Signing an app

You say:

now my company is not going to provide certificate

If you don’t have a signing identity, how are you supposed to sign anything? I suspect I’m missing a piece of the puzzle. Can you elaborate?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi,

They have provided us some scripts and templates, which performs code sign and product sign, just we have to provide all the binaries and executables to them. since I don't have certificates so can't sign project from Xcode.

As per my understanding we have to sign .pkg, .app and all the library executables (.dylib ). when i verify my signed .app it shows me message

"app: a sealed resource is missing or invalid"

Used some third party framework in project and there are some symlink in that, is that causing the issue ?

do I need to sign framework as well if yes then how ?

or is there any step I am missing in signing process

Hi,

They have provided us some scripts and templates, which performs code sign and product sign, just we have to provide all the binaries and executables to them. since I don't have certificates so can't sign project from Xcode.

As per my understanding we have to sign .pkg, .app and all the library executables (.dylib ). when i verify my signed .app it shows me message

"app: a sealed resource is missing or invalid"

Used some third party framework in project and there are some symlink in that, is that causing the issue ?

do I need to sign framework as well if yes then how ?

or is there any step I am missing in signing process.

just we have to provide all the binaries and executables to them. since I don't have certificates so can't sign project from Xcode.

If you’re building the app using Xcode the easiest way around this is to give them an Xcode archive (.xcarchive). They can then export it for distribution using the Xcode GUI or, if they wan to automate this, the xcodebuild command-line tool.

If you want to manually sign your app that’s also possible — my Signing a Mac Product For Distribution post has detailed instruction on how to do that — but using an Xcode archive is going to be much easier.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi,

Thanks, That document is very helpful.

Now I am facing some different error

.app: bundle format is ambiguous (could be app or framework)

Just want to confirm I am exporting .app from .xcarchive and performing code sign on it then putting it back in .xcarchive

is this a correct way to do it ?

Just want to confirm I am exporting .app from .xcarchive and performing code sign on it then putting it back in .xcarchive

is this a correct way to do it ?

Not really. An Xcode archive is meant to be immutable, and is typically development signed. You generally do one of three things with the archive:

• You use Xcode (or xcodebuild) to export an app from the archive.

• If the archive doesn’t contain an app — you’re building a non-app product, like a daemon, say — you manually export the app from the archive

• You pass the archive to someone else who does one of the above processes.

Modifying an Xcode archive is… well… not horribly wrong but definitely strange. It suggests that you have set up your workflow incorrectly.

Now I am facing some different error

.app: bundle format is ambiguous (could be app or framework)

That suggests that your app is built incorrectly. It’s hard to debug problems like that without looking at the app in detail, and that’s not something I have time for here on DevForums. I recommend that you open a DTS tech support incident, which will allow me to allocate the time to help you properly.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"