headers
norulez | 13 Feb 2012 23:14

Re: [Qt-interest] Latest on Mac App Store + sandboxing?

Hi,

I had also troubles with this after lion comes out last year.
In short words... You must use codesign for each file which is in your bundle, except for frameworks (see
point 1) 

1.) use codesign for all your frameworks (e.g. Bundle/Contents/Frameworks/QtGui.framework)
2.) use codesign for all your plugins (e.g. Bundle/Contents/PlugIns/imageformats/libqgif.dylib)
3.) use codesign with the entitlements file on your bundle
4.) run productbuild
5.) test the created package with the installer

I hope this helps

Best Regards
NoRulez

Am 13.02.2012 um 20:16 schrieb Paul Miller <paul <at> fxtech.com>:

> As the Sandbox deadline is now March 1, today I tried to submit an 
> update to one of my Mac App Store apps and received an email with this 
> information:
> 
> "Invalid Signature - the executable 
> <application>.app/Contents/Frameworks/QtCore.framework/Versions/4/QtCore 
> is not signed, the signature is invalid, or it is not signed with an 
> Apple submission certificate. Refer to the Code Signing and Application 
> Sandboxing Guide for more information.
> 
> Invalid Signature - the executable
(Continue reading)

Permalink | Reply |
headers
Paul Miller | 13 Feb 2012 23:22
Gravatar

Re: [Qt-interest] Latest on Mac App Store + sandboxing?

On 2/13/2012 4:14 PM, norulez <at> me.com wrote:
> Hi,
>
> I had also troubles with this after lion comes out last year.
> In short words... You must use codesign for each file which is in your bundle, except for frameworks (see
point 1)
>
> 1.) use codesign for all your frameworks (e.g. Bundle/Contents/Frameworks/QtGui.framework)
> 2.) use codesign for all your plugins (e.g. Bundle/Contents/PlugIns/imageformats/libqgif.dylib)
> 3.) use codesign with the entitlements file on your bundle
> 4.) run productbuild
> 5.) test the created package with the installer
>
> I hope this helps

Yes - that stuff makes sense (and I'm glad there is a manual way to sign 
the Qt frameworks). However, I've always just used Build+Archive and the 
Organizer to do this stuff. Can you outline how I would replace those 
steps with manual codesign and productbuild commands?

Cheers!
Permalink | Reply |
headers
NoRulez | 13 Feb 2012 23:48

Re: [Qt-interest] Latest on Mac App Store + sandboxing?

I tried it also this way, but i want to be able to generate packages on a build server, so in my case the command
line tools are simpler ;-)

I had made a mistake in the example (point 2) in the last mail, here are "all" steps copied from my project

So, let's say the bundle indentifier in this example is called BUNDLE (bundle.app) and the project PROJECT

The APPLICATION_CERTIFICATE and INSTALLER_CERTIFICATE are the certificates which you have installed
from http://developer.apple.com.
APPLICATION_CERTIFICATE is something like "3rd Party Mac Developer Application: YOUR NAME"
INSTALLER_CERTIFICATE is something like "3rd Party Mac Developer Installer: YOUR NAME"

I use the following steps (Maybe you can handle this in a qmake's project file (*.pro) as a post build
process, I use CMake as the build system so that way it is easier for me):

1.) macdeployqt BUNDLE
2.) remove unnecessary directories and files (plugins, frameworks and so on)
3.) unlock the keychain (/usr/bin/security unlock-keychain $HOME/Library/Keychains/login.keychain)
4.) Sign all frameworks (/usr/bin/codesign --force --verbose --verify --sign
"APPLICATION_CERTIFICATE" BUNDLE/Contents/Frameworks/QtGui.framework/Versions/4/QtGui)
5.) Sign all plugins (/usr/bin/codesign --force --verbose --verify --sign "APPLICATION_CERTIFICATE" BUNDLE/Contents/PlugIns/imageformats/libqgif.dylib)
6.) Sign the application bundle (/usr/bin/codesign --force --verbose --verify --sign
"APPLICATION_CERTIFICATE" BUNDLE)
7.) Run productbuild (/usr/bin/productbuild --component "BUNDLE" /Applications --sign
"INSTALLER_CERTIFICATE" --product "BUNDLE/Contents/Info.plist" PROJECT.pkg)
8.) Try it with the installer (/usr/sbin/installer -store -pkg PROJECT.pkg -target /)

That's it

Best Regards
(Continue reading)

Permalink | Reply |
headers
Paul Miller | 14 Feb 2012 15:09
Gravatar

Re: [Qt-interest] Latest on Mac App Store + sandboxing?

On 2/13/2012 4:48 PM, NoRulez wrote:
> I tried it also this way, but i want to be able to generate packages on
> a build server, so in my case the command line tools are simpler ;-)
>
> I had made a mistake in the example (point 2) in the last mail, here are
> "all" steps copied from my project
>
> So, let's say the bundle indentifier in this example is called BUNDLE
> (bundle.app) and the project PROJECT
>
> The APPLICATION_CERTIFICATE and INSTALLER_CERTIFICATE are the
> certificates which you have installed from http://developer.apple.com.
> APPLICATION_CERTIFICATE is something like "3rd Party Mac Developer
> Application: YOUR NAME"
> INSTALLER_CERTIFICATE is something like "3rd Party Mac Developer
> Installer: YOUR NAME"
>
> I use the following steps (Maybe you can handle this in a qmake's
> project file (*.pro) as a post build process, I use CMake as the build
> system so that way it is easier for me):
>
> 1.) macdeployqt BUNDLE
> 2.) remove unnecessary directories and files (plugins, frameworks and so on)
> 3.) unlock the keychain (/usr/bin/security unlock-keychain
> $HOME/Library/Keychains/login.keychain)
> 4.) Sign all frameworks (/usr/bin/codesign --force --verbose --verify
> --sign "APPLICATION_CERTIFICATE"
> BUNDLE/Contents/Frameworks/QtGui.framework/Versions/4/QtGui)
> 5.) Sign all plugins (/usr/bin/codesign --force --verbose --verify
> --sign "APPLICATION_CERTIFICATE"
(Continue reading)

Permalink | Reply |

Gmane