Follow up form #641. (see also #840)
Links:
Once the certificate have magically appeared in Xcode and the keychain (..), we can sign the Xpra.app bundle, the PKG and DMG files:
codesign --deep --force --verify --verbose --sign "Developer ID Application: Antoine Martin (XXXXXXXXXX)" Xpra.app codesign --deep --force --verify --verbose --sign "Developer ID Application: Antoine Martin (XXXXXXXXXX)" Xpra.dmg productsign --sign "Developer ID Installer: Antoine Martin (XXXXXXXXXX)" Xpra.pkg Xpra-signed.pkg
The signature can be verified with:
codesign --verify --verbose=2 Xpra.app spctl --assess --verbose=4 --type=execute Xpra.app spctl --assess --verbose=4 --type=execute Xpra.dmg spctl --assess --verbose=4 --type=install Xpra-signed.pkg
But this fails for signing "Xpra.app" if I keep the Xpra_NoDock.app nested inside the Xpra.app, it complains:
image/Xpra.app: invalid Info.plist (plist or signature have been modified) In subcomponent: /Users/osx/Xpra-svn/trunk/osx/image/Xpra.app/Contents/Xpra_NoDock.app
Removing the nested app fixes this, but there must be something I can change in the Info.plist (or elsewhere?) to be able to bundle it.
@smo: what am I missing?
(edit: added verify for PKG - full error message)
App store submission steps:
Despite the hopelessly unhelpful and misleading error message from the codesign tool (..), I've narrowed it down through trial and error (mostly error):
Contents/MacOS
from the subapp passes
Bringing the Info.plist closer to the main one "fixes" things, done in r14152.
Along the way I found that changing CFBundleExecutable
is not possible in the subapp!? It's fortunate that we don't use this executable directly.
Now onto app submission. Let's hope it is as much fun as this, not.
r14154 + r14155 adds hooks to do the signing as part of the app / dmg / pkg scripts.
So until I move to a newer build host, the process is:
./make-app.sh
rsync -rplogt --delete "image/Xpra.app" osx@osx1010:/Users/osx/Xpra-svn/trunk/osx/image/
security unlock-keychain -p THEACCOUNTPASSWORD
(see User interaction is not allowed: trying to sign an OSX app using codesign)
cd Xpra-svn/trunk/osx export CODESIGN_KEYNAME="Antoine Martin" ./sign-app.sh && ./make-DMG.sh && ./make-PKG.sh
Appstore fun:
More fixes:
CFBundleIdentifier
ITSAppUsesNonExemptEncryption=false
CFBundleSignature
??
LSApplicationCategoryType
CFBundleIdentifier
(as per r14153 above)
What remains:
<product id="org.xpra.Xpra" version="$VERSION" />
to the Distribution file makes things worse, Application Loader then claims not to find the file you click on: The file \U201cXpra-1-1.0-r14164\U201d couldn\U2019t be opened because there is no such file
(this error is just garbage)
CFBundleExecutable
could be caused by the lack of signature on "Xpra_Launcher"?
$ ls -al@ image/Xpra.app/Contents/MacOS/ total 24 drwxr-xr-x 5 osx staff 170 14 Oct 20:00 . drwxr-xr-x 10 osx staff 340 14 Oct 20:03 .. -rwxr-xr-x@ 1 osx staff 2752 10 Oct 21:44 PythonExecWrapper com.apple.cs.CodeDirectory 141 com.apple.cs.CodeRequirements 180 com.apple.cs.CodeSignature 8527 -rwxr-xr-x@ 1 osx staff 399 10 Oct 21:44 Xpra com.apple.cs.CodeDirectory 128 com.apple.cs.CodeRequirements 164 com.apple.cs.CodeSignature 8526 -rwxr-xr-x 1 osx staff 292 14 Oct 20:00 Xpra_Launcher
See also:
"/Applications//Application Loader.app/Contents/Frameworks/ITunesSoftwareService.framework/Support/altool" -v -f ./image/Xpra-*.pkg -u 'THEAPPLEID' -p 'THEPASSWORD'
Alternatively using productbuild:
productbuild --component ./image/Xpra.app \ /Applications \ ./image/Xpra-1.0.pkg \ --sign "3rd Party Mac Developer Installer"
The resulting installer package lacks any icons or text but seems to install OK.
Only one error remains for "Application Loader" upload for this one: ITMS-90259
: Bad Bundle Executable...
Or even:
pkgbuild --analyze --root ./image/Xpra.app ./image/XpraComponents.plist #edit XpraComponents.plist and set {{{BundleIsRelocatable}}} to false pkgbuild --root ./image/Xpra.app \ --component-plist ./image/XpraComponents.plist \ --install-location "/Applications" \ ./Xpra.pkg #generate the Distribution.xml file: productBuild --synthesize --package ./Xpra.pkg ./Distribution.xml # modify it using the same data as found in our make-PKG.sh script, and: # change "#base.pkg" to "#Xpra.pkg" # add the product id and version line productbuild --distribution ./Distribution.xml --package-path . \ --sign "3rd Party Mac Developer Installer" \ ./Xpra-Installer.pkg
Same "bad bundle executable" error, and also missing the 512x512 icons...
More links:
I can get a little bit further by:
codesign --force --verbose --sign "3rd Party Mac Developer Application" --entitlements ./Xpra.entitlements THEFILE
The entitlements file was added in r14166. (it's not clear if the same entitlements should be used for all the files: I doubt the system is capable of isolating the code running in libraries from its entrypoint)
Then you need to make an upload to itunes... which takes a lot of time and effort. And then you get some more errors via email! (this is some kind of bad joke) Invalid Signature: (..) satisfies its Designated Requirement test-requirement: code failed to satisfy specified code requirement(s) - could they have worded it more ambiguously perhaps?
Before I started signing the "so" / "dylib" / etc, the error was different for those: code object is not signed at all In architecture: i386).
Rinse and repeat until you find the right combination.
But you can't delete versions on there, so you have to bump the CFBundleVersion
every time. How convenient.
More links:
to make the package non relocatable
work in progress to generate a PKG compatible with the appstore
A big part of the difficulty is that it's non-trivial to embed shell scripts... Because shiny. Or something. (and also because it takes way too long to test anything)
With the patch attached, the codesign step shows:
(..) image/Xpra.app/Contents/Helpers/Bug_Report: replacing existing signature image/Xpra.app/Contents/Helpers/Bug_Report: signed generic [Bug_Report] (..)
Note that is uses "generic" and not "signed Mach-O thin (i386)" like it does for all the binaries. And then much much later (..), you get an email (..) saying the build cannot be uploaded:
org.xpra.Xpra.pkg/Payload/Xpra.app: code object is not signed at all In subcomponent: org.xpra.Xpra.pkg/Payload/Xpra.app/Contents/Helpers/Bug_Report
See:
Maybe we can change the wrappers so that the "MacOS" binary executes the real "Python" executable (renamed if needed) with the script as argument instead. (and move the scripts somewhere else..)
Still TODO:
etc.
A gem in http://prod.lists.apple.com/archives/xcode-users/2013/Oct/msg00067.html: In addition to my entitlements file I needed to create an info.plist file and embed it into the binary by adding the following linker flag:
-sectcreate __TEXT __info_plist SandboxUnixCommand/SandboxUnixCommand-Info.plist
Well, obviously... ahem. Magic TEXT section values! More info here: Gimmedebugah: how to embedded a Info.plist into arbitrary binaries
updated patch
Lots more nasty tricks to beat this mess into shape:
At last a package that both runs and uploads to the appstore:
appstore view
as shown on the https://itunesconnect.apple.com/ appstore control page:
Sound sub-app fixes:
Some path fixes and updates:
Ideally, we would store our preferences in /Library/Preferences
, but:
Then, we could handle Migrating an App to a Sandbox and have the preferences moved for us to the user sandbox.
I don't think this is going to happen anytime soon. Re-scheduling.
Their complaints after reviewing the app:
com.apple.coreservices.launchservicesd
is needed to for pyobjc "coreservices" - not much we can do about this - maybe try to silence / ignore the errors this causes, or report the pyobjc issue upstream
com.apple.systemuiserver.screencapture
is needed for using xpra as a server - they unhelpfully suggested: We encourage you to investigate other ways of implementing the desired functionality.
CTFontCopyDefaultCascadeList
which is a non-public API, see pango coretext: use public function to obtain cascade list if available - looks like rebuilding on 10.8 or newer should fix this: #840
Moving the appstore packaging to a new ticket: #1366
This purpose of this ticket is now only about signing the PKG. At least some of the latest PKG builds should be signed... I should make it easier to know which PKG are signed and which ones are not. (requires using a newer VM to sign.. which won't boot right now on my systems.. even with the Intel one..)
I'm not entirely sure what the actual difference is for users when installing signed vs unsigned packages. I've paid the fee for the privilege of having Apple sign the key. Does this make it easier to install the PKG on OSX versions with the more stringent security settings?
Success. I have fixed my signing 10.10.x VM (it needs vbox 5.0 to boot, fails with 5.1 - fixes for running 5.0 on Fedora 25: Runtime/r0drv/linux: 4.8 mod_timer_pinned fix).
Uploaded both DMG and PKG r14467 builds signed with my developer key. @afarr: do these signed builds help with installation on newer versions of macosx? (you may need to turn the "stricter installation checks" setting back on again)
Odd.
I have an r14467 .dmg installed in my usual odd place - deleting and re-installing into the more usual /Applications directory works as usual, and likewise with the r14492 .dmg.
Double clicking on them, however, they fail the "Verifying 'Xpra'" validation test, "because it is from an unidentified developer".
I can't find any sign of the r14467 pkg though, or .dmg, in either the /dists or the /beta directories (so, where did I get the r14467 .dmg I already have?).
Trying to install the r14492 .pkg I get the usual security/unsigned (unknown developer) issue, but I'm not sure you signed that one.
I think you'll need to post another signed .pkg or even .dmg for me to check.
1.0 should be signed, just released today. (the other ones disappeared because I needed to free some diskspace)
Note to self since this is not obvious, this is how we make the signed DMG / PKG:
./make-app.sh
on the build VM
security unlock-keychain -p THEACCOUNTPASSWORD
./make-DMG.sh && ./make-PKG.sh
on the signing VM
Checking in xpra.org/beta/osx ... the 1.0 r14492 pkg (http://xpra.org/beta/osx/Xpra.pkg) both, once downloaded, trigger a security warning when trying to install (“Xpra.pkg” can’t be opened because it is from an unidentified developer.
).
They indicate that they were posted/updated 11/27.
Handing this back to you... and chuckling that my username seems to have become 'alas' (I feel three breaths closer to Elizabethan-dom ... three breathless breaths, whatever that means).
1.0 was released, meaning it is no longer in the beta area! Try here instead: http://xpra.org/dists/osx/x86/. (and the files in the beta area will soon disappear altogether to make way for 2.0 builds)
As for 'alas', that's your "name" in your account settings. The trac update now shows the name rather username. You should be able to change it yourself from your account profile - but it does have a nice ring to it, doesn't it?
1.0.1 is also signed.
unknown developer error when installing .pkg
Err — alas... I seem to be triggering the same "unknown developer" error with the new 1.0.1 (Xpra-1.0.1-r14723.pkg) that I was mentioning getting with 1.0 in comment:20 (which I also repeated with Xpra-1.0-r14502).
I got the errors with the new 10.12.1 super-shiny mac OS, and then confirmed I'm also getting it with a 10.10.5 significantly-less-shiny mac.
Same message with 1.0 and 1.0.1, on 10.12.1 & 10.10.5.
Apple must have more hoops for you?
Does it work any better with the beta 2.0 builds? Those are built and signed on the same system.
Sadly, the latest 2.1 betas are still complaining about unidentified developers.
The certificate expired a few months back so I stopped signing the builds, you may want to try a build made around the time of comment:25 instead. (2.0.x)
Retried with a build from mid March, and still got the error, and that was the oldest 2.0 build available in the betas folder (dists had nothing relevant unless I missed something that obvious..which is possible).
Either way, based on the conversations we've had, I'm going to close this - if we want to revisit OSX signing, we can re-open this, but in the meantime, closing.
(As an aside, I think we need a "crickets" resolved option, but that's just me)
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1340