Mac Codesigning stops working. (revSecurity.dylib)
Hi all. I had the whole Mac codesigning thing under control, notarization, all that. Was successfully signing, notarizing and distributing (as third party) my MacOS app as recently as a week ago. But about two days, AppWrapper 3 started reporting "Failed to sign" blaming the subcomponent revSecurity.dylib. App Wrapper diagnosis says "code object is not signed at all in architectur: x86_64. My build is in LC 9.5 using 64-bit. I built a minimalist stack with one "go url" button to trigger inclusion of revSecurity and TSnet. Attempts to sign that minimal stack as a Mac standalone gets the same errors. Codesigning via Terminal also fails. Anyone else have this problem? Suggestions? Thanks! TT ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: Mac Codesigning stops working. (revSecurity.dylib)
Another brilliant bit of tech-detective work by Matthias. Thank you!!! Tony On Mon, Sep 30, 2019 at 10:09 AM Tom Glod via use-livecode < use-livecode@lists.runrev.com> wrote: > Matthias Rebbe you rock! > > On Sun, Sep 29, 2019 at 5:56 PM Matthias Rebbe via use-livecode < > use-livecode@lists.runrev.com> wrote: > > > Hi Tony, > > > > i just did a test with a small app like your test app and AppWrapper and > > run into a similar problem. > > I then tried from shell and i got also an error. > > > > The error message contained among other text the following > > "Agreeing to the Xcode/iOS license requires admin privileges, please run > > “sudo xcodebuild -license” and then retry this command." > > > > I ran > > sudo xcodebuild -license > > in terminal and followed the instructions and agreed the license. > > > > After that i was able to codesgin my test app in AppWrapper again. > > > > Regards, > > > > Matthias > > > > Matthias Rebbe > > > > free tools for Livecoders: > > InstaMaker <https://instamaker.dermattes.de/> > > WinSignMaker Mac <https://winsignhelper.dermattes.de/> > > > > > Am 29.09.2019 um 21:46 schrieb Tony Trivia via use-livecode < > > use-livecode@lists.runrev.com <mailto:use-livecode@lists.runrev.com>>: > > > > > > Hi all. > > > > > > I had the whole Mac codesigning thing under control, notarization, all > > > that. Was successfully signing, notarizing and distributing (as third > > > party) my MacOS app as recently as a week ago. But about two days, > > > AppWrapper 3 started reporting "Failed to sign" blaming the > subcomponent > > > revSecurity.dylib. App Wrapper diagnosis says "code object is not > signed > > > at all in architectur: x86_64. > > > > > > My build is in LC 9.5 using 64-bit. > > > > > > I built a minimalist stack with one "go url" button to trigger > inclusion > > of > > > revSecurity and TSnet. Attempts to sign that minimal stack as a Mac > > > standalone gets the same errors. > > > > > > Codesigning via Terminal also fails. > > > > > > Anyone else have this problem? Suggestions? > > > > > > Thanks! > > > TT > > > ___ > > > use-livecode mailing list > > > use-livecode@lists.runrev.com <mailto:use-livecode@lists.runrev.com> > > > Please visit this url to subscribe, unsubscribe and manage your > > subscription preferences: > > > http://lists.runrev.com/mailman/listinfo/use-livecode > > > > ___ > > use-livecode mailing list > > use-livecode@lists.runrev.com > > Please visit this url to subscribe, unsubscribe and manage your > > subscription preferences: > > http://lists.runrev.com/mailman/listinfo/use-livecode > > > > > -- > Tom Glod > Founder & Developer > MakeShyft R.D.A (www.makeshyft.com) > Office:226-706-9339 > Mobile:226-706-9793 > ___ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Do Mac OS apps stop working if your Mac Developer ID Application cert expires?
Hi, Anyone know what happens if you let a Mac Developer ID Application cert expire? (I'm thinking of apps that are NOT in the Mac app store, but are distributed directly to users.) I've heard if this cert is revoked, that can block any apps from running that were signed with that cert. Just wondering what the effect is if the cert just expires. Thanks. Tony ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: Do Mac OS apps stop working if your Mac Developer ID Application cert expires?
Thanks to all who replied. The scope of my concern is strictly for MacOS standalone builds that are distributed outside of the App Store. Such builds are blissfully simple compared to mobile device builds. For years, I've been able to sign such apps without any provisioning certs. (Since Apple has virtually no role in the distribution, it is not involved in the beta testing or updating of the app.) All I've needed to build releases is the standard Developer ID Application cert, and those are typically good for five year spans. But, eventually I won't be here to renew the thing and I'd like any apps I make to carry on. So I hope JLG's prediction is correct! On Thu, Jan 23, 2020 at 7:12 PM Scott Morrow via use-livecode < use-livecode@lists.runrev.com> wrote: > I was under the impression that the original post was about Mac desktop. > In which case JLG’s answer seemed To the point. If it isn’t in the > MacAppStore then my understanding is that you just can’t code sign new > builds but that existing apps continue to work as usual. On mobile it is > different as several have pointed out > > -- > Scott Morrow > > > On Jan 23, 2020, at 2:54 PM, Pi Digital via use-livecode < > use-livecode@lists.runrev.com> wrote: > > > > If it is an enterprise app then it will run as long as the Profile is > still valid (which is usually a year from its creation). > > > > If it is AdHoc test copy, again it will run as long as the profile is > valid. > > > > From the store (I know that wasn’t your question) it runs out once the > user removes it from their device or a device OS upgrade renders the app > build inexecutable. > > > > When the certificate expires the app simply won’t load. For enterprise > apps it will inform you that no relevant profile could be found. > > > > Sean Cole > > Pi Digital Prod Ltd > > > >> On 23 Jan 2020, at 22:01, Devin Asay via use-livecode < > use-livecode@lists.runrev.com> wrote: > >> > >> I’ve done lots of test deployments to devices that are registered in > my wildcard provisioning profile. After the cert expires the app no longer > runs on the test devices. You have to renew the cert and provisioning > profile, re-save and reinstall the app on the device if you want it to work > again. > >> > >> I don’t know if it is different if you are distributing with an > app-specific provisioning profile, since I haven’t tried that. > >> > >> Devin > >> > >>> On Jan 23, 2020, at 2:25 PM, Tony Trivia via use-livecode < > use-livecode@lists.runrev.com> wrote: > >>> > >>> Hi, > >>> > >>> Anyone know what happens if you let a Mac Developer ID Application cert > >>> expire? (I'm thinking of apps that are NOT in the Mac app store, but > are > >>> distributed directly to users.) > >>> > >>> I've heard if this cert is revoked, that can block any apps from > running > >>> that were signed with that cert. Just wondering what the effect is if > the > >>> cert just expires. > >>> > >>> Thanks. > >>> Tony > >>> ___ > >>> use-livecode mailing list > >>> use-livecode@lists.runrev.com > >>> Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > >>> http://lists.runrev.com/mailman/listinfo/use-livecode > >> > >> Devin Asay > >> Director > >> Office of Digital Humanities > >> Brigham Young University > >> > >> ___ > >> use-livecode mailing list > >> use-livecode@lists.runrev.com > >> Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > >> http://lists.runrev.com/mailman/listinfo/use-livecode > > ___ > > use-livecode mailing list > > use-livecode@lists.runrev.com > > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > > http://lists.runrev.com/mailman/listinfo/use-livecode > > > ___ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: Do Mac OS apps stop working if your Mac Developer ID Application cert expires?
Thanks for the insights, Mark. On Fri, Jan 24, 2020 at 12:30 PM Mark Waddingham via use-livecode < use-livecode@lists.runrev.com> wrote: > On 2020-01-24 17:41, Tony Trivia via use-livecode wrote: > > Thanks to all who replied. The scope of my concern is strictly for > > MacOS > > standalone builds that are distributed outside of the App Store. > > Such builds are blissfully simple compared to mobile device builds. For > > years, I've been able to sign such apps without any provisioning certs. > > (Since Apple has virtually no role in the distribution, it is not > > involved > > in the beta testing or updating of the app.) All I've needed to build > > releases is the standard Developer ID Application cert, and those are > > typically good for five year spans. But, eventually I won't be here to > > renew the thing and I'd like any apps I make to carry on. So I hope > > JLG's > > prediction is correct! > > I believe that as long as you sign, notarize and then staple the results > of the notarization to your app (or DMG - if you distribute using that > method) then expiry of your developer id / certificate (should that > occur) > will have no effect on them. > > Just signing is no longer sufficient for the OS to verify an app on > Catalina > (and it seems, to a certain degree, on recent versions of Mojave!). > > Notarizing but not stapling means the OS will always do a 'callback' to > Apple's servers to check integrity. > > Stapling after notarization means the app is verifiable as it is. > > At least that is my interpretation of the recent changes... > > Warmest Regards, > > Mark. > > -- > Mark Waddingham ~ m...@livecode.com ~ http://www.livecode.com/ > LiveCode: Everyone can create apps > > ___ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
