Signing macOS application

Peter Bogdanoff bogdanoff at me.com
Tue Jan 1 21:24:24 EST 2019 

Trevor,

Thanks for your response and for the work you are doing with Levure. I’m very attracted to its functionality for me--structuring and especially providing for updating my application--but haven’t had time to work with it more yet.

I tried the script you suggested, and when I processed the application package (desktop-only app created in LC 8.1.9) I got the error:
	codesign process failed: /Users/*path to the app*/MITA.app/Contents/MacOS/MITA: code object is not signed at all [that would be the executable]
	In subcomponent: /Users/*path to the app*/MITA.app/Contents/MacOS/MUSITA



I followed Knapp’s suggestion and tried using AppWrapper 3, which gave specific critical errors (among other several apparently non-critical errors):
	Missing “/usr/local/lib/revsecurity.dylib
	Bundle identifier “com.artsinteractive” contains a blank segment


When I look at the rev security.dylib file in Terminal I see:
-bash: /Users/*path to the app*/MITA.app/Contents/MacOS/revsecurity.dylib: cannot execute binary file
logout

+++++++++++++

I then saw a reference somewhere to LC 8.1.10, and so I made a new runtime in that 8.1.10 version.

Then:
Levure script — NO errors
App Wrapper 3 — only significant error apparently: "website deployment—both missing private key"
(In Terminal, for revsecurity.dylib, the above “cannot execute binary file” is also shown)

I’m providing the DMG as a download. Is this MISSING KEY an issue? And is there a way to reset my Gatekeeper to test installing the program on my computer?

Peter Bogdanoff
ArtsInteractive




> On Dec 29, 2018, at 7:01 PM, Trevor DeVore via use-livecode <use-livecode at lists.runrev.com> wrote:
> 
> On Sat, Dec 29, 2018 at 2:20 PM Peter Bogdanoff via use-livecode <
> use-livecode at lists.runrev.com> wrote:
> 
>> 
>> I have these IDs:
>>        Developer ID Installer
>>        Developer ID Application
>> 
>> DropDMG shows in its preferences the 'Developer ID Application’ that is
>> used to sign the installer. That should be used and not 'Developer ID
>> Installer’?
>> 
>> 
>> Anyone have any guidance on this?
> 
> 
> You do need to sign your app using your “Developer ID Installer” profile.
> There is a script only stack I posted a while ago on gist.github.com that
> will sign an app. Here is the url:
> 
> https://gist.github.com/trevordevore/3e91724c4573690b691510d2e2dcd2a7
> 
> Just save the gist to a file with a .livecodescript extension and open it
> in the IDE.
> 
> As for DropDMG it has the correct certificate selected. DMGs are not really
> installers but the DMG does need to be signed to appease GateKeeper.
> 
> As Was already mentioned, the Levure packager will take care of signing
> your apps for you. It will sign apps you distribute yourself, sign and
> prepare an app for upload to the Mac App Store, and sign Mac App Store
> development versions for testing. It is quite handy.
> 
> Of course if you are already trying to sign your app for distribution then
> you aren’t at a point where you want to modify your app to use a new
> framework. But something to consider for the future.
> 
>> 
> And this all doesn’t have anything to do with Notarization? That’s another
>> step for the future?
> 
> 
> No it does not.
> 
> --
> Trevor DeVore
> ScreenSteps
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

More information about the use-livecode mailing list