ID signing a standalone

Using Standalone Maker to build executables or delivering projects for use with the SuperCard Player? Discuss it here.

ID signing a standalone

Postby 1nperson0z » Wed Feb 24, 2016 8:26 pm

A few times I've run into standalones I've made for work or friends not running due to not being code signed from a known developer. While security settings can be changed to get around this, is there any way for me as a registered developer to install a certificate in a standalone made by me?

Ian B
MacBook Pro 2.4Ghz i7 8Gb 10.11.3
1nperson0z
 
Posts: 78
Joined: Wed Jul 09, 2008 3:31 pm
Location: Blue Mountains Australia

Re: ID signing a standalone

Postby Scott » Thu Feb 25, 2016 6:32 am

Yes. If you have the developer command line tools and required Apple certificates installed, you can use codesign in terminal to code sign your app. Just be sure you sign each binary in the package before you sign the package.

Also note that for the standalone to remain signed, you can not make any changes to the standalone once it is signed. All user data must be stored outside of the standalone.
User avatar
Scott
Site Admin
 
Posts: 1213
Joined: Sat Jul 05, 2008 1:37 pm
Location: Northern Sierra Nevada

Re: ID signing a standalone

Postby JoeKoomen2011 » Thu Feb 25, 2016 6:33 am

This article should answer most of your questions. https://developer.apple.com/support/certificates/

Joe
Joe Koomen
>> Random! ...Damn near killed 'em! <<
User avatar
JoeKoomen2011
 
Posts: 454
Joined: Thu Mar 12, 2009 1:38 pm

Re: ID signing a standalone

Postby 1nperson0z » Thu Feb 25, 2016 4:00 pm

Also note that for the standalone to remain signed, you can not make any changes to the standalone once it is signed. All user data must be stored outside of the standalone.


So that applies to userProps too?

Ian
MacBook Pro 2.4Ghz i7 8Gb 10.11.3
1nperson0z
 
Posts: 78
Joined: Wed Jul 09, 2008 3:31 pm
Location: Blue Mountains Australia

Re: ID signing a standalone

Postby Scott » Thu Feb 25, 2016 4:37 pm

1nperson0z wrote:So that applies to userProps too?


Yes. Any changes written to the project in the standalone will invalidate the signature. Consider using an SQLite database or satellite project copied to ~/Library/Application Support/ or ~/Library/Preferences/ to store editable data/settings.
User avatar
Scott
Site Admin
 
Posts: 1213
Joined: Sat Jul 05, 2008 1:37 pm
Location: Northern Sierra Nevada

Re: ID signing a standalone

Postby hodger » Wed Apr 12, 2017 9:28 pm

Hi Scott,

I'm having a little trouble wrapping my head around this...
"Any changes written to the project in the standalone will invalidate the signature."

Userprops seem clearly to apply, but I wonder how much more. If a draw graphic is modified at launch to display the ticks, this would seem to be a change to the project. If the rules are that strict it would seem that anything a user can change, or any user feedback generated programmatically would need to be in a satellite project that is not part of the app. Am I on the right track?

Confused,
Greg
hodger
 
Posts: 32
Joined: Mon Jul 26, 2010 8:19 pm

Re: ID signing a standalone

Postby Scott » Thu Apr 13, 2017 1:58 am

Yup. Best to set the cantModify of the project to true and store user data elsewhere (sat project​ or database}.
User avatar
Scott
Site Admin
 
Posts: 1213
Joined: Sat Jul 05, 2008 1:37 pm
Location: Northern Sierra Nevada

Re: ID signing a standalone

Postby sctell » Thu Apr 13, 2017 11:46 am

I've not given much thought to this before but picking up on the satellite suggestion, I presume you could (licensing allowing?) create a minimalist standalone that stores/changes nothing and immediately on running the standalone open your satellite project which actually does the work of the application.

With the satellite project shutting everything down when the user is finished.

I suppose your standalone would be a paired down player.

Is that feasible.

All the best

Terry
sctell
 
Posts: 1124
Joined: Sun Jul 06, 2008 10:41 am

Re: ID signing a standalone

Postby Scott » Thu Apr 13, 2017 2:56 pm

There are a number of ways to do this. SaM, for instance, uses satellite projects for the settings that are copied from the app to a temp directory, but the saved make files are stored in simple text files that store the settings, afterwhich the temp projects are discarded. Opening a make file copies a new temp project that loads the make file's settings.

For more data-centric duties, SQLite is another way of storing and recalling data. Our in house databases use a cantModified project with a single card that contains fields that are essentially placeholders for data that is searched/recalled based on typical SQL arguments, with changes being written out to that SQLite file.

For more graphic/multimedia needs, a satellite project that can create/store/modify graphics and other media is stored in the app's package, and copied to user's drive (as a document or Application Support file) that can then be referenced and acted upon each time the app is opened.

As to what method is best really depends on what data is to be manipulated, and how it needs to be recalled. For instance, graphics' picturedata can be stored in SQLite as binary data, but if it doesn't need to be cataloged and recalled by searchable metadata, a sat project would be a simpler method.
User avatar
Scott
Site Admin
 
Posts: 1213
Joined: Sat Jul 05, 2008 1:37 pm
Location: Northern Sierra Nevada

Re: ID signing a standalone

Postby taroface » Sun Jul 30, 2017 3:55 pm

I've been building standalones with the 4.8 beta, and although the applications open fine on two of my computers, others are getting an error message e.g. "The file is broken and can't be opened." Running the xattr check documented here (https://apple.stackexchange.com/questio ... rra#245029) shows that the file is being quarantined.

While using the command to delete the quarantine works, I'd love to know of a workaround for this (that doesn't involve paying for a yearly Apple developer membership). Is there something I can adjust in Standalone Maker to at least upgrade to the normal "unidentified developer" message? The "broken" message seems really misleading:(
taroface
 
Posts: 4
Joined: Sun Jul 30, 2017 2:02 pm

Re: ID signing a standalone

Postby Scott » Mon Jul 31, 2017 4:50 am

taroface wrote:Is there something I can adjust in Standalone Maker to at least upgrade to the normal "unidentified developer" message? The "broken" message seems really misleading:(


Not that I know of... it is not our message.

Are you saying that right-clicking the file, selecting 'open' from the contextual menu, and then authorizing is not working on these Macs?
User avatar
Scott
Site Admin
 
Posts: 1213
Joined: Sat Jul 05, 2008 1:37 pm
Location: Northern Sierra Nevada

Re: ID signing a standalone

Postby taroface » Mon Jul 31, 2017 8:37 am

Yes. Both double-clicking and right-clicking Open are giving the "file is damaged / move it to the trash" dialog. This is a known issue with Sierra but is also happening for me on El Capitan. The quarantine is put on applications downloaded from the internet by certain means, i.e. email, file-sharing services, etc.

I have found a solution! Using the terminal command:

Code: Select all
sudo codesign --force --sign - /path/filename.app


will cause the OS to produce the normal "unidentified developer" dialog which can be right-clicked away.

I really hope this solution continues to work.

Source: https://github.com/serge-rider/dbeaver/issues/95
taroface
 
Posts: 4
Joined: Sun Jul 30, 2017 2:02 pm

Re: ID signing a standalone

Postby Scott » Mon Jul 31, 2017 11:25 am

Curious as to whether this would work as well...

Code: Select all
cd /path/filename.app
xattr -rc .
User avatar
Scott
Site Admin
 
Posts: 1213
Joined: Sat Jul 05, 2008 1:37 pm
Location: Northern Sierra Nevada


Return to Building Standalones

Who is online

Users browsing this forum: No registered users and 1 guest

cron