Hi,
I have an automated build process that produces custom apps for different customers. The only thing that is customized is a resource in the app.
I would like to be able to just code sign the entire app once and then for each customer just update and code sign the resource.
After doing the initial code signing of the app "codesign -vvv --deep --strict myapp.app" shows that everything is OK.
I then replace myapp.app//Contents/Resources/CustomFile with a new one and code sign it:
codesign -f -s "Developer ID Application: MY Company" --options runtime --keychain "Buildsystem" "myapp.app/Contents/Resources/CustomFile"
But then "codesign -vvv --deep --strict myapp.app" shows there is a problem:
myapp.app: a sealed resource is missing or invalid
file modified: myapp.app/Contents/Resources/CustomFile
Can anybody explain why this doesn't work?
My work around is to always update the resource in an unsigned app and then code sign the entire thing.