Code signing for Yosemite

Home Forums Syphon Syphon Development – Developer Code signing for Yosemite

This topic contains 9 replies, has 3 voices, and was last updated by  vade 5 years ago.

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #58766

    rsodre
    Participant

    Hey!!

    I’m testing some apps on the Yosemite developer preview and they all crash with “code signature invalid” at the Syphon framework.
    Did they made it mandatory to code sign Frameworks for Yosemite?

    Here’s the full error I’m getting:

    Dyld Error Message:
      Library not loaded: @loader_path/../Frameworks/Syphon.framework/Versions/A/Syphon
      Referenced from: /Users/USER/Desktop/Blendy Dome VJ 1.0.2.app/Contents/MacOS/Blendy Dome VJ
      Reason: no suitable image found.  Did find:
    	/Users/Roger/Desktop/Blendy Dome VJ 1.0.2.app/Contents/MacOS/../Frameworks/Syphon.framework/Versions/A/Syphon: code signature invalid for '/Users/Roger/Desktop/Blendy Dome VJ 1.0.2.app/Contents/MacOS/../Frameworks/Syphon.framework/Versions/A/Syphon'
    
    #58767

    bangnoise
    Keymaster

    I know that if you do everything as current Xcode bids you, it works – including accepting the change to code-sign frameworks as part of a Copy Files build phase. If your app is signed, then I think bundled frameworks have to have the same signature (which is what Xcode does by default). Maybe try selecting the project in Xcode, then Editor > Validate Settings…?

    That any help? All our apps seem unaffected.

    #58768

    rsodre
    Participant

    You’re saying that I don’t have to recompile and sign from Syphon’s project, my app’s project should sign the Syphon framework?
    Looks like it’s not happening.

    Usually I never sign, only when exporting the app for distribution. If I sign the app, it complains that Syphon is unsigned, even if it is.

    I got a message from Apple saying that apps signed on 10.8 would be rejected by Yosemite’s Gatekeeper, that’s why I’m re-signing.

    But old apps work!
    New signed apps don’t.

    I’ll install a fresh Yosemite DP7 and see what happens.

    #58770

    vade
    Keymaster

    I tested DP5 and 6 and things worked fine. When I get home I can update to DP7 and try it out.

    #58771

    rsodre
    Participant

    Hey Vade!
    Was the app was signed on Mavericks?

    #58772

    bangnoise
    Keymaster

    I’m still on DP6 (slow internet), where everything works.

    Most of my apps build the framework from source as a subproject, but I think it should work the same with built frameworks. The relevant checkbox is called “Code Sign On Copy” and shows up in the Copy Files build phase in the Build Phases tab.

    Maybe make a new blank Cocoa Application project and add the framework to that, see if it works as it should, then see if you can spot the difference between that and your projects?

    Sorry not to be more useful – the Apple docs or dev forum may make more sense than us…

    #58773

    rsodre
    Participant

    I think this is new on XCode 6, right?

    Apple recommends do deploy apps for Yosemite still using XCode 5, and I don’t like switching my projects to a beta XCode, so I’m still on 5.

    Anyway, I just made it work on XCode 5 with a script I found.
    I’m just documenting it and will post here asap.

    #58774

    rsodre
    Participant

    So, I’m compiling with XCode 5.1.1, on 10.9.4, testing on Yosemite Developer Preview 7.
    I’m distributing the app as a download, outside the App Store.
    I don’t want Gatekkeper telling people it’s unsafe, so I need to code sign it.
    For this, I have a Mac Developer Program, created a certificate, app identifier and provisioning profile following Apple’s App Distribution Guide

    No need to sign or recompile Syphon.framework!

    On my project…
    – Target > General > Sign > NONE
    – Built Settings > Code Signing Identity > Release > “3rd Party Mac Developer Application”
    – Built Settings > Provisioning Profile > None
    – New File > Shell Script > Name it “codesign-frameworks.sh”
    – Paste the script content from here: (I just removed everything related to ENTITLEMENTS, because I don’t need a Sandbox, it’s for production)
    http://stackoverflow.com/a/11284404/360930
    – Build Phases > Add > Run Script (after Copy Files Frameworks) > Check “Run script only when installing” > Fill with “./codesign-frameworks.sh”
    – Project > Archive
    – Select the archive > Distribute > Export Developer-ID signed Application > Select your Developer ID > save it somewhere

    Now to properly test it, you need to quarantine your app. There’s two ways to do this:
    – Email the app to yourself and download the attachment on Mail.
    – Upload to some web server and download with Safari.

    Download it on your Yosemite installation, run and it should be fine.

    #58775

    bangnoise
    Keymaster

    Thanks for documenting – ludicrous that the current stable Xcode can’t embed a framework without jumping through these hoops…

    #58776

    vade
    Keymaster

    Wow thats nuts. Thanks for documenting, thats really super helpful Roger.

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.

One comment on “Code signing for Yosemite

  1. Pingback: Xcode6でSDL2を使う際の注意 | ことねの部屋