• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: New 10.9.5 Gatekeeper rules (and a rant about them changing so often)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New 10.9.5 Gatekeeper rules (and a rant about them changing so often)

  • Subject: Re: New 10.9.5 Gatekeeper rules (and a rant about them changing so often)
  • From: Seth Willits <email@hidden>
  • Date: Tue, 05 Aug 2014 11:44:06 -0700
> ...
> The first “solution” (if that’s it at all) is to keep header files in the internal frameworks, which I really don’t like. The second one is to remove above mentioned lines from the configuration file and add “run script” build phase for EVERY sub-project (there are about 65 of them) and sign EVERY particular executable, resource, script etc. But that would completely defeat the purpose of using Xcode to sign bundles, and I don’t even know whether if would create valid v2 signatures.



I'm far from an expert in code signing matters, but your issue sounds quite similar to one I had experienced in the past. Rather than using the resource rules file (I don't recall the details now, but I do remember finding it complicated to understand), I just added a single new Run Script phase to my top-level application's target that signed every framework within the bundle. In my case, I just did them explicitly, eg:

LOCATION="${BUILT_PRODUCTS_DIR}"/"${FRAMEWORKS_FOLDER_PATH}"
IDENTITY="Developer ID Application"
codesign --verbose --force --sign "$IDENTITY" "$LOCATION/FMDB.framework/Versions/A"
codesign --verbose --force --sign "$IDENTITY" "$LOCATION/Growl.framework/Versions/A"
codesign --verbose --force --sign "$IDENTITY" "$LOCATION/HexFiend.framework/Versions/A"
...


... but if you write the script to recursively scan for .frameworks and .plugins and whatever else you have in your situation, I don't see why it would be more than a couple dozen lines or so to get that working, and not having to explicitly list all 65 built products from subprojects.

Is there some reason that wouldn't work?


--
Seth Willits


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: New 10.9.5 Gatekeeper rules (and a rant about them changing so often)
      • From: James Moore <email@hidden>
    • Re: New 10.9.5 Gatekeeper rules (and a rant about them changing so often)
      • From: Dragan Milić <email@hidden>
References: 
 >New 10.9.5 Gatekeeper rules (and a rant about them changing so often) (From: Dragan Milić <email@hidden>)

  • Prev by Date: New 10.9.5 Gatekeeper rules (and a rant about them changing so often)
  • Next by Date: Xcode 6 - Message in console
  • Previous by thread: New 10.9.5 Gatekeeper rules (and a rant about them changing so often)
  • Next by thread: Re: New 10.9.5 Gatekeeper rules (and a rant about them changing so often)
  • Index(es):
    • Date
    • Thread