I am having trouble signing Qt Based application un OS X. I am using Qt 5.3.2.
I have read various information source that contain contradictory information.
Here is the content of my application bundle after I run the bin/macdeployqt
Qt utility
SimpleHello.app/ Contents/ Info.plist PkgInfo Frameworks/ QtCore.framework/ Resources/ Versions/ 5/ QtCore QtGui.framework/ ... same as Qt core QtPrintSupport.framework/ ... same as Qt core QtWidgets.framework/ ... same as Qt core MacOS/ SimpleHello PlugIns/ ... some plugins Resources/ empty.lproj qt.conf
First:
I tried: http://successfulsoftware.net/2012/08/30/how-to-sign-your-mac-os-x-app-for-gatekeeper/
However, it seems that it is not valid anymore in OS X 10.10 Yosemite
Second:
I tried: Sign a Framework for OSX 10.9
I was able to sign the whole application without any error. However, when running spctl
to verify the validity of the application, I get
spctl -a -vvvv SimpleHello.app SimpleHello.app/: rejected source=obsolete resource envelope origin=Developer ID Application: MY CERTIFICATE
Additionally when verifying signature with codesign, I get this:
codesign --verify --deep --verbose=4 SimpleHello.app --prepared:/My/Path/SimpleHello.app/Contents/Frameworks/QtCore.framework --validated:/My/Path/SimpleHello.app/Contents/Frameworks/QtCore.framework SimpleHello.app/: embedded framework contains modified or invalid version In subcomponent: /My/Path/SimpleHello.app/Contents/Frameworks/QtCore.framework
Third:
Added the --no-strict
option in codesign verification according to: Error when export archive
It fixes the issue with codesign verification but does not fix the spctl
issue.
Forth:
I tried adding the --no-legacy-signing
option when signing frameworks. However I get this error when verifying the bundle signature (both with codesign
and spctl
codesign --verify --deep --verbose=4 SimpleHello.app SimpleHello.app/: code has no resources but signature indicates they must be present
Fifth:
Modified the framework structure according to: http://qt-project.org/forums/viewthread/47768 and https://gist.github.com/kingcheez/6154462d7734e0c0f3a4
In this case I get this error when trying to sign frameworks
SimpleHello.app/Contents/Frameworks/QtCore.framework: unsealed contents present in the root directory of an embedded framework SimpleHello.app/Contents/Frameworks/QtGui.framework: unsealed contents present in the root directory of an embedded framework SimpleHello.app/Contents/Frameworks/QtPrintSupport.framework: unsealed contents present in the root directory of an embedded framework SimpleHello.app/Contents/Frameworks/QtWidgets.framework: unsealed contents present in the root directory of an embedded framework
EDIT: It seems that the issue with the unsealed contents present in the root directory of an embedded framework
was because one of the simlink was malformed. It was:
QtCore.framework.framework/Versions/Current -> 5/
Instead of
QtCore.framework.framework/Versions/Current -> 5
After this fix, I still get the same result as in Sixth though.
Sixth:
Added the --no-strict
option when calling codesign
for Frameworks. I was able to sign all frameworks except for one
SimpleHello.app//Contents/Frameworks/QtCore.framework: signed bundle with Mach-O thin (x86_64) [.] SimpleHello.app//Contents/Frameworks/QtGui.framework: signed bundle with Mach-O thin (x86_64) [.] SimpleHello.app//Contents/Frameworks/QtPrintSupport.framework: code object is not signed at all In subcomponent: /My/Path/SimpleHello.app/Contents/Frameworks/QtPrintSupport.framework/Versions/Current/QtPrintSupport SimpleHello.app//Contents/Frameworks/QtWidgets.framework: signed bundle with Mach-O thin (x86_64) [.]
Seventh:
I posted this question since I don't know what to look for anymore
1 Answer
I run a script similar to this after running macdeployqt:
#!/bin/bash #copy .plist files to frameworks cp "/usr/local/Trolltech/Qt-4.8.5/lib/QtCore.framework/Contents/Info.plist" "SimpleHello.app/Contents/Frameworks/QtCore.framework/Resources/Info.plist" #copy folders to proper location cp -r "SimpleHello.app/Contents/Frameworks/QtCore.framework/Resources" "SimpleHello.app/Contents/Frameworks/QtCore.framework/Versions/4/Resources" #delete old folders rm -rf "SimpleHello.app/Contents/Frameworks/QtCore.framework/Resources" #create symlinks ln -s "Versions/4/Resources" "SimpleHello.app/Contents/Frameworks/QtCore.framework/Resources"
After, I use:
codesign --deep -f -s
and it works, just add the missing frameworks in a similar fashion. I haven't tried it with qt 5+ but it might work for it to.
Other Answers