Tuesday, March 20, 2012

Developer ID Gotcha

Daniel Jalkut:

So, my recommended fix either to use Xcode 4.3 to build your app, or mimic Xcode 4.3′s code signing behavior by stealing its codesign arguments (look in the build log after building on 4.3) and applying them verbatim in your build process.

Chris Suter:

If you need your application to work on older versions of OS X, you need to take care. By default, codesign will sign your application using a designated requirement that is built into the system. The default is controlled by the system that you are performing verification on, not the system that you’re signing on.

Update (2012-03-24): Ben Artin:

Where we run into problems is that the designated requirement embedded inside an application signed by Xcode 4.3 using an Apple Developer ID (which is required to support Gatekeeper in Mac OS X 10.8 Mountain Lion) is too complex for Mac OS X 10.5.x to understand. As a result, a Gatekeeper-enabled app running on Mac OS X 10.5.x always seems to be an impostor, which results in a variety of problems (such as the user always being prompted to allow the app to use passwords stored in the keychain, instead of being prompted only the first time — exactly the problem we ran into with Fetch 5.7.1).

He seems to have a better solution than Jalkut.

1 Comment RSS · Twitter

[...] The user interface has too many popovers for my taste, but it looks like a big improvement over using codesign in Terminal. It would be nice to see support for checking the Gatekeeper compatibility with older versions of Mac OS X. [...]

Leave a Comment