![]() ![]() Quinn “The Eskimo!” Developer Technical Support Apple I think that’ll be enough for you to make progress but, if you still can’t get it working, post a status update here and I’ll take another look. In most cases it’s fine to ship a command-line tool with no information property list. You can add an information property list to a command-line tool (by using the linker’s -sectcreate option to put it in the _TEXT / _info_plist section) but that’s generally not necessary. However, if the user runs the tool directly from Terminal, or from a shell script, everything will work out just fine. The only gotcha is that the user may not be able to double click the tool in the Finder to run it in Terminal. Note that ultimately this tool gets distributed in a ZIP file thatĬontains Windows and Linux executables also there is not, and ought Oh, and my Signing a Mac Product For Distribution post has a whole bunch of hints and tips about this overall issue. See Customizing the Notarization Workflow for hints on that front. The technique it describes won’t work for a command-line tool, so you’ll need something custom. See Notarizing macOS Software Before Distribution for background on notarisation. You will need to do this if you want it to run on arbitrary user systems. The reason this matters is that library validation makes it harder to pass Gatekeeper.įinally, did you notarise your tool. Second, why are you disabling library validation? The only good reason to do that is that your program loads plug-ins from other third-party developers. The approach I recommend is the one described in Testing a Notarised Product. I have a lot of other things to do than jumping through these hoops.Ĭom.disable-library-validationįirst up, spctl is not a great techniques for evaluating whether something will pass Gatekeeper. Note that ultimately this tool gets distributed in a ZIP file that contains Windows and Linux executables also there is not, and ought not be, any macOS-specific installer. What's it mean? How can I get this tool to run signed OK? All of this stuff is highly opaque, and the documentation out of date (for example, where it says you can run spctl on /bin/ls, but it gives the same exact error output that /bin/ls isn't an app.) mytool: rejected (the code is valid but does not seem to be an app) When I run spctl I get: % spctl -a -v -raw. mytool: satisfies its Designated RequirementĬodeDirectory v=20500 size=10271 flags=0x10000(runtime) hashes=310+7 location=embeddedĪuthority=Developer ID Certification Authority " -keychain "/Users/./Library/Keychains/login.keychain" -timestamp -f -o runtime -entitlements /Code/./mytool.entitlements /Code/./mytool Here's the signing command: % /usr/bin/codesign -s "Developer ID Application. I have a small command-line tool (a service) that gets compiled by Xcode, then I'm signing it during a Run Script phase.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |