I can't figure out why archive/macOS folder archive doesn't get signed by install4j even when it's instructed to "Sign macOS media files" in general settings. Looking into the logs during the build I do see that DMG gets signed.
The signing certificate is good because I've got another app signed without problems, the only difference is that media is installer/macOS folder. So it signs the DMG and doesn't sign the app folder inside? What's the point? I must be missing something.
I am trying to achieve a very simple flow for the user - click on dmg, drag the app archive to the Applications and click to run. No installers needed. It works great until the dmg gets downloaded from the internet, Mac decides that it's dangerous because there is no developer signature and fun begins... How do I make this signature with install4j?
Any help is greatly appreciated.
(install4j version is 6.1.6)
I am trying to achieve a very simple flow for the user - click on dmg, drag the >app archive to the Applications and click to run.
Then use the macOS single bundle archive and not the macOS folder installer.
So it signs the DMG and doesn't sign the app folder inside?
No, both the DMG and all generated launchers are signed by install4j for the macOS folder installer.
Note: For macOS 10.14, you will need install4j 7.0.6+ otherwise the signature is reported as invalid.
Update after discussion in the comments:
In your case, the executable is a shell script. For mach-o binaries, the codesign tool on macOS saves the signature directly inside the binary, for non-mach-o binaries, it saves extended HFS+ attributes of the file Info.plist. These extended attributes would not be picked up by install4j even if you build on macOS, they will be lost at runtime and the signature will be invalid.
I'm afraid that the only way forward is to use a generated launcher.
Related
I have an installer app that gets distributed inside of a notarized disk image. The app is a simple program that performs a few checks on the system and then launches the macOS installer to install a pkg that is contained with the app's bundle.
However, even though this app is inside a mounted disk image, and even though the file it's trying to open is inside its own signed and notarized bundle, it still triggers the "App would like to access files in your Downloads folder" if the dmg is located in the user's Downloads folder, which it almost always will be.
Is there any way to get this app to launch the installer without triggering this message? The entire point of the app is to try and make the installation process as smooth and seamless as possible. The explicit goal is that opening it will go directly into the mac installer with no warning messages, interruptions, or any other sort of dialog box that risks confusing or alarming the user.
Note: just distributing the pkg on its own is not an option, because the purpose of this app is to work around a bug in macOS's installer on Apple Silicon macs. The pkg is Intel only, and if I add a script to it that executes when the pkg opens, then it will confusingly display a warning message to the user twice, once when Installer.app opens as an arm64 process, and then again when it relaunches as an x86_64 process.
This is an annoyingly roundabout workaround, but I managed to do it using launchd.
The gist of the method is to create a plist file in the user's temporary folder specifying a launchd job that starts on demand and just calls /usr/bin/open to open the pkg file inside the application bundle, and then call launchctl to load it. Once the installer is open, remove the launchd job.
I've packaged my mac application into a .dmg file, but when I mount the file and double click on the app I get this warning "MyApp is an application downloaded from the Internet. Are you sure you want to open it."
I don't want my app to look suspicious. I know that in Windows you need to sign your installer so the OS doesn't display the scary red stop icon and the "Unverified"/"Unknown" label, is it the same for OS X?
No, you will always get that notification the first time you start anything you downloaded. It's a flag set onto the files extended attributes.
I can run a FireMonkey Application on Mac OSX with PAServer. But now, I would like to deploy the application Mac OS (something like MSI under Windows). How can I do this?
You'll want to read more about Application Bundles.
Using the application bundle that Delphi creates and deploys via PAServer
Since you're using the PAServer, you'll find that it has already created an application bundle for you. After you run the program via the PAServer, look in the following folder on the Mac for the application bundle:
/Users/[username]/Applications/Embarcadero/PAServer/scratch-dir/[profilename]
If your project is named Project1, you'll see an application bundle in that folder named Project1.
If you read the above wiki article, you'll know that Project1 has a "hidden" extension of .app, and the whole thing is really a folder with all of the required files to run the application.
Go ahead and run this application bundle directly on the Mac. If it complains about missing dylibs, such as libmidas.dylib, simply copy them from the PAServer folder into the application bundle's MacOS folder.
To the Mac OS user, the application bundle appears as a single program file, complete with an icon. The user can double-click the application bundle to run the application, drag it to their dock, etc.
Changing the icon
The application bundle will have the Delphi icon by default, but you can replace it with your own icon. On the Mac, simply right-click on the application bundle in Finder, and select Show Package Contents. In there, look in the Contents/Resources folder for the .icns file.
Use the Icon Composer application that was installed with XCode to create your .icns icon file from existing image files.
Peeking inside the bundle
Peek around inside at the rest of the contents. You'll see the required dylib, your program file, and the Info.plist file, which is a text file with things like application IDs, signatures, and other important things.
More about deployment
If your application can be self contained in an app bundle, the standard method is to put the application bundle inside a disk image .dmg file, which allows the user to drop the application into the applications folder.
If your application requires the installation of additional files, libraries, databases, or frameworks, etc., you should create a package. You can utilize PackageMaker to do this. A package is similar to the "msi" installer on Windows that you mention.
When the user double-clicks the package, it's run by Installer. It has a wizard style interface and walks the user through installing the application. You can also sign the package with your code signing certificate.
If you want to include your application bundle in the app store, you'll need to sign it. You'll also need to sandbox it.
Sandboxing and the Mac App Store - Nov 2, 2011
The vast majority of Mac users have been free from malware and we're
working on technologies to help keep it that way. As of March 1, 2012
all apps submitted to the Mac App Store must implement sandboxing.
Sandboxing your app is a great way to protect systems and users by
limiting the resources apps can access and making it more difficult
for malicious software to compromise users' systems. Learn more by
visiting the App Sandbox page.
You must create an Application Bundle in order to deploy you app on a OSX System .
Check these links for more information
Deploying Your Application (Mac OS X installers )
Application Bundle
Building Fancy DMG Images on Mac OS X
I've been dealing with an issue for a while. The issue is that when I submit my mac app to the app store I'm always getting invalid binary and they are saying it's because of an invalid signature. And that I should make sure it's signed with the installer certificate which it is.
Here is the complete message from them:
Dear Developer,
We have discovered one or more issues with your recent binary
submission for "Mini Week". The following issues will need to be
corrected in order for your application to proceed to review:
Invalid Signature - This error occurs when you have signed your app's
installer incorrectly. There are two certs required for this process:
the "3rd Party Mac Developer Application" cert and the "3rd Party Mac
Developer Installer" cert. When signing your package, you need to
ensure that you are using the Installer cert to sign your package.
Ensure that you are specifying this cert when submitting your app via
the Xcode Organizer or when running productbuild from the command
line.
Once you have corrected these issues, go to the app's version details
page (found in the Manage Your Applications module of iTunes Connect)
and click Ready to Submit Binary. Proceed through the submission
process until the app's status is Waiting for Upload. You can then use
Application Loader to upload the corrected binary.
Regards,
The iTunes Store Team
I've revoked and reinstalled my certificates and development providing profile but that doesn't seem to help so I'm assuming that's not the issue.
Is there something else that could cause this? Maybe I need to make sure something is correct in my build settings or something like that? But if so what? :)
Thank you in advance!
Actually, the signing process does not happen when you submit the app from Code Organizer. Conversely, it may happen when you build your app for deployment, but only if you selected the appropriate cert on the "Code Signing Identity" in the target build settings.
Note that you could also manually sign an existing app via command line:
codesign -s "<name of your signing cert>" -fv "<path/to/your/app/bundle>" -o kill,hard
where <name of your signing cert> is the canonical name of your 3rd Party Mac Developer Installer cert. The optional -o kill,hard enforces the code signature for the OS to allow user to launch the application: if you omit this option, an user could open the app bundle, delete the code sign folder, and copy the app on a different machine. With this option, your app bundle will only launch on the authorized machine, and will not run when the signature folder is not present.
I want to publish my Mac app to Mac App Store.
So I've tried to sign my app and archive with Xcode 4.
I got the process to sign the app - build settings.
However, I don't know how to sign archive(package).
In Organizer, when I tried to submit with archive, identity drop box shows that "No valid signing identities found" and others aren't showed.
You need to create installation package certificate here: http://developer.apple.com/certificates/index.action
download newly created certificate and double click it to install
Restart XCode if it was launched
UPDATED: And guys! One more thing! Don't use beta SDK. The itunes connect wouldn't accept such binary.
You need the INSTALLER and the APPLICATION certificate for this. And restarting is important, Remizorrr is right!