> #!/bin/bash
>
> cd "${BASH_SOURCE%/*}" || exit
> echo "current directory: `pwd`"
>
> devID="Developer ID Application: James Crate (developerID)"
> appPath="./MyBuiltApp.app"
>
> filename=$(basename -- "$appPath")
> appName="${filename%.*}"
>
> if [[ -d $appPath ]]
> then
> echo "signing $appPath"
> # clean up by removing file system extended attributes
> xattr -cr "$appPath"
>
> # sign application with developer signature
> codesign --force --deep --verbose --sign "$devID" "$appPath"
>
> # check code-signing
> echo "checking signing"
> spctl -av "$appPath"
> codesign --verify -v "$appPath"
>
> # zip with versioned name
> version=$(/usr/libexec/PlistBuddy "${appPath}/Contents/Info.plist" -c 'Print
> CFBundleShortVersionString')
> zipName="./${appName}-${version}.app.zip"
> echo "zipping to ${zipName}"
> rm "${zipName}"
> ditto -c -k --sequesterRsrc --keepParent "${appPath}" "${zipName}"
>
> echo "uploading for notarization"
> xcrun altool --notarize-app --primary-bundle-id "com.vantine.MyBuiltApp.zip"
> \
>--username "m...@example.com " --password
> "@keychain:AC_PASSWORD_NotarizationScript" \
>--file "${zipName}"
> echo "finished uploading, watch for result email"
> fi
>
> # after notarization completes, run:
> # xcrun stapler staple MyBuiltApp.app
>
> # This command stores a password in the keychain. The keychain item can also
> be created manually.
> # xcrun altool --store-password-in-keychain-item
> "AC_PASSWORD_NotarizationScript" -u "m...@example.com
> " -p "generated_app_password"
>
**
4D Internet Users Group (4D iNUG)
Archive: http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub: mailto:4d_tech-unsubscr...@lists.4d.com
**
Re: Error signing built app for Catalina
Jim,
Thanks very much. I shall give it a go.
Jeremy
> On 25 Oct 2019, at 15:04, Jim Crate via 4D_Tech <4d_tech@lists.4d.com> wrote:
>
> On Oct 24, 2019, at 3:14 PM, Jeremy Roussak via 4D_Tech
> <4d_tech@lists.4d.com> wrote:
>>
>> App built with v17R6. Trying to sign a built application gives this:
>>
>> 20:07:01.341: Error 105553143319120 signing '/Users/jbr/Desktop/Final
>> Application/PI calculator - Working/PI
>> calculator.app/Contents/Resources/Internal User Components/4D
>> Report.4dbase/Resources/Images/tbSave.png': Error Domain=NSPOSIXErrorDomain
>> Code=9 "Bad file descriptor"
>>
>> Is there some documentation on the topic?
>
> I’ve used a script for signing for years, and have now added notarization to
> it. I’ve never tried to use 4D’s signing when building functionality.
>
> This link from Apple describes the notarization workflow and also includes a
> link to describe how to generate an app-specific password to use for
> command-line notarization.
>
> If you copy/paste this, the email app probably converted to curly quotes so
> you’ll want to fix all the double-quotes. The script goes in the same folder
> as the built app you want to sign. If you name it with a .command extension,
> you can double-click to run it, and if you use a method to configure a
> buildapp.xml project file and run BUILD APPLICATION, you can use LAUNCH
> EXTERNAL PROCESS to automatically launch the script.
>
> Jim Crate
>
>
> #!/bin/bash
>
> cd "${BASH_SOURCE%/*}" || exit
> echo "current directory: `pwd`"
>
> devID="Developer ID Application: James Crate (developerID)"
> appPath="./MyBuiltApp.app"
>
> filename=$(basename -- "$appPath")
> appName="${filename%.*}"
>
> if [[ -d $appPath ]]
> then
> echo "signing $appPath"
> # clean up by removing file system extended attributes
> xattr -cr "$appPath"
>
> # sign application with developer signature
> codesign --force --deep --verbose --sign "$devID" "$appPath"
>
> # check code-signing
> echo "checking signing"
> spctl -av "$appPath"
> codesign --verify -v "$appPath"
>
> # zip with versioned name
> version=$(/usr/libexec/PlistBuddy "${appPath}/Contents/Info.plist" -c 'Print
> CFBundleShortVersionString')
> zipName="./${appName}-${version}.app.zip"
> echo "zipping to ${zipName}"
> rm "${zipName}"
> ditto -c -k --sequesterRsrc --keepParent "${appPath}" "${zipName}"
>
> echo "uploading for notarization"
> xcrun altool --notarize-app --primary-bundle-id "com.vantine.MyBuiltApp.zip"
> \
>--username "m...@example.com" --password
> "@keychain:AC_PASSWORD_NotarizationScript" \
>--file "${zipName}"
> echo "finished uploading, watch for result email"
> fi
>
> # after notarization completes, run:
> # xcrun stapler staple MyBuiltApp.app
>
> # This command stores a password in the keychain. The keychain item can also
> be created manually.
> # xcrun altool --store-password-in-keychain-item
> "AC_PASSWORD_NotarizationScript" -u "m...@example.com" -p
> "generated_app_password"
>
>
> **
> 4D Internet Users Group (4D iNUG)
> Archive: http://lists.4d.com/archives.html
> Options: https://lists.4d.com/mailman/options/4d_tech
> Unsub: mailto:4d_tech-unsubscr...@lists.4d.com
> **
**
4D Internet Users Group (4D iNUG)
Archive: http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub: mailto:4d_tech-unsubscr...@lists.4d.com
**
Re: Error signing built app for Catalina
On Oct 24, 2019, at 3:14 PM, Jeremy Roussak via 4D_Tech <4d_tech@lists.4d.com>
wrote:
>
> App built with v17R6. Trying to sign a built application gives this:
>
> 20:07:01.341: Error 105553143319120 signing '/Users/jbr/Desktop/Final
> Application/PI calculator - Working/PI
> calculator.app/Contents/Resources/Internal User Components/4D
> Report.4dbase/Resources/Images/tbSave.png': Error Domain=NSPOSIXErrorDomain
> Code=9 "Bad file descriptor"
>
> Is there some documentation on the topic?
I’ve used a script for signing for years, and have now added notarization to
it. I’ve never tried to use 4D’s signing when building functionality.
This link from Apple describes the notarization workflow and also includes a
link to describe how to generate an app-specific password to use for
command-line notarization.
If you copy/paste this, the email app probably converted to curly quotes so
you’ll want to fix all the double-quotes. The script goes in the same folder as
the built app you want to sign. If you name it with a .command extension, you
can double-click to run it, and if you use a method to configure a buildapp.xml
project file and run BUILD APPLICATION, you can use LAUNCH EXTERNAL PROCESS to
automatically launch the script.
Jim Crate
#!/bin/bash
cd "${BASH_SOURCE%/*}" || exit
echo "current directory: `pwd`"
devID="Developer ID Application: James Crate (developerID)"
appPath="./MyBuiltApp.app"
filename=$(basename -- "$appPath")
appName="${filename%.*}"
if [[ -d $appPath ]]
then
echo "signing $appPath"
# clean up by removing file system extended attributes
xattr -cr "$appPath"
# sign application with developer signature
codesign --force --deep --verbose --sign "$devID" "$appPath"
# check code-signing
echo "checking signing"
spctl -av "$appPath"
codesign --verify -v "$appPath"
# zip with versioned name
version=$(/usr/libexec/PlistBuddy "${appPath}/Contents/Info.plist" -c 'Print
CFBundleShortVersionString')
zipName="./${appName}-${version}.app.zip"
echo "zipping to ${zipName}"
rm "${zipName}"
ditto -c -k --sequesterRsrc --keepParent "${appPath}" "${zipName}"
echo "uploading for notarization"
xcrun altool --notarize-app --primary-bundle-id "com.vantine.MyBuiltApp.zip" \
--username "m...@example.com" --password
"@keychain:AC_PASSWORD_NotarizationScript" \
--file "${zipName}"
echo "finished uploading, watch for result email"
fi
# after notarization completes, run:
# xcrun stapler staple MyBuiltApp.app
# This command stores a password in the keychain. The keychain item can also be
created manually.
# xcrun altool --store-password-in-keychain-item
"AC_PASSWORD_NotarizationScript" -u "m...@example.com" -p
"generated_app_password"
**
4D Internet Users Group (4D iNUG)
Archive: http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub: mailto:4d_tech-unsubscr...@lists.4d.com
**
Re: Error signing built app for Catalina
Thanks, Lutz. If only I had a copy of v18! Jeremy > On 25 Oct 2019, at 08:14, Epperlein, Lutz (agendo) via 4D_Tech > <4d_tech@lists.4d.com> wrote: > > Maybe this: > > https://blog.4d.com/?s=notarization > > Regards > Lutz Epperlein > > -Ursprüngliche Nachricht- > Von: 4D_Tech [mailto:4d_tech-boun...@lists.4d.com] Im Auftrag von Jeremy > Roussak via 4D_Tech > Gesendet: Donnerstag, 24. Oktober 2019 21:14 > An: 4D iNug Technical <4d_tech@lists.4D.com> > Cc: Jeremy Roussak > Betreff: Error signing built app for Catalina > > App built with v17R6. Trying to sign a built application gives this: > > 20:07:01.341: Error 105553143319120 signing '/Users/jbr/Desktop/Final > Application/PI calculator - Working/PI > calculator.app/Contents/Resources/Internal User Components/4D > Report.4dbase/Resources/Images/tbSave.png': Error Domain=NSPOSIXErrorDomain > Code=9 "Bad file descriptor" > > Is there some documentation on the topic? > > Jeremy ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
AW: Error signing built app for Catalina
Maybe this: https://blog.4d.com/?s=notarization Regards Lutz Epperlein -Ursprüngliche Nachricht- Von: 4D_Tech [mailto:4d_tech-boun...@lists.4d.com] Im Auftrag von Jeremy Roussak via 4D_Tech Gesendet: Donnerstag, 24. Oktober 2019 21:14 An: 4D iNug Technical <4d_tech@lists.4D.com> Cc: Jeremy Roussak Betreff: Error signing built app for Catalina App built with v17R6. Trying to sign a built application gives this: 20:07:01.341: Error 105553143319120 signing '/Users/jbr/Desktop/Final Application/PI calculator - Working/PI calculator.app/Contents/Resources/Internal User Components/4D Report.4dbase/Resources/Images/tbSave.png': Error Domain=NSPOSIXErrorDomain Code=9 "Bad file descriptor" Is there some documentation on the topic? Jeremy ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com ** ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Error signing built app for Catalina
App built with v17R6. Trying to sign a built application gives this: 20:07:01.341: Error 105553143319120 signing '/Users/jbr/Desktop/Final Application/PI calculator - Working/PI calculator.app/Contents/Resources/Internal User Components/4D Report.4dbase/Resources/Images/tbSave.png': Error Domain=NSPOSIXErrorDomain Code=9 "Bad file descriptor" Is there some documentation on the topic? Jeremy ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
