Re: Signing macOS application

[Peter Bogdanoff via use-livecode]

Trevor,

Thanks for your response and for the work you are doing with Levure. I’m very 
attracted to its functionality for me--structuring and especially providing for 
updating my application--but haven’t had time to work with it more yet.

I tried the script you suggested, and when I processed the application package 
(desktop-only app created in LC 8.1.9) I got the error:
codesign process failed: /Users/*path to the 
app*/MITA.app/Contents/MacOS/MITA: code object is not signed at all [that would 
be the executable]
In subcomponent: /Users/*path to the app*/MITA.app/Contents/MacOS/MUSITA



I followed Knapp’s suggestion and tried using AppWrapper 3, which gave specific 
critical errors (among other several apparently non-critical errors):
Missing “/usr/local/lib/revsecurity.dylib
Bundle identifier “com.artsinteractive” contains a blank segment


When I look at the rev security.dylib file in Terminal I see:
-bash: /Users/*path to the app*/MITA.app/Contents/MacOS/revsecurity.dylib: 
cannot execute binary file
logout

+

I then saw a reference somewhere to LC 8.1.10, and so I made a new runtime in 
that 8.1.10 version.

Then:
Levure script — NO errors
App Wrapper 3 — only significant error apparently: "website deployment—both 
missing private key"
(In Terminal, for revsecurity.dylib, the above “cannot execute binary file” is 
also shown)

I’m providing the DMG as a download. Is this MISSING KEY an issue? And is there 
a way to reset my Gatekeeper to test installing the program on my computer?

Peter Bogdanoff
ArtsInteractive




> On Dec 29, 2018, at 7:01 PM, Trevor DeVore via use-livecode 
>  wrote:
> 
> On Sat, Dec 29, 2018 at 2:20 PM Peter Bogdanoff via use-livecode <
> use-livecode@lists.runrev.com> wrote:
> 
>> 
>> I have these IDs:
>>Developer ID Installer
>>Developer ID Application
>> 
>> DropDMG shows in its preferences the 'Developer ID Application’ that is
>> used to sign the installer. That should be used and not 'Developer ID
>> Installer’?
>> 
>> 
>> Anyone have any guidance on this?
> 
> 
> You do need to sign your app using your “Developer ID Installer” profile.
> There is a script only stack I posted a while ago on gist.github.com that
> will sign an app. Here is the url:
> 
> https://gist.github.com/trevordevore/3e91724c4573690b691510d2e2dcd2a7
> 
> Just save the gist to a file with a .livecodescript extension and open it
> in the IDE.
> 
> As for DropDMG it has the correct certificate selected. DMGs are not really
> installers but the DMG does need to be signed to appease GateKeeper.
> 
> As Was already mentioned, the Levure packager will take care of signing
> your apps for you. It will sign apps you distribute yourself, sign and
> prepare an app for upload to the Mac App Store, and sign Mac App Store
> development versions for testing. It is quite handy.
> 
> Of course if you are already trying to sign your app for distribution then
> you aren’t at a point where you want to modify your app to use a new
> framework. But something to consider for the future.
> 
>> 
> And this all doesn’t have anything to do with Notarization? That’s another
>> step for the future?
> 
> 
> No it does not.
> 
> --
> Trevor DeVore
> ScreenSteps
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription 
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Signing macOS application

[Trevor DeVore via use-livecode]

On Sat, Dec 29, 2018 at 2:20 PM Peter Bogdanoff via use-livecode <
use-livecode@lists.runrev.com> wrote:

>
> I have these IDs:
> Developer ID Installer
> Developer ID Application
>
> DropDMG shows in its preferences the 'Developer ID Application’ that is
> used to sign the installer. That should be used and not 'Developer ID
> Installer’?
>
>
> Anyone have any guidance on this?


You do need to sign your app using your “Developer ID Installer” profile.
There is a script only stack I posted a while ago on gist.github.com that
will sign an app. Here is the url:

https://gist.github.com/trevordevore/3e91724c4573690b691510d2e2dcd2a7

Just save the gist to a file with a .livecodescript extension and open it
in the IDE.

As for DropDMG it has the correct certificate selected. DMGs are not really
installers but the DMG does need to be signed to appease GateKeeper.

As Was already mentioned, the Levure packager will take care of signing
your apps for you. It will sign apps you distribute yourself, sign and
prepare an app for upload to the Mac App Store, and sign Mac App Store
development versions for testing. It is quite handy.

Of course if you are already trying to sign your app for distribution then
you aren’t at a point where you want to modify your app to use a new
framework. But something to consider for the future.

>
And this all doesn’t have anything to do with Notarization? That’s another
> step for the future?


No it does not.

 --
Trevor DeVore
ScreenSteps
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Signing macOS application

[Randy Hengst via use-livecode]

Hi Peter,

I don’t develop for Macs beyond personal use… but I do develop for iOS. You 
need to use a Distribution Certificate (rather than Developer) to sell on the 
iOS App Store… could that requirement also be needed for your situation?


be well,
randy
www.classroomFocusedSoftware.com


> On Dec 29, 2018, at 2:20 PM, Peter Bogdanoff via use-livecode 
>  wrote:
> 
> Hi,
> 
> I’m using DropDMG to sign my macOS installer. Users are having trouble 
> opening it—Gatekeeper seems to not recognize my developer ID.
> 
> It is unclear to me what is going on. Does the application need to be signed 
> before I create the installer in DropDMG? And how do I do that? I had thought 
> that DropDMG took care of everything… Michael Tsai says "The app should 
> definitely be signed before creating the .dmg.”
> 
> https://c-command.com/forums/showthread.php/4103-Signing-app-to-prevent-Gatekeeper-block
>  
> 
> 
> I have these IDs:
>   Developer ID Installer
>   Developer ID Application
> 
> DropDMG shows in its preferences the 'Developer ID Application’ that is used 
> to sign the installer. That should be used and not 'Developer ID Installer’?
> 
> 
> Anyone have any guidance on this?
> 
> 
> And this all doesn’t have anything to do with Notarization? That’s another 
> step for the future?
> 
> Thanks for any help!
> 
> Peter Bogdanoff
> ArtsInteractive
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription 
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Signing macOS application

[Knapp Martin via use-livecode]

I believe that DropDMG just signs the installer and does not sign the app. You 
might take a look at AppWrapper3 or dive into Trevor’s Levure framework - it 
works with DropDMG to sign both the app and the disk image.

Marty

> On Dec 29, 2018, at 12:20 PM, Peter Bogdanoff via use-livecode 
>  wrote:
> 
> Hi,
> 
> I’m using DropDMG to sign my macOS installer. Users are having trouble 
> opening it—Gatekeeper seems to not recognize my developer ID.
> 
> It is unclear to me what is going on. Does the application need to be signed 
> before I create the installer in DropDMG? And how do I do that? I had thought 
> that DropDMG took care of everything… Michael Tsai says "The app should 
> definitely be signed before creating the .dmg.”
> 
> https://c-command.com/forums/showthread.php/4103-Signing-app-to-prevent-Gatekeeper-block
>  
> 
> 
> I have these IDs:
>   Developer ID Installer
>   Developer ID Application
> 
> DropDMG shows in its preferences the 'Developer ID Application’ that is used 
> to sign the installer. That should be used and not 'Developer ID Installer’?
> 
> 
> Anyone have any guidance on this?
> 
> 
> And this all doesn’t have anything to do with Notarization? That’s another 
> step for the future?
> 
> Thanks for any help!
> 
> Peter Bogdanoff
> ArtsInteractive


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Signing macOS application

[Peter Bogdanoff via use-livecode]

Hi,

I’m using DropDMG to sign my macOS installer. Users are having trouble opening 
it—Gatekeeper seems to not recognize my developer ID.

It is unclear to me what is going on. Does the application need to be signed 
before I create the installer in DropDMG? And how do I do that? I had thought 
that DropDMG took care of everything… Michael Tsai says "The app should 
definitely be signed before creating the .dmg.”

https://c-command.com/forums/showthread.php/4103-Signing-app-to-prevent-Gatekeeper-block
 


I have these IDs:
Developer ID Installer
Developer ID Application

DropDMG shows in its preferences the 'Developer ID Application’ that is used to 
sign the installer. That should be used and not 'Developer ID Installer’?


Anyone have any guidance on this?


And this all doesn’t have anything to do with Notarization? That’s another step 
for the future?

Thanks for any help!

Peter Bogdanoff
ArtsInteractive
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode