1. About
  2. Features
  3. Explore

I am having trouble signing Qt Based application un OS X. I am using Qt 5.3.2.

I have read various information source that contain contradictory information.

Here is the content of my application bundle after I run the bin/macdeployqt Qt utility

SimpleHello.app/ Contents/ Info.plist PkgInfo Frameworks/ QtCore.framework/ Resources/ Versions/ 5/ QtCore QtGui.framework/ ... same as Qt core QtPrintSupport.framework/ ... same as Qt core QtWidgets.framework/ ... same as Qt core MacOS/ SimpleHello PlugIns/ ... some plugins Resources/ empty.lproj qt.conf 

First:

I tried: http://successfulsoftware.net/2012/08/30/how-to-sign-your-mac-os-x-app-for-gatekeeper/

However, it seems that it is not valid anymore in OS X 10.10 Yosemite

Second:

I tried: Sign a Framework for OSX 10.9

I was able to sign the whole application without any error. However, when running spctl to verify the validity of the application, I get

spctl -a -vvvv SimpleHello.app SimpleHello.app/: rejected source=obsolete resource envelope origin=Developer ID Application: MY CERTIFICATE 

Additionally when verifying signature with codesign, I get this:

codesign --verify --deep --verbose=4 SimpleHello.app --prepared:/My/Path/SimpleHello.app/Contents/Frameworks/QtCore.framework --validated:/My/Path/SimpleHello.app/Contents/Frameworks/QtCore.framework SimpleHello.app/: embedded framework contains modified or invalid version In subcomponent: /My/Path/SimpleHello.app/Contents/Frameworks/QtCore.framework 

Third:

Added the --no-strict option in codesign verification according to: Error when export archive

It fixes the issue with codesign verification but does not fix the spctl issue.

Forth:

I tried adding the --no-legacy-signing option when signing frameworks. However I get this error when verifying the bundle signature (both with codesign and spctl

codesign --verify --deep --verbose=4 SimpleHello.app SimpleHello.app/: code has no resources but signature indicates they must be present 

Fifth:

Modified the framework structure according to: http://qt-project.org/forums/viewthread/47768 and https://gist.github.com/kingcheez/6154462d7734e0c0f3a4

In this case I get this error when trying to sign frameworks

SimpleHello.app/Contents/Frameworks/QtCore.framework: unsealed contents present in the root directory of an embedded framework SimpleHello.app/Contents/Frameworks/QtGui.framework: unsealed contents present in the root directory of an embedded framework SimpleHello.app/Contents/Frameworks/QtPrintSupport.framework: unsealed contents present in the root directory of an embedded framework SimpleHello.app/Contents/Frameworks/QtWidgets.framework: unsealed contents present in the root directory of an embedded framework 

EDIT: It seems that the issue with the unsealed contents present in the root directory of an embedded framework was because one of the simlink was malformed. It was:

QtCore.framework.framework/Versions/Current -> 5/ 

Instead of

QtCore.framework.framework/Versions/Current -> 5 

After this fix, I still get the same result as in Sixth though.

Sixth:

Added the --no-strict option when calling codesign for Frameworks. I was able to sign all frameworks except for one

SimpleHello.app//Contents/Frameworks/QtCore.framework: signed bundle with Mach-O thin (x86_64) [.] SimpleHello.app//Contents/Frameworks/QtGui.framework: signed bundle with Mach-O thin (x86_64) [.] SimpleHello.app//Contents/Frameworks/QtPrintSupport.framework: code object is not signed at all In subcomponent: /My/Path/SimpleHello.app/Contents/Frameworks/QtPrintSupport.framework/Versions/Current/QtPrintSupport SimpleHello.app//Contents/Frameworks/QtWidgets.framework: signed bundle with Mach-O thin (x86_64) [.] 

Seventh:

I posted this question since I don't know what to look for anymore

1 Answer 1

I run a script similar to this after running macdeployqt:

#!/bin/bash #copy .plist files to frameworks cp "/usr/local/Trolltech/Qt-4.8.5/lib/QtCore.framework/Contents/Info.plist" "SimpleHello.app/Contents/Frameworks/QtCore.framework/Resources/Info.plist" #copy folders to proper location cp -r "SimpleHello.app/Contents/Frameworks/QtCore.framework/Resources" "SimpleHello.app/Contents/Frameworks/QtCore.framework/Versions/4/Resources" #delete old folders rm -rf "SimpleHello.app/Contents/Frameworks/QtCore.framework/Resources" #create symlinks ln -s "Versions/4/Resources" "SimpleHello.app/Contents/Frameworks/QtCore.framework/Resources" 

After, I use:

codesign --deep -f -s 

and it works, just add the missing frameworks in a similar fashion. I haven't tried it with qt 5+ but it might work for it to.